SKILLS FOR ENGLISH PRIVACY POLICY


Welcome to the Skills for English (“SfE”) Privacy Policy. PSI Services LLC, a Delaware, USA limited liability company, and the PSI Group Companies (collectively “PSI”, “us”, “we”, “our”) provide assessment and talent management solutions and products to a range of private and public sector organisations. The Skills for English test (the “Test”) is provided by PSI and its partners in agreement with Programme Sponsors. For instance, the Skills for English UKVI (SELT) tests are provided in agreement with the UK Home Office who would be the Programme Sponsor for the SELT tests.

PSI takes its obligation to protect your privacy and personal information very seriously. This Privacy Policy (the “Policy”) is aimed at informing candidates as well as any contractors, partners and users of the SfE website (collectively, “you”, “your”) as to how PSI collects, uses, shares and otherwise processes information from our partners, candidates and

users of the SfE website, the candidate account portal (together, the “Sites”) and SfE Test centres, including any personal information or other information from which we can identify you (“Personal Data”) when you visit our Site or Test centres or take the Test. This Policy applies in all regions across the globe in which the Test is provided by PSI and covers the Personal Data of candidates, contractors, partners, users of our Site and services provided to deliver the Test.

At the point of registering for a test, you agree that your Personal Data shall be handled as described in this Policy. If you do not agree to the terms in this Policy, you must request removal of your registration prior to taking a test via the Data Protection Officer. Any disputes related to the Test or use of our Site, is subject to this Policy and our registration terms and conditions, including its applicable limitations on damages and the resolution of disputes or any service-specific terms made available to you when you sign up for the Test. Our registration terms and conditions are incorporated by reference into this Policy. If you have any questions or complaints in relation to this Policy, you may contact our Data Protection Officer at info@skillsforenglish.com.

Joint Controllers

PSI are Joint Data Controller with the relevant Programme Sponsor with regards to Test result data. Therefore, the Programme Sponsor may access your Personal Data via a secure online verification portal for their purposes; such as the UK Home Office accessing the results of UKVI (SELT) if a visa application is made. Any Personal Data provided to a Programme Sponsor will be processed and retained in accordance with their own privacy policies and PSI are not responsible for how the Programme Sponsor process the Personal Data shared with them.

Information We Collect

When you take the Test or visit our Site, we may process the following categories of Personal Data. You can obtain details of the specific categories of information collected by contacting us. Please refer to the Your Legal Rights section below.

  • Identity Information, including, but not limited to first and last name, address, City, region, postcode, phone number, date of birth, email address, nationality, Country of Residence, State/Territory/Province, ID Type, ID Number, nationality on ID, Type of visa application, state identification number, social security number, digital photographs, video, audio and signatures, and optionally ethnicity;
  • Contact Information, including, but not limited to email address, phone number, billing address and delivery address;
  • Financial Information, including, but not limited to bank account, payment card details and candidate payment method confirmation
  • Test and Test Point Information, Test module, Test language, Test country, Test type, Test location, invigilator/interlocutor details, marker, Test results, IP address, responses to Test and resulting reports, including any information on incident management;
  • When strictly required for the purposes of providing the Services, we may also collect the following:
    • Sensitive Information, including age, race, religion, creed, sex, gender identity and expression,
    • Biometric Information, including fingerprint images, facial images and/or Signature;
    • Medical Information, medical information when requesting reasonable adjustment including exam results or examination candidates’ requests for examination accommodations;
    • Accessibility requirements, as provided by you while requesting any special arrangements;
  • Transaction Information, including, but not limited to details about payments to and from you by us and other details about Products and Services you have purchased from us.
  • Technical Information, including, but not limited to internet protocol (IP) addresses, your login information, browser type and version, and operating system and platform information. Information about our use of cookies can be found here: Cookie Policy; and
  • Video monitoring and recording at Test location.

Purposes of Processing

Personal data will be processed to serve and support the:

  • conduct, effectiveness and integrity of examination and certification processes;
  • relationship with candidates;
  • relationship with and performance of employees, contractors and other involved individuals;
  • resolution of any issue arising in relation to examinations; and
  • purposes of crime prevention, public safety and Test supervision

Such processing includes collection, recording, use, storage, transfer of data in accordance with this Privacy Policy.


PSI processes personal data only in accordance with this privacy policy, the contractual obligations arising from an agreement with the Programme Sponsors, applicable law and internal processes and procedures.

We may use your Personal Data for one of the following activities:

  • Provide the Test to you;
  • Provide the Test results and the relevant information to the Programme Sponsor;
  • Safeguard security at the test centres and to protect the integrity of the Test;
  • Keeping accounts and financial records related to any business or other activity carried on by us; and
  • Sending relevant administrative information such as notices related to the Test.

Third Party Disclosures

We do not share your Personal Data with third parties for their own marketing purposes.


We disclose your Personal Data internally, within entities of the PSI Group, and externally, with the Programme Sponsors, and other third parties as set forth below. When we disclose Personal Data, the recipient is required to keep that Personal Data confidential, secure and process the Personal Data only for the specific purpose for which they are engaged:

  • Programme Sponsor: We share your information, including results of your Test, and other information about you with the Programme Sponsors (including the UK Home Office in the case of UKVI SELT test), as required;
  • Processors/Service Providers: We share information with our processors, including PSI Group companies and other third-party providers who provide services to us. A list of our processors can be found at the end of this Policy.
  • Law Enforcement: We may be required to disclose data to law enforcement agencies working on crime in relation to investigations and prevention initiatives.
  • UK Home Office: We may be required to disclose data to the Home Office to ensure the prevention of fraud and corrupt actions and to ensure that any instances or allegations of these are investigated and dealt with effectively, including collusion, imposters, exam cheating or any other activities that affect the integrity of the Skills for English UKVI test.
  • Public Authorities: We may be required to disclose information to public authorities, regulators or governmental bodies, as required by the applicable law or regulation, under a code of practice or conduct, where necessary to facilitate any investigation, or where we believe that disclosure is appropriate to protect our rights and interests or the rights and interests of third parties.

Security Measures

We have put in place various electronic safeguards and managerial processes designed to prevent unauthorised access or disclosure, maintain data integrity, and ensure the appropriate use of Personal Data. We use industry best practices and guidance from sources such as the National Institute of Standards and Technology (“NIST”), National Cyber Security Centre (“NCSC”), Her Majesty’s Government (“HMG”), Government Digital Service (“GDS”), Payment Card Industry (“PCI”), standards from the Center for Internet Security (“CIS”), and International Standards Organization (“ISO”), ISO/IEC 27001:2013 to design and maintain our information security program. We maintain Personal Data, Test data, and licensee updates on secured computers and all Programme Sponsors, Test candidates, and all other accounts are password protected. No such security or safeguards are 100% effective, but we will take commercially reasonable efforts to employ security measures designed to protect the information. No Personal Data is knowingly disclosed to third parties except as described herein. Unfortunately, since data transmission over the internet cannot be completely secure, we cannot ensure or warrant the security of any information transmitted to us.


We limit access to your Personal Data to those employees, agents, contractors, processors and other third parties who have a business need to know and have been security cleared to the UK Home Office standard. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality.


PSI conduct Risk Assessment and Data Privacy Impact Assessment service wide and extends to the Processors that PSI use.


We have procedures put in place to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.


Location and Retention

Personal data will be processed for as long as required:


a) for the provision of the Test related services or

b) by applicable law, regulatory and administrative provisions.


Following the end of such bases for processing, processing of anonymised information will be limited to historical or statistical purposes.


PSI retains your Personal Data for a minimum of five (5) years.


The location of the servers where your Personal Data is stored will be dependent on the specific Services that PSI provide to you (where applicable) and governed by the service you register for with PSI. All Personal Data you shared with PSI will reside in the UK. Please refer to our list of processors for further information on the locations where your Personal Data may be processed by our processors.


We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you or the Programme Sponsors. When Personal Data is no longer required, we carry out secure destruction in accordance with ISO27001 policies.


Unless agreed otherwise, we may use your Personal Data after anonymisation (so that it can no longer be identified as your information) for historical or statistical purposes, in which case we may use this information for a reasonable period of time without further notice to you. We may also use your Personal Data as part of statistical, aggregated data for research purposes in a pseudonymised form, if required and approved by the Programme Sponsors, and shall only be for Personal Data in relation to Test data for candidates who took the Test approved or provided by the approving Programme Sponsor.


