What is Personal Data?
Personal data is a name, address, telephone number, email address, identification number, online identifier, or other data collected that could directly or indirectly identify you. This is also known as Personal Information or Personally Identifiable Information (PII).
What Personal Data We Collect
We collect certain information so we can provide the best possible experience when you use our products. Depending on the product and the features used, this could include the data below. Again, please review the additional privacy information available by product in the Privacy Center.
- Basic personal data (first name, last name)
- Authentication data (user name)
- Contact information (may include postal or email address)
- Pseudonymous identifiers (student ID code assigned by LMS, if applicable)
- Device identification (IP address)
How We Obtain Personal Data
We may collect or receive your personal data in a number of different ways:
- Through your use of a Respondus product under a license agreement with your learning institution to provide this service.
- Where you provide it to us directly, for example obtaining technical support via email or completing a form provided for this purpose.
- If you create an account or purchase any of our Products.
The provision of personal data collected is, in some instances, a contractual requirement. Lack of this information, such as for an Administrator Contact or Authorized Support Person, will delay the availability of the licensed products for your institution’s use. Without providing personal data for inquiries, we may not be able to respond to your request.
How we use your Personal Data
We strongly believe in both minimizing the personal data we collect and limiting its use and purpose to only: (1) that for which we have been given permission, (2) that which is necessary to deliver the products you purchase or interact with, or (3) as we might be required or permitted for legal compliance or other lawful purposes.
We collect various information relating to your purchase or use and/or interactions with our products to deliver, improve, update and enhance these products. We use this information to:
- Provide, operate and maintain the products,
- Improve and optimize the operation and performance of our Services (including our digital interfaces).
- Diagnose problems with and identify any security risks, errors, or needed enhancements to the products.
- Detect and prevent fraud and abuse of our products and systems.
- Collect aggregate statistics about use of the products to monitor trends.
- Comply with legal or contractual obligations.
- For any other purposes about which we notify our customers.
Much of the data collected is aggregated or statistical data about how individuals use our Services, but to the extent that product data is itself personal data, or is linked or linkable to personal data, we treat it accordingly.
What are Respondus’ “Legitimate Interests?”
Respondus’ legitimate interests are its business needs balanced against the rights and freedoms of all individuals affected by that need. These interests incorporate considerations of the risks present in our processing, your likely response to those risks, and what benefits you are likely to receive from our processing.
Our processing of your personal data for fraud prevention or product enhancement purposes is based on our legitimate interest in providing a product that is secure and has optimal performance.
Our processing of your personal data in response to communications initiated by you is based on our legitimate interest as a business in responding to inquiries or suggestions about our organization and the corresponding benefit you will receive in our response.
How we might share your Personal Data
If you are a California resident, please read our California Resident Privacy Notice here.
We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (such as subpoena requests), to protect our property and rights or the property and rights of a third party, to protect the safety of the public or any person, or to prevent or stop activity we consider to be illegal or unethical. To the extent we are legally permitted to do so, we will take reasonable steps to notify you in the event that we are required to provide your personal data to third parties as part of a legal process.
Respondus remains responsible for ensuring that third party agents or service providers process your personal data to the standard required by the applicable privacy laws, including the GDPR, unless you direct us to forward it to the third party.
How we might communicate with you
We may contact you directly regarding products or services you have purchased from us, such as may be necessary to deliver transactional or service related communications. We may also contact you regarding products or services when additional information is requested. We may contact you with offers for additional services we think you'll find valuable if you give us consent or where allowed based upon legitimate interests. These contacts may include email, text (SMS) messages, telephone calls, and printed mailings.
Your Data Protection Rights
Under certain circumstances and in accordance with EU, UK or other applicable data protection laws, you may have the following rights:
Your right to be informed – Your right to be informed of how your personal data is collected and used is provided through this policy.
Your right of access - Your right to ask us for copies of your personal data.
Your right to rectification - Your right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – Your right to ask us to erase your personal data in certain circumstances.
Your right to restrict processing – Your right to ask us to restrict the processing of your personal data in certain circumstances.
Your right to object to processing – Your right to object to the processing of your personal data in certain circumstances, and at any time where the processing takes place for the purposes of legitimate interests pursued by us or a third party. Note that the right to object under legitimate interests is absolute for direct marketing, but is not absolute for other processing. We will be allowed to continue to process your personal data if we can demonstrate “compelling legitimate grounds for the processing which override your interests, rights and freedoms” or we need this for the establishment, exercise or defense of legal claims.
