Voici le logo blanc au format svg de Sulitest.

TASK™, the international certificate on sustainability knowledge.

Login / RegistrationLearn more
La planète qui fait partie du logo de Sulitest.
Voici le logo principal de Sulitest, l'entreprise spécialisée en certification et en test pour développement durable.
The "Sulitest", used internationally since 2014.
Login / RegistrationLearn more
CLOSE
La Croix pour fermer le pop up du site internet de Sulitest.
Le logo du quiz pour développement durable, l'outil de sensibilisation de Sulitest.
Participant
I received a code to take the Quiz
Login
Organizer
I want to create a session
 Registration
Login / Registration
Solution
Une flèche pour naviguer sur le site de Sulitest.
Discover TASK™
TASK™ for Higher Ed
TASK™ for Companies
TASK™ for Individuals
Resources
Une flèche pour naviguer sur le site de Sulitest.
Case studies
Partnerships
Methodology
Educational materials
Reports & Research
ABOUT
Une flèche pour naviguer sur le site de Sulitest.
Our Movement
Our Team
Governance
News
LOGIN
CONTACT
Connexion/Inscription
I am a
Professor or University Company or OrganiszationStudent or Professional
Tools
TASK™Awareness ToolsResources
About us
Our MovementThe TeamGovernance
NewsContact

Privacy Policy

Respecting your rights as personal data subjects and respecting the applicable law regulations, in particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR, we pledge to maintain the security and confidentiality of the personal data which we have obtained from you. Please note, you are also subject to the requirements of the Data Protection Act.The Services are operated by Sulitest Impact (the “Company”, “We”), registered under the number W133022480 at Préfecture des Bouches-du-Rhône – France (French law, Association loi 1901), located at Kedge BS – Domaine de Luminy – BP 921 – 13288 Marseille – France. It is therefore governed by the laws and regulations of France.This Privacy Policy provides a description of how we take care of your personal data, as well as information about your rights to privacy. When using the Services, a User approves the privacy protection practices described in this Policy.

Introduction: Entrustment of Personal Data
Sulitest impact is considered joint controller of the personal data collected with the Organization using Sulitest services and processed in connection with the online test.
This means Sulitest Impact is responsible for ensuring the lawful and compliant processing of personal data in accordance with the GDPR.
The legal basis for personnal data is legitimate interest as it is impossible for Sulitest Impact to provide services without collecting the data mentionned in this privacy policy.
Data Processing Responsibilities for Sulitest Impact:
- Processes personal data on behalf of the Organization in accordance with the instructions and guidance provided by the Organization.
- Ensures that the processing of personal data complies with the GDPR and applicable data protection laws.
- Implements appropriate technical and organizational measures to protect the security and confidentiality of personal data.
- Assists the Organization in fulfilling its data protection obligations.
- Ensures that appropriate security measures are in place to protect personal data.
- Addresses data subject requests and inquiries related to the processing of their personal data.
- Provides necessary information to data subjects about the processing of their personal data.

I - General
1. Data collected
We collect the following personal data on the Website:
a) The data necessary for registering a User and for creating an Account: an e-mail address, password, name and surname, birth date, country of origin, time zone, and type of entity (an individual user/an organization). Such data is required for the correct configuration of an Account and for establishing contact with a User, if need be;
b) Data required for providing services to a User or to a Respondent, the contents of which may change depending on the service provided or on the nature of an online Test. This may include a residence or address, phone number, education, profession, and the data contained within the online Tests;
c) Data required to proceed with the complaint process — name and surname, as well as a User's or Respondent's e-mail address, the device's IP address, Tax Identification Number — which we require from those requesting an invoice who have a Tax Identification Number number;
d) Information resulting from the general principles of Internet connections, such as an IP address (as well as other information contained within the system logs), which is used by the Website administrator for technical purposes. IP addresses may also be used for statistical purposes, including the collection of general demographic information (e.g., determining the region in which the connection is made).
ePersonal Data: Date of birth, country, gender
This data is collected exclusively for research purposes. It will be processed entirely anonymously, meaning no individual identifier will be associated with this information. The goal of this collection is to analyze the demographic data of users and identify potential correlations with the results obtained during tests.
‍Email Address: Your email address is primarily used to authenticate you and allow you to access your account. It can also be used to send you important notifications about the service, such as updates or information related to your account.
Interactions with the device used during the test: The data collected during your interactions with the device (see section 6.3 of the ToS ) is essential to ensure fairness for all candidates by monitoring the proper functioning of the service and identifying any potential technical issues.
Legitimate Interest: The retention of your data allows us to offer you a better user experience, provide you with a quality service, and meet your needs effectively.

