Welcome to Prometric. We are passionate about creating innovative solutions that empower test takers everywhere to meet and exceed their professional and educational goals.  These Terms and Conditions of Use are the rules of the road - designed to create a positive, law-abiding, ethical community of our users. By using Prometric’s services and solutions you are agreeing to all the terms below.

CONDITIONS OF USE

Prometric LLC and its affiliates ("Prometric") provide this website, test services and solutions (“Services”) expressly subject to the following terms and conditions set forth below ("Terms") provided, however, that other terms of use shall apply with respect to Prometric's affiliates' websites, as specified on each such website. Any use by you of this website or the Services constitutes your agreement to abide by the Terms. We reserve the right to amend or change the Terms at any time by posting the amended terms on this site, and it is your responsibility to ensure that you are aware of the most up-to-date Terms.  Prometric complies with all applicable laws in the jurisdictions where we deliver Services and, as such, if a particular Term herein has the effect of violating a local law in the jurisdiction where individual(s) reside and/or utilize (as applicable) the Services, such Term does not apply to such individual(s).  You agree to use this site only for lawful purposes, and agree not to take any action that might compromise the security or accessibility of the site.       

LICENSE AND SITE ACCESS

Prometric grants you a limited, revocable, non-transferable and non-exclusive license to access and use this site and the Prometric Services for your own personal, non-commercial purposes, subject to the Terms. This site and the Prometric Services and/or Content may not be reproduced, duplicated, copied, downloaded, sold, resold, modified, reverse engineered, used to create derivative works, assigned, sub-licensed, granted as a security interest, transferred or otherwise exploited for any commercial purpose without the express written consent of Prometric. You may not frame or utilize framing techniques to enclose any trademark, logo or other proprietary information (including images, text, page layout and form) of Prometric and/or its affiliates, or use any meta tags or any other "hidden text" utilizing Prometrics 's name or Marks without the express written consent of Prometric. Any unauthorized use terminates the limited license granted by Prometric.

PRIVACY

Please review our full Privacy Policy located by clicking on the Privacy tab which governs your use of our website(s).  You acknowledge and agree to the collection and use of your Personal Data in accordance with the Privacy Policy.   

ELECTRONIC COMMUNICATIONS

When you visit prometric.com or send e-mails to us, you are communicating with us electronically. You consent to receive communications from us electronically. We will communicate with you by e-mail or by posting notices on this site. You agree that all agreements, notices, disclosures and other communications that we provide to you electronically satisfy any legal requirement that such communications be in writing.

COPYRIGHT & TRADEMARKS

All content provided on this site is owned by or licensed to Prometric and/or its affiliates (the "Prometric Content") and protected by United States and international intellectual property laws. Prometric and its licensors retain all proprietary rights to the Prometric Content, and you acknowledge and agree that all such Prometric Content is the property of Prometric and/or its licensors. Prometric Content may not be reproduced, copied, transmitted, distributed, downloaded or used without the prior written consent of Prometric.

ACCOUNT CREATION

If you create an account on this website you agree to accept responsibility for all activities that occur under your account and you shall be solely responsible for maintaining the confidentiality of your login and password information and for restricting access to your account.  Minors under the age of 18 may only create an account with the approval of a legal guardian.  Prometric reserves the right to refuse Services, terminate an account, remove or edit content, and cancel Services in our sole discretion. 

DISCLAIMER OF WARRANTIES AND LIMITATION OF LIABILITY

THIS SITE IS PROVIDED BY PROMETRIC ON AN "AS IS" AND "AS AVAILABLE" BASIS. PROMETRIC MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE OPERATION OR AVAILABILITY OF THIS SITE, OR THE INFORMATION, CONTENT OR MATERIALS INCLUDED ON THIS SITE. YOU EXPRESSLY AGREE THAT YOUR USE OF THIS SITE IS AT YOUR SOLE RISK, AND THAT PROMETRIC IS NOT RESPONSIBLE FOR ANY DAMAGE TO DATA, SOFTWARE, COMPUTER AND/OR TELECOMMUNICTIONS EQUIPMENT INCLUDING DAMAGE CAUSED BY A VIRUS THAT YOU MAY EXPERIENCE AS A RESULT OF VISITING THIS WEBSITE.