Your right to data portability - You have the right to ask that we transfer the personal data you gave us to another organization, or to you, in certain circumstances.
Your right to withdraw consent – You have the right to withdraw previously given consent to process your personal data.
Your right to object to automated processing – You have the right to object to decisions being made with your data solely based on automated decision making or profiling.
You are not required to pay any charge for exercising your rights. If you make a request, we will respond to you as required under the applicable data protection law.
Please note that we may still use any aggregated and/or anonymized personal data that does not identify any individual, and may also retain and use personal data as necessary to comply with our legal obligations.
How Can I Exercise my Data Protection Rights?
If you are using a Respondus product as a student or staff member of a learning institution that licenses our product:
Your institution is the controller of your personal data, whereas Respondus can only process the data on behalf of the controller. As a processor, Respondus is not permitted to respond directly to data subject requests related to processing of personal data from students. Data subject requests must be directed to the school, university, or business that collects and controls the information via the service provided by Respondus. The terms “controller” and “processor” are from the EU GDPR, but are commonly used and understood. Your jurisdiction may use equivalent terms in their privacy regulations.
Please note that if you are the institution’s Administrator or Authorized Support Contact for an existing license of a Respondus product and you unsubscribe from receiving promotional or marketing communications from us, we will continue to send you transactional or service-related emails.
If you are using a Respondus product where you registered directly with Respondus as a user:
To exercise your applicable data protection rights, please contact us at [email protected].
How we secure, store and retain your data
At Respondus, we take data security and privacy very seriously. We follow generally accepted security standards to store and protect the personal data we collect, both during transmission and once received and stored, including restricting access to your personal data and the use of encryption where appropriate. We participate in compliance programs that validate our security controls.
Personal data described in this Policy is stored in databases hosted in the USA. We will always protect your personal data in accordance with this Policy whenever it is processed. Respondus does not voluntarily or actively transfer or disclose our customers’ personal data to government or law enforcement authorities. In the event of a request from a government or law enforcement authority, we have procedures and controls in place to make sure that such a request is assessed and challenged to confirm its validity.
- mandated by law, contract or similar obligations applicable to our business operations;
- for preserving, resolving, defending or enforcing our legal/contractual rights; or
- as needed to maintain adequate and accurate business and financial records.
Where we process your personal data on the basis of ‘legitimate interests’, we will retain your personal data for so long as the purpose for which it is processed remains active.
Where ‘consent’ is the basis for our lawful processing of your data, we will retain your data so long as both the purpose for which it was collected and your consent are still valid. We will review the status of your consent should the purpose for which the data was collected change and treat non-response to any requests for renewal of consent made by us as if they were your request to withdraw consent. Occasionally, we might identify a legitimate interest in retaining some of your personal data that has been obtained by consent. If we do, we will inform you that we intend to retain it under these conditions and identify the interest specifically.
Whenever possible, information that has been anonymized or aggregated so that it can no longer be used to identify a specific natural person, whether in combination with other information or otherwise, will be used.
If you have any questions about the security or retention of your personal data, you can contact us at [email protected].
Additional Information for Certain Jurisdictions
Please refer to the following links for additional details regarding your privacy rights in the following jurisdictions:
California: California residents have specific rights under the California Consumer Privacy Act (‘CCPA’). For additional information, please refer to the California Resident Privacy Notice, found here.
EU/EEA and UK: If you are a resident of the European Economic Area or the United Kingdom, please refer to the additional information found here.
If you prefer, you can send correspondence to:
Attn: Privacy Team
8201 164th Ave NE, Suite 200
Redmond, WA 98052
If you are in the European Union or United Kingdom, you may address privacy-related inquiries to our EU / UK representative pursuant to Article 27 GDPR:
EU: EU-REP.Global GmbH, Attn: Respondus, Hopfenstr. 1d, 24114 Kiel, Germany
UK: DP Data Protection Services UK Ltd., Attn: Respondus, 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom
We will respond to requests, inquiries or concerns within thirty (30) days, but probably much sooner than that. If you submit a Data Subject Access Request, we will respond according to the applicable data protection law.
You may also lodge a complaint with the data supervisory authority competent for your country or region, if you feel unsatisfied with our treatment of your personal data.