Respondus Product Privacy Policy
This Respondus Product Privacy Policy refers to the use of personal data within Respondus products. This Product Privacy Policy does not apply to other processing activities by Respondus which are not related to Respondus products. In such cases the Non-Product Privacy Policy available here will apply.
Last Updated: January 9, 2023
Overview
Respondus cares about your privacy. For this reason, we collect and use personal data only as it is needed to deliver an exceptional experience with a Respondus product regardless of how you access or use them, including through mobile devices.
Each Respondus Product also has its own individual additional privacy statement which contains more specific information. Please visit our Privacy Center for all of our privacy policies and other important information. For ease of access, we’re also providing the individual links here:
- LockDown Browser
- Respondus Monitor
- Respondus 4.0
- StudyMate Campus
- Studymate.com
- Respondus Test Bank Network
This Product Privacy Policy is intended to describe what personal data we collect, as well as how and why we process your personal data. It also describes options we provide that let you exercise your rights over your personal data that we process.
If at any time you have questions about our privacy practices or any of your rights described below, you may contact us at [email protected].
What is Personal Data?
Personal data is a name, address, telephone number, email address, identification number, online identifier, or other data collected that could directly or indirectly identify you. This is also known as Personal Information or Personally Identifiable Information (PII).
What Personal Data We Collect
We collect certain information so we can provide the best possible experience when you use our products. Depending on the product and the features used, this could include the data below. Again, please review the additional privacy information available by product in the Privacy Center.
- Basic personal data (first name, last name)
- Authentication data (user name)
- Contact information (may include postal or email address)
- Pseudonymous identifiers (student ID code assigned by LMS, if applicable)
- Device identification (IP address)
How We Obtain Personal Data
We may collect or receive your personal data in a number of different ways:
- Through your use of a Respondus product under a license agreement with your learning institution to provide this service.
- Where you provide it to us directly, for example obtaining technical support via email or completing a form provided for this purpose.
- If you create an account or purchase any of our Products.
The provision of personal data collected is, in some instances, a contractual requirement. Lack of this information, such as for an Administrator Contact or Authorized Support Person, will delay the availability of the licensed products for your institution’s use. Without providing personal data for inquiries, we may not be able to respond to your request.
How we use your Personal Data
We strongly believe in both minimizing the personal data we collect and limiting its use and purpose to only: (1) that for which we have been given permission, (2) that which is necessary to deliver the products you purchase or interact with, or (3) as we might be required or permitted for legal compliance or other lawful purposes.
We collect various information relating to your purchase or use and/or interactions with our products to deliver, improve, update and enhance these products. We use this information to:
- Provide, operate and maintain the products,
- Improve and optimize the operation and performance of our Services (including our digital interfaces).
- Diagnose problems with and identify any security risks, errors, or needed enhancements to the products.
- Detect and prevent fraud and abuse of our products and systems.
- Collect aggregate statistics about use of the products to monitor trends.
- Comply with legal or contractual obligations.
- For any other purposes about which we notify our customers.
Much of the data collected is aggregated or statistical data about how individuals use our Services, but to the extent that product data is itself personal data, or is linked or linkable to personal data, we treat it accordingly.
What are Respondus’ “Legitimate Interests?”
Respondus’ legitimate interests are its business needs balanced against the rights and freedoms of all individuals affected by that need. These interests incorporate considerations of the risks present in our processing, your likely response to those risks, and what benefits you are likely to receive from our processing.
Our processing of your personal data for fraud prevention or product enhancement purposes is based on our legitimate interest in providing a product that is secure and has optimal performance.
Our processing of your personal data in response to communications initiated by you is based on our legitimate interest as a business in responding to inquiries or suggestions about our organization and the corresponding benefit you will receive in our response.
How we might share your Personal Data
If you are a California resident, please read our California Resident Privacy Notice here.
