Questionmark's privacy policy | Questionmark

Questionmark's privacy policy

Last updated: September 2016

Questionmark takes the privacy of all its stakeholders seriously and understands that assessment data is private and use of it needs to follow data protection principles.

Except where specified otherwise, this privacy policy applies to all companies in the Questionmark group including Questionmark Computing Limited and Questionmark Corporation, herein "Questionmark".

Cross Border Transfers

Questionmark has contractual agreements in place with its relevant suppliers incorporating the EU Standard Contractual Clauses, in regards to the transfer and processing of personal information from European Union (“EU”) member states and Switzerland.

EU-U.S. Privacy Shield

Questionmark Corporation complies with the EU-U.S. Privacy Shield framework in respect of the collection, processing and retention of personal information transferred from the EU to the United States including as part of certain of our services in which we act as a data processor. More information on the EU-U.S. Privacy Shield framework, and the EU-U.S. Privacy Shield framework list, can be found here: https://www.privacyshield.gov/.

Questionmark Corporation adheres to the principles of the EU-U.S. Privacy Shield framework in respect of any personal information it receives from the EU. The EU-U.S. Privacy Shield framework principles describe and explain Questionmark Corporation’s responsibility for personal information within the scope of the EU-U.S. Privacy Shield framework, including liability for processing of such personal information by third party agents on behalf of Questionmark Corporation and unless Questionmark Corporation can prove it is not responsible for harm caused by processing that is not consistent with the EU-U.S. Privacy Shield framework principles. Any conflict between this privacy policy and the EU-U.S. Privacy Shield framework principles in respect of personal information received by Questionmark Corporation from the EU shall be resolved in favor of the latter. Questionmark Corporation is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission in respect of personal information within the scope of the EU-U.S. Privacy Shield framework. Questionmark Corporation commits to cooperating with the EU Data Protection Authorities in conformance with the EU-U.S. Privacy Shield framework and will comply with any advice given by such authorities.

Information we collect on our website

When you register for Questionmark Communities or purchase services on our website, you enter various information including name and contact details. You can also set a profile with information that you choose to disclose. Questionmark also collects and may analyze information including the internet protocol (IP) address used to connect your computer to the Internet; login; email address; password; computer and connection information such as browser type and version, operating system, platform, and purchase data. Questionmark also records information about your interaction with Questionmark systems and personnel. Questionmark also uses cookies to allow you to stay logged into the site, to make the website experience more useful and to gather general information about site use.

Questionmark uses this information for its internal business purposes. Depending on the settings you make within your Questionmark Communities profile, some of this information may also be visible to other website users. You are responsible for maintaining your profile information to ensure that your email address isn't disclosed when you use the message forums.

Should you use a credit card to make a payment on this site, Questionmark does not retain a copy of the full credit card number and only retains a reference to the number which is held in full by a secure credit card handling service.

You can always choose not to provide information, even though it might be needed to make a purchase or to take advantage of Questionmark Communities. If you choose not to provide essential information you might not be able to make an online purchase or use Questionmark Communities. If you are a member of Questionmark Communities, you will receive periodic email newsletters from Questionmark to assist you in learning about assessment technologies. If you do not want to receive email or other mail from us, please follow the unsubscribe instructions at the bottom of the email or newsletter you received (this method is the quickest way to expedite your unsubscribe request).  Alternatively you may submit a request via www.questionmark.com/unsubscribe, by sending an email to unsubscribe@questionmark.com or by contacting your account manager. 

In compliance with the U.S. CAN-SPAM Act of 2003, Questionmark maintains an opt-out list of email addresses (also known as a "suppression list"). This list of addresses may be provided to contractors conducting email broadcasts on Questionmark's behalf, but only for the express purpose of suppressing these addresses from promotional email broadcasts conducted on Questionmark's behalf.

Information we collect when you take an assessment on our servers

An assessment may consist of a quiz, survey, test, exam or other kind of assessment. Questionmark provides assessment services as a service provider to assessment sponsors. The assessment sponsor is the company or organization that offers the assessment for delivery from Questionmark’s servers.

