Compliance FAQs

FAQs

How to request the deletion of your personal data

We take your privacy seriously and are committed to ensuring your personal information is handled with the utmost care. If you wish to request the deletion of your data, we provide a simple and secure process.

Steps to Request Data Deletion or Account Closure

Submit Your Request via Email
To request the deletion of your personal data or to close your account, please send an email to privacy@constructor.tech. Be sure to include the following details:
- Your full name
- Email address associated with your account
- A brief description of your request (e.g., data deletion or account closure).
Review Process
Once we receive your email, our team will review your request promptly. We may contact you if additional information is required to verify your identity or clarify your request.
Notification of Deletion
After submitting your request, you will receive a notification regarding the data deletion process.

Additional Information

Compliance: All data deletion requests are handled in line with our company’s privacy notice, ensuring your information is securely removed.
Processing Time: Please allow time for your request to be processed. The duration may vary depending on the nature of the request and the verification process.

You can always find the most up-to-date version of our Privacy Notice on our website.

Why does Proctor record my camera and screen during a test?

Proctor records your camera and screen to detect potential violations of academic integrity during online assessments. These recordings are automatically analyzed to flag any unusual behavior and reviewed only if necessary by authorized personnel.

How long is my data stored after an exam with Proctor?

Your proctoring data is stored for a maximum of 6 months unless a longer retention period is required for an ongoing investigation into academic misconduct. After this period, it is securely deleted. Personal data present on video and audio recordings are stored for a shorter period. The default setting is 30 days, which can be adapted to your Institution's requirements.

Can I refuse to be recorded by Proctor?

Participation in proctored exams may be mandatory depending on your course or Institution’s policy. If you have privacy concerns, contact your instructor or data protection officer to explore alternatives, if any are available.

Who has access to the video recordings from my exam?

Only authorized personnel such as system administrators and academic integrity officers have access to your recordings. Access is strictly controlled and monitored to protect your privacy.

What personal data is collected when I take a test using Proctor?

When you take a test using Proctor, the system may collect your full name, email address, IP address, audio/video recordings, screen activity, and behavioral data such as keystrokes. This information is used to ensure exam integrity and is handled in compliance with GDPR.

What legal basis does Proctor rely on to process my personal data?

Proctor relies on different lawful bases under the GDPR depending on the purpose of the data processing. For example, data used for account management and authentication is processed under Article 6(1)(b) – performance of a contract. Data collected for legal compliance is processed under Article 6(1)(c), and certain analytics or tracking data may require your consent under Article 6(1)(a). You can consult our personal data inventory to check out all the details on lawful bases by referring to Clause 2 (Relationship based on services) of Annex III of our DPA here: https://constructor.tech/dpa.

Is Constructor a controller or processor of my data during proctoring?

Constructor typically acts as a processor when handling proctoring data on behalf of your Institution. This means your Institution is the data controller and determines the purposes and means of processing. You can consult our personal data inventory to check out all the details on our roles by referring to Clause 2 (Relationship based on services) of Annex III of our DPA here: https://constructor.tech/dpa.

How is sensitive or biometric data protected during proctored exams?

Sensitive and biometric data are only processed if the initial step of identification of your session is carried out by AI only, without the involvement of a human. Access to biometric data is restricted to authorized personnel only, and storage is time-limited based on Institutional policy. Please refer to our technical and organizational measures (https://constructor.tech/tom) to know more on how we protect your data.

Can I access or delete my personal data collected by Proctor?

You have the right to request access, correction, or deletion of your personal data processed by Proctor, subject to applicable laws. Please contact your Institution or Constructor’s Privacy Team (privacy@constructor.tech) to exercise these rights.

Where is my proctoring data stored?

Your proctoring data is stored securely in Constructor's service platform cloud. Access to this data is restricted to authorized IT and product personnel.

Who can access my personal data within Constructor?

Access to your personal data is limited to departments that require it, such as IT, Product Management, and Sales or Marketing, depending on the data type and purpose.

Does Constructor use my data for improving services?

Yes, certain data such as device logs or test recordings may be used for service improvement, research, or development purposes, based on legitimate interest or your consent, in accordance with GDPR.

What is Proctor used for?

Proctor is a proctoring solution used to monitor online exams and assessments. It records screen activity, audio, and video, and applies AI to help ensure academic integrity during remote tests.

What kind of personal data does Proctor collect?

Proctor collects personal data such as webcam video, microphone audio, screen recordings, facial images, device data, and behavioral patterns like eye movement or voice activity during exams. You can consult our personal data inventory to check out specifics by referring to Clause 2 (Relationship based on services) of Annex III of our DPA here: https://constructor.tech/dpa.