International Transfers

We may share your Personal Data within the PSI Group for the purposes stated above. This may involve transferring your information outside the European Economic Area (“EEA”). Whenever we transfer your Personal Data outside of the EEA, we ensure a similar degree of protection is afforded to it by implementing the following safeguards:


Intra-Group Data Sharing Agreement. All relevant PSI Group Companies across the globe have entered into an intra-group data sharing agreement adopting the European Commission’s standard contractual clauses and committing to compliance with the General Data Protection Regulation 2016/679 (“GDPR”).


Other International Transfers. Personal Data may be processed outside your jurisdiction by our processors. Please refer to our list of processors at the end of this Policy and the locations where Personal Data may be processed by our processors. We ensure that our processors offer an adequate level of protection to the Personal Data by entering into appropriate agreements committing them to compliance with GDPR and other applicable laws.


Legal Bases for Processing

We process your Personal Data in accordance with the contract with our Client, the GDPR and the California Consumer Privacy Act (“CCPA”). Based on the specific circumstances, the legal basis for our processing is one of the following:

  • Performance of a Contract. We collect and process Personal Data for the purposes of the performance of a contract with you relating to the provision of the Test.
  • Explicit Consent. In certain cases where required under the law, we process your Personal Data based on your specific and informed consent. For example, where you have opted-in to receive our marketing information, we may use your information to send you news and newsletters, special offers, and promotions, or to otherwise contact you about Products or Services or information we think may interest you.
  • Legitimate Interest. We process Personal Data where it is necessary for our legitimate interests (or those of a third party). This includes activities related to everyday business operations, such as invoice processing, business planning, and handling client service- related queries and complaints, and other activities such as recruitment.
  • Legal Obligation.We process your Personal Data when we need to complywith a legal obligation, meet our on-going regulatory and compliance obligations, including in relation to recording and monitoring communications, disclosures to tax authorities, financial service regulators and other regulatory and governmental bodies, and to investigate security incidents and prevent crime.

Your Legal Rights

Privacy Rights for Data Subjects in the European Union

The GDPR sets forth certain rights to EU residents. PSI is committed to full compliance with the GDPR. If you are a data subject under the GDPR, you have the following rights in relation to your Personal Data.

  • Request access to your Personal Data
  • Request correction of your Personal Data
  • Request erasure of your Personal Data
  • Object to processing of your Personal Data
  • Request restriction of processing of your Personal Data
  • Request transfer of your Personal Data
  • Right to withdraw consent

Privacy Rights for California Citizens

To exercise any of these rights, please submit a request to us by emailing our Data Protection Officer: info@skillsforenglish.com


PSI is committed to full compliance with the CCPA. Any terms defined in the CCPA have the same meaning when used in this section. The CCPA provides California residents with specific rights regarding their Personal Data:

  • Request access to your Personal Data and data portability.
  • Request deletion of your Personal Data.
  • Right to Opt-Out of the Sale of Personal Data.

To exercise any of these rights, please submit a verifiable consumer request by either:

Calling us at: +800 8001 2900

Emailing us at: info@skillsforenglish.com


We will not discriminate against you for exercising any of the foregoing rights under CCPA. You will not have to pay a fee to access your Personal Data or to exercise any of the other rights under CCPA. Only you, or someone legally authorised to act on your behalf, may make a verifiable consumer request. You may only make such a request twice within any 12-month period. Your request must provide sufficient information that allows us to reasonably verify that you are the person about whom we collected Personal Data. As a security measure, we may need to request specific information from you to help us confirm your identity.


We try to respond to all legitimate requests under CCPA within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you.


Personal Data Sales Opt-Out and Opt-In

We may engage in marketing campaigns in order to introduce new products or services. Where required by applicable law, we will only engage in such marketing communications if the individual has opted into these communications. Individuals may opt-out of the processing of their Personal Data by exercising their right to withdraw consent and the right to object to the processing of their information. To opt-out of commercial emails, simply click the link labelled “unsubscribe” at the bottom of any email sent by us. Please note that even if you opt-out of commercial emails, we may still need to contact you with important transactional information about your account or a scheduled exam in order to fulfil a contractual obligation. For example, we will still send assessment confirmations and reminders, information about centre changes and closures, and information about assessment results even if commercial emails have been opted-out (or not opted-in).


Third-Party Links

Our Site may provide links to third-party websites. We have no control over third parties and we assume no responsibility for the availability, content, accuracy or privacy practices of other websites, services or goods that may be linked to, or advertised on, such third- party websites. We suggest that you review the privacy policies and the terms and conditions of the third-party websites to get a better understanding of what, why and how they collect and use any personally identifiable information.