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, PROMETRIC DISCLAIMS ALL WARRANTIES, EXPRESS AND IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. PROMETRIC WILL NOT BE LIABLE FOR ANY DAMAGES OF ANY KIND ARISING FROM THE USE OF THIS SITE, INCLUDING, BUT NOT LIMITED TO, DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL AND PUNITIVE DAMAGES. 

Notwithstanding anything contained in these Terms, in no event shall Prometric be liable to you for losses, damages, liabilities, claims and expenses (including but not limited to legal costs and defense or settlement costs) whatsoever, arising out of, or related to, use of or the inability to use this website or the Services.  Prometric’s sole liability for a breach of a condition or warranty implied by law or otherwise, and which cannot be excluded, is limited to either re-performance of the Services or the monetary equivalent of the Services, in Prometric’s sole discretion. 

GOVERNING LAW

Residents of the United States or any non-European Union country:  These Terms shall be governed by and construed in accordance with the laws of the State of Maryland and controlling U.S. federal law as applicable, without regard to its conflict of law principles. 

If you are a resident of the European Union: These Terms shall be governed by and construed in accordance with the laws of Ireland, without regard to its conflict of law principles. 

THIRD PARTY WEBSITES

Any links provided to third party websites are supplied merely as a convenience and are not under the control of or the responsibility of Prometric. 

SEVERABILITY

If a provision of these Terms is found to be invalid, illegal or unenforceable it shall be severed without affecting the remainder of the Terms which shall continue to be valid and enforceable.

Prometric LLC maintains the highest ethical standards in conducting company affairs and in our relationships with customers, suppliers, employees, advisors and the communities in which our operations are located. The Prometric Code of Business Conduct and Ethics affirms our strong commitment to the highest standards of legal and ethical conduct in our business practices.  Our Code applies to all officers, directors and employees of Prometric and its subsidiaries on a global basis, no matter where an employee works. We also expect that those with whom we do business will adhere to the standards set forth in our Code.

To avoid conflicts of interest, we encourage all of our employees to identify any potential conflicts when they arise and notify their manager, Human Resources, or our Legal Department if they are unsure whether a relationship or transaction poses a conflict. Additionally, employees can report all ethics concerns or violations to our code of ethics hotline at 1-888-763-0136.  All issues and concerns will be investigated by the company.

Scope

Prometric LLC, a Delaware, USA limited liability company, with a principle place of business located at 1501 South Clinton Street, Baltimore, Maryland 21224 USA, is the data processor (hereafter, “Company”, “us” or “we”).

This Policy has been drafted and implemented in accordance with the principles set forth herein, to describe our practices as a Data Processor regarding the collection, use, processing, storage, disclosure and transfer of your Personal Data. It explains how we use, maintain and disclose Personal Data and information that we collect and/or have access to through the course of our business. This Policy covers test candidates, clients, contractors and partners about whom this organization processes data. 

"Data Protection Law" designates any local applicable data protection law or laws depending on the territorial application of the law.  This includes, but is in no way limited to, EU Regulation 2016/679 of the European Parliament and of the Council of 17 April 2016. 

By “Personal Data”, we mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal Data Collected

Personal Data

For the purposes expressed in the following section of this Policy, Prometric collects Personal Data, including but not limited to the following:

  • Personal contact details (name, address, telephone number, country-specific identification number, email address, login and password information);
  • Date of birth and gender;
  • Assessment details, including test candidate ID number, examinations taken and when, scores related to those exams, how many times an exam or any particular section of exams have been taken;
  • Payment and financial institution information;
  • Residence and country of citizenship;
  • Photographs;
  • Signature;
  • Video recordings;
  • Audio recordings (only in specific jurisdictions);
  • Information from identification, verification, or eligibility documents;
  • Transaction and Relationship Information including elements that reveal candidate test patterns, test locations, test results, and information about how Prometric websites and applications are used.  