Does Proctor use AI?

Yes. Proctor uses AI techniques like facial recognition, head tracking, voice detection, and behavioral pattern analysis to support exam supervision and detect potential cheating.

Are decisions made by Proctor fully automated?

It is in your Institution's discretion to decide if decisions are fully automated or not. Proctor uses AI to flag suspicious behavior, which are used as input for final decisions recommended by us to be made by humans. This ensures proper human oversight and compliance with GDPR Article 22.

Is facial recognition for identification purposes facilitated by AI in Proctor mandatory?

No, facial recognition for identification purposes with specifc technical processing (that is, in an automated way supported by AI) is optional and must be enabled by your Institution in the Learning Management System (LMS) of your Institution. The default setting is manual identity verification by a human proctor.

How is personal data protected in Proctor?

Personal data is safeguarded with encryption, access controls, data minimization, and secure cloud infrastructure. You can check out more our organizational and technical measures here https://constructor.tech/tom to know more on this.

Can the vectors used for face recognition be reversed to reconstruct an image?

Proctor uses practically irreversible neural transformations to convert facial images into vectors. These vectors cannot be realistically reversed to reassemble the original image.

Where is personal data stored and who has access to it?

Personal data is stored in Constructor's secure cloud platform. Access is limited to authorized Constructor employees and, where applicable, Institutions using proctoring sessions.

How long is personal data retained in Proctor?

Personal data is retained for the duration of the contract or as required by law. Exact retention timelines depend on the data category and jurisdictional requirements. You can consult our personal data inventory to check out specifics of the retention periods by referring to Clause 2 (Relationship based on services) of Annex III of our DPA here: https://constructor.tech/dpa.

Is Proctor GDPR compliant?

Yes, Proctor is GDPR compliant. It implements lawful bases for processing, ensures transparency, honors data subject rights, and enforces strict security controls to protect personal data.

What are my rights under GDPR as an exam taker?

You have the right to access, rectify, erase, and object to the processing of your data. You are informed of these rights before the exam, and you must accept them before Proctor starts recording.

Who is the Data Protection Officer (DPO) for Constructor?

The DPO is Peter Suhren, Managing Director of FIRST PRIVACY GmbH, Germany. Contact: psuhren@first-privacy.com.

Are personal data transfers outside the EU involved?

Yes, but only to listed sub-processors under strict safeguards such as Standard Contractual Clauses, additional security measures, and participation in data privacy frameworks like the EU-U.S. Data Privacy Framework. You can consult our sub-processors and specifics related to data transfers by visiting or Subprocessors page here: https://constructor.tech/subprocessors.

Does Proctor track everything in real time?

Yes. During exams, Proctor tracks webcam, microphone, and screen activities in real time and can detect a wide range of potential violations, such as additional people, use of unauthorized devices, and eye movement.

What happens if Proctor identifies suspicious behavior?

Proctor flags suspicious events with a probability score. These are reviewed by human proctors who can accept, reject, or add manual notes before taking any action.

What is the difference between a data controller and a data processor in Constructor’s services?

A data controller determines the purposes and means of processing personal data, while a data processor acts on behalf of the controller and follows their instructions. Constructor acts as a data controller for customer account data and as a data processor for customer content data, such as exam recordings and platform interactions. You can consult our personal data inventory to check out all the details on our roles by referring to Clause 2 (Relationship based on services) of Annex III of our DPA here: https://constructor.tech/dpa.

When does Constructor act as a data processor?

Constructor acts as a processor when it processes customer content data on behalf of the customer. This includes behavioral analytics, activity history, learning results, messaging, test participation, and proctoring-related recordings. The customer determines the purpose, and Constructor merely processes the data. You can consult our personal data inventory to check out all the details on our roles by referring to Clause 2 (Relationship based on services) of Annex III of our DPA here: https://constructor.tech/dpa.

When is Constructor a data controller?

Constructor acts as a controller for customer account data like usernames, email addresses, access logs, IP addresses, device identifiers, and security logs. These are used for authentication, service improvement, fraud detection, and legal compliance. You can consult our personal data inventory to check out all the details on our roles by referring to Clause 2 (Relationship based on services) of Annex III of our DPA here: https://constructor.tech/dpa.

What measures are in place regarding backups, encryption, and deletion of data?

Backup procedures, encryption standards, and data deletion processes are covered in our technical and organizational measures (https://constructor.tech/tom), the Privacy Notice (https://constructor.tech/privacy-notice), and the Data Processing Agreement (DPA) (https://constructor.tech/dpa). These documents specify the security measures and deletion processes to comply with GDPR requirements.