ELTiS® Privacy and Data Protection Policy

Structure of this document
Introduction
Test Taker Privacy Policy
ELTiS Account Owner Privacy Policy
ELTiS Administrator and Staff Privacy Policy
Data Storage and Retention
How to contact us

Introduction

This ELTiS® Privacy Policy is effective from October 04, 2021 (view archived versions)

This policy is for ELTiS test takers and for organizations offering ELTiS testing for their test takers. If you are an organization providing ELTiS for your test takers, please ensure that you provide them with this policy or at least the parts that concern them.
 
If you do not understand the wording included in this Privacy Policy, please contact our Data Protection Team who will be happy to assist you with anything you are unsure of.
 
The information below sets out how Ballard & Tighe, Publishers, a division of Educational IDEAS, Inc.  (“we/us”), the publisher of the ELTiS test, uses and stores the personal information collected during the provision of ELTiS testing services. Protecting your privacy and your personal information is important to us. If you have any questions about this, you can contact us at privacy@ballard-tighe.com.
 
This policy supplements any other privacy policies that are presented to you when we are collecting personal information about you, most notably on the ELTiS website at www.eltistest.com. This privacy policy is not intended to override the other policies. If the service you are accessing has its own privacy policy, the policies should be read together, although the specific privacy policy will take precedence in the case of any contradictions.
 
The ELTiS testing services are provided to institutional clients, which arrange ELTiS testing for their test takers. Where ELTiS testing is made available to you through an organization (e.g., your employer), that organization is the administrator of the ELTiS testing services and is responsible for the accounts. If you have questions about your data privacy, please direct them to your organization, as your use of the ELTiS testing services is subject to that organization's policies. We are not responsible for the privacy or security practices of an administrator's organization, which may be different than this policy.
ELTiS Account Administrators are able to:

  • require you to reset your account password;
  • restrict, suspend, or terminate your access to the ELTiS testing services;
  • access information in and about your account;
  • access or retain information stored as part of your account;
  • restrict, suspend, or terminate your account access;
  • change the e-mail address associated with your account;
  • change your information, including profile information;
  • restrict your ability to edit, restrict, modify, or delete information.

Please contact your organization or refer to your administrator’s organizational policies for more information.

Personal information
In order to provide ELTiS testing services, we need to use personal information. Personal information means any piece of information that can identify you, i.e. would make it clear to others that the information is about you. It can be a single piece of information, such as your name. It may also be separate pieces of information, for example your e-mail address, nationality, and gender, which, when combined, would help others identify you.

Information we collect automatically when you use the Services
By default, when you visit our Services, our web servers store information about the browser and operating system you use, the web site from which you visit us, the date of the visit, and the IP address assigned to you by your Internet Service Provider.

 

Test Taker Privacy Policy

What personal data do we have?

  • Identity data including your name, date of birth, and a type of identification document such as a national ID, passport, or student ID
  • Gender, ethnicity, and home language information
  • Technical data including internet protocol (IP) address, login data, browser type and technology used to access our website

 
How we get the personal information and why we have it

  • The personal information we process is provided to us by the organization that has contracted with us to provide ELTiS testing to you. You can see the personal information we have about you at the start of your ELTiS test session, when you are asked to verify that the information is correct.
  • We use your identity information to allow your ELTiS testing organization to verify your identity at the start of your ELTiS test session. We also use it to produce a score report that your ELTiS testing organization and the educational institution that is considering accepting you as their student can use to verify your score report. Your personal information helps provide an accountability trail for your ELTiS testing and score reporting process.
  • The technical data we have about you is for analyzing and improving the quality of our services.

 

How we use your information

  • We only use your personal information for the above-mentioned purposes that are directly connected to the ELTiS testing and score reporting process.
  • We do not use your personal information for marketing purposes, and we do not sell or transfer personal information about test takers to any entity.
  • We use your gender, ethnicity, and home language information to maintain and improve the quality of the ELTiS test.
  • We use the technical data about your ELTiS testing connection, such as the browser you used, to improve the technical functionality of our services.
  • Where required by law or where we believe it is necessary to protect our legal rights, interests, and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger, or sale of a business.

 
Transferring Personal Information
We may share your information with:

  • the people involved in the administration of your ELTiS test, such as proctors
  • organizations, schools, or educational establishments that need your ELTiS score to admit you into their program
  • organizations we conduct research with, EXCLUDING your name, date of birth, or ID information, which will not be shared with researchers
  • another corporation, in case of a corporate restructuring (such as a merger or acquisition), as long as the receiving entity adopts this privacy policy regarding the privacy and security of your information.

We do not sell student data to third parties under any circumstances, and the ELTiS does not allow behavioral targeting of advertisements.