Sensitive Personal Data

In addition, Prometric may process sensitive personal data in specific jurisdictions.  Such sensitive personal data is only collected for specific business-related purposes subject to the consent of the data subject. Such data is subject to enhanced security measures as applicable under relevant law. Such sensitive data may include:

  • Race or ethnicity;
  • Biometrics (fingerprint images and templates, facial images;
  • Health information or medical data;
  • In some jurisdictions the definition of sensitive personal data may include additional categories of data, some which may be outlined under Personal Data, above.

U.S. Social Security Number Protection Policy Statement

Prometric collects Social Security numbers and other sensitive Personal Data only where required by the test sponsor for candidates. We have implemented reasonable technical, physical and administrative safeguards to help protect the Social Security numbers and other sensitive Personal Data from unlawful use and unauthorized disclosure.  Prometric associates and contractors are required to follow these established procedures, both online and offline.

Access to Social Security numbers is limited to those employees and contractors who have a need to access the information to perform contractual obligations for Prometric. Prometric will only disclose Social Security numbers to those test sponsors, service providers, auditors, advisors, and/or successors-in-interest who are legally or contractually obligated to protect them or as required or permitted by law.

Biometric Data

Prometric collects biometric data of test candidates where permissible by local law and where the service is selected by a test sponsor. The Biometric Enabled Check-In System is designed to improve the security and integrity of the testing process in a way that protects test candidate privacy while confirming test candidate identity.  The Biometric Enabled Check-In System is used for identity verification purposes, detects and prevents fraud and misrepresentation, maintains the integrity of the testing process, and improves the security of test centers.  

Medical Data

Prometric also receives, in very limited circumstances, medical data related to test candidates’ requests for testing accommodations.  When it receives such health data the medical information will be stored in a secure manner with the utmost regard for the confidentiality of the information contained therein.  Medical data is not retained for any longer than is necessary and in line with Prometric’s data retention policy. 

The following safeguards are applied to the processing of medical data of data subjects:

  • Limitations on access to prevent unauthorized consultation, alteration, disclosure or erasure
  • Strict time limits for erasure in line with the company’s Records Management Schedule 
  • Specific targeted training for those involved in handling medical data
  • Logging mechanisms to permit verification of whether and by whom personal data has been consulted, altered, disclosed or erased
  • Encryption

Monitoring via Digital Video Recording

Prometric deploys Digital Video Recording (DVR or CCTV) throughout its network of test centers and in most corporate offices.  This is necessary in order to protect the security of high-stakes proprietary test content, the integrity of the test delivery experience, to deter fraud and cheating, to protect against theft or pilferage, to monitor and restrict secure areas and/or Prometric departments, and for the security of staff and organization property. Access to the recorded material will be strictly limited to authorized personnel.

Purposes for Personal Data Collection

Personal data is generally collected and processed for the purposes of the performance of a contract. In addition, it may be collected and processed based on the consent of the individual and may be used to comply with a legal obligation or for legitimate business purposes.

In most cases Prometric collects such Personal Data directly from the individual data subject.  However, in other cases we may receive information from test sponsors or even from third party data suppliers to enhance our files and help us better understand our customers. When a candidate visits Prometric’s website, registers or takes an exam, uses our applications, or contacts us we also collect transaction information for customer service purposes. We treat this information as Personal Data when it is associated with information that has the effect of identifying an individual.

Performance of a Contract

As part of its performance of a contract, Prometric collects and processes personal data solely to provide test-related services

Prometric processes Personal Data to fulfill requests for information and services, to administer testing programs securely and efficiently, and to operate our business.

Prometric will respond to candidate requests for information about tests and testing opportunities, facilitate registration for exams, and provide testing services to both candidates and test sponsors (including test scheduling and administration, security of the test content and results, test scoring, reporting and analysis of results, and customer service related thereto).  Where permitted by law, Prometric may send exam candidates commercial communications and offers for additional testing or training services on behalf of test sponsors.