2. Providing the data mentioned above is necessary in cases specified therein, including:
a) To use the Services offered by Sulitest Impact;
b) To reply to your questions and make it possible to get in touch via e-mail;
c) To proceed with voluntary registration (setting up an Account) on the Website. In such a situation, we store the data the User has provided in order to make it easier for the User to use the services available on the Website in the future until the User deregisters (delete the Account).

3. Functional cookies are required for the sole purpose to enable or facilitate communication by electronic means and are strictly necessary for the provision of the Services at the request of the users. Optional marketing and analytical cookies are always disabled by default.

4. The personal data of the User is processed by our company as the Controller in order to proceed with the implementation of the services which we render to the User (i.e., the persons whom the data concerns), and which are offered within the scope of the Services. Pursuant to the data minimization principle, we process only those personal data categories which are necessary to achieve the goals which have been discussed in the preceding sentence.

5. In relation to the personal data of the Users, the Controller is the entity processing the personal data on the basis of an agreement concluded with the User. In such a case, the Controller of the data is a User who is collecting data via online Tests.

6. As a person using the Website, it is your responsibility to choose if, and to what extent, you would like to use the Services and share information and data about yourself within the scope set forth in this Privacy Policy.

7. We process personal data for the period necessary to achieve the objectives mentioned in par. 1 and 2 above. Personal data may be processed for a longer period of time if an obligation is imposed on us as the Controller, if required by specific legal provisions, or because of the Controller's legitimate interest specified in par. 9 let. c below (i.e., for the period of the termination of the claims, or the completion of the relevant proceedings, if these were started within the limitation period).

8. The sources of the personal data processed by the Personal Data Controller are the persons the data concerns.

9. The following article is the basis for the processing of your personal data; Art. 6 par. 1, let. a of the GDPR, i.e. the data subject has given consent to the processing of their personal data for one or more specific purposes; where the purposes are described within the Terms of Service.

10. To provide the Services, we rely on data subprocessors, which process different categories of data. Processors never store data outside of the scope of their specific purpose.
a) Data management is carried out by our IT partner, ALEAUR (209b Avenue Charles de Gaulle 92200 Neuilly-sur-Seine - SIRET 411 893 167 00014), in accordance with current legislation. The Data from the Sulitest platform is stored in two secure computer centers, located in France and certified ISO 27001, OHSAS 18001, ISO 22301, ISO 14001, SSAE16/ISAE 3401 SOCs, PCI-DSS, ISO9001, ISO 50001, HDA/HADS.
b) In a case where the personal data is transferred to a third country, or to an international organization, the company undertakes to put in place the EU standard contractual clauses for any transfer and to make these clauses available to users.

11. We do not make any personal data available to third parties without the explicit consent of the person whom the data concerns. Without the consent of the person whom the personal data concerns, this data can be made available only to the bodies which are governed by public law (i.e., tax authorities, law enforcement authorities, as well as to other entities which are authorized by the generally applicable provisions of the law).