Children

Our Site and Services are not designed to attract anyone under the age of 16 and children under the age of 16 are not permitted to access or use our Site or Services. Candidates between the ages of 16 to 18 years of age should refer to our Minors Testing Policy for Skills for English.


Updates to Privacy Policy

We reserve the right to amend or change this Policy from time to time. We encourage you to visit and review this Policy periodically. We will post our revised Policy on our website and update the revision date below to reflect the date of the changes. By continuing to use our website after we post any such changes or updates, you accept the Policy as modified.


Processors

Third Party Service Providers

PROCESSOR NAME

DESCRIPTION OF SERVICES

PRIVACY POLICY

DATA LOCATION

PSI Services

PSI, its affiliates and their partners (including test centre networks)

Privacy Policy

https://www.psionline.com/en-gb/company/office-locations/ https://skillsforenglish.com/

Amazon Web Services (Amazon Web Services, Inc)

Cloud SaaS, PaaS and IaaS.

https://aws.amazon.com/privacy/

Located in the USA and affiliated companies are located globally. Depending on the scope of our interactions with AWS Offerings, personal data may be stored in or accessed from multiple countries, including the USA, EU and UK.

Amazon Web Services

Hosting of recorded videos and all video processing services

https://aws.amazon.com/privacy/?nc1=f_pr

EU, USA

Avepoint

CRM Backup

https://www.avepoint.com/company/privacy-and-security

UK

Barracuda Networks

Barracuda Networks provide email filtering and quarantine services. Barracuda Networks is certified under both the EU- US and Swiss-U.S Privacy Shield frameworks.

https://www.barracuda.com/company/legal/terms-and-conditions/data-privacy

USA

BrightLink

used for certificant database

https://brightlink.org.uk/brightlink-privacy-policy/

EU, USA

CloudFlare

DDoS mitigation, reverse proxying, WAF, DNS and CDN.

https://www.cloudflare.com/privacypolicy/

EU, USA

Cyxtera

Hosting of website and webservices.

https://www.cyxtera.com/privacy-policy

USA

Datamatics

Business Process Operations

services

https://www.datamatics.com/privacy-policy

Philippines

DynaTrace group of companies (Dynatrace LLC and its subsidiaries)

Logging, analytics and performance management.

https://www.dynatrace.com/company/trust-center/privacy/

Operates globally, as listed: https://www.dynatrace.com/company/locations/

Use of cloud applications hosted by third-party service providers, server locations listed: here: https://www.dynatrace.com/company/trust-center/policies/

Elastic.co

Provides monitoring and log aggregation for our cloud infrastructure which is integrated into our SIEM solution.

https://www.elastic.co/legal/privacy-statement

EU, UK, USA

Ledgeview

Customer Relationship Management service used for ticket and incident handling

https://ledgeviewpartners.com/privacy-policy/

EU, USA

Microsoft

Hosting services, IAAS, PAAS, O365, Data Analytics, Dynamics, Application Monitoring.

https://privacy.microsoft.com/en-gb/privacystatement

EU, UK, USA

MZDev

Provides a Manual Assessment marking solution that integrates with PSI Systems and Services. Human markers are used to mark assessments and upload results.

https://mzdevinc.com/wp-content/uploads/2018/02/MZD_Privacy-Policy.pdf

EU, USA

NetSuite

Netsuite provides services related to business finances, operations and customer relations

https://www.oracle.com/legal/privacy/services-privacy-policy.html

USA

QPSoftware

Website hosting


Hong Kong

Scottish Qualifications

Authority (SQA)

Educational Assessment and Services

https://www.sqa.org.uk/sqa/45396.html

UK

TLS

Test centre network delivery partner.

https://www.tlscontact.com/en/recruit-privacy-notice/

Multiple test centre locations

Trustwave

PENS Testing, Vulnerability Scanning.

https://www.trustwave.com/en-us/legal-documents/privacy-policy/

EU, USA

Veracode

Static and Dynamic Code Scanning.

https://www.veracode.com/legal-privacy

USA

Zendesk

Ticket Tracking system.

https://www.zendesk.com/company/customers-partners/privacy-policy/

EU, UK, USA

PSI Skills for English Footer