We do not sell, rent, or otherwise disclose your personal data to third parties for their marketing and advertising purposes. We may disclose your personal data to partner companies where you have agreed to have that information shared. This disclosure may be required for you to use our products, access our Services, or for us to comply with our legal obligations, to enforce our Terms of Use, or to prevent, detect, mitigate, and investigate fraudulent or illegal activities related to our Services. These companies include, for example, our data hosting provider (AWS). We minimize the amount of personal data we disclose to what is directly relevant and necessary to accomplish the specified purpose. We do not utilize personal data obtained from product usage for marketing activities.
If you use our products from a country other than the country where our servers are located, your communications with us may result in the transfer of your personal data across international borders. Also, when you initiate contact with a Respondus representative, we may provide you with support from one of our global locations outside your country of origin. In these cases, your personal data is handled according to this Product Privacy Policy.
We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (such as subpoena requests), to protect our property and rights or the property and rights of a third party, to protect the safety of the public or any person, or to prevent or stop activity we consider to be illegal or unethical. To the extent we are legally permitted to do so, we will take reasonable steps to notify you in the event that we are required to provide your personal data to third parties as part of a legal process.
Respondus remains responsible for ensuring that third party agents or service providers process your personal data to the standard required by the applicable privacy laws, including the GDPR, unless you direct us to forward it to the third party.
How we might communicate with you
We may contact you directly regarding products or services you have purchased from us, such as may be necessary to deliver transactional or service related communications. We may also contact you regarding products or services when additional information is requested. We may contact you with offers for additional services we think you'll find valuable if you give us consent or where allowed based upon legitimate interests. These contacts may include email, text (SMS) messages, telephone calls, and printed mailings.
Your Data Protection Rights
Under certain circumstances and in accordance with EU, UK or other applicable data protection laws, you may have the following rights:
Your right to be informed – Your right to be informed of how your personal data is collected and used is provided through this policy.
Your right of access - Your right to ask us for copies of your personal data.
Your right to rectification - Your right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – Your right to ask us to erase your personal data in certain circumstances.
Your right to restrict processing – Your right to ask us to restrict the processing of your personal data in certain circumstances.
Your right to object to processing – Your right to object to the processing of your personal data in certain circumstances, and at any time where the processing takes place for the purposes of legitimate interests pursued by us or a third party. Note that the right to object under legitimate interests is absolute for direct marketing, but is not absolute for other processing. We will be allowed to continue to process your personal data if we can demonstrate “compelling legitimate grounds for the processing which override your interests, rights and freedoms” or we need this for the establishment, exercise or defense of legal claims.
Your right to data portability - You have the right to ask that we transfer the personal data you gave us to another organization, or to you, in certain circumstances.
Your right to withdraw consent – You have the right to withdraw previously given consent to process your personal data.
Your right to object to automated processing – You have the right to object to decisions being made with your data solely based on automated decision making or profiling.
You are not required to pay any charge for exercising your rights. If you make a request, we will respond to you as required under the applicable data protection law.
Please note that we may still use any aggregated and/or anonymized personal data that does not identify any individual, and may also retain and use personal data as necessary to comply with our legal obligations.
How Can I Exercise my Data Protection Rights?
If you are using a Respondus product as a student or staff member of a learning institution that licenses our product:
Your institution is the controller of your personal data, whereas Respondus can only process the data on behalf of the controller. As a processor, Respondus is not permitted to respond directly to data subject requests related to processing of personal data from students. Data subject requests must be directed to the school, university, or business that collects and controls the information via the service provided by Respondus. The terms “controller” and “processor” are from the EU GDPR, but are commonly used and understood. Your jurisdiction may use equivalent terms in their privacy regulations.
Please note that if you are the institution’s Administrator or Authorized Support Contact for an existing license of a Respondus product and you unsubscribe from receiving promotional or marketing communications from us, we will continue to send you transactional or service-related emails.
If you are using a Respondus product where you registered directly with Respondus as a user:
To exercise your applicable data protection rights, please contact us at [email protected].
