PRIVACY POLICY – TESTWE

LAST UPDATED: October 14, 2025

PREAMBLE

Welcome to our “Privacy Policy” page for the website operated by TestWe and accessible at https://testwe.eu/fr/ (the “Site”).

Thank you for using our Site and our online services (the “Services”). TestWe cares about preserving the confidentiality of your Personal Data and places great importance on protecting the privacy of users of its Services.

On this page, you will find, among other things, the following information:

which data we may collect about you;
why and how we use this data;
the origin of this data;
with whom we may share it;
the legal basis we rely on to do so; and
what measures we take to ensure its security.

TestWe, a simplified joint-stock company, registered with the Paris Trade and Companies Register under number 801731571 and whose registered office is located at 27, boulevard Saint‑Martin, 75003 Paris (“TestWe,” “we,” or “our”), is committed to protecting and respecting the privacy of every person whose Personal Data we process in connection with providing the Services.

The processing of Personal Data of visitors and users of our Services is subject to Regulation (EU) 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”) and to French Law No. 78‑17 of January 6, 1978 on information technology, files and freedoms, as amended (the “French Data Protection Act”) (together, the “Regulations”).

For the purposes of these Regulations, TestWe acts, on behalf of private higher education institutions, certification bodies, or employers using TestWe’s Services, as a processor of the Personal Data processed via our online Services, and undertakes under this Policy to comply with the legal and regulatory obligations incumbent upon it.

The controller is required to provide you with all the information set out in the Privacy Policy. However, we would like to explain here how we process your Personal Data and how we ensure we respect your integrity in accordance with the GDPR. We encourage you to read this privacy policy. Using it should help you make informed decisions.

If you have any questions about this Privacy Policy or about your Personal Data in general, please contact us at privacy@testwe.eu or by post at: TestWe, GDPR Service, 27, boulevard Saint‑Martin, 6, rue Notre Dame de Nazareth, 75003 Paris.

The content of our Privacy Policy may change. You will be regularly informed of updates, by any means (email, pop‑up window, etc.).

As a general matter, the Policy is always easily accessible at the bottom of the pages of the Site.

2. WHO IS COVERED BY THIS PRIVACY POLICY?

The processing carried out by TestWe through the Site concerns casual visitors and Users (both candidates and administrators) of the Site wishing to benefit from TestWe’s online Services (the “Data Subjects”).

3. HOW IS YOUR PERSONAL DATA COLLECTED?

TestWe collects Personal Data directly and indirectly from users through the online account creation form (first connection to the platform), the call bot and chat bot, webcam streams (activation of students’/candidates’ webcams during the online examination), connection traces (collection of connection logs), and any other data integrated by the institutions and reported by candidates.

Technical information (for example, IP address, information about your browser, etc.) is also transmitted to TestWe by your device when you use the Site.

4. TYPES OF PERSONAL DATA, PURPOSES AND LEGAL BASIS

“Personal data” means any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to that person’s physical, physiological, genetic, mental, economic, cultural or social identity (“Personal Data”). This does not include data whose identity has been removed (anonymous data).

Below is an overview of the different categories of people covered by this Privacy Policy, as well as:

the type of personal data about you that we use and store;
the purposes for which personal data is collected;
the legal basis for processing activities.

4.1 Types of personal data collected

We collect and process the following Personal Data:

identity data (name, surname, assigned university, relevant examination);
proctoring recordings (video of the candidate’s face and upper body, video of the candidate’s ears, video of the room where the candidate takes the exam);
identity document data (copy of the candidate’s ID card or passport);
non‑anonymized exam copies;
audio recordings (in case of fraud, voice exchange between the proctor and the candidate concerned);
video recordings (video of the candidate taken throughout the exam session which is deleted simultaneously);
first and last name, email address, login identifier (teachers/instructors/graders and candidates);
connection logs.

4.2 Purpose and legal basis for collecting your Personal Data

TestWe’s clients must define the legal basis for processing in their capacity as controllers. We collect and use your Personal Data for the following reasons, purposes and on the following legal bases:

Purpose | Legal basis

:–|:–

Provision of the Services | Performance of the contract binding us to the controllers and performance of the T&Cs

Ensuring the security of Personal Data (e.g., preventing digital identity theft) | Performance of the contract binding us to the controllers and performance of the T&Cs

Allowing you to access and use the Site | Our legitimate interests

Ensuring the proper functioning of the Site | Our legitimate interests

Responding to and assisting you via our call bot and chat bot | Our legitimate interests

Storing information about your preferences and enabling us to personalize the site based on your interests (cookies) | Your consent

Preparing reports or compiling statistics and analytics in order to improve our products and services (cookies) | Your consent

Resolving any disputes or addressing any issues in connection with the use of the services | Our legitimate interests

Retaining the Personal Data necessary to meet legal obligations and handle data requests from authorized authorities | Compliance with our legal or regulatory obligations.