Lawful basis
Under the GDPR data protection law, we have to have a lawful basis to process your information. In the case of test takers, this reason is the legitimate interests of yourself, the organizations that are using your ELTiS scores as evidence of your English proficiency, and our company. Your personal data supports our ability to fulfill our contract with the organization that is testing you. Our services entail providing a means for our client organizations to arrange secure testing and create reliable and valid score reports for each test taker.  If you do not allow us to process your personal information, we will not be able to provide the testing, score reporting, and score verification services for you.

Additionally, we may process your special category of personal information if it is necessary:

  • for the establishment, exercise or defense of a legal claim.
  • in the very rare occurrence, where it may be necessary to protect your or another person’s vital interests (for example, in an emergency).
  • where there is a substantial public interest.
  • when you have already made the information public.

If test takers or parents request access to the personal information stored in our database for review or correction, it is the testing organization’s responsibility to provide the requester with a copy of this information about the test taker. The testing organization can then submit to us any request for correction as necessary.

 

ELTiS Account Owner Privacy Policy

What personal data do we have?

  • Identity data including your name
  • The name of your organization and your title in the organization
  • Contact information for you in your organizational role, including e-mail address, phone number, and mailing address
  • Your role(s) in the ELTiS testing conducted by your organization
  • Technical data including internet protocol (IP) address, login data, browser type and technology used to access our website

 
How we get the information and why we have it

  • The personal information we process is provided to us directly by you.
  • We use your personal information to set up your organization’s ELTiS account and give you access to the ELTiS system so that we can fulfil our obligations under a contract we have with you.
  • If you act as your organization’s test security manager or test administrator, we will also use your name and role in the ELTiS testing process on your test takers’ score reports to provide an accountability trail for the ELTiS testing conducted under your care.

 
How we use your information

  • We use your personal information for the above-mentioned purposes that are directly connected to the ELTiS testing and score reporting process.
  • We use your contact information to notify you about your ELTiS test credit status and any changes to ELTiS services that may affect you.
  • If you register or access our ELTiS testing services using an e-mail address with a domain that is owned by your employer or organization, which we prefer, and if your organization has branches, your name and your organization will be visible to the branch organization’s ELTiS users.
  • We do not sell or transfer personal information about account owners to any entity outside us.
  • Our default setting is not to use your personal information for marketing purposes outside of communications directly related to our ELTiS testing services. However, you may choose to opt IN to marketing messages from us. To do this, go to the Account menu on your ELTiS account and check the opt-in box under Communication Preferences to receive information on other products and promotions.
  • We use information about you and your ELTiS testing service use to verify accounts and activity, to monitor suspicious or fraudulent activity, and to identify violations of ELTiS testing service policies.
  • We use the technical data about your ELTiS testing connection, such as the browser you used, to improve the technical functionality of our services.
  • Where required by law or where we believe it is necessary to protect our legal rights, interests, and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger, or sale of a business.

 
Transferring Personal Information
If you have a role in the ELTiS testing process as the test security manager or test administrator, we will share your name on each test taker’s score report. Other than that, we will not share your personal information with anyone even inside Ballard & Tighe unless you specifically opt in to receive marketing information from us.

Lawful basis
Under the GDPR data protection law, we have to have a lawful basis to process your information. In the case of ELTiS account owners, this reason is the legitimate interests of yourself, your organization, and our company. Your personal data enables you to use our services. If you do not allow us to process your personal information, we will not be able to provide the ELTiS testing services to you.

Additionally, we may process your special category of personal information if it is necessary:

  • for the establishment, exercise or defense of a legal claim.
  • in the very rare occurrence, where it may be necessary to protect your or another person’s vital interests (for example, in an emergency).
  • where there is a substantial public interest.
  • when you have already made the information public.

 

ELTiS Administrator and Staff Privacy Policy

“ELTiS Administrators and Staff” refers to those members of an ELTiS client organization’s staff whom the account owner has assigned a role in ELTiS testing, such as test administrator or test security manager.

What personal data do we have?

  • Identity data including your name
  • Contact information for you in your organizational role, including e-mail address and optionally a phone number
  • Your role(s) in the ELTiS testing conducted by your organization, if this role is test administrator or test security manager
  • Technical data including internet protocol (IP) address, login data, browser type and technology used to access our website

 
How we get the information and why we have it

  • Your organization’s ELTiS account owner provides this information to us.
  • We use your personal information to give you access to your organization’s ELTiS account so that we can fulfil our obligations under a contract we have with your organization.
  • If you act as your organization’s test security manager or test administrator, we will also use your name and role in the ELTiS testing process on your test takers’ score reports to provide an accountability trail for the ELTiS testing conducted under your care.