When you take an assessment on Questionmark's servers, assessment sponsors may collect or receive personal information through our service on candidates including names and demographic and other information. The assessment sponsor decides what information they ask for and collect. We also automatically record the IP address and other similar information about the computer used to take the assessment. When an assessment is administered to you by or on behalf of the assessment sponsor, we collect and may score your responses and derive an assessment score, and the assessment sponsor may use this data collected to generate reports about your results. Providing personal data is voluntary, but usually necessary if you wish to take the assessment. Questionmark software also uses cookies to make your experience with the software useful.

When you use Questionmark software to author or administer assessments, personal information can also be recorded and is treated in the same way as information for people taking assessments.

Certain assessments may be administered through independent testing centers. These centers may have their own privacy policies. If you have any questions or concerns about an independent testing center's collection or use of any of your personal information, please talk to the independent testing center directly.

By taking or authoring an assessment on our servers, you give your consent for your personal information to be transmitted by Questionmark to the assessment sponsor. We require all assessment sponsors to comply with all applicable privacy and data protection laws, including the European Union’s data protection directive, when using Questionmark’s services. The collection, use and further disclosure of your personal information by the assessment sponsor are subject to such assessment sponsor’s own privacy policies.

Disclosing information to others

Questionmark does not sell or rent personal information (including your email address) it collects to others; however, it may disclose personally identifiable information in the following situations and where applicable in compliance with and limited by the requirements of the EU-U.S. Privacy Shield framework or European Union data protection law: (a) in response to a subpoena, court order or legal process, to the extent permitted and required by law; (b) to protect your security or the security of other persons including for national security or law enforcement purposes, consistent with applicable law; (c) in connection with a sale, joint venture or other transfer of some or all of the assets of Questionmark companies, in which event Questionmark shall use reasonable efforts to try to require that the acquirer use personal information in a manner consistent with this privacy policy (d) to companies in the Questionmark group and a limited number of organizations or individuals who are working as our contractors or agents and who are committed and obliged to protect your privacy in a manner consistent with this privacy policy, including where applicable the EU-U.S. Privacy Shield framework. These organizations and individuals assist us in providing services to customers, including the provision of data storage services, CRM, technical support and consulting or other services, and may access, store or process personal information when providing services to Questionmark (e) when you request it, for instance if you have asked us to do this as part of an effort to connect you with experts who can help you. By registering for an assessment through us, you give your consent for your personal information to be transmitted in the situations outlined above.

Aggregation and quality assurance use

Questionmark may from time to time use assessment or website data collected for internal quality assurance purposes, for instance to ensure that new releases of software behave as expected. Questionmark has a formal data security policy that keeps track of any such data and ensures that it is not misused.

Questionmark may also statistically aggregate data in non-person specific form, use this data and pass this to assessment sponsors. This may be used for operations management, quality control, security and marketing purposes and to improve the quality of our future products and services.

By using our site or taking assessments, you give consent for such use.

How we protect your information

To prevent unauthorized access, maintain data accuracy, ensure the appropriate use of information and protect against the loss, misuse or alteration of information under our control, we have put in place appropriate physical, electronic and managerial procedures to protect the information we collect through our website. Questionmark maintains a formal, internal data security policy that is regularly reviewed and audited and which all employees are trained on.

Access

You may request access to your personal information in order to review, correct or delete any personal information Questionmark retains about you by

  • sending an email request to privacy@questionmark.com
  • or mailing a request, via regular mail, postage pre-paid in the US to Privacy Officer, Questionmark Corporation, 35 Nutmeg Drive, Suite 330, Trumbull, CT 06611 or in other countries to Privacy Officer, Questionmark Computing Ltd, 30 Coleman Street, London EC2R 5AL United Kingdom.

In your request, please clearly state what personal information you would like to have access to. EU individuals have rights to access personal information stored about them and to limit its use and disclosure. Questionmark shall address such requests in accordance with applicable data protection laws and where applicable in accordance with the EU-U.S. Privacy Shield framework principles. Questionmark’s customers store personal information within our systems and therefore if you want to receive access to, limit the use of, or limit disclosure of, your personal information received by Questionmark, please provide us with the name of our customer that submitted your personal information to our systems. We will then pass your request to our relevant customer and provide them with reasonable assistance in responding.