5. IF YOU DO NOT PROVIDE PERSONAL DATA

If you choose not to provide the Personal Data we request, we may be unable to provide you with the Services you have requested or to achieve the purposes for which we requested the Personal Data.

Access to your Personal Data is strictly limited:

internally, to TestWe employees authorized by virtue of their role and bound by a confidentiality obligation;
to third parties involved in providing our Services (technical service provider, hosting provider, email or service notification router, etc.). TestWe undertakes to disclose your Personal Data only to authorized and trusted providers, who process it on our behalf, in accordance with our instructions. In performing their services, TestWe’s providers comply with the GDPR and TestWe has entered into a data processing agreement regarding your Personal Data.

TestWe may share your Personal Data with judicial authorities, independent administrative authorities or any other organization if the law, a regulatory provision or a court order so requires, or if such disclosure is necessary for the purposes of an investigation, injunction or legal proceedings, domestically or abroad.

7. TRANSFERS OF DATA OUTSIDE THE EUROPEAN UNION

TestWe does not transfer Personal Data outside the EU/EEA to countries that have not been subject to an adequacy decision by the European Commission within the meaning of Article 45 of the GDPR, or without having executed the European Commission’s standard contractual clauses, or, for transfers of Personal Data to the United States, without providers being certified under the European Commission’s EU‑US adequacy decision and the Data Privacy Framework dated July 10, 2023. TestWe ensures that such recipient providers are qualified organizations listed in the DPF certified companies list, available at https://www.dataprivacyframework.gov/s/participant-search.

8. RETENTION PERIOD OF YOUR PERSONAL DATA

We will retain your Personal Data only for as long as necessary to achieve the purposes for which it was collected, including to meet any legal or accounting requirements as well as CNIL recommendations.

Above all, retention periods are set by the controller.

To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether those purposes can be achieved by other means, as well as applicable legal requirements. The retention period for your Personal Data may therefore vary in days, months or even years depending on your profile (student/candidate or teacher/professor/instructor/marker), the category of Personal Data and the purposes of processing.

In principle, and unless otherwise instructed by your controller, we retain your Personal Data as follows:

first name, last name, email and ID of teachers/instructors/graders: duration of use of the service;
candidates’ identity data (name, surname, assigned institution, relevant examination) are kept for 2 years after the exam, unless a disciplinary procedure is initiated;
connection logs: 2 months;
the candidate’s photo and copy of their identity document are kept for two months;
for ProctorWe Live, video recordings are not kept on TestWe’s servers and are therefore deleted instantly, and for ProctorWe, photos taken every five seconds as well as audio recordings are also kept for two months.

We also retain Personal Data for:

claims, questions, complaints: 3 years after a claim, question or complaint is closed;
contact form: 3 years from your request;
call bot and chat bot: for quality reasons: 30 days from our exchange;
newsletter subscription: as long as the Data Subject does not unsubscribe.

For visitors’ Personal Data, please refer to Article 13.2 on cookies.

After the specified periods, the Data is either deleted or retained after being anonymized, in particular for statistical purposes. It may be retained in the event of pre‑litigation and litigation. Please note that deletion or anonymization are irreversible operations and TestWe can no longer restore the data.

9. RIGHTS OF DATA SUBJECTS

As a Data Subject, you have several rights. These rights are not absolute and each is subject to certain conditions under the GDPR and applicable national laws.