12. The personal data may be entrusted for processing to the processors of such data on behalf of our company as the Controller. In such a situation, as the Controller, we conclude an entrustment agreement with the processor for the processing of personal data. The processor processes the entrusted personal data only for the purposes, within the scope, and as per the goals indicated in the entrustment agreement, which has been referred to in the preceding sentence. Without entrusting your personal data for processing, we would not be able to proceed with our activities through the Services. As the Controller, we entrust personal data to the following entities for processing:
a) Those providing hosting services for the Services;
b) Organization Users the Individual User has agreed to share their personal data with.13. Under the provisions of the GDPR, each person whose personal data we are processing as the Personal Data Controller has the right to:
a) Be informed about the processing of the personal data referred to in art. 12 of the GDPR;
b) Have access to their personal data referred to in art. 15 of the GDPR;
c) Correct, supplement, update, or rectify the personal data referred to in art. 16 of the GDPR;
d) Delete the data (the right to be forgotten), referred to in art. 17 of the GDPR;
e) Limit the processing referred to in art. 18 of the GDPR;
f) Transfer the data referred to in art. 20 of the GDPR;
g) Object to the processing of the personal data, which is referred to in art. 21 of the GDPR;
h) In the case of the legal basis: The right to withdraw the consent at any time without any influence on the compliance with the processing right, which has been made on the basis of the consent prior to its withdrawal;
i) Not be the subject of profiling, referred to in art. 22, in conjunction with art. 4 par. 4 of the GDPR;
j) Lodge a complaint with a supervisory body referred to in art. 77 of the GDPR. The supervisory authority of France, the company’s member state, is CNIL.

Each person whose personal data we are processing must take into consideration the principles of using and implementing these authorizations that result from the provisions of the GDPR.

14. If you would like to exercise your rights as referred to in the preceding paragraph, you should use functionalities provided by the Services, which will allow you to delete your account and the data stored on the Website. You may also send an e-mail message to either of the addresses referred to in par. 17 or write to the correspondence address.

15. Any inquiries, requests, and complaints regarding the processing of the personal data by the Controller, hereinafter referred to as the Requests, should be sent to the following e-mail address: support@sulitest.org.

16. Each identified security breach is documented and in case any of the situations described in the provisions of the GDPR of the Act occurs, the relevant supervisory authority will be notified. Information to data subjects regarding an identified security breach is assessed based on the impact of the breach notification.

17. Sulitest Impact will never share the candidates scores without their consent. Sulitest reserves the right to use the score of individuals for data analysis purposes.

18. All words in capital letters have the meaning assigned to them by the Terms and Conditions of the Website, unless stated otherwise in this Privacy Policy.

19. The provisions of this Privacy Policy are applicable within the possible extent to all persons with whom we remain in legal relations, and to those for whom we are the Controller of their personal data (i.e., our Users).

20. In any matters not regulated by this Privacy Policy, the relevant applicable provisions of the law shall apply. In case any of the provisions of this Privacy are not compliant with the regulations of the law, the latter provisions shall be applicable.

21. We reserve the right to periodically review and change this policy from time to time and will notify users who have enabled the notification preference about changes to our privacy policy.

II. Data privacy for education institutions
The data collected is solely collected to ensure good monitoring and prevention of fraudulent activities when using Sulitest assessment tools and ensuring test integrity is maintained.
We will share any evidence of suspected cheating with the educational institution administering the test session, in accordance with our obligations and their policies.
1 Data privacy for assessments administrated in class:
- In order to ensure the validity of your test results, Sulitest Impact requires your consent to collect the personal data mentioned above in order to ensure test security, integrity and validity of the test by preventing fraud or fraudulent behavior
- The following additional data will be collected and processed:
- Out of focus events
2 Data privacy for assessments administrated in controlled environments:
- In order to ensure the validity of your test results, Sulitest Impact requires your consent to collect the personal data mentioned above in order to ensure test security, integrity and validity of the test by preventing fraud or fraudulent behavior
The following additional data will be collected and processed:
- Mouse activity
- Screen activity events
- Specific keystrokes events (Copy & paste