Privacy Notice

Ramsay Corporation ("Ramsay") intends this privacy notice for those individuals using Ramsay’s online testing services (the "Testing Services") for prospective employment by third party employers, and delineates the personal information Ramsay collects and uses in order to process its Testing Services. Ramsay is committed to transparency vis-à-vis your personal information and maintaining its secrecy.

The type of personal information Ramsay collects

As used in this privacy policy, the term "personal information" means any information that specifically identifies an individual (such as a name, user name, e-mail address, postal address, phone number, credit card details, or account details) or information about that individual that is directly linked to information specifically identifying an individual. If you are using the Testing Services in the European Union, then personal information may also include additional data that could identify you or be indirectly linked to you, such as some aggregated data, your location, device id and the way that you use the Testing Services. We have explained more about the information we collect about you in the section below.

In providing the Testing Services, the types of information Ramsay collects is as follows:

• Name, date of birth, nationality, race, email address, employer or prospective employer information, social security number or other unique identification number and any other information as the employer has requested we collect

If you decide not to provide certain personal information, which is your right, we may be unable to provide the Testing Services or you may be unable to receive the results of the Testing Services.

How we gather the personal information we collect

We may gather your personal information in the following ways:

• From you when you sign up for our Testing Services
• From a third party, on whose behalf we are providing the Testing Services to you
• From emails or other correspondences if you communicate with us
• From people associated with you, if they assist you in signing up for our Testing Services

Our cookies policy

Our Testing Services generally do not use analytics, cookies, web beacons, or other similar technology. We do use cookies to authenticate users of our Testing Services, thereby differentiating legitimate users from others, but we do not use third party cookies on our Testing Services. If we collect any information relating to your usage of the Testing Services, it is anonymized and therefore is not considered to be personal information.

How and why we use your personal information

We primarily use your personal information to provide the Testing Services to you and other individuals. We may also use certain personal information, such as email addresses, for future communications with you and also for auditing purposes, so we can monitor who accesses our Testing Services, when, and for how long. We may also use your personal information to respond to your emails, telephone calls, requests, questions, and to provide customer service. We may also use your personal information to protect our users from fraudulent or unlawful or inappropriate use of the Testing Services or to enforce this privacy policy, and the terms of our Testing Services. And, last, we may use your personal information for purposes which are explained to you at the time we collect it.

What is our legal basis for using your personal information

If you are accessing our Testing Services in Europe, then we are required to ensure that we only process your personal information where we have a legal basis to do so. When we process your personal information we will only do so where at least one of the following applies:

• We need to use your personal information to perform our responsibilities under our contract with our client, i.e., to perform the Testing Services
• It is in our legitimate interests to use your personal information in certain circumstances. For example, it is in our legitimate interests to use your personal information in connection with our Testing Services; to improve our Testing Services; to ensure that our Testing Services are secure; and for operational purposes.
• Sometimes we may ask for your consent to use certain types of personal information (e.g. by asking you to tick an online box). In these circumstances, your consent will be our legal basis for processing your personal information. If you have provided consent, you may withdraw it at any time. You may do this where we give you the opportunity to do so, or by contacting us using the contact details below.

What we do not do with your personal information

• We do not use your personal information for direct marketing purposes
• We do not sell or otherwise disclose your personal information to any third parties for marketing our Testing Services or any other Ramsay or third party products and services
• We do not publish or otherwise make available lists of our clients to third parties

With whom do we share your personal information

• We do share and coordinate personal information with our employees who assist in the Testing Services
• We do share, as we must to provide the Testing Services, personal information to the clients who purchased Testing Services; however, we do not control or know how any particular uses your personal information
• We may provide personal information to regulators, government agencies, courts, or parties to lawsuits who may request information about you from us, as permitted by law. In such cases, we share only the personal information that we are legally required or authorized to share.
• If you are an EU citizen and you exercise your data portability (see below), we will usually share your personal information with an intermediary that facilities such portability
• If we sell our business, personal information will be shared with the buyer so you can continue to receive services and products and we will also usually share some personal information with the prospective buyer, although we will take all reasonable precautions to ensure such potential buyer maintains the secrecy of your personal information
• We may also use your personal information, such as your email address, to request feedback and to otherwise contact you about your satisfaction with the Testing Services
• We may use your personal information to protect our rights, property, or safety or that of our affiliated entities and our users and any third party we interact with to provide the Testing Services

How long will we keep your personal information

We will only retain your personal information for as long as necessary to fulfill our Testing Services, or to comply with legal, regulatory, contractual or internal policy requirements. To help us do this, we apply criteria to determine the appropriate periods for retaining your personal information depending on its purpose, such as proper account maintenance, facilitating client relationships, administering our Testing Services, and responding to legal claims or regulatory requests.

We may transfer your personal data outside the European Economic Area

If the GDPR applies to you and if we transfer your personal information out of the EEA, we will comply with applicable data protection law. Some of the mechanisms we may choose to use when undertaking an international transfer are:

• The transfer of your personal data is to a country that has officially been deemed to provide an adequate level of protection for personal data by the European Commission.
• We may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe (called the "EU Model Clauses").
• If we send it to the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. If the provider is not EU-US Privacy Shield certified, we may use the EU Model Clauses.

Your rights regarding your personal information

For individuals within the EU, under the General Data Protection Regulation, you have a number of important rights regarding your personal information. You may:

• require us to correct any mistakes in your personal information which we hold.
• require the erasure of personal information concerning you in certain situations, although this may have negative consequences related to our provisioning of the Testing Services.
• receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations.
• object at any time to processing of personal information concerning you for direct marketing.
• object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.
• object in certain other situations to our continued processing of your personal information.
• otherwise restrict our processing of your personal information in certain circumstances.
• claim compensation for damages caused by our breach of any data protection laws.

You can exercise the rights set out above using the details at the conclusion of this notice.

How to exercise your rights regarding your personal information

If you are not satisfied with how we process and/or use your personal information, we would like to discuss it with you to understand how we may be able to rectify the issue. If at any time you would like to speak to us about our use of your personal information, you can do this by contacting the data protection office contact by emailing privacy@ramsaycorp.com

If you are an EU citizen and you are not satisfied with our response, you have the right to make a complaint to the data protection authority in the jurisdiction where you live or work, or in the place where you think an issue in relation to your data has arisen.

Confidentiality, security, and integrity

We employ appropriate measures to protect your personal information and require employees who have access to this information to follow standards of security and confidentiality required by or consistent with industry practice. We maintain physical, electronic, and procedural safeguards to ensure the integrity of your personal information. Our concern for your privacy extends to our website as well. Clients accessing their account information online are doing so on a secure site utilizing data encryption and user names and passwords.

***This privacy notice was last updated on July 5, 2018. It is a notice explaining what Ramsay does, rather than a document that binds Ramsay or any other party contractually. We may amend it from time to time. If the notice has been updated, we will take steps to inform you of the update by displaying an updated privacy notice on the website.