right of access – you have the right to obtain from us confirmation as to whether or not your Personal Data is being processed by us, as well as certain other information (similar to that provided in this Privacy Policy) about how it is used. You also have the right to access your Personal Data by requesting a copy. This enables you to know and verify that we are using your information in accordance with data protection laws. We may refuse to provide information if it would disclose Personal Data about another person or would adversely affect another person’s rights.
right to rectification – you can ask us to take steps to correct your Personal Data if it is inaccurate or incomplete (for example, if we have an incorrect name or address).
right to erasure – also known as the “right to be forgotten,” this right allows you, in simple terms, to request the deletion or removal of your Personal Data where, for example, we have no compelling reason to continue using it or its use is unlawful. However, this is not a general right to erasure and there are certain exceptions, for example where we need to use the information to defend a legal claim or to comply with a legal obligation.
right to restriction of processing – you have the right to “block” or suppress the further use of your Personal Data when we are considering a rectification request or as an alternative to erasure. Where processing is restricted, we may still store your Personal Data, but may no longer use it.
right to data portability – you have the right to obtain and reuse certain Personal Data for your own purposes across different companies (which are separate controllers). This applies only to Personal Data that you have provided to us, that we process with your consent and in order to perform the contract, and that is processed by automated means. In that case, we will provide you with a copy of your data in a structured, commonly‑used and machine‑readable format or (where technically feasible) we can transmit your data directly to another processor or controller.
right to withdraw consent – where we process your Personal Data on the basis of your consent, you have the right to withdraw your consent at any time. However, such withdrawal does not affect the lawfulness of processing before the withdrawal.
right to give us instructions regarding the use of your personal data after your death – In France, you have the right to give us instructions on how to process (e.g., retention, erasure and disclosure) your data after your death. You can change or revoke your instructions at any time.

10. EXERCISING YOUR RIGHTS

If you have questions about this Privacy Policy, how we process your Personal Data, or if you wish to exercise any of your rights, you can contact us about the processing of your data and effectively exercise your rights through the following means:

as a priority, by contacting your controller, who will forward requests to us for all activities related to our platform.
by sending us a request at privacy@testwe.eu or by postal mail to: TestWe, GDPR Service, 27, boulevard Saint‑Martin, 75003 Paris.

We may need to ask you for specific information to help us confirm your identity and ensure your right of access to that information (or to exercise your other rights). This is an appropriate security measure to ensure that personal data is not disclosed to anyone who has no right to receive it.

In accordance with the recommendations of the Commission Nationale de l’Informatique et des Libertés (“CNIL”), which is the supervisory authority for data protection for TestWe, your request will be processed within short timeframes (1 month up to a maximum of 3 months, depending on the case).

Any such request will be examined within the time limits provided by applicable law. However, please note that certain Personal Data may be exempt from such requests in certain circumstances, especially if TestWe needs to continue processing your Personal Data for its legitimate interests or to comply with a legal obligation.

Exercising your right of access (or any other right) is free of charge. Sometimes, we may be unable to respond to your request if it is manifestly unfounded or excessive.

Furthermore, if you are not satisfied with our response to your complaint or if you believe that the processing of your Personal Data does not comply with applicable data protection laws, you have the right to lodge a complaint with the competent supervisory authority (the CNIL: https://www.cnil.fr/) and/or to seek a remedy before the competent courts if you consider that your rights are not respected.

11. HOW IS YOUR DATA SECURED?

TestWe ensures that Personal Data is processed securely and confidentially, including when certain operations are carried out by technical providers. To this end, appropriate technical and organizational measures are implemented to prevent unauthorized access and disclosure, accidental loss, misuse, alteration, damage and accidental or unlawful deletion of your Personal Data. These measures are adapted according to the level of sensitivity of the data processed and the level of risk presented by the processing or its implementation. We have put in place procedures to handle any suspected data breach and will notify you and any competent supervisory authority of any suspected breach where we are legally required to do so.

TestWe uses, for example: (i) a secure https connection, (ii) two‑factor authentication via password and SMS validation, (iii) IP filtering for certain sensitive services, (iv) differentiated technical accounts, and (v) key monitoring.

To this end, we require our staff and our technical providers to comply with strict rules regarding information security and protection (e.g., confidentiality obligations, implementation of physical security measures, etc.).

Finally, we inform you that your Personal Data is stored on servers located in France or in member countries of the European Union.

Unfortunately, the security of data transmissions over the Internet or of data storage systems cannot be guaranteed 100%. If you have reason to believe that your interaction with us is no longer secure (for example, if you believe that the security of an account you hold with us has been compromised), please inform us immediately by contacting us using the details set out in Article 14 of the Privacy Policy.

12. THIRD‑PARTY WEBSITES

The Site may contain links to other websites operated by third parties. Please note that this Privacy Policy applies only to personal data collected by TestWe. We are not responsible for Personal Data that third parties may collect, store and use on their own websites or applications. We recommend that you carefully read the privacy policy of each website and/or application you visit.

13. COOKIES

“Cookies” are small text files, often containing unique identifiers, that are sent by web servers to web browsers and may then be sent back to the server each time the browser requests a page from the server.

Cookies are very useful and allow a website to recognize you, identify you when you visit a particular page, provide a secure connection to a website and enhance your user experience by improving your browsing and/or tailoring the content of a page to your interests.

13.2 How are cookies used?

Where prior consent is required for their use, the validity of consent to the placement of cookies is 6 months. At the end of this period, we will ask for your consent again.

The cookies we place as operators of our Site are called “first‑party cookies.” Cookies that third parties place for us on our Site are called “third‑party cookies.” Third‑party cookies enable us to provide third‑party features or functionality on or through a website (for example, advertising, interactive content and analytics). The persons who create these third‑party cookies may collect certain of your personal data, recognize your computer when you visit the website concerned and when you visit other websites.

The retention period for an audience‑measurement cookie that does not require consent is 13 months. However, the information collected through these cookies is kept by us for a maximum period of 25 months, in accordance with applicable regulations.

Types of cookies used on our Site

Cookie name	Type	Duration	Function
HubSpot cookies	`__hs_initial_opt_in`	Necessary cookie \| 13 months	Used to prevent the banner from always appearing when visitors browse in strict mode.
HubSpot cookies	`__hs_opt_out`, `_hs_do_not_track`	Necessary cookie \| 13 months	Used by the “opt‑in” privacy policy to remember not to ask the visitor to accept cookies again. This cookie is installed when you give visitors the option to refuse cookies.
HubSpot cookies	`__hssc`	Analytics cookie \| 30 minutes \| Tracks sessions	Used to determine whether HubSpot should update the session number and timestamps in the `__hstc` cookie.
HubSpot cookies	`__hstc`	Analytics cookie \| 13 months	The main cookie for tracking visitors.
HubSpot cookies	`__hssrc`	Analytics cookie \| Session	When HubSpot changes the session cookie, this cookie is also set to determine whether the visitor has restarted their browser.
HubSpot cookies	`hubspotutk`	Analytics cookie \| 13 months	Tracks a visitor’s identity. It is transmitted to HubSpot when a form is submitted and used during contact deduplication. It contains an opaque GUID representing the current visitor.

This includes:

Technical cookies: These cookies allow you to navigate our Site and use its features more efficiently. They also allow our site to remember your previous actions during the same browsing session.
Functionality cookies: These cookies allow our Site to remember the choices you made during your visit in order to offer you enhanced and more personalized features.
Statistical cookies: These cookies allow us to compile statistics and figures on the traffic and use of the various elements that make up our Site (sections and content visited, path, time spent on the Site), which allows us to improve the appeal and ergonomics of our Services.

13.3 How to block the use of cookies?

There are two ways to refuse the use of cookies.

During your first visit to our Site, you will be asked to consent to the use of your data by cookies via an information banner that will be prominently displayed at the bottom of the page.

Using the “Accept all” and “Reject all” buttons, you can globally accept or refuse that we place cookies on your computer or device (cookies related to targeted advertising operations, certain audience‑measurement cookies, social network cookies generated in particular by their sharing buttons when they collect personal data). However, a third “Customize” button on this banner will allow you to obtain details of the categories of cookies used and thus choose whether or not to consent by purpose.

However, if you wish to refuse the use of any type of cookies on a website, you can do so by changing your browser settings to block the use of cookies. Please note that if you block the use of cookies through this browser setting, you may not be able to use or view all or part of the relevant website, including our site.

Each web browser offers different ways to configure cookie management. In general, these are described in the help menu of each browser.

Firefox: https://support.mozilla.org/fr/kb/cookies-informations-sites-enregistrent
Internet Explorer: https://support.microsoft.com/en-us/products/windows?os=windows-7
Google Chrome: https://support.google.com/chrome/answer/95647?hl=fr
Safari: https://www.apple.com/legal/privacy/fr-ww/cookies/

Please note that if you block the use of cookies through this browser setting, you may not be able to use or view all or part of the website, including our site.

In addition, if you wish to block the use of analytics cookies and/or advertising and retargeting cookies, both provided by our third‑party service providers, please visit the following URL to opt out of the use of these cookies.

14. CONTACT INFORMATION

If you have any other questions or comments regarding our Privacy Policy, please contact us at privacy@testwe.eu or by post at: TestWe, GDPR Service, 27, boulevard Saint‑Martin, 75003 Paris.

15. CHANGES TO THE PRIVACY POLICY

TestWe may modify this Privacy Policy from time to time to reflect changes in its privacy practices. When we modify this privacy policy, we also change the “last updated” date at the top of the first page. We encourage you to review this Privacy Policy regularly to stay informed about how TestWe protects your personal data.