Legitimate Business Purposes

Prometric also uses Personal Data as needed to manage everyday business needs such as invoice processing and financial account management, backup purposes to facilitate business continuity, test center management, business planning, contract management, website administration, fulfillment, analytics, security and fraud prevention, corporate governance, disaster recovery planning, auditing, reporting and compliance with any legal or regulatory obligations.

Purposes specific to Biometric Data

On behalf of its test sponsors, Prometric will collect biometric data solely to: (1) administer the tests and verify identity, (2) protect privacy, (3) detect and prevent fraud and misrepresentation by unauthorized candidates, (4) maintain the integrity of the testing process, and (5) as required by law.

Disclosure of Personal Data

Prometric does not share Personal Data with third parties for their own marketing purposes.  Prometric also does not transfer information to third parties who are not acting in a contractual capacity as Prometric's agent or on Prometric's behalf. 

Prometric requires its subcontractors and vendors who have access to Personal Data to provide, at a minimum, the same levels of protection as provided by Prometric concerning Personal Data. Where Prometric is required to transfer Personal Data onward to a third party to further the performance of a contractual obligation, Prometric will remain liable for the proper use, processing, and storage of such data in a manner that is consistent with the purposes for which it was collected.  We limit our sharing of all Personal Data as follows:

Prometric may disclose Personal Data of test candidates to:

  1. Test sponsors; so that they can provide candidates with the accreditation, service, license or credential sought;
  2. Our service providers; to facilitate candidate and test sponsor requests;
  3. Our affiliates and authorized test centers.

Prometric may disclose Personal Data where necessary in furtherance of the sale or transfer of business assets, to enable payment processing, to enforce our rights, protect our property, or protect the rights, property or safety of others, or as needed to support external auditing, compliance and corporate governance functions. 

Prometric may disclose Personal Data where necessary to facilitate an investigation of cheating, unauthorized testing, or other misconduct or when legally required to do so (ex. response to a subpoena or summons; to cooperate with law enforcement or other legal proceedings in the countries where we operate).

As a matter of policy, Prometric does not disclose biometric data to any third party except as outlined herein. Prometric may disclose biometric data to a test sponsor, law enforcement agency, or a third party that is under contract with Prometric or compelled by applicable law to be involved in an investigation related to alleged misconduct solely for the purposes of an investigation of cheating, unauthorized testing, or other test candidate misconduct.  Prometric may also disclose biometric data only in relation to lawful requests by regulatory, legal or government agencies with jurisdiction and/or authority to make such requests.   

Retention and Storage of Personal Data

Prometric promulgates a comprehensive Records Management Program and Schedule that it adheres to for the purposes of retention, storage and destruction of all records created in the course of its business including those containing personal data.  We also deploy a Data Management strategy that segregates data, to the extent feasible, based on regionally located data servers in the United States, Ireland and Japan.   

At all times Prometric protects personal data with operational, administrative, technical and physical security safeguards. Unless personal data is being used in connection with an active security investigation Prometric shall retain personal data for the lesser period of:

  • five (5) years from the date of the last service, test or assessment; or
  • the expiration of the purpose for which the personal data was collected; or
  • the laws of the applicable jurisdiction where the data was collected. 

Personal data shall only be retained for a greater period where (1) required by law or regulation for the purposes of recordkeeping requirements or (2) prescribed by contract and permissible under the laws of the applicable jurisdiction or (3) preservation is necessary due to pending or the potential for litigation. 

All exam candidate biometric data is securely transferred to and stored within Prometric’s Data Center located in Ireland.  Biometric data is retained for 5-years from the last service, test, or assessment for exam candidates, or for a shorter period where required by applicable law in the jurisdiction where the data was collected.

