Versant Privacy Notice
Effective April 27, 2020
Service Purchased by an Institutional Customer
Legal Basis for Using Personal Information
Protection and Security
Collection and Processing
Data Transmission and Storage
Disclosure and Use
Marketing, Communications and Opting-Out
Retention of Personal Information
Personal Information Rights
Changes to the Policy
This Privacy Notice describes how NCS Pearson, Inc. and its affiliated companies (Pearson) collect, protect, use and share personal information collected and processed through the Versant language skill assessment services (Service).
The Service generally is purchased and used by businesses, government agencies and higher education institutions. This Privacy Notice covers the handling of personal information by Pearson as a data processor when business, government agencies and higher education institutions purchase access to the Service. This Privacy Notice also covers the handling of personal information by Pearson as a data controller when individual consumers purchase access to the Service to take a Versant language skill assessment outside of a corporate, institutional or government setting.
Other Pearson products and websites have their own privacy notices. This Privacy Notice only applies to the Versant skill assessment service.
“Assessment” means a Versant language skill assessment delivered through the Service.
“Customer” means a purchaser of the Service.
“Institutional Customer” means a Customer that is a business, higher educational institution or government agency, body or entity.
“Pearson” means NCS Pearson, Inc.
“Personal Information” means personal information or personal data subject to protect under applicable law.
“Service” means the Versant language skill assessment services, which may be delivered via phone or via mobile app, web or computer (Windows-based) applications or Versant test management platforms.
“Test Administrator” means an individual who, on behalf of an Institutional Customer, manages the assignment of the Assessment to Test Takers and receipt of Assessment results, scores and reports for a Customer or otherwise uses the Service on behalf of an Institutional Customer.
“Test Taker” means an individual who takes an Assessment through the Service.
The business, higher educational institution or government agency, body or entity (Institutional Customer) is the data controller for Personal Information uploaded, accessed, collected or processed through the Service purchased by such Institutional Customer. The Institutional Customer is responsible for ensuring that it has a legal basis to process this Personal Information and, to the extent required by applicable law, secures all required authorization and consents to do so. Pearson only processes such Personal Information as a data processor on behalf of the Institutional Customer.
Where an individual consumer purchases the Service from Pearson, or where we contact an individual in accordance with the Marketing Communications and Opting-Out section of this Privacy Notice, Pearson acts as a data controller. Certain laws require data controllers to explain the legal bases for handling personal information, so we have described these bases here. As a data controller, we may use personal information:
- to enter into or perform a contract (e.g. to provide an individual consumer with access to the Service purchased by that individual); and/or·
- with the consent of the individual (e.g. we may sometimes ask the individual for specific consent to use personal information in a particular way); and/or·
- to comply with our legal obligations (e.g. we might have regulatory obligations to report or share or archive Personal Information); and/or·
- for a variety of business purposes which are in our legitimate business interests as a provider of assessment products and services (e.g. as described in the Marketing Communications and Opting-Out section of this Privacy Notice).
Where we are handling Personal Information on behalf of an Institutional Customer, the Institutional Customer is the data controller and will establish the legal basis for handling the Test Taker’s Personal Information. Test Takers should direct any questions to the Institutional Customer that scheduled their Assessment and provided them with access to the Service.
Pearson maintains appropriate physical, administrative, technical and organizational measures to protect personal information from unauthorized or unlawful access, use, disclosure or processing of personal information, as well as against accidental loss, theft, destruction of, or damage to, personal information.
Pearson collects and processes data in order to provide the Service. This data may include Personal Information. Pearson collects information when the Customer, Test Administrator or Test Taker discloses Personal Information through purchasing and registering to the use the Service, scheduling assessments, taking assessments, contacting Pearson (either online or offline) or otherwise using the Service. In addition, the Service may collect information through a Customer, Test Administrator or Test Taker’s interaction with the Service, Pearson’s website, mobile application or email communications.
Payment Data. If the Service is purchased online, payment data submitted by the Customer will be used and disclosed to the Customer’s financial institution and Pearson’s payment processor for the purpose of processing payment for the Service ordered.
Account Data. Pearson collects and processes account data to set up, maintain and enable a Customer and its Test Administrator to obtain and assign Assessment codes and receive Assessment results and score reports. Account data may include a Customer or Test Administrator’s name, organization, email address, user name and password.
Rostering Data. The Test Administrator, on behalf of the Customer, may choose, on an optional basis, to upload first name, last name, email address or an alternative ID for a Test Taker into a roster to facilitate assigning Assessments and tracking Assessment results.
Assessment Data. Assessment data may include the Test Taker’s first name and last name*; city*; country*; gender*; year of birth*; native language*; Assessment responses and answers (which may be spoken and audio recorded or, in certain cases, written); Assessment score, report and recommendations and the Assessment code assigned to, and used by, the Test Taker to take an Assessment.*
Optional Data: The following Test Taker information is not required by Pearson, but may be required by a Customer: name*; country*; gender*; year of birth*; or native language.* City information is required for the phone version of the Service, but is optional for all other versions. In lieu of a name, a Customer may assign an alternative ID for a Test Taker.
