Testlify data privacy framework policy

Affirmative commitment to compliance

Testlify, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Testlify, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Testlify, Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov.

Dispute resolution and recourse

In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Testlify, Inc. commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

Contacting Testlify, Inc.

In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Testlify, Inc. commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Testlify, Inc. at:

Testlify INC
651 N Broad St, Suite 201, Middletown, DE, 19709
[email protected]

Disclosure to third parties

Testlify, Inc. may disclose Personal Data to the following types of third parties and for the following purposes:

Service providers:

We may engage third-party service providers to perform functions and provide services to us. These service providers may have access to Personal Data needed to perform their functions but are not permitted to share or use such information for any other purposes.

Business partners:

We may share Personal Data with our business partners when it is necessary to provide a product or service you have requested.

Individual rights

Right to access:

You have the right to access your Personal Data held by Testlify, Inc. To exercise this right, please contact us.

Choice and limitations:

Testlify, Inc. provides individuals with choices for limiting the use and disclosure of their Personal Data.

Federal trade commission (FTC) oversight

Testlify, Inc. is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Binding arbitration

Under certain conditions, individuals have the possibility to invoke binding arbitration as set forth in Annex I of the DPF Principles. Testlify, Inc. is obligated to arbitrate claims and follow the terms as set forth in Annex I of the DPF Principles, provided that an individual has invoked binding arbitration by delivering notice to Testlify, Inc. and following the procedures and subject to conditions set forth in Annex I of the Principles.

Lawful requests by public authorities

Testlify, Inc. may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Liability in onward transfers

In cases of onward transfers to third parties, Testlify, Inc. acknowledges its responsibility and liability in accordance with applicable data protection laws.

Definitions

Personal data

Information related to an identified or identifiable individual, such as names, email addresses, employment history, and assessment responses.

Sensitive data

Special categories of Personal Data like gender and nationality, collected only with explicit opt-in consent.

Processing

Any operation performed on Personal Data, including collection, recording, organization, storage, adaptation, or alteration.

Cookies and tracking technologies

We use cookies and may collect IP addresses to enhance user experience. For more details, please review our Cookies Policy.

Data transfer and storage

International data transfers

Data may be transferred internationally, utilizing Standard Contractual Clauses (“SCCs”) for transfers to the EU/EEA, to ensure an equivalent level of data protection.

Security measures

We implement robust security measures, such as encryption, to protect Personal Data from unauthorized access, disclosure, alteration, or destruction. More information is available on our Security Measures page.

User rights

Data portability

You can request a copy of your Personal Data in a structured, commonly used, machine-readable format by contacting us.

Opt-out policy

You have the option to opt out of specific data collection and usage practices. Instructions are provided in our Opt-Out Policy.

Access requests

You can access the Personal Data we hold about you by contacting us. We’ll provide details on the process and expected response time.

Third-party links

Our website may contain links to third-party sites. We are not responsible for their privacy practices. Always review the privacy policies of external sites.

Data retention

Data is retained for its intended purpose or as required by law. For specific concerns about data retention, please contact us.

Children’s privacy

We do not knowingly collect or solicit Personal Data from individuals under 18. If such data is discovered, it will be promptly deleted.

Enforcement and verification

The U.S. Federal Trade Commission oversees our compliance with data privacy laws. For more information, visit our Security Practices page.

Dispute resolution

For data privacy disputes, we offer an independent recourse mechanism in line with EU-U.S. DPF guidelines.

Data protection officer

We’ve designated a Data Protection Officer (DPO) to oversee our data protection strategy. For inquiries, please contact our DPO.

Subprocessors

Third parties, known as subprocessors, are utilized for specific functions and services. You can find a list of these subprocessors and their roles on our Data Management page.

Data breach notification

In the event of a data breach involving Personal Data, affected individuals and authorities will be notified within 72 hours, as required by law.

Employee data

Details on the collection and processing of employee data are covered in our Employee Data Policy.

Consent records

Records of obtained consent for data processing are securely stored, as required by law.

California consumer privacy act (CCPA)

We comply with the CCPA, granting California residents additional rights, such as the right to know, delete, and opt-out of the sale of personal information. For more details, see our CCPA Compliance page.

Complaints

To address concerns about data handling, you can lodge a complaint with the relevant regulatory authority or use our independent recourse mechanism. More details are available on our Security Practices page.

Changes to this policy

We review this policy annually and will notify you of changes via email or website notifications.

Governing law

This policy is governed by U.S. federal law.

User responsibilities

Users are responsible for maintaining the confidentiality of their login information and are obligated to immediately report any unauthorized account activity.

Exclusions

This policy does not cover data that has been anonymized and can no longer identify an individual.

Audit rights

We may conduct audits to ensure compliance with this policy.

Severability

If any part of this policy is deemed unlawful, the remaining parts will continue to be in effect.

Disclaimers

Use our services at your own risk; internet transmissions are never completely secure.

Contact us

For questions or concerns, please contact us at:

Testlify INC
651 N Broad St, Suite 201, Middletown, DE, 19709
[email protected]