Nexam Solution Inc. (“Nexam”, “we”, “us” or “our”) takes the protection of your Personal Information seriously. This Privacy Policy (the “Policy”) describes our data protection practices, the types of Personal Information we may receive or collect from you on behalf of an educational institution, exam administrator or business (collectively our “Clients”) and how we use, disclose, store and secure it. In order to provide you with quality services, we need access to certain Personal Information about you. We ensure that our employees manage this information with the necessary discretion and rigor, and in compliance with applicable legal and regulatory requirements.
Our commitment:
- We only collect, store, process, or share user and student information for the purposes of administering and managing the assessment.
- We do not sell personal information collected on Nexam.
- We do not use or disclose personal information for behavioral targeting of advertisements to users.
- We do not retain user’s personal information beyond the time period required for exam administration and follow-up purposes.
This Policy applies only to our platform (“Platform”) accessible at the following address: https://app.nexam.io/. Access to and use of the Nexam’s Website (“Website”), accessible at the following address: https://nexam.io, is covered by a separate Privacy Policy and Terms of Use. Our Plateform and Website are collectively “our Sites”.
PERSONAL INFORMATION
For the purposes of this Policy, “Personal Information” means any information about an individual that identifies the individual or that, individually or in combination with other data, identifies the individual.
CONSENT
By providing us with Personal Information, you consent to its processing in accordance with this Policy. Generally, Nexam will obtain the necessary Personal Information directly from you, with your consent, subject to the exceptions provided by law. Nexam will also obtain Personal Information from its Clients in accordance with instructions or authorizations received from our Clients or from you.
In addition, by using our Platform, and by agreeing to the Terms of Use, you consent to the collection, use, disclosure and storage of your Personal Information in accordance with the applicable sections of this Policy.
Nexam will not collect, use or disclose Personal Information without your consent unless it is authorized or required to do so under applicable regulations. When required, Nexam may share your Personal Information with regulatory bodies with whom it must cooperate and who govern its activities.
Refusal of collection and withdrawal of your consent
You have the right, if you so choose, to refuse the collection, use and disclosure of your Personal Information. You may also, at any time, and subject to reasonable notice and applicable legal or contractual restrictions, withdraw your consent to the use of Personal Information already collected by contacting our Privacy Officer. Please note, however, that if you choose not to provide us with your Personal Information, this may prevent you from registering for, scheduling and taking an exam arranged by us on behalf of our Clients, or purchasing any other products or services from us.
Please note, however, that anonymized, non-identifying information will be retained.
1. PERSONAL INFORMATION THAT WE COLLECT
In the course of our business and provision of services, Personal Information collected from you, or through our Client may include, but is not limited to:
- Your contact information, such as your first name, last name, email, or Identification number to identify you and to correspond with you;
- Your login details such as a username ID and password;
- Your professional or academic information such as information about your schooling and the educational institution attended, the organization for which you are taking an exam or work, the course or training in which you are enrolled or correcting, your status (student, corrector, etc.) and your exam results;
- Your Individualized Education Plan if applicable;
- Login information such as the date and hour you took the exam, your IP address, the date you last logged on to our Platform;
- Monitoring information such as video captures of your screen and video captures of your webcam of you and your surroundings during your exam, as well as photo identification, if applicable;
- Your answers to your exams, tests or assessments;
- Information and communication preference, including comments, survey responses or testimonies;
- Information about the configurations of your device, such as the type of your device, your browser, your operating system, your Internet connection, your geographical area and the language used;
- Any other Personal Information provided.
We do not knowingly collect personal data from individuals under the age of 16. If you are a minor under 16 years old, please do not provide us with any personal information without the express consent of a parent or guardian. If you are a parent or guardian and you know that your children have provided us with personal information, please contact us. If we learn that we have collected personal information from minor children without verification of parental consent, we will take steps to remove that information from our servers.