 
How we use your information

  • We use your personal information for the above-mentioned purposes that are directly connected to the ELTiS testing and score reporting process.
  • We do not sell or transfer personal information about account owners to any entity outside us.
  • Our default setting is not to use your personal information for marketing purposes outside of communications directly related to our ELTiS testing services. However, you may choose to opt IN to marketing messages from us. To do this, go to the Account menu on your ELTiS account and check the opt-in box under Communication Preferences to receive information on other products and promotions.
  • We use information about you and your ELTiS testing service use to verify accounts and activity, to monitor suspicious or fraudulent activity, and to identify violations of ELTiS testing service policies.
  • We use the technical data about your ELTiS testing connection, such as the browser you used, to improve the technical functionality of our services.
  • Where required by law or where we believe it is necessary to protect our legal rights, interests, and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger, or sale of a business.

 
Transferring Personal Information
If you have a role in the ELTiS testing process as the test security manager or test administrator, we will share your name on each test taker’s score report. Other than that, we will not share your personal information with anyone, even inside Ballard & Tighe, unless you specifically opt in to receive marketing information from us.

Lawful basis
Under the GDPR data protection law, we have to have a lawful basis to process your information. In the case of ELTiS account owners, this reason is the legitimate interests of yourself, your organization, and our company. Your personal data enables you to use our services. If you do not allow us to process your personal information, we will not be able to provide the ELTiS testing services to you.

Additionally, we may process your special category of personal information if it is necessary:

  • for the establishment, exercise or defense of a legal claim.
  • in the very rare occurrence, where it may be necessary to protect your or another person’s vital interests (for example, in an emergency).
  • where there is a substantial public interest.
  • when you have already made the information public.

 

Data Storage and Retention

How we store and secure information we collect
We take the security of your personal information very seriously. We have internal policies and controls in place to protect your personal information against loss, accidental destruction, misuse, or unauthorized disclosure and to prevent access to your personal information except by employees in the proper performance of their duties. We use data hosting service providers in the United States to host the information we collect, and we use technical measures to secure your data. While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others. We have taken several steps to safeguard the integrity of its data and prevent unauthorized access to information maintained by us. These measures are designed and intended to prevent corruption of data, block unknown or unauthorized access to our systems and information, and to provide reasonable protection of private information.
 
How long we keep information
We keep test takers’ personal information associated with their score information for a minimum of two and a maximum of three years. To maintain the optimum performance of our ELTiS testing services and data handling, we reserve the right to delete test records after a two-year period if necessary. Thus, test records at the individual test taker level may no longer be available. ELTiS client organizations may export score reports from the Site at any time prior to the two-year period for internal archiving purposes. After the maximum 3-year period, the test taker’s personal information is deleted from our servers and databases with no possibility of re-identifying test takers.
 
We retain ELTiS client organizations’ account information for as long as your account is active. If the ELTiS testing services are made available to you through an organization (e.g., your employer), we retain your information as long as required by the administrator of your account. If you have elected to receive product update e-mails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our ELTiS testing services. If you delete your account, we'll also delete this information. But please note: (1) there might be some latency in deleting this information from our servers and back-up storage; and (2) we may retain this information if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements
 

Your Rights
Under the GDPR data protection law, you have rights including:

  • Your right of access – You have the right to ask us for copies of your personal information.
  • Your right to correction – You have the right to ask us to change or add personal information you think is inaccurate or not complete.
  • Your right to be forgotten – You have the right to ask us to delete your personal information in certain circumstances; however, this may not be possible when it comes to maintaining a record of a test taker’s scores for a minimum of two and a maximum of three years.
  • Your right to stop processing – You have the right to request that we stop using your information: In some cases, you may ask us to stop accessing, storing, using, and otherwise processing your information where you believe we don't have the appropriate rights to do so. For example, if you believe a Services account was created for you without your permission or you are no longer an active user, you can request that we delete your account as provided in this policy.

 

You are not normally required to pay for exercising your rights. If you make a request, we have one month to respond to you. Please e-mail us at privacy@ballard-tighe.com if you wish to exercise any of the rights detailed above.

 

How to contact us with questions or to complain

If you would like to make an inquiry or correction regarding your personal data or to make a complaint about how your data is being handled, please contact us using one of the methods below:

B&T Address:

Ballard & Tighe, Publishers
Re: ELTiS Privacy
PO Box 219
Brea, CA 92822
U.S.A.

B&T Telephone:

+1 (714) 990-4332

B&T Fax:

+1 (714) 255-9828

B&T Data Protection Team:

privacy@ballard-tighe.com

 

Changes to this Privacy Policy
We may make changes to this Privacy Policy from time to time. If there are any substantial changes, you will be prompted to review and accept the revised privacy policy next time you log in. If you do not agree to the revised policy, please refrain from using this website and/or leave this website.