Questionmark will undertake reasonable good faith efforts to provide you with the personal information it retains about you in accordance with applicable data protection law and the EU-U.S. Privacy Shield framework.

Questionmark retains personal information in our service for as long as is necessary to provide its services, which includes prudent, limited duration archive retention, for compliance with legal obligations, to enforce our rights under agreements and as permitted under applicable data protection law, including where relevant subject to the requirements of the EU-U.S. Privacy Shield framework.
Information from children

This website and our assessment delivery services are not directed to children or anyone under the age of thirteen (13). Under its standard services, Questionmark will not knowingly collect, maintain or use any personally identifiable information about anyone under the age of thirteen (13). Should a project undertaken by an assessment sponsor cover assessment of children, additional privacy measures in addition to those in this policy will be agreed with the sponsor.

If you are a parent or guardian and believe that your child has provided Questionmark with personal information, you may contact us at privacy@questionmark.com if you would like this information deleted from Questionmark’s records. We will use reasonable efforts to delete your child’s information from our databases.

Transmission of information

Data collected and received by us may be transmitted to the United States and other countries. The internet is a global environment. By using this website and sending information to us electronically, you consent to international transmission of any data that you may choose to supply us. Information transmissions to this site and emails sent to us may not be secure. Although Questionmark uses reasonable security measures, due to the inherent nature of the internet, all internet transmissions are done at the user's own risk.

Links to other websites

This site and our assessments may contain links to other websites on the Internet that are not operated by Questionmark. For the avoidance of doubt, this privacy policy covers only the Questionmark site and servers and not other websites or systems, even if linked to from Questionmark’s site.

Changes to this privacy policy

From time to time, we may need to update this privacy policy. We reserve the right to do so by updating this privacy policy which will be pointed to from our website. When the changes are material, we will also inform you of any changes in our newsletter. We stand behind the promises we make, and unless required by law will never materially change our policies and practices to make them less protective of customer information collected in the past without the consent of affected customers. We encourage you to review this privacy policy periodically for any changes or updates.

Enforcement

Questionmark is committed to working with individuals to obtain a fair resolution to any complaints or disputes about privacy and personal information. Questionmark carries out periodic self-assessments to verify that its privacy policy and practices are implemented as provided for herein and will take such actions as may be required to address any compliance failures, including with reference to the requirements of the EU-U.S. Privacy Shield framework. Please contact us if you have any questions or concerns regarding this privacy policy or our practices. Questionmark’s commitment to privacy is demonstrated and documented by our adherence to applicable laws, by our execution of the E.U. Standard Contractual Clauses with relevant third parties and by our voluntary adherence to the EU-U.S. Privacy Shield framework. Any questions, complaints or concerns about this privacy policy should be sent to privacy@questionmark.com or via regular mail, postage prepaid, addressed in the US to Privacy Officer, Questionmark Corporation, 35 Nutmeg Drive, Suite 330, Trumbull, CT 06611 or in other countries to Privacy Officer, Questionmark Computing Limited, 30 Coleman Street, London EC2R 5AL, United Kingdom. We will respond to your concerns within the scope of the EU-U.S. Privacy Shield framework within 45 days or sooner if required by applicable law.

For information collected regarding residents of EU member states and Switzerland, Questionmark agrees to cooperate with the data protection authorities located in the EU member states and Switzerland in resolving any individual complaints or disputes with regard to this privacy policy, applicable EU data protection law and Switzerland’s applicable data privacy laws. Individuals in respect of which personal information has been transferred to the United States from the EU may report privacy complaints to their local Data Protection Authority, including if Questionmark fails to respond within the timescales referred to in this privacy policy or if our response does not address your concerns.

In respect of personal information within the scope of the EU-U.S. Privacy Shield framework, under certain circumstances described therein you may have the right to initiate binding arbitration relating to this privacy policy or Questionmark Corporation’s relevant practices once other dispute resolution mechanisms have been exhausted.

How to contact us

If you have any questions or concerns about this privacy policy or how we have handled your personal data, please contact us at privacy@questionmark.com. If you are unable to satisfactorily deal with your concerns, you should contact the bodies referred to above.