Privacy Policy and Data Protection

Our commitment

We’ve written this policy to help you understand how we collect and use your personal information, and how you can control how we use this information. Our aim is to be transparent, give you options about how we process your information especially regarding marketing communications and give assurances as to how we handle your data.

Your privacy is important to us at Brightest GmbH. We adhere to the privacy and data protection regulations of Germany.

If you have any questions regarding your data or this policy, please write to:

Data Protection Officer
Brightest GmbH
Lehmbruckstr. 18
10245 Berlin

Or via email:

What personal information do we collect?

When providing exam certifications, we may collect and store the following personal information:

  • Your name -- We require this in order to identify you and produce your certificate.
  • Your address -- We require this in order to identify you now and in the future. We may also require your address in order to contact you and send you contracts, invoices and other administrative messages.
  • Your date of birth -- We may require this in order to verify your identity when taking an exam. We may also require this when producing your certificate.
  • You billing address and billing details  -- We may collect information in reference to the payment of exams which may include information about your employer, if they have purchased the exam for you. This may be required to process your exams and handle payments.
  • If we do require further personal information, we will make it clear why we require this and how we will process it.

We may also collect personal information when conducting other business activities, such as recruitment. Here will will make it clear why we require this personal information. We will collect and process this information in accordance with the relevant parts of this privacy policy.

Where do we get personal information from?

In preparing, running, marking and moderating exams, we may get information from third parties including:

  • Electronic Examination Providers -- You may take your exam using an electronic examination provider such as Pearson Vue. You will be explicitly asked to agree with the provider’s privacy policy and your personal information will be handled in accordance with their privacy policy. Your information may be passed on to us before, during or after the examination.
  • Proctors -- In order to provide secure, fair examinations worldwide, we engage freelance and other independent proctors. These proctors may collect your personal information when supervising and running the exams. Our proctors are required to follow this privacy policy and will pass on your relevant personal information after the examination to Brightest GmbH.
  • Training Provider Partners -- If you are attending a training prior to your exam with Brightest and the training provider is organizing this exam as part of your certification package, they may give us your name as part of the organization process. All further data will come from you the participants either when registering for an electronic exam via our electronic examination providers (such as Pearson VUE) or by filling out the exam booklet on the day of the exam.

In addition, we may get information from other third parties when conducting other business activities, such as recruitment. Information from these third parties (such as employment agencies or websites) is collected in accordance with the third party’s privacy policies. Information we receive from these third parties will be collected and processed in accordance with the relevant parts of this privacy policy.

How do we mark and score examinations?

After you complete an exam, we mark it and assign a score (usually a percentage and a result (usually a ‘pass’ or ‘fail’ rating). This may be done automatically by our electronic examination providers, by us or partially by both parties. How the exam is marked and scored, and percentage required to pass should be available to you as your take the exam. We do not use machine learning in the processing or marking of any of our exams papers or data. All exams are marked according to the stipulation of the authority who has created each exam and is conform with ISO 17024 regulation that Brightest holds.

If anything is unclear about the process we use to mark and score our examinations, please let us know, we will be happy to answer any questions you may have via Please note that we are unable to reveal any of the intellectual property of the exam itself when answering these requests.

How do we handle exam results?

Information in regards to candidates scored on the exams will not be made public or given to any training provider partners without your written consent.

The same goes for successful candidates who wish to be listed on the given alumni lists, for example the ISTQB Successful Candidate Registry (also referred to as “ISTQB SCR”:, which is hosted by the ISTQB centrally.

Please note that your contact data is not included in the ISTQB Successful Candidate Registry Candidates will not be listed on any alumni lists without their explicit consent.

When you take an exam, you may choose to give consent (via consent form circulated by the exam supervisor) for us to share your result including your name to your training provider partner for quality assessment of their training practices. Should you or any other candidate in the group not wish to give this consent, the results of the group will be provided to the given training provider partner completely anonymized.

When do we share your personal information and other information with third parties?

