Effective Date: August 25, 2020
1. Introduction
At Tomax Technologies Ltd. (“Tomax” or “we”), we are committed to your privacy, and we comply with all applicable privacy laws and regulations, including the General Data Protection Regulation (EU 2016/679) (“GDPR”), U.S Family Educational Rights and Privacy Act (“FERPA”), and any other EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. Tomax does not sell your personal data, and except for disclosures reasonably necessary for the purposes identified under this Privacy Notice, Tomax will not otherwise disclose your personal data to any other third parties
This Privacy Notice of Tomax (the “Privacy Notice”) sets forth our policies with respect to information including personal data. This Privacy Notice is incorporated into and is subject to Tomax’s Terms of Use (“Terms”). All capitalized terms used herein and not otherwise defined in this Privacy Notice shall have the meanings ascribed to them in the Terms.
2. Who We Are?
Tomax digitizes assessment processes (including exams)(“Assessment Process” or “Exams”) for schools, educational institutions, corporations and governments (“Customers”). On behalf of our Customers, we collect some necessary data through the websites hosted on the domain at tomax.io as well as through our web-based applications and locally-installed applications, only for the purpose of insuring the integrity of the Assessment Process and the Exams.
3. Collection of Information
For the purpose of providing its web-based services (“Services”), Tomax may collect, store, and use some of the following data only for the purpose of insuring the integrity of the Assessment Process:
- Registration – All the information that you provide in the process of registering a user account with Tomax, subscribing to Tomax’s Services and/or email notifications, or using Tomax’s software to take an online Assessment Process where remote proctoring is used.
- Pre- Assessment Process Identity Checking – before you start an Assessment Process, we will match the facial image of the person in front of the camera with an approved form of picture ID. This is to ensure that the person in front of the camera is the person that is registered to complete the Assessment Process. You may be required to enter certain data into Tomax’s software including your name, student or registrant identification number, phone number, email address, answers and any other assessment content.
- Assessment Process Session – while administering the examination process, we automatically collect information relating to exam takers as part of our contractual obligation to ensure examination integrity. The information collected may include anything that can and will be captured by your device’s camera, microphone or whatever is shown on the device screen. This data is stored in audio video recordings which are associated with a unique candidate and session ID. Additional information that may be collected, only to ensure examination integrity.
- We may also collect information such as IP address, operating system, browser type, etc. to improve your online experience.
Upon signing up for Tomax Services, through our website as well as through our web-based applications, you acknowledge that you have read, understood, and agreed to be bound by the terms of the Privacy Notice. If you do not accept the Terms and/or the Privacy Notice, you are not authorized to use the Services of Tomax. All the relevant data generated on behalf of your institution shall be subject to the applicable policy of your institution, and any issue that you may have in this respect, should be resolved between you and your institution.
4. Data Processor and Data Controller of the Collected Information
Tomax generally collects personal data on behalf of its Customers, for purposes of providing Exam-related Services to those Customers. In such cases, the Customer will be the “Data Controller” of the applicable personal data and Tomax is the “Data Processor,” as those terms are used and defined under GDPR and any other applicable data and privacy laws. In its role as a Data Processor, Tomax only processes personal data in accordance with the applicable contract for purposes of providing its Exam-related Services to its Customers.
5. Use and Sharing of Personal Data
Before you take an online Assessment Process, you will have to sign a legal consent that you accept all the terms of such online Assessment Process, under the policy of your educational institution, and in accordance with this Privacy Notice.
Where you take an online Assessment Process, we shall monitor you remotely while you participate in the Assessment Process session. The video and audio recordings are only used if there is a legitimate suspicion of cheating and the data is only stored by us. Only authorized persons of your educational institution may at any time, review the recordings if we have any concerns about the integrity of the Assessment Process session or if concerns are raised by our Customer.
We may disclose information, including the video and audio recording of your Assessment Process session, which includes special category data, to our Customer (i.e. your institution) for the purpose of verifying that you were the person taking the online Assessment Process and to check that no Assessment Process protocols were violated. For information on how your institution may collect and use any personal data they collect about you, please review the institution’s own privacy policy.
According to the applicable policy of your institution, all recordings shall be deleted, unless there is an ongoing investigation into any recording.
6. Use of Cookies
Tomax may use a software technology called “cookies”, which are small text files placed in users’ computer browsers to track the patterns of the users’ behavior at the relevant website and web-based applications. As a result, it is possible to speed up your future activities at these websites and allow Tomax to provide you with a personalized browsing experience.
Cookies, by themselves, do not provide your personally identifiable information, unless you specifically choose to provide this information. You can choose to accept or decline cookies by modifying your browser settings. If you choose to decline cookies, this may prevent you from taking full advantage of the websites’ features and content.
7. Security of Your Personal Data
Tomax takes reasonable precautions to protect your personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction.
Tomax is ISO 9001/27001/17 certified and it also uses Amazon Web Services (AWS), with all the relevant protections of AWS to protect your personal data.
8. Your Choices and Rights over your Information
In many cases you should contact directly your institution or the Assessment Process administrator to exercise any applicable privacy rights. If you contact us, we may remove or update your information within a reasonable time and after providing a notice to the institution of your request.
You may receive access to your personal data and correct, amend or delete inaccurate information or information that has been processed in violation of the EU-U.S. Privacy Shield or U.S. Swiss Privacy Shield’s Principles, except where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of other persons would be violated. To exercise this right, please contact us by e-mail at the address sets forth at the end of this Privacy Notice. At all cases, the consent of the “Data Controller” of the information shall be required.
In some cases, you may be able to object to the processing of our data or restrict its use under any applicable law. In this case, you may be able to request that we delete or erase some of your personal data, in cases when the data is wrong or it is no longer needed for Assessment Process administration.
California residents who provide personal data in obtaining products or services for personal, family, or household use are entitled to request once a calendar year some information under California law.
9. Children’s Online Privacy
Tomax and its Services are generally not directed for individuals under the age of eighteen (18), and Tomax requests that such individuals do not provide personally identifying information through Tomax website and any of its web-based applications.
In the case of a Customer with students under the age of 18, any such student under the age of 18 must review the Terms and the Privacy Notice with his/her parent(s) or legal guardian(s) to ensure that both the student and the parent(s) or legal guardian(s) understand and accept both the Terms and the Privacy Notice. .
10. Privacy Complaints
In compliance with all the relevant privacy laws, Tomax commits to resolve complaints regarding our collection or use of your personal data. If you have any complaints about our use of your personal data, please contact us at the email address as set out at the end of this Privacy Notice.
Individuals with inquiries or complaints regarding our Privacy Notice should first contact our Data Protection Officer at the email address as set out at the end of this Privacy Notice.
Residents of the European Union, have also the right to file a complaint with their local European Data Protection Authority. You may find a list with your local European Data Protection Authority contact details at http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm
11. Changes to our Privacy Notice
Tomax may occasionally update this Privacy Notice. When it does, Tomax will also update the effective date of this Privacy Notice, and the changes will become immediately effective once they are posted at our website. Tomax encourages you to periodically review this Privacy Notice to stay informed about our collection, use, and disclosure of personal data. Tomax reserves the right, at its own discretion, to change, modify, add, or remove portions of the Privacy Notice at its website, at any time.
12. Contact Us
Should you have any questions or concerns regarding our Privacy Notice,
please send us an email with your concerns to: privacy@tomax.io
Our Data Protection Officer (DPO) can be reached at the email address: privacy@tomax.io
