Your privacy is important to us. It is Cambridge Adaptive Testing Limited's policy to respect your privacy
and comply with any applicable law and regulation regarding any personal information we may collect
about you, including across our Artemis-A platform. Please see https://www.artemis-a.org/ for further
details on our organisation.
Personal information is any information about you which can be used to identify you. This includes information about you as a person (such as name, address, and date of birth), your devices, payment details, and even information about how you use our Artemis-A platform.
This Privacy Policy does not apply to any of your activities outside of our platform.
This policy is effective as of September 13, 2024
Last updated: September 14, 2024
Information we collect falls into one of two categories: “voluntarily provided” information and “automatically collected” information.
“Voluntarily provided” information refers to any information you knowingly and actively provide us when using or participating in any of our services and promotions.
“Automatically collected” information refers to any information automatically sent by your devices in the course of accessing our products and services.
Transaction data refers to data that accumulates over the normal course of operation on our platform. This may include transaction records, stored files, user profiles, analytics data and other metrics, as well as other types of information, created or generated, as users interact with our services.
When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification.
Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure and no one can guarantee absolute data security.
You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services. For example, ensuring you do not make your personal information publicly available via our platform.
We keep your personal information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this privacy policy. For example, if you have provided us with personal information such as an email address when contacting us about a specific enquiry, we may retain this information for the duration of your enquiry remaining open as well as for our own records so we may effectively address similar enquiries in future. If your personal information is no longer required for this purpose, we will delete it or make it anonymous by removing all details that identify you.
However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation or for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes.
Your choice: By providing personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this privacy policy. You do not have to provide personal information to us, however, if you do not, it may affect your use of our website or the products and/or services offered on or through it.
By post to: By providing personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this privacy policy. You do not have to provide personal information to us, however, if you do not, it may affect your use of our website or the products and/or services offered on or through it.
Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.
Marketing permission: We will not use your data for any marketing purposes.
Access: You may request details of the personal information that we hold about you at any time and we will supply it in line with the Informaiton Commissioner’s Office rules & regulations.
Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information. Unless your personal information is required to provide you with a particular service or offer (for example processing transaction data), we will not deny you goods or services and/or charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, or provide you with a different level or quality of goods or services.
Notification of data breaches: We will comply with laws applicable to us in respect of any data breach.
Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.
At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy.
If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.
The GDPR distinguishes between organisations that process personal information for their own purposes (known as “data controllers”) and organizations that process personal information on behalf of other organizations (known as “data processors”). For the purposes covered by this Privacy Policy, we are a Data Controller with respect to the personal information you provide to us and remain compliant with our data controller obligations under GDPR.
In addition to the aforementioned purposes warranting the collection and use of personal information, we will use the data for debugging, product development/improvement and client support, but may also the collected data for research purposes. We do not share the data with third parties.
Data Protection and Privacy Laws permit us to collect and use your personal data on a limited number of grounds. In which case, we will collect and use your personal information lawfully, fairly and in a transparent manner. We never directly market to you.
Our lawful bases depend on the services you use and how you use them. This is a non- exhaustive list of the lawful bases we use:
Where you give us consent to collect and use your personal information for a specific purpose. You may withdraw your consent at any time using the facilities we provide; however this will not affect any use of your information that has already taken place. When you contact us, we assume your consent based on your positive action of contact, therefore you consent to your name and email address being used so we can respond to your enquiry.
While you may request that we delete your contact details at any time, we cannot recall any email we have already sent. If you have any further enquiries about how to withdraw your consent, please feel free to enquire using the details provided in the Contact Us section of this privacy policy.
Where we assess it is necessary for our legitimate interests, such as for us to provide, operate, improve and communicate our services. We consider our legitimate interests to include research and development, understanding our audience, measures taken to operate our services efficiently, and measures taken to protect our legal rights and interests.
In some cases, we may have a legal obligation to use or keep your personal information. Such cases may include (but are not limited to) court orders, criminal investigations, government requests, and regulatory obligations. For example, we are required to keep financial records for a period of 7 years. If you have any further enquiries about how we retain personal information in order to comply with the law, please feel free to enquire using the details provided in the Contact Us section of this privacy policy.
The personal information we collect is stored and/or processed in the United Kingdom by us. Following an adequacy decision by the EU Commission, the UK has been granted an essentially equivalent level of protection to that guaranteed under UK GDPR.
The University wants to ensure that we keep the details we hold about you up to date and communicate with you fully in accordance with your wishes. You should also get in touch with us if any of your personal details change. You can update your details and your communication preferences at any time using the following contact details:
By email to: artemis-a@medschl.cam.ac.uk
By post to: Data Protection Officer
University of Cambridge
The Old Schools
Trinity Lane
Cambridge
CB2 1TN
United Kingdom
If you have an account with us, you may, at any time, review or change the information in your account or terminate your account by logging into your account settings and updating your account or contacting us using the contact information provided in section 11 above. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, some information may be retained in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use for the Website and/or comply with legal requirements.
Under the Data Protection Laws, you have the right to:
Depending on the circumstances and the nature of your request, it may not be possible for us to do what you have asked; for example, where there is a statutory or contractual requirement and it would not be possible to fulfil our legal obligations if we were to stop. However, where you have consented to the processing, you can withdraw your consent at any time, by emailing us at artemis-a@medschl.cam.ac.uk. In this event, we will stop the processing as soon as we can. Further information on your rights is available from the Information Commissioner’s Office (ICO) (www.ico.org.uk).
If you wish to exercise any of your rights, please contact our Data Protection Officer using the contact details in section 11 above.
If you have any questions, comments or concerns about how we use or handle yourpersonal data, please contact the Data Protection Officer using the contactdetails in section 11above.
If you are not content with how we handle your information we would ask you tocontact our Data Protection Officer to help you. However, you do also have theright to complain directly to the Information Commissioner via their website orvia post at: Information Commissioner's Office, Wycliffe House, Water Lane,Wilmslow, Cheshire, SK9 5AF. Information about the Information Commissioner isavailable at: www.ico.org.uk.
This privacy notice may be updated from time to time so you may wish to check it each time you submit personal information to the University. The date of the most recent versions will appear on this page (see version control details below).
“Data Protection Legislation” means any applicable law relating to the processing, privacy and use of Personal Data, as applicable to either party under these Terms, including the Data Protection Act 2018, the United Kingdom General Data Protection Regulation (“UK GDPR”), the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, the Electronic Communications Data Protection Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003, and all applicable laws and regulations relating to processing of personal data and privacy, including where applicable the guidance and codes of practice issued by the Information Commissioner;
Document version control
Version: 0.1
PrivacyPolicy Updated: 01/03/2021