Online Proctoring. If an Institutional Customer schedules an Assessment with Online Proctoring, the Test Taker will be monitored in real time during the testing session and an audio and video recording of the Test Taker’s face, voice, desk and workspace will be made through the Test Taker’s computer, webcam and microphone. In addition, images of the Test Taker and their identification documents may be collected and used for identity verification and authentication, to prevent fraud and cheating, for test security and to maintain the integrity of the Assessment and the Assessment process. For additional information, please see the Online Proctoring section of this Privacy Notice.
Application and System Logs. Application and system logs are critical to ensuring the availability and security of the Service. Pearson collects log data to monitor the health of the Service, detect unauthorized access, cheating and fraudulent activity, prevent and respond to security incidents and appropriately scale the computing resources for the Service.
Do Not Track. Do Not Track (DNT) is a proposed mechanism for allowing website visitors to control the collection of certain usage data. Although there has been research into the development of a standard to support the use of DNT signals, there is no adopted standard to follow. The Service does not currently respond to Do Not Track signals.
If an Institutional Customer schedules an Assessment with online proctoring, the Test Taker will be monitored over the Internet through the Test Taker’s computer, webcam and microphone. Online proctoring means that the Test Taker will log on to a test platform through the Internet to take the Assessment and will be monitored during their entire testing session in real-time so that the Test Taker’s face, voice, desk and workspace will be captured and a video recording will be made for the purposes of test security and the integrity of the testing process. The Test Taker must monitor their online proctored testing environment to make sure that only the Test Taker will be recorded during the testing session and that no one else will be physically in the room where the Test Taker is testing and that no one speaks to the Test Taker during the testing session.
If the Institutional Customer specifies, the Test Taker may be required to check-in by uploading their photo and sharing identification documents (IDs) on camera. Images of these IDs may be used for identity verification and authentication.
Due to the global nature of Pearson’s business and this Service, Personal Information may be transmitted, stored and processed in a country other than the one in which a Customer, Test Administrator or Test Taker resides. The computer servers for the Service are currently based in the United States and Ireland.
We take appropriate steps to ensure that Personal Information is provided the same level of protection as described in this Privacy Notice. For example, we have entered into an intercompany data processing agreement using the European Commission standard contractual clauses (in the absence of an adequacy decision) for data transfers to Pearson group companies located outside of the United Kingdom (UK) and the European Economic Area (EEA); and we rely on adequacy decisions or adequate data transfer mechanisms adopted by the European Commission or a supervisory authority from time to time for transfers of personal information to third parties located in countries outside of the UK or EEA.
Delivery of the Service. Pearson processes and uses Personal Information in order to deliver the Service. In delivering the Service, Pearson provides and discloses Personal Information of a Test Taker to the Customer who assigned the Assessment and Test Administrators of the Service for such Customer.
No Sale of Personal Information for Monetary Consideration. Pearson does not sell or rent Personal Information for monetary consideration.
Contact details for Test Administrators, Test Takers or Customers may be used for these purposes:
- to contact the Test Administrator, Test Taker or Customer with more information about our products and services and those of our group companies, except where such Test Administrator, Test Taker or Customer has told us not to do so;
- to invite participation in online surveys.
Participation in surveys is entirely voluntary. Test Administrators, Test Takers and Customers may unsubscribe from being contacted for these purposes at any time. Survey information will be used for market research with the aim of improving the Service.
We will not send marketing emails to anyone who has opted out of receiving them. Any marketing communications we send will include an unsubscribe link at the end of the email. While the Service is not intended for individuals under the age of 16, we will not knowingly send marketing to any individual under the age of 16.
Pearson will retain personal information only for as long as reasonably necessary to fulfil the purposes for which Pearson processes Personal Information, unless the law permits or requires longer retention. For example, we may need to keep Personal Information for quality assurance of the Service, to comply with contractual obligations or to defend future legal claims.
If a Test Taker’s access to the Service was provided by an Institutional Customer, then the Test Taker should address any such request to the Institutional Customer.
Individual consumers who purchased the Service from Pearson should address their request to Pearson as follows:
In the United States: using one of the contact methods explained on this Pearson Rights Request page.
In all other areas: by contacting us at firstname.lastname@example.org or by writing to the Data Privacy Office, Pearson, 80 Strand, London WC2R 0RL United Kingdom.
We will consider and act upon any request in accordance with applicable data protection laws.
If an individual purchased the Service from Pearson, they may have the right to complain to the Information Commissioner (if they are in the UK), or to their local data protection supervisory authority, if they are unhappy with our privacy practices set forth in this Privacy Notice.
California residents should read our Supplemental Privacy Statement for California Residents in conjunction with this Digital Services Privacy Notice. The Supplemental Privacy Statement for California Residents explains Pearson’s commitment to comply with California law and applies to personal information of California residents collected through the Service.
Cookies. Cookies are small text files that a web server places on a computer or mobile device. Cookies contain information that can later be read by the web server that originally placed the cookie on the computer or mobile device. Cookies that may be used in connection with the Service include:
Strictly Necessary Cookies. These cookies are essential for use of the Service, such as accessing an Assessment and secure areas of the Service. Without these cookies, the Service cannot be provided.
Functionality Cookies. These cookies enable the Service to remember choices made and options selected in order to provide enhanced, more personal features. For example, these cookies can be used to remember changes made to text size. They may also be used to provide the specific functionality requested.
Advertising Cookies. The Service does not enable advertising cookies.