2. WHY WE COLLECT AND USE YOUR PERSONAL INFORMATION
We collect, use and disclose your Personal Information for the purposes identified at the time of collection by us or our Clients, or as permitted or required by regulation. This includes, but is not limited to, the following purposes:
- Organizing and administering the online exam;
- Verifying your identity and monitoring the conduct of the exam;
- Activate the appropriate Platform functionalities accordingly to your Individualized Education Plan;
- Processing and communicating with you regarding your technical support requests;
- Conducting development and research to ensure we maintain the highest standard of security and understand our customers’ requirements to improve our offering;
- Performing operations related to our services, including calculating statistics, analyzing candidate performance and success rates;
- As permitted or required by any applicable legal or regulatory obligation or provision; and
- Any other purpose to which you have consented.
3. HOW WE COLLECT YOUR PERSONAL INFORMATION
Nexam collects your Personal Information primarily from you, but also from our Clients and through the use of cookies.
3.1 FRom you
You provide Personal Information directly to us, including when you administer or take an exam and activate an account on our Platform, if you contact us, if you use the chat box or if you contact our technical support.
3.2 From our Client
We receive Personal Information directly from our Clients, such as for the management and administration of exams.
3.3 From other sources
We may also collect Personal Information from third parties, or from publicly available records as permitted by law or if we have obtained the necessary consent.
3.4 Cookies
Cookies are small data files that are commonly stored on your device when using websites and online services. They are used for the efficient operation of websites and can provide information and help customize services. Nexam collects the Personal Information provided by cookies from its Platform.
4. DETAILS ON ONLINE EXAM MONITORING AND INFORMATION COLLECTION
If required by a Client, you will be monitored when you take your online exam. Online monitoring is conducted as directed by our Client. For example, in order to ensure the integrity of the examination process, on-screen drafting will be recorded and verified. In practical terms, this means that a video capture of your entire screen will be taken. If there are any abnormal and unauthorized activities during the drafting, your screen capture will be analyzed by our the Client, i.e. the person responsible for your exam. Screen captures with abnormal activities can be extracted by our Clients.
Video captures may also be taken from your webcam during the exam. Specifically, video recording taken from your webcam include anything your camera “can see”, including your face, your desk and your workspace, for the purposes of exam security and the integrity of the exam process.
Thus, you must ensure that you control the environment of your monitored online exam session. You must ensure that you are the only person being recorded during your exam session and that no one else is in the line of sight of your camera. You are responsible for notifying people who may be in the vicinity of your monitored exam session to prevent them from being inadvertently captured.
If the Client requires screen captures as well as captures of your working environment, including your face, this information is used for identity verification, online observation, incident resolution, such as fraud prevention, exam security, exam and procedure integrity.
In some cases, prior to the start of your exam or at the beginning of your exam, you may be asked to present identification (e.g., your driver’s license, passport, or other approved identification designated by the Client), to be recorded on video for identity verification purposes. The collection of such data may be mandatory for some Clients.
You understand that video recordings of your screen and video recordings of your webcam your exam session will be available to the applicable Client or one of its designated agents to assist in administering your exam.
You also understand that the only way to enable monitoring features is to authorize sharing rights yourself. Under no circumstances, Nexam will collect monitoring videos without your consent.
Under no circumstances will Nexam use the above Personal Information for any purpose other than those specified.
5. DETAILS ON THE COLLECTION, USE AND DISCLOSURE OF DATA ON OUR SITES THROUGH COOKIES
As mentioned in the previous sections, we may use various tools to improve your experience on our Platform and response to technical support request. The following section is intended to provide you with more information about how we use these tools, including profiling, if any.
Nexam and trusted third-party service providers use different types of cookies (collectively referred to as cookies here):
- Necessary cookies: These cookies are not essential to the provision of our services. They help personalize and enhance the user experience. For example, they can remember your preferences so you don’t have to re-enter information more than once, or remember your credentials so you don’t have to enter them every time you use them.
- Performance and functionality cookies: These cookies are not essential to the provision of our services. They help personalize and enhance the user experience. For example, they can remember your preferences so you don’t have to re-enter information more than once, or remember your credentials so you don’t have to enter them every time you use them.
The Platform contains no cookies for advertising purposes.
5.1 Disabling cookies
It is possible to prevent the personalization or profiling features of our Platform by disabling cookies on your browser. You can do this by changing the settings on your browser or mobile device.
However, if you choose to decline cookies, certain pages or sections of our Platform may not display properly, or certain features may not be available.
5.2 Do other websites have access to cookies when you browse our PLATFORM?
We sometimes use third-party service providers.