Transfers of Personal Data

Prometric complies with all applicable data privacy laws with respect to Personal Data. This includes, but is not limited to, as required, providing disclosures on Prometric processes and procedures related to Personal Data (for example, this Privacy Policy and the statements contained herein), obtaining consent of the individual, adoption of standard contractual clauses with respect to the handling of Personal Data, and/or adherence to local data protection laws in the regions where Prometric conducts business. Where required by law, data subjects will be required to expressly consent to the collection, transfer and processing of their Personal Data. 

Onward Transfers of Personal Data

Prometric’s employees, agents and contractors who have access to Personal Data and information are contractually required to protect the information in a manner that is consistent with this Privacy Policy and applicable data protection laws.

Personal Data that is transferred between our global corporate offices will only be done in furtherance of an authorized and legitimate business purpose.  Where required by law Prometric also collects data subject consent through a clear disclosure notice and consent opt-in process in order to transfer Personal Data outside of the region where it was collected. By continuing to provide Prometric with Personal Data or utilize Prometric’s services after consent has been obtained a data subject continues to consent to the transfer of Personal Data until such consent is expressly withdrawn in writing. 

EU-U.S. & Swiss-U.S. Privacy Shield Certification

Prometric maintains self-certification for and complies with the EU-U.S. and the Swiss-U.S. Privacy Shield Principles regarding the collection, use, and retention of Personal Data from individuals located in the European Union and Switzerland respectively for the collection, transfer and processing of Personal Data to the United States.  Prometric commits to the Privacy Shield Principles including, but not limited to notice, choice, onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability for all Personal Data received from individuals residing in the European Economic Area (“EEA”). These commitments also apply to the United Kingdom. Prometric submits to the investigatory and enforcement powers of the United States Federal Trade Commission (“FTC”) related to all matters concerning Personal Data and privacy. To learn more about the Privacy Shield program, and to view Prometric’s certification, please visit https://www.privacyshield.gov/. 

Transfer of Personal Data Across Borders

In many instances, the use of third parties will also involve the transfer of personal data across country borders (within the EU / EEA or outside of the EU / EEA). Also, many business processes require the transfer of data between the Company and its affiliated entities internationally. Specific legal obligations apply when such transfers occur outside the EU / EEA.  When transferring personal data across borders to third parties or internally outside of the EU / EEA:

  • Prometric determines if there is a legitimate justification for the transfer of personal data (e.g., valid business reason);
  • Prometric follows local legal requirements (e.g. notice to the individual, notification to data protection authorities if necessary, use of contractual safeguards such as EU model clauses).

The transfer of personal data from Prometric in the EEA to other company affiliates established outside the EEA is permitted under the Model Contractual Clauses or other legal mechanisms such as Privacy Shield.

Data Subject Rights

A data subject for whom Prometric processes Personal Data may, at any time:

  • request access, rectification, erasure, portability, restriction or objection to their Personal Data;
  • make any inquiries, requests or complaints in relation to the use of their Personal Data;
  • withdraw consent to the processing of their Personal Data; and
  • other rights as required by applicable law(s).

All Data Subject Requests will be responded to within thirty (30) days. 

Access & Correction

Prometric respects an individual’s right to access and correct their Personal Data. Data subjects have the right with respect to access to:

  • obtain confirmation that Personal Data is/is not being processed;
  • verify its accuracy and lawfulness of the processing; and
  • correct, amend or delete the data where it is inaccurate or processed in violation of applicable law. 

Data subjects may request access to their Personal Data and exercise their rights at any time; however, Prometric must be supplied with sufficient information to allow for verification of the identity of the individual making the request and/or exercising their rights. 

Candidates may even update or self-correct certain Personal Data by logging into the account created upon registration and updating the information provided to Prometric. 

