What personal information do we collect?
When providing exam certifications, we may collect and store the following personal information:
- Your name -- We require this in order to identify you and produce your certificate.
- Your address -- We require this in order to identify you now and in the future. We may also require your address in order to contact you and send you contracts, invoices and other administrative messages.
- Your date of birth -- We may require this in order to verify your identity when taking an exam. We may also require this when producing your certificate.
- You billing address and billing details -- We may collect information in reference to the payment of exams which may include information about your employer, if they have purchased the exam for you. This may be required to process your exams and handle payments.
- If we do require further personal information, we will make it clear why we require this and how we will process it.
Where do we get personal information from?
In preparing, running, marking and moderating exams, we may get information from third parties including:
- Training Provider Partners -- If you are attending a training prior to your exam with Brightest and the training provider is organizing this exam as part of your certification package, they may give us your name as part of the organization process. All further data will come from you the participants either when registering for an electronic exam via our electronic examination providers (such as Pearson VUE) or by filling out the exam booklet on the day of the exam.
How do we mark and score examinations?
After you complete an exam, we mark it and assign a score (usually a percentage and a result (usually a ‘pass’ or ‘fail’ rating). This may be done automatically by our electronic examination providers, by us or partially by both parties. How the exam is marked and scored, and percentage required to pass should be available to you as your take the exam. We do not use machine learning in the processing or marking of any of our exams papers or data. All exams are marked according to the stipulation of the authority who has created each exam and is conform with ISO 17024 regulation that Brightest holds.
If anything is unclear about the process we use to mark and score our examinations, please let us know, we will be happy to answer any questions you may have via firstname.lastname@example.org Please note that we are unable to reveal any of the intellectual property of the exam itself when answering these requests.
How do we handle exam results?
Information in regards to candidates scored on the exams will not be made public or given to any training provider partners without your written consent.
The same goes for successful candidates who wish to be listed on the given alumni lists, for example the ISTQB Successful Candidate Registry (also referred to as “ISTQB SCR”: http://scr.istqb.org/), which is hosted by the ISTQB centrally.
Please note that your contact data is not included in the ISTQB Successful Candidate Registry Candidates will not be listed on any alumni lists without their explicit consent.
When you take an exam, you may choose to give consent (via consent form circulated by the exam supervisor) for us to share your result including your name to your training provider partner for quality assessment of their training practices. Should you or any other candidate in the group not wish to give this consent, the results of the group will be provided to the given training provider partner completely anonymized.
When do we share your personal information and other information with third parties?
- When required to do so by law -- We may be required to share your personal information with law firms, courts, law enforcement or government agency due to subpoenas, court orders, legal processes or valid legal requests from law enforcement or government agencies.
- When you give us explicit permission -- We may share your information with a third party for a particular purpose when you give us explicit permission.
- In fulfilling our services to you -- We may use third parties to fulfil services, including:
- in the marking and scoring of exams;
- in providing our internal databases, web services and internal data storage;
- in sending you requested marketing emails and other emails; ;
- in providing our internal customer management systems and customer support systems; and
- other services directly involved in the examination delivery process.
Requesting a copy of your personal data
Under the relevant data protection laws, we will provide you with a copy of the personal data we have collected about you, details of its origin, recipients and the purpose of data processing. Simply contact us to request this via email@example.com
Deletion and correction of data
We typically retain your personal information and relevant examination results electronically indefinitely so we can always verify the validity of certificates issued.
Physical papers (e.g. exam booklets that you complete during the exam) will be kept for a minimum of 2 years and a maximum of 3 years. You may request that your paper be destroyed at any time.
You may request that we delete or correct the personal information we hold about you. Please note, there are certain situations, for example, if your personal information is mentioned in reference to an invoice or in financial data, this information must be maintained for 10 years.
If you choose to delete your personal information, we may no longer be able to provide you with replacement certificates or verify the validity of certificates that have already been issued.
What other personal information may be collected about you and when do we collect this?
In addition to your personal information outlined above and details regarding examinations, we may also collect:
- Information regarding your contact with us including any emails, post or details of phone calls (however we never record a call without your permission unless required to do so by law).
- If you register for our newsletter via the Brightest website, we will store and process your name and email address in order to provide you with updates on new and existing exams that we offer and provide you with relevant community updates. You may opt out of these newsletters at any time.
- If you apply for a job with us, we may also hold additional information regarding your application and any other personal information you choose to give as as part of your application.
- If you contact us about a proctoring or other business agreements, we may hold additional information regarding your ability to fulfil our proctoring agreement or other relevant contract, including any personal information you choose to give us. If we enter into a proctoring or other business agreement, Brightest GmbH may need to confirm your identity and collect information as required by contract, self-employment, money laundering or other relevant laws and regulations. Brightest GmbH may also collect your bank account details in order to make relevant payments related to our business relationship.
Where is your personal information stored and where will it be transmitted?
Your personal information is stored by us in the European Union. The companies we use to provide our internal systems such as email and data storage transmit and store information exclusively within the European Union, United Kingdom and other territories implementing the GDPR, or are certified under the EU-U.S. and/or Swiss-U.S. Privacy Shield Frameworks.
We may transmit your information outside of the European Union, United Kingdom or other territories implementing the GDPR when:
- You give us permission to do so;
- We transmit your results to the intellectual property owner of the exam and they are based outside of these countries or territories or when they use services based outside of these countries or territories;
- We contact you and you have provided us with an email address or other electronic communications method that is based, hosted, stores data or transmits data outside of these countries or territories; or
- We transmit data to you and you are based outside of these countries or territories.
We or your training provider will clearly let you know which intellectual property owner’s exam you are taking when you book your course or exam.
In addition, information we make public for you (for example on given alumni lists you have given explicit permission or requested to join) may also be transmitted outside of these countries and territories by virtue of us making it publicly available.
How we handle marketing communications and your preferences?
We will send you marketing communications (e.g. newsletters) about our services only when you explicitly opt in to receive them. If you no longer wish to receive these communications, you may opt out at and time.
We will, however, continue to send you transactional communications when you contact us or when we have information directly related to a transaction with us. This can include, for example, the results of an exam you have taken with us, an order you have placed or the availability of our services.
Changes to this policy
We expressly reserve the right to make changes to the Policy from time to time at our discretion.
- 1 Jan - 24 May 2018: Version 1 (part of the original Terms and Conditions)
- 25 May 2018 - Present: Version 2. This document