EU, UK, Switzerland, and EEA Privacy Supplement
Last Updated Date: August 4, 2025
(“Effective Date”)
This EU, UK, Switzerland, and EEA Privacy Supplement includes additional information and disclosures we are required to provide to individuals located in those jurisdictions. It is part of and incorporated into the Respondus Privacy Policy. You should read them both carefully.
For simplicity, terms used here have the same definitions as in our Privacy Policy unless otherwise noted below. When we refer to the UK, that includes Gibraltar.
Effective Date and Changes to this EU, UK, Switzerland, and EEA Privacy Supplement
Like the Privacy Policy, this EU, UK, Switzerland, and EEA Privacy Supplement is effective as of the “Effective Date” above and will remain in effect except with respect to any provisions that are changed in the future.
Our Relationship with You
As described in our Privacy Policy, if you are using Respondus’s Services, including our Software, through one of our customers, then that entity is the controller of your Personal Information, and Respondus Processes that Personal Information on behalf of the controller.
If you are independently using Respondus’s Services, then Respondus is the controller of your Personal Information because we determine the means and purposes of Processing this information.
Our Lawful Bases for Processing Your Personal Information
Respondus’s lawful bases for Processing your Personal Information are with your consent, to perform a contract with our customers, with you, or at your request prior to entering into a contract with you, or to comply with a legal obligation. We also Process your Personal Information for our legitimate interest in our business needs or those of our customers, balanced against the rights and freedoms of all individuals affected by that need. These interests incorporate considerations of the risks present in our Processing, your likely response to those risks, and what benefits you are likely to receive from our Processing.
We Process Personal Information for several legitimate interests, including:
- Fulfilling our contract with our customers based upon our legitimate interest as a business in providing the Services we offer.
- In response to communications initiated by you based upon our legitimate interest as a business in responding to inquiries or suggestions about our business and the corresponding benefit you will receive in our response.
- For marketing based upon our legitimate interest as a business in sharing information about our Services and the corresponding benefit you will receive in learning about our Services.
- To protect against fraud based upon our legitimate interest as a business in protecting our business and Services.
- To ensure network and information security based upon our legitimate interest as a business in maintaining the confidentiality, security, and integrity of the information in our network and the corresponding benefit you will receive in the maintenance of the security of your Personal Information.
The EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework
Respondus complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce.
Respondus has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF Principles with regard to the Processing of Personal Information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Respondus has also certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. DPF Principles with regard to the Processing of Personal Information received from Switzerland in reliance on the Swiss-U.S. DPF.
If there is any conflict between the terms in Respondus's Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the applicable Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
The U.S. Federal Trade Commission has jurisdiction over Respondus’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. Please note that in addition to the purposes for which we may disclose your Personal Information listed in the Privacy Policy, in certain situations, Respondus may be obligated to disclose Personal Information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Under the Onward Transfer Principle, Respondus remains responsible for Personal Information it receives under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF that we share with third parties for external Processing on our behalf.
If you have a related question or concern, please contact us at [email protected].
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Respondus commits to refer unresolved complaints concerning our handling of Personal Information received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States.
If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit the JAMS website for more information or to file a complaint. The services of JAMS are provided at no cost to you.
In the event that your concern still has not been sufficiently addressed, you may be entitled to a binding arbitration under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF and their Principles, more fully described at https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.
Personal Information We May Collect about You
Depending on who you are and the Services you use, Respondus may collect the following Personal Information about you:
- Identifiers, which may include name, address, email address, phone number, Internet Protocol address, and username and credentials.
- Financial information, which may include credit card number, debit card number, or other financial information.
- Employment and education information, which may include current or past employment information, student identification number, course identification number, and course name.
- Internet and network activity information, which may include device and application identification numbers, and data about your interactions with websites, applications, and advertisements.
Sharing with Third Parties, Use of Personal Information, and Choice
We do not disclose Personal Information to any third party other than agents who are performing tasks on our behalf, under our instructions and under contract, in order to provide our Service to our customers. You may review the list of subprocessors we use here.
We do not use Personal Information for any purpose that is materially different from the purpose(s) for which it was originally provided to us or subsequently authorized by our customers.
In compliance with EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, you have the right to opt out of:
- Disclosures of your Personal Information to third parties not identified at the time of collection or subsequently authorized, and
- Uses of your Personal Information for purposes materially different from those disclosed at the time of collection or subsequently authorized.
In the unlikely event that we someday share Personal Information with a third party which is not an agent or use Personal Information for a purpose that is materially different from the purpose(s) for which it was originally provided to us or subsequently authorized by our customers, you may opt out of such disclosure or use by Exercising Your Rights, described below.
Your EU, UK, Swiss, and EEA Privacy Rights
Under applicable privacy laws, and subject to certain requirements and exceptions, individuals in the EU, UK, Switzerland, and the EEA have the following rights:
- To Be Informed
- To Access
- To Rectification
- To Erasure
- To Restrict Processing
- To Object to Processing
- To Data Portability
- To Withdraw Consent
- To Object to Automated Processing
Respondus generally does not utilize technology which may collect Personal Information for automated processing.
However, Respondus Monitor may Process Personal Information in a way that qualifies as automated processing. Please review the Respondus Monitor Privacy Policy Supplement for more information.
Exercising Your Rights
You are not required to pay any charge for exercising your rights. If you make a request, we will respond to you as required under the applicable law.
As described in our Privacy Policy, Respondus often Processes Personal Information on behalf of our customers. When that is the case, Respondus is not permitted to respond directly to requests related to Processing of Personal Information from such users. Requests must be directed to the organization that controls the Personal Information.
Otherwise, to exercise your rights, you may contact us through our Privacy Contact and respond to any follow-up inquiries we make. Please be aware that we do not accept requests through other means (e.g., via fax, chats, social media etc.).
Contact Us
If you have any questions or concerns about this EU, UK, Switzerland, and EEA Privacy Supplement, you may contact us through our Privacy Contact. You may also address privacy-related inquiries to our representatives at:
EU/Switzerland/EEA:
Writing to – EDPO at Avda. De Europa 26 ATICA 5, 2a planta, 28224 Pozuelo de Alarcón, Madrid, Spain
Online request form – https://edpo.com/gdpr-data-request/
UK:
Writing to – EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom
Online request form – https://edpo.com/uk-gdpr-data-request/