Restriction to Access

Prometric will only restrict access to information to the extent that disclosure is likely to interfere with the safeguarding of important countervailing public interests, or to the extent that the requests for access become so excessive and/or repetitive as to cause an undue burden to the organizational resources that must be expended in order to fulfill such requests.  In such a situation, Prometric may deny the request and/or fulfill the request through alternative means; or, charge a fee for excessively repetitive requests for access to cover the costs of its resources to fulfill such requests.  In addition, where information is processed solely for research or statistical purposes and does not include Personal Data, access may be denied.  Other reasons that Prometric may deny or limit access include:

  • Interference with the execution or enforcement of the law or with private causes of action, including the prevention, investigation or detection of offenses or the right to a fair trial;
  • Disclosure where the legitimate rights or important interests of others would be violated;
  • Breaching a legal or other professional privilege or obligation;
  • Prejudicing employee security investigations or grievance proceedings or in connection with employee succession planning and corporate re-organizations; or
  • Prejudicing the confidentiality necessary in monitoring, inspection or regulatory functions connected with sound business practices, or in future or ongoing negotiations involving the organization.

Limiting Personal Data/Withdrawal of Consent

Individuals can always limit the information provided to Prometric. However, Prometric abides by the policies of its clients, the test sponsors, regarding the Personal Data of candidates that must be collected in order for Prometric to administer a test on behalf of the test sponsor. Individuals that do not wish to provide Personal Data required by the test sponsor will need to contact the test sponsor for further advice or instruction. 

As permitted by applicable law, data subjects may also withdraw consent to the processing of Personal Data.  However, exercising this right may prevent Prometric’s ability to deliver any further services or to proceed with legitimate business operations such as the delivery of an exam or processing of exam results and/or transcripts.  

Commercial Emails/Direct Marketing

In some cases Prometric may engage in marketing campaigns to propose products or services that may be of interest to existing or future candidates. Where required by applicable law Prometric will only engage in such marketing communications if the individual has provided their consent (i.e. opted in). Where not required by applicable law Prometric will provide an appropriate opt-out mechanism. Where a data subject has opted-in (either explicitly or implicitly as applicable) to a marketing communication they may opt-out of any such communication at any time.

To opt-out of commercial emails, simply click the link labeled “unsubscribe” at the bottom of any email sent by Prometric.  Please note that even if opting-out of commercial emails Prometric may still need to contact candidates with important transactional information about their Prometric account or scheduled exam in order to fulfil a contractual obligation. For example, Prometric will still send testing confirmations and reminders, information about test center changes and closures, and information about test results even if commercial emails have been opted-out (or not opted-in). 

California Privacy Rights

California Civil Code Section 1798 allows California residents to ask companies with whom they have an established business relationship to provide certain information about the companies’ sharing of Personal Data with third parties for direct marketing purposes.  Prometric does not share any California consumer Personal Data with third parties for marketing purposes without consent.  If you are a test candidate, Prometric will provide your Personal Data to your test sponsor, who may use the information in accordance with its own privacy policies.   

Information Security

Data Security & Confidentiality

Security of information, both personal and proprietary data, is an undercurrent that runs through every part of Prometric's business. All of our technologies feature multiple layers of encryption and protection so that our test candidates, clients, constituents and stakeholders alike can rest assured that their personal data and intellectual property are being properly protected from theft, loss, improper copying, modification or tampering, improper retention or destruction, loss of integrity or unauthorized access, use or disclosure while it is in our systems. We operate information technology facilities that meet or exceed industry standards, with secure back-ups at off-site locations, where all personal data and intellectual property are securely stored and protected.

Prometric draws on industry best practices and guidance from sources such as the National Institute of Standards and Technology (NIST), Payment Card Industry (PCI) and standards promulgated by the International Standards Organization (ISO) including, but not limited to, ISO/IEC 27018:2014 (Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors) and ISO/IEC 27001:2013 (Security techniques -- Information security management systems -- Requirements) to design and maintain its information security program. Prometric's Information Security Program is reviewed several times each year by multiple third party organizations to ensure it meets or exceeds the highest benchmarks available for security and data privacy and protection.

Prometric takes all reasonable steps to ensure that appropriate security measures are in place to protect the confidentiality of both electronic and manual data. Any person handling personal data on behalf of Prometric is bound by a contract including, amongst other safeguards, a confidentiality obligation regarding personal data, obligations to take appropriate steps to prevent the misuse or loss of personal data and to prevent unauthorized access to it. In addition, employees and contractors are under the obligation to immediately report any known or suspected instance of misuse, loss or unauthorized access.

Security measures will be reviewed from time to time, having regard to the technology available, the cost and the risk of unauthorized access.

Data Breach Management

A Personal Data Breach occurs when there is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise Processed. "Unauthorized" means that it occurs in contravention of applicable privacy legislation or applicable privacy policies.

If a data breach is suspected as having occurred then it will be immediately turned over to Prometric’s Incident Management Response (“IMR”) team who will follow a formalized plan for mitigating and managing the suspected breach.

Cookies and Other Data Collection Technologies

When an individual visits the Prometric website or uses Prometric’s mobile applications we collect certain information by automated means using technologies such as cookies, pixel tags, browser analysis tools, server logs, web beacons, and other similar technologies to ensure that the Prometric website offers the best possible experience.  In many cases, the information we collect using cookies and other tools is only done so in a non-identifiable way without any collection of Personal Data. 

Types of Data Collected and Technologies Used

  • Cookies are text files containing small amounts of information which are downloaded to your computer or mobile device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognizes that cookie. Cookies are useful because they allow a website to recognize a user’s device.
  • Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improving the user experience. They can also help to ensure that adverts you see online are more relevant to you and your interests. 
  • Pixel tags and web beacons are tiny graphic images placed on website pages or in some Prometric emails that allow us to determine whether an individual has performed a specific action. When an individual accesses these pages or opens or clicks on an email the pixel tags and web beacons generate a notice of that action.  These tools allow Prometric to measure responses to our communications and improve our web pages and promotions. 
  • Prometric server logs and other tools collect information from devices used to access Prometric websites, such as operating system type, browser type, domain, and other system settings, as well as the language a system uses and the country and time zone where the device accessing the Prometric website is located.  Prometric server logs also record the IP address of the devices used to connect to the Internet, and may enable Prometric to collect information about the websites being visited by an individual before and after accessing the Prometric site.  Collecting IP addresses and related data is standard practice on the Internet, and Prometric treats IP addresses as Personal Data.  We use IP addresses for purposes such as calculating website usage levels, helping diagnose server problems, administering the website and combating fraudulent and/or malicious web activity.  We also collect customary information from web browsers, such as Media Access Control (MAC) addresses, device type, screen resolution, operating system version and internet browser type and version. Prometric uses this information to ensure that our websites function properly for all devices and browsers and for security purposes.
  • Prometric may have relationships with third party advertising companies to place advertisements on its websites and to perform analytics and reporting functions for its websites. These third party advertising companies may place cookies on individual’s computers when visiting Prometric’s website so that the website can display targeted advertisements to the user.  Prometric expects third party advertising companies to use reasonable efforts to respect browser do-not-track signals by not delivering targeted advertisements to website visitors whose browsers have a do-not-track setting enabled.  Additionally, Prometric does not knowingly allow these third party advertising companies to collect Personal Data in this process, and does not give any Personal Data to them. 

The full Prometric Cookie Notice and instructions for configuring and/or disabling cookies will pop-up the first time an individual accesses the Prometric website and will allow the individual to opt-in and configure cookies preferences.  A users cookie preferences will be saved and users have the ability to change their cookie preferences at any time.

Mobile Aware Applications

Prometric offers mobile aware applications that allow individuals to access their Prometric accounts, interact with Prometric online and receive other information via smartphones and devices. All Personal Data collected by Prometric via our mobile applications is protected and processed only by the terms of this Privacy Policy.   

We also offer automatic ("push") notifications only to those data subjects who opt-in to receive such notifications from us. No individual is required to provide location information to Prometric or to enable push notifications to use any of our mobile aware applications. Questions about location and notification privacy should be directed to mobile service providers or the manufacturer of such devices to learn how to adjust location and privacy settings. 