Our service providers may also need to collect your IP address or device identifier when you visit our Platform. This information may be transmitted to and stored on servers located in Canada or elsewhere, such as the United States. Please be aware, however, that certain suppliers may be required to disclose the data collected to third parties if they are required to do so by law or if they wish to entrust the processing of certain data to third parties.
Please note that third-party service providers have their own cookies and privacy policies.
6. SHARING AND DISCLOSURE OF YOUR PERSONAL INFORMATION
In the course of our business, we may need to disclose and share your Personal Information with various stakeholders. We will only disclose and share your Personal Information as described below:
- Agents and Third Party Service Providers: From time to time, we may need to share your Personal Information with agents or third party service providers to assist us in making available all the features of our Platform (maintenance, analysis, legal requirements, fraud detection, marketing and development). Please note that these service providers may be located in Canada or in other countries. They will only have access to Personal Information that is necessary to perform these functions on our behalf and are required not to disclose or use it for any other purpose. Please be aware that we have contractual agreements with these providers to ensure the security of your data.
Our trusted third-party partners include, but are not limited to:- Data centers and data hosting providers;
- Customer support service providers;
- Website protection service providers;
- Cloud workspace providers;
- Email distribution service providers.
- Clients: We make online exams and content provided by our Clients available to you for use on or through our Platform. In such a situation, we will share information about these interactions with that Client, for example, by providing information to facilitate your examination, registration, results or assistance.
- When required by law, to enforce compliance or to protect the property or safety of our rights or those of others: By way of example, we may disclose Personal Information to legal or regulatory authorities in the event that we suspect money laundering, insider trading, manipulative or deceptive business practice or other criminal activity, to detect and prevent fraud, or to comply with legal or regulatory requirements of governmental bodies, regulatory agencies or other self-regulatory organizations. We may also need to disclose Personal Information to comply with a legal obligation (e.g., court order) or to protect our assets (e.g., to collect overdue accounts).
- Business Transfers: As part of our business development, we may sell or buy businesses or services. In such transactions, Personal Information generally becomes part of the transferred business assets but remains subject to the promises made in any pre-existing privacy policy (unless, of course, the individual consents otherwise). In addition, in the unlikely event that Nexam or substantially all of its assets are acquired, your information will, of course, be one of the transferred assets.
- Anonymized: Anonymized Personal Information may be shared with third parties. For example, we may anonymize Personal Information in order to track trends or statistics.
7. RETENTION OF YOUR PERSONAL INFORMATION
Personal Information will be retained only as long as necessary for the achievement of the identified purposes or for compliance with legal requirements concerning retention periods. As such, the length of time we retain your Personal Information will vary depending on the purpose for which it is used. We must destroy this information in accordance with the law and our contractual commitments with our Clients. When we act on behalf of our Clients, retention periods may vary depending on the instructions of the Client written in each contract. When we destroy your Personal Information, we take appropriate steps to ensure its confidentiality and to ensure that no unauthorized person can access it during the destruction process.
Any user may request that their account be deleted by emailing Nexam with a request to that effect and with the authorization of our Client for whom you have taken an exam.
7.1 Personal information storage locations
The data Nexam™ collect are primarily stored in Canada at a trusted third-party provider that complies with Canadian laws and jurisdictions. This data center declares:
- Commit to protecting the information it hosts.
- Use a variety of technologies and security measures designed to protect information from unauthorized access, use or disclosure.
- Provide a level of security appropriate to the risk of processing personal data.
Nexam Solution carried out a Privacy Impact Assessment (PIA) in accordance with the Act to modernize legislative provisions as regards the protection of personal information (SQ 2021, c 25, a 103) leading to the selection of its main data center. The analysis showed that the data center :
- meets high safety standards
- holds all major security certifications
- stores personal data using the Advanced Encryption Standard (AES)
- does not communicate data to a third party without the prior consent of the data provider.
In Canada, data are regulated by the Personal Information Protection and Electronic Documents Act (PIPEDA). The EU has recognized that Canada provides an adequate level of data protection (in accordance with Article 45 of Regulation (EU) 2016/679), which means that the personal information of EU residents can be freely transferred to Canada.