How we secure, store and retain your data
At Respondus, we take data security and privacy very seriously. We follow generally accepted security standards to store and protect the personal data we collect, both during transmission and once received and stored, including restricting access to your personal data and the use of encryption where appropriate. We participate in compliance programs that validate our security controls.
Personal data described in this Policy is stored in databases hosted in the USA. We will always protect your personal data in accordance with this Policy whenever it is processed. Respondus does not voluntarily or actively transfer or disclose our customers’ personal data to government or law enforcement authorities. In the event of a request from a government or law enforcement authority, we have procedures and controls in place to make sure that such a request is assessed and challenged to confirm its validity.
We keep your personal data to enable your continued use of the products, for as long as it is required in order to fulfill the relevant purposes described in this Privacy Policy, as may be required by law (including for tax and accounting purposes), or as otherwise communicated to you. How long we retain specific personal data varies depending on the purpose for its use, and we will delete your personal data in accordance with applicable law. These might include retention periods:
- mandated by law, contract or similar obligations applicable to our business operations;
- for preserving, resolving, defending or enforcing our legal/contractual rights; or
- as needed to maintain adequate and accurate business and financial records.
Where we process your personal data on the basis of ‘legitimate interests’, we will retain your personal data for so long as the purpose for which it is processed remains active.
Where ‘consent’ is the basis for our lawful processing of your data, we will retain your data so long as both the purpose for which it was collected and your consent are still valid. We will review the status of your consent should the purpose for which the data was collected change and treat non-response to any requests for renewal of consent made by us as if they were your request to withdraw consent. Occasionally, we might identify a legitimate interest in retaining some of your personal data that has been obtained by consent. If we do, we will inform you that we intend to retain it under these conditions and identify the interest specifically.
Whenever possible, information that has been anonymized or aggregated so that it can no longer be used to identify a specific natural person, whether in combination with other information or otherwise, will be used.
If you have any questions about the security or retention of your personal data, you can contact us at [email protected].
Additional Information for SDK Partners
SDK Partners work with Respondus to develop their own integration of LockDown Browser for use with their assessment platform. The above details regarding the collection and use of Personal Data or PII do not apply to the use of LockDown Browser through an SDK Partner integration. Respondus does not receive Personal or Student Data from SDK Partner integrations of LockDown Browser. Any personal data collected or stored resides with the SDK Partner.
Additional Information for Certain Jurisdictions
Please refer to the following links for additional details regarding your privacy rights in the following jurisdictions:
California: California residents have specific rights under the California Consumer Privacy Act (‘CCPA’). For additional information, please refer to the California Resident Privacy Notice, found here.
EU/EEA and UK: If you are a resident of the European Economic Area or the United Kingdom, please refer to the additional information found here.
Changes in our Privacy Policy
We reserve the right to modify this Privacy Policy at any time. If we modify the Privacy Policy, we will post the new version in our Privacy Center. We may include a notice on our home page or any other place that we deem appropriate. If these are material changes, we may notify you via an email address that you provided. Notification will be made at least thirty (30) days prior to the implementation of the changes.
Contact Us
If you have any questions, concerns or complaints about our Privacy Policy, our practices or our Services, you may contact our Data Privacy Officer by email at [email protected].
If you prefer, you can send correspondence to:
Respondus
Attn: Privacy Team
8201 164th Ave NE, Suite 200
Redmond, WA 98052
USA
If you are in the European Union or United Kingdom, you may address privacy-related inquiries to our EU / UK representative pursuant to Article 27 GDPR:
EU:
Writing to – EDPO at Spaces Rio, Calle Manzanares 4, 28005 Madrid, Spain
Online request form – http://edpo.com/gdpr-data-request/
UK:
Writing to – EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom
Online request form – https://edpo.com/uk-gdpr-data-request/
We will respond to requests, inquiries or concerns within thirty (30) days, but probably much sooner than that. If you submit a Data Subject Access Request, we will respond according to the applicable data protection law.
You may also lodge a complaint with the data supervisory authority competent for your country or region, if you feel unsatisfied with our treatment of your personal data.