Dispute Resolution Process

Filing Complaints

Data subjects who have concerns or complaints regarding Prometric’s collection and processing of Personal Data are encouraged to first utilize Prometric’s internal complaint resolution process by providing a detailed written description of the issue and/or complaint.  Test candidates may submit complaints or inquiries by locating the ‘Contact Us’ tab on Prometric’s website and selecting the appropriate link: https://www.prometric.com/contact-us

Prometric will respond to all complaints that do not concern Personal Data in forty-five (45) days or less, or as otherwise required by applicable law. 

Independent Recourse Mechanism

After exhausting Prometric’s internal complaint process, if an exam candidate is not satisfied with the resolution he or she may file a complaint with the Better Business Bureau of Greater Maryland (“BBB”), an alternative dispute resolution provider based in the United States.  Prometric is an A+ accredited business with the BBB, and the BBB will review all complaints, request that Prometric take the opportunity to provide a response/offer to resolve the complaint, and/or make a recommendation as to whether the complaint should be referred for arbitration or mediation. 

BBB Website:  http://www.bbb.org/greater-maryland/

BBB Telephone:  410-347-3990

BBB Fax:  410-347-3936

EU Data Protection Officer (DPO)

In compliance with the European Union’s General Data Protection Regulation (“GDPR”) Prometric has appointed a DPO located in the European Union. He is responsible for assisting the organization in monitoring and maintaining compliance with data protection legislation. The DPO is also available to answer queries or deal with data subject concerns about Prometric’s data protection practices.

Data subjects who feel that the rights afforded to them under GDPR have been violated, or that Prometric is processing Personal Data in violation of GDPR, may submit complaints or inquiries to:

Joseph Srouji
Avocat au Barreau de Paris

Srouji Avocats Selarl
215 rue du Faubourg Saint-Honoré | 75008 Paris l  France
joseph.srouji@contractor.prometric.com

Data subjects also have the right to file a complaint directly with the local Supervisory Authority, as relevant under EU data protection law.

Additional Recourse Mechanisms under Privacy Shield

With respect to Personal Data of data subjects residing in the European Economic Area, under the EU-US/Swiss-US Privacy Shield Principles Prometric has further committed to refer unresolved privacy complaints and to cooperate with the EU DPAs under the EU-U.S. Privacy Shield and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) under the Swiss-U.S. Privacy Shield by providing recourse for individuals to whom the data relates, implementing follow-up procedures for verifying that the attestations and assertions made in this Privacy Policy are true, and taking responsibility for obligations to remedy problems arising out of any failure to comply with the Principles and the consequences thereof.  Prometric will cooperate with the DPAs and/or FDPICs in any investigation or resolution of complaints brought under the Privacy Shield and will comply with any reasonable advice given by the DPAs or FDPICs where the DPAs or FDPICs take the view that Prometric needs to take specific action to comply with the Privacy Shield Principles.

If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.privacyshield.gov for more information and to file a complaint.

How to Contact Us

Please contact Prometric directly with any questions or comments about our privacy practices or this Privacy Policy and the statements contained herein. 

To submit a request related to your personal data, please click on the following link and complete all of the required fields in the form: Personal Data Requests

You may also reach us via mail at:

Prometric Privacy Program Manager
Prometric LLC

1501 South Clinton Street
Baltimore, Maryland 21224 USA

If sending a letter, please include name, address, email address, and a brief explanation of your information request, inquiry or complaint.

For inquiries or assistance related to time sensitive issues concerning exams such as scheduling, cancellations, eligibility, payment, name changes or other test related issues, please visit https://www.prometric.com/contact-us for the most expeditious resolution of your issue. 

Changes to Privacy Policy

From time to time, Prometric may update this Privacy Policy to reflect new or different privacy practices or changes to the law. We will place a notice online when we make material changes to this Privacy Policy or the statements contained herein. Additionally, if the changes will materially affect the way we use or disclose previously-collected Personal Data, we will notify impacted individuals about the change by sending a notice to the primary email address associated with the account impacted.

Change Cookie Settings