As mentioned in Section 6, Nexam Solution may use trusted third-party service providers to provide, maintain and improve our services. To this end, personal information may be stored with their web hosts, but only to the extent necessary for the provision of our services and following a Privacy Impact Assessment (PIA), in accordance with this Policy and all other privacy agreements, laws or requirements.
8. OUR SECURITY MEASURES
The security and confidentiality of your Personal Information is important to us. We have implemented and continue to develop stringent security measures to ensure that your Personal Information remains strictly confidential and is protected against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
These security measures include organizational measures such as the use of security clearances and limiting access to what is necessary; physical measures (e.g., office access cards for employees, registration of visitors and identification cards, backup and archiving of data through an external system, etc.); and technological measures such as the use of passwords and encryption (e.g., frequent password changes and the use of firewalls). Nexam Solution performs periodic risk/vulnerability assessments and data privacy and security compliance audits. A confidentiality Incident log is maintained in accordance with our Information Security Policy.
We also have a written incident response plan, which provides for prompt notification to our Clients in the event of a security or confidentiality incident, and establishes best practices for responding quickly to the compromise of personal information. In accordance with our IT Usage Policy, we will ensure that all Nexam employees maintain cyber-secure best work practices to mitigate any potential security breaches to your personal information, including:
- Regular device updates
- Regular server updates
- 2FA activation
We cannot make a 100% security guarantee due to constant advances in virus and hacking technology, as well as unforeseeable hardware or software failures and other risk factors. Nexam Solution can therefore not be held responsible for data loss or alteration. Nexam Solution will notify any affected user of a security breach via email as soon as possible.
If you believe that your Personal Information has been compromised, we invite you to contact us using the contact information listed in the “Questions, Comments, Complaints” section of this Policy.
9. YOUR RIGHTS
9.1 Right of Access, Information and Rectification of your Personal Information
You have the right to know whether we hold Personal Information about you and to have access to that Personal Information, if not included in the exception list. You also have the right to ask questions about how we have collected, used and retained your Personal Information and to whom it has been disclosed.
You have access to your Personal Information through your user account on our Sites, if any. You may correct and update this Personal Information from this access.
You may obtain a copy of your Personal Information or have it corrected if it is inaccurate by sending us a written request by e-mail.
We will provide you with such information or make the modification promptly and no later than 30 days from the date we receive the written request. A reasonable fee may also be charged to process your request.
In some situations, it may not be possible for Nexam to disclose all of the Personal Information it holds about you. Exceptions to the access requirements are limited and specific. The reasons for denying access are provided upon request.
These exceptions include information that is prohibitively costly to provide, information that contains details about other individuals, the existence of legal, security or business reasons that prevent the provision of the information and the fact that the information is protected by solicitor-client or litigation privilege.
10. LINK TO OTHER WEB SITES
It is important to understand that this Policy does not apply to other websites, whether from Clients or other third parties, that may be accessed through links on our Sites. We are not responsible for those third-party sites, their content or access. Therefore, any Personal Information you provide through these sites is subject to the privacy policies of those sites. It is your responsibility to review their privacy policies to ensure the protection of your Personal Information.
11. CHANGES AND UPDATES TO THE POLICY
Nexam may, at its discretion, update, revise, modify or supplement this Policy from time to time. The Policy and any related agreements, if any, will be posted on our Sites. Nexam requires its users to review the modified Policy before continuing to use its services. If you do not accept the modified Policy, you may cancel your account.
Continued use of the services provided by Nexam after the modified Policy becomes effective constitutes consent to the modified Policy.
12. QUESTIONS, COMMENTS, COMPLAINTS
Nexam has established procedures for receiving complaints and inquiries about its policies and practices relating to the management of Personal Information.Nexam will inform individuals who make inquiries or file complaints of the existence of the relevant procedures.
Nexam will investigate all complaints. If a complaint is found to be justified, Nexam will take appropriate measures including, if necessary, modifying its policies and practices.
If you have any questions, inquiries, comments or complaints about your Personal Information, we invite you to contact our Privacy Officer at the following address:
Nexam Solution inc.
Marie-Sophie Dionne
CEO and Privacy Officer
585 Boulevard Charest E Office 900, Quebec City, QC G1K 3J2
(418) 794-1409
privacy@nexam.io
If necessary, you may consult the previous version of our Privacy Policy: