Data Privacy at Alpine Testing Solutions, Inc.
Last updated: August 24, 2023
Alpine Testing Solutions, Inc. (“Alpine”) has established a comprehensive privacy program designed to help us respect and protect your data privacy rights. The following statement includes (i) Alpine’s Privacy Shield Framework compliance statement and certification of adherence to the Privacy Shield Principles and (ii) Alpine’s website privacy statement, which are collectively referred to as the “Policy”.
Alpine’s Data Privacy Framework
Alpine commits to resolve complaints about our collection or use of your Personal Data. If you have any questions, complaints and/or other concerns, please first contact us at: firstname.lastname@example.org
You may also lodge a complaint with your local data protection authority.
In compliance with the EU-U.S. DPF, Alpine commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.
Alpine has further committed to refer unresolved complaints with regard to Personal Data other than human resources data to International Centre for Dispute Resolution, International Division American Arbitration Association (“ICDR-AAA”), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit https://go.adr.org/privacyshield.html and www.dataprivacyframework.gov for more information or to file a complaint. The services of the ICDR-AAA are provided at no cost to you.
The Federal Trade Commission has jurisdiction over compliance with the EU-U.S. DPF for Alpine.
If your complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms as provided in the EU-U.S.
In the context of an onward transfer, Alpine has responsibility for the processing of Personal Data it receives under privacy principles including the EU-U.S. DPF, and subsequently transfers to a third party acting as an agent on its behalf. Alpine shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
Alpine provides test development and candidate management services as a service provider to test sponsors. A test sponsor is a company or organization that offers certification, credentialing, licensure or other testing and controls the test(s) that must be taken to secure such certification, credentialing, or licensure. Alpine collects or receives personal information and test data from certification, credentialing, licensure, and other testing organizations. “Test” data refers generically to examinations, assessments, evaluations, surveys, and any testing related processes and data including examinee and candidate demographic data. This Policy is applicable to personal information that Alpine may receive related to certification, credentialing, licensure, and other testing received on all applications, websites, and web pages that provide a link to this Policy (collectively, the “Site”). If you do not agree to this Policy, please request that the test sponsor remove your records from the system and do not provide your personal information to Alpine.
Personal Information Collected
Alpine collects or receives the following categories of personal information (either directly from you, directly from the data controller, or from a subprocessor contracted by the data controller): identifiers, internet or other similar network activity, professional or employment related information, non- public education information, and commercial information. These categories may include the following specific pieces of personal information – your name, address, email address, phone number, fax number, company, title, language, race or ethnic origin, gender, employment information, previous examination history, education records (including transcripts and grades), work history, source of financing for the examination, birthdate, all or part of government-issued identification numbers, mother’s maiden name, signature, photographic image, and/or other biometric data digitally to verify identity and to protect the security and integrity of the test. Alpine only processes personal information, including sensitive information, in accordance with its agreement with and the instructions provided by the test sponsor or other data controller. Alpine will not collect sensitive information about you without your consent. Alpine may collect and analyze your test responses and then derive a test score and generate a report about your test results. Unless Alpine provides specific notice and obtains your consent, Alpine does not collect or process any Human Resource Data (HRD), as defined under the U.S.-EU Privacy Shield Framework, in connection with certification, credentialing, licensure or other testing services.
How and Why Alpine Uses Personal Information
Alpine uses this personal information to perform services relating to certification, credentialing, licensure, and other testing purposes on behalf of the test sponsor. This includes—among other things—determining testing eligibilities, supporting test registration, analyzing test results, calculating and awarding credentials, supplying testing information to the test sponsor programs and their authorized vendors, and communicating with candidates and the test sponsor about the testing and the results of such testing. A candidate does not have to provide any personal information to Alpine unless the candidate wishes to participate in the testing offered by the test sponsor and receive testing results.
Alpine also engages in activities to market its services and perform business services. In doing so, Alpine obtains personal information about key individuals within test sponsors, potential test sponsors, or customers by soliciting involvement in workshops, sending out surveys or other questionnaires regarding such involvement to obtain needed individual details and biographies, or by accessing personally shared information or publicly available information regarding such organizations and individuals.
Legal Basis for Processing
Alpine only processes personal information when we have a legal basis for the processing, as follows:
- To fulfill a contract with you, or as needed to fulfill a contract between you and the test sponsor, where Alpine is acting as a data processor;
- For closely-related purposes, such as payment processing, contract management, website administration, business continuity and disaster recovery, security and fraud prevention, corporate governance, reporting and legal compliance;
- With your consent (or provided you have not objected, or opted-out, as may be appropriate under applicable law), to provide you with marketing communications; or
- To comply with the laws that are applicable to us around the world.
Alpine may also process personal information for the purposes of our own legitimate interests or for the legitimate interests of others, provided that processing does not and shall not outweigh your rights and freedoms. In particular, we will process your personal information as needed to:
- Protect you, Alpine, or others from threats (such as security threats or fraud);
- Enable or administer our business, such as for quality control, consolidated reporting, and customer service;
- Manage corporate transactions, such as mergers or acquisitions; and
- Understand and improve our business or customer relationships generally.
Disclosure of Personal Information to Third Parties
Alpine does not provide or sell Personal Data to third parties for their own marketing purposes. We limit the sharing of Personal Data to the following:
- Compliance with legal, regulatory and law enforcement requests. We cooperate with government and law enforcement officials and private parties that we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (such as subpoena requests), to protect our property and rights or the property and rights of a third party, to protect the safety of the public or any person, or to prevent or stop activity we consider to be illegal or unethical. To the extent we are legally permitted to do so, we will take reasonable steps to notify you in the event that we are required to provide your personal information to third parties as part of a legal process.
- Sharing with Trusted Third Parties. We may share your Personal Data with third parties with which we have partnered to allow them to integrate their services into our own Services and with trusted third party service providers as necessary for them to perform services on our behalf.
These third parties are subject to strict data processing terms and conditions and are prohibited from utilizing, sharing, or retaining your Personal Data from any purpose other than as they have been specifically contracted for (or without your consent).
Special Cases. It is Alpine’s policy not to use or share Personal Data in ways unrelated to the ones described above without also providing you an opportunity to opt out or otherwise prohibit such unrelated uses. However, the Company may disclose Personal Data, or information regarding your use of the Services or websites accessible through our Services, for any reason if, in our sole discretion, we believe that it is reasonable to do so, including: to satisfy laws, regulations, or governmental or legal requests for such information; to disclose information that is necessary to identify, contact, or bring legal action against someone who may be violating our Terms and Conditions or other user policies; to operate the Services properly; or to protect the company, our customers, and business contacts.
Choice – Limiting Use of Personally Identifiable Information
Alpine discloses personally identifiable or sensitive information to third parties when Alpine is acting as a data processor under the direction of a test sponsor or other organization who is acting as the data controller. If your personally identifiable or sensitive information is provided to Alpine by the data controller or a third-party (e.g., test delivery provider) acting under the direction of the data controller, Alpine is only acting as a processor of data under the instruction of the data controller based on a contract with the data controller.
Alpine will follow the instructions of the data controller in its processing activities. As data processor, we treat as sensitive any personal information received from data controllers that are designated as sensitive under applicable data protection laws. If the data controller intends to (i) use your personally identifiable or sensitive information for a purpose that is materially different from the purposes for which the personal identifiable or sensitive information was originally collected or subsequently authorized, or (ii) transfer your personally identifiable or sensitive information to a third party not contemplated by the purposes for which the personally identifiable or sensitive information was originally collected or subsequently authorized, the data controller is responsible to give you notice and an opportunity to opt out. You must contact the data controller (e.g., test sponsor) and use the mechanism it provides to opt out or make changes to your designation. You understand that if you opt out of sharing your personally identifiable information with data controllers or certain third parties, your decision may impact your certification, credential, or licensure status. Furthermore, Alpine may still retain all non-identifiable data and information, including test responses and other information collected, to use for statistical purposes, aggregate purposes, and improvement of systems and processes. If your personally identifiable or sensitive information is provided to Alpine and Alpine is acting in the capacity of a data controller (e.g., you or others request that we provide you marketing or sales information and share with us your personally identifiable information so we can contact you), Alpine will use such data only for the purposes for which it was collected. Alpine will not disclose that information to any third parties except for third parties acting as a data processor for the purposes for which the data was collected (e.g., sales and marketing automation tools and services used by Alpine) under the direction of Alpine. If you request, you may opt out of having Alpine share your personally identifiable or sensitive information, limit with whom such information is shared, or have such information removed from our systems by contacting us at email@example.com. If Alpine is acting in the capacity of data controller and intends to (i) use your personally identifiable or sensitive information for a purpose that is materially different from the purposes for which the personally identifiable information was originally collected or subsequently authorized, or (ii) transfer your personally identifiable or sensitive information to a third party not contemplated by the purposes for which the personally identifiable or sensitive information was originally collected or subsequently authorized, Alpine will give you notice and an opportunity to opt out. While Alpine, when acting as a data controller, will honor your opt out requests to protect your personally identifiable or sensitive information, Alpine may still retain all non-identifiable data and information to use for statistical purposes, aggregate purposes, and improvement of processes and systems.
Your personal information may be transferred to, stored at, or processed in the United States. Alpine generally uses approved Standard Contractual Clauses to assure that personal information is adequately protected when it is transferred out of the EEA, the UK, or Switzerland to the United States, but we may also make transfers to recipients with approved binding corporate rules. Alpine will assure that any transfer of personal information between the EEA, Switzerland, and/or the UK continues to be safeguarded as described in this section and in accordance with applicable data protection laws. Please contact us via email to firstname.lastname@example.org if you would like more information about cross-border transfers or to obtain a copy of the Standard Contractual Clauses.
Alpine shall take reasonable steps to protect all personal information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Alpine has put in place appropriate physical, electronic, and managerial procedures to safeguard and secure all personal information from loss, misuse, unauthorized access or disclosure, alteration, or destruction.
Alpine only processes personal information in a way that is compatible with and relevant to the purpose in which it was collected or authorized by you. To the extent necessary for those purposes, Alpine shall take reasonable steps to ensure that personal information is accurate, complete, current, and reliable for its intended use.
Subject to the limitations and rights of Alpine when acting as a data processor for a test sponsor, you have the right to request that Alpine (i) delete your personal information; (ii) disclose the personal information we have collected about you; and (iii) disclose whether Alpine sells or has sold your personal information. You also have the right to opt out of the sale of your personal information (to the extent we sell your personal information) and to not face discrimination for exercising any of your rights set forth in this Policy. To exercise these rights, you (or your authorized agent) may contact us by submitting a verifiable consumer request as described below. Your request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. To the extent applicable, Alpine will also allow you access to your personal information to correct, amend, or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to your privacy or where the rights of persons other than you would be violated. If Alpine is acting solely as a data processor, we will refer your access request to the test sponsor for response to your request and will follow the instruction provided to us by the test sponsor on your behalf.
Alpine has further committed to refer unresolved complaints involving data collected in reliance on the Privacy Shield to American Arbitration Association (AAA), an alternative dispute resolution provider located in the United States. Under certain conditions, you may invoke the right to binding arbitration. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit http://go.adr.org/privacyshield.html for more information or to file a complaint. The services of American Arbitration Association (AAA) are provided at no cost to you.
This Policy may be amended periodically consistent with the requirements of the U.S.-EU Privacy Shield Framework. Alpine will post any revisions or amendments to the Policy on its website.
Alpine’s Website Privacy Statement
Alpine respects the privacy of visitors to its Site. This section of this Policy applies only to the operation of websites that directly link to this section when you click on “privacy statement” in the Site footer. Through its Site, Alpine will collect personal information when it is voluntarily submitted to Alpine and automatically when you visit the Site. Alpine will use your personal information as described in this Policy. Any other information transferred by you in connection with your visit to the Site that cannot be used to identify you (“Other Information”) may be included in databases owned and maintained by Alpine. Alpine retains all rights to these databases and the information contained in them.
IP Address and Information Collected Automatically
Other Information Alpine collects may include your IP address and information gathered through Alpine’s weblogs and cookies (see below). This Site receives information that is automatically generated by a user’s internet service provider (ISP). This information may include the IP address (a number automatically assigned to a computer by the telephone area code, the location of the ISP’s servers, the pages of Alpine’s Site that the user views, any search terms entered on this Site, and the user’s website address and email address). This information may be collected for system administration purposes, to gather broad demographic information, and to monitor the level of activity on the Site. Alpine reserves the right to link IP addresses and Other Information supplied by the ISP to personally identifiable information to control which users can and cannot access our system based on their IP address, protect the integrity of our systems, and for security purposes. This Site may use a technology known as web beacons that allow the Site to collect web log information. A web beacon is a graphic on a web page or in an e-mail message designed to track pages viewed or messages opened. Web log information is gathered when you visit one of our websites by the computer that hosts Alpine’s website (called a “webserver”). The webserver automatically recognizes some non-personal information, such as the date and time you visited Alpine’s Site, the pages you visited, the website you came from, the type of browser you are using (e.g., Chrome, Firefox, Safari), the type of operating system you are using (e.g., Windows, iOS), and the domain name and address of your Internet service provider. Alpine may also include web beacons in promotional e-mail messages in order to determine whether messages have been opened.
This Site is not intended for, or designed to attract, individuals under the age of 18 (“Minors”). When acting as a data controller, Alpine does not collect personally identifiable information from any person Alpine knows is a Minor. However, from time to time, test sponsors may ask Alpine to process personal information of a Minor. In such cases, Alpine will process the Minor’s personal information in accordance with this Policy and under the direction of the test sponsor. Alpine does not knowingly process personal information from persons under the age of 13 without parental consent.
Changes to this Policy
We may update this Policy from time to time. When we make changes to this Policy, we will post a notification on the main page of the Site and revise the “last updated” date at the top of this Policy. We encourage you to frequently review this Policy for any changes to stay informed about how we are helping to protect the personal information we collect.
Privacy Notice for California Residents
View Alpine’s Privacy Notice for California Residents (“CA Privacy Notice”) which supplements the information contained in this Privacy Statement and applies solely to all visitors, users, and others who reside in the State of California.
If you have any questions, concerns, or complaints about this Policy or our practices with respect to your personal information, please email us at email@example.com, or write us at:
51 West Center Street, #514,
Orem, UT 84057
EU Representative: avocado consulting GmbH
Spichernstr. 75-77, 50672 Cologne, Germany
Email: firstname.lastname@example.org, Telephone: +49 221.39 071 29