Solutions
AI proctoring
Auto proctoring
Live proctoring
Industries
Corporate certification
HR training
Pre-employment
Professional certification
Higher education
Language exams
Olympiad exams
Test platforms
LMS integration
Brightspace D2L
iSpring Learn
LearnWorlds
Moodle
Open edX
Sakai
Blackboard
Resources
DocumentationGlossaryFor test takersChangelog
About
BlogCase studiesContacts
Try proctoring
Policies
/

Our commitment to ensure transparency and comply with GDPR

What should you know about GDPR?

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world which stands for the data privacy. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, as long as they target or collect data related to people in the EU. The aim of this page is to help our customers comply with the GDPR and educate test-takers about their rights.

Where do we stand?

The two main roles described in GDPR are data processor and data controller. GDPR defines data controllers as an entity that determines the purposes for which and the means by which personal data is processed. The data processor processes personal data only on behalf of the data controller as per the requirements of the data controller.

OctoProctor acts as a data processor

OctoProctor acts as a data processor and processes data on behalf of its clients/organizations who act as data controllers. The data controllers specify the kind of data required from the data subject (test-taker) and OctoProctor collects the specified data before or during the assessment and then processing it as per data controller's instructions

We are committed to privacy and data protection

Privacy and data protection are of the utmost importance to us and we take steps to protect personal data in accordance with global data protection laws.

From our website visitors, to professors and test-takers, we aim to provide all of our users with clear explanations about the information we collect, how that information is used, the contexts in which it may be shared, and provide all other disclosures and rights available under applicable privacy laws.

Visit OctoProctor Trust Center to learn about our security posture and request access to our security documentation.

What we do to comply with GDPR

A few of the steps that we undertake to achieve the compliance:

We monitor GDPR and update data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws. OctoProctor takes reasonable measures and precautions to protect and secure the personal data that we process. We have robust information security procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction.
We review all processing activities to identify the legal basis for processing and ensuring that each basis is appropriate for the related activity. Where applicable, we also maintain records of our processing activities, ensuring that our obligations under Article 30 of GDPR and Schedule 1 of the Data Protection Bill are met.
We meet the 'data minimization' and 'storage limitation' principles. Personal information is stored, archived and destroyed compliantly and ethically. We have a Privacy policy which provide all individuals whose personal information we process information about why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information. Where we obtain and process any special category information, we do so in compliance with the Article 9 requirements.
Processor Agreements – where we use any third-party to process personal information on our behalf (i.e. Payroll, Recruitment, Hosting, etc.), we have drafted compliant Processor Agreements and due diligence procedures for ensuring that they (as well as we), meet and understand their/our GDPR obligations. These measures include initial and ongoing reviews of the service provided, the necessity of the processing activity, the technical and organizational measures in place and compliance with GDPR. Where we obtain and process any special category information, we do so in compliance with the Article 9 requirements or the Data Protection Bill Schedule 1 condition and have high-level encryptions and protections on all such data.
We have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time. Our procedures are robust and disseminated to all employees, making them aware of the reporting lines and steps to follow.
We have a designated Data Privacy Officer who monitors compliance with the General Data Protection Regulation, with other European Union or Member State data protection law, and with the policies of OctoProctor in relation to the protection of personal data.

Feedback

Our Data Proctection team will be happy to answer your questions or receive feedback. Please let us know if you encounter any issues:

Phone: +1 302 883-888-5

E-mail: info@octoproctor.com

FAQ on GDPR

What security measures do we take to protect personal data?

We maintain security at the infrastructure level by vetting each provider we use and ensure that every point of connection between providers is correctly initiated and consistently maintained.5. Backing up data ensures that no single system failure will damage the security. So we take it seriously and have weekly backups which are created on a daily basis (overnight backups for the last seven days).

  • We maintain security at the infrastructure level by vetting each provider we use and ensure that every point of connection between providers is correctly initiated and consistently maintained.5. Backing up data ensures that no single system failure will damage the security. So we take it seriously and have weekly backups which are created on a daily basis (overnight backups for the last seven days).
  • We ensure network security by using the transmission TLS/1.3 (HTTPS) and DTLS (WebRTC).
  • We do not utilize any third party applications. Our software is completely homemade meaning that the risk of data breach is decreased.
  • Our development and legal teams frequently update our Privacy policy educating both our clients and team on how to handle valuable data.
  • Backing up data ensures that no single system failure will damage the security. So we take it seriously and have weekly backups which are created on a daily basis (overnight backups for the last seven days).

What about data deletion and retention?

We have established specific data erasure procedures to comply with the new "right to be forgotten" obligations and understand when these and other data subject rights apply, as well as any exceptions, response times and notification requirements. Our standard retention policy is for data collected from regulated activities, including biometric data, to be retained for up to 360 days after the session, as well as identity data and data collected for authentication purposes (including those we use to create your identity information). The data might be deleted earlier upon request of the test-taker or the organization. The software provides an option of automated data deletion schedule.

And what would you say about test-taker rights?

As a person who uses the software, you're a data subject. The GDPR aims to give individuals more control over the data they loan to organizations. Here is the list of the data subjects' privacy rights:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.
About usSolutionsIndustriesLMS integrationResources
Privacy policyAccessibilityGDPR
Trust center↗︎Uptime status↗︎
© 2025 ProctorEdu, Inc.