  • When required to do so by law -- We may be required to share your personal information with law firms, courts, law enforcement or government agency due to subpoenas, court orders, legal processes or valid legal requests from law enforcement or government agencies.
  • When maintaining records with the exam authoring body -- We may inform the intellectual property owner of the exam set (questions) that were used to issue your exam. They need to know this not only for quality purposes, but also because their logo will be used in association with your certificate. This allows them to also be able to verify your certificate if ever required to do so by the candidate or a legal entity with the authority to do so. They also require your contact information, so they can confirm if you agree to any verification, should the request not come from you directly (e.g. an employer or customer you presented your certificate to). Exam authoring bodies will not use your information for any other purposes (e.g. to provide you with information) unless explicitly given your permission. Data transfer to exam authoring bodies is covered by their privacy policy, including provisions about data deletion and retention..
  • When you give us explicit permission -- We may share your information with a third party for a particular purpose when you give us explicit permission.
  • In fulfilling our services to you -- We may use third parties to fulfil services, including:
    • in the marking and scoring of exams; 
    • in providing our internal databases, web services and internal data storage; 
    • in sending you requested marketing emails and other emails; ;
    • in providing our internal customer management systems and customer support systems; and
    • other services directly involved in the examination delivery process.

Requesting a copy of your personal data

Under the relevant data protection laws, we will provide you with a copy of the personal data we have collected about you, details of its origin, recipients and the purpose of data processing. Simply contact us to request this via

Deletion and correction of data

We typically retain your personal information and relevant examination results electronically indefinitely so we can always verify the validity of certificates issued.

Physical papers (e.g. exam booklets that you complete during the exam) will be kept for a minimum of 2 years and a maximum of 3 years. You may request that your paper be destroyed at any time.

You may request that we delete or correct the personal information we hold about you. Please note, there are certain situations, for example, if your personal information is mentioned in reference to an invoice or in financial data, this information must be maintained for 10 years.

If you choose to delete your personal information, we may no longer be able to provide you with replacement certificates or verify the validity of certificates that have already been issued.

What other personal information may be collected about you and when do we collect this?

In addition to your personal information outlined above and details regarding examinations, we may also collect:

  • Information regarding your contact with us including any emails, post or details of phone calls (however we never record a call without your permission unless required to do so by law).
  • If you register for our newsletter via the Brightest website, we will store and process your name and email address in order to provide you with updates on new and existing exams that we offer and provide you with relevant community updates. You may opt out of these newsletters at any time.
  • If you apply for a job with us, we may also hold additional information regarding your application and any other personal information you choose to give as as part of your application.
  • If you contact us about a proctoring or other business agreements, we may hold additional information regarding your ability to fulfil our proctoring agreement or other relevant contract, including any personal information you choose to give us. If we enter into a proctoring or other business agreement, Brightest GmbH may need to confirm your identity and collect information as required by contract, self-employment, money laundering or other relevant laws and regulations. Brightest GmbH may also collect your bank account details in order to make relevant payments related to our business relationship.

Where is your personal information stored and where will it be transmitted?

Your personal information is stored by us in the European Union. The companies we use to provide our internal systems such as email and data storage transmit and store information exclusively within the European Union, United Kingdom and other territories implementing the GDPR, or are certified under the EU-U.S. and/or Swiss-U.S. Privacy Shield Frameworks.

We may transmit your information outside of the European Union, United Kingdom or other territories implementing the GDPR when:

  • You give us permission to do so;
  • We transmit your results to the intellectual property owner of the exam and they are based outside of these countries or territories or when they use services based outside of these countries or territories; 
  • We contact you and you have provided us with an email address or other electronic communications method that is based, hosted, stores data or transmits data outside of these countries or territories; or
  • We transmit data to you and you are based outside of these countries or territories.

We or your training provider will clearly let you know which intellectual property owner’s exam you are taking when you book your course or exam.

In addition, information we make public for you (for example on given alumni lists you have given explicit permission or requested to join) may also be transmitted outside of these countries and territories by virtue of us making it publicly available.

How we handle marketing communications and your preferences?

We will send you marketing communications (e.g. newsletters) about our services only when you explicitly opt in to receive them. If you no longer wish to receive these communications, you may opt out at and time.

We will, however, continue to send you transactional communications when you contact us or when we have information directly related to a transaction with us. This can include, for example, the results of an exam you have taken with us, an order you have placed or the availability of our services.

Changes to this policy

We expressly reserve the right to make changes to the Policy from time to time at our discretion.


  • 1 Jan - 24 May 2018: Version 1 (part of the original Terms and Conditions)
  • 25 May 2018 - Present: Version 2. This document