In this privacy policy, you will learn what data is collected in connection with the use of the online exercise and examination platform www.istest2.ch, how this data is handled, and what rights you have.
You can contact us at any time via the contact form or by mail at the address provided.
We process data from various actors: schools, teachers, and learners. The provision and access to the data are exclusively online. The different roles of the actors result in different access possibilities. As we aim to inform as completely and transparently as possible, this declaration is quite extensive.
All isTest data are personal data as defined in GDPR 4.1. We process them in accordance with the EU General Data Protection Regulation GDPR and the Swiss Data Protection Act DSG.
We consider ourselves processors as defined in GDPR 4.8. The controller as defined in GDPR 4.7 is the customer (the school) once they have logged in. If our website is used without logging in, isTest is the controller.Where we are the controllers, you can exercise the following rights: information about your data stored with us and its processing (Art. 15 GDPR), correction of incorrect personal data (Art. 16 GDPR), deletion of your data stored with us (Art. 17 GDPR), restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR), objection to the processing of your data with us (Art. 21 GDPR), and data portability if you have consented to the data processing or have concluded a contract with us (Art. 20 GDPR). You also have a right to lodge a complaint.
Where we are only processors, please first contact the controller. This is the user who has applied for a license with us, usually the school.
You can always lodge a complaint with a supervisory authority, such as the competent supervisory authority of your place of residence or the authority responsible for us as the responsible body. In Switzerland, the Federal Data Protection and Information Commissioner (EDÖB) (EDÖB) is responsible for data processing by federal bodies and private individuals. For public schools in Switzerland, the respective cantonal data protection laws apply, and complaints are handled by the cantonal data protection authorities.
All isTest data, except for image and sound data, is stored in an SQL database. Image files and sound files are indexed in corresponding tables of the database and are only accessible via their indices. All records in the database are associated with a user (an individual) and a group (usually a school, but it can also be an individual or, for example, a company) via two foreign keys, 'userid' and 'groupid'. Thus, all data belongs to a user and a group. These ownership relationships, together with a rule set explained below, form the basis for access control..
Depending on the content, the data can be classified into one of the following types:
All isTest users (those with login data) can be classified into one of the following types. The type of a user determines their rights, what they can see, do, and their access rights to the data.
Access to isTest data is only possible via the encrypted https web service after logging in.
The only exception is database administrators, who naturally have access to all data in the database. The database is password-protected, and the data within it is not cryptographically encrypted except for passwords.
Who has access to which data depends on the data type, user type, and a rule set described below.
isTest operators are subject to confidentiality obligations and have a duty to report critical incidents (attacks, data loss, etc.).
For isTest staff, a distinction must be made between direct and indirect access. Direct access exists when data can be accessed through a user interface designed for this purpose. Indirect access exists when a database administrator can access the database and retrieve data using SQL queries, knowing the architecture. Only developers have such indirect access. Indirect access also applies if a supporter logs in as another user with their consent.
The data you enter will be stored for the purpose of individual communication with you. For this, it is necessary to provide a valid email address and your name. This is used to assign the request and subsequently respond to it. The processing of the data entered in the contact form is based on a legitimate interest (GDPR 6.1 lit. f). By providing the contact form, we want to enable you to contact us easily. Your information will be stored for the purpose of processing the request and for possible follow-up questions.
For registered users, we process the data in our role as processors. We do not actively delete this data. Exceptions are inappropriate content or an order from an authority.
We can delete the data if:
The controller (the school) can delete its data at any time. The responsible party for us is the Administrator ( a ).
Note! Cloned data (see 6. Clones) is not deleted when data is deleted.
isTest aims to promote collaboration among teachers within the same school and across different schools. For this reason, Teachers ( b ) can selectively share their Examination Materials ( IV ) with colleagues. They can make individual questions, question collections, tests, and test collections available to teachers in their school, all isTest teachers, or specific teachers by name (see 4.4 Data Confidentiality). When another teacher uses this data, a clone is created and assigned to the other teacher. Each access to this data is an access to the clone. The original data cannot be modified or deleted by the other teacher. . Note! The original owner cannot delete clones of data once made available.
isTest only links to its own content and to explanatory videos on YouTube. The only exception is the links in this privacy policy.
We embed YouTube videos on our website. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter "YouTube"). YouTube, LLC is a subsidiary of Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA (hereinafter "Google"). When you visit a page with the YouTube plugin, a connection to YouTube servers is established. YouTube is informed about which pages you visit. If you are logged into your YouTube account, YouTube can associate your browsing behavior with you personally. You can prevent this by logging out of your YouTube account beforehand. When a YouTube video is started, the provider uses cookies that collect information about user behavior. For more information about the purpose and scope of data collection and processing by YouTube, please refer to the provider's privacy policies. There you will also find further information about your rights and settings to protect your privacy (https://policies.google.com/privacy).
Teachers ( b ) can include links to any sites in their teaching materials. The purpose and nature of these links cannot be foreseen by isTest. Responsibility lies solely with these teachers and the customer who gave them a login. Following these links can be analyzed by the target websites.
isTest takes extensive technical and organizational measures to protect data against unauthorized access, alteration, or loss.
Localization: Azure Datacenter: Switzerland North (Greater Zurich Area)
Microsoft Switzerland GmbH
The Circle, P.O. Box, 8058 Zurich Airport Azure Switzerland meets numerous compliance and data protection certifications, including ISO/IEC 27018 for the protection of customer data in the cloud and the European Union's General Data Protection Regulation (GDPR), SOC 1-3, WCAG, ISO 9001, ISO 27001, and others. Audits are conducted in accordance with standards such as SSAE 16 and ISAE 3402. (See https://learn.microsoft.com/de-de/azure/compliance/ and https://servicetrust.microsoft.com/ for a complete list)Notes
How good and complete technical measures are cannot be judged by the end user. A code review would be the best way to assess this, but the code is not accessible, and most end users would not understand it. However, an end user can use the German Ministry for IT Security's quick check tool
to test a website's security. This can provide an indication but is not a guarantee.
isTest does not share data, neither domestically nor internationally. isTest does not grant anyone access to its usage data, and in particular, does not use analytics tools (e.g., Google Analytics, Matomo Analytics, Adobe Analytics).
Cookies are small text files that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. You can delete individual cookies or the entire cookie inventory. Additionally, you can find information and instructions on how to delete these cookies or block their storage in advance. Depending on your browser provider, you will find the necessary information under the following links:
We use a session cookie to fulfill our mission. Our website requires that the calling user can be identified even after a page change. The session cookie is stored for the duration of a session, i.e., until you log out or close the browser. We also use cookies to show and hide the menus, for the language selection and for the group identifier.
Furthermore, isTest does not set or allow any other cookies. In particular, we do not allow third-party cookies.
We reserve the right to adjust this privacy policy to always comply with current legal requirements or to implement changes to our services in the privacy policy, e.g., when introducing new services. The new privacy policy applies to your return visit. If you disagree with the adjusted privacy policy, you have a right of withdrawal. The same applies to changes to the terms and conditions.
If you are not interested in details, these are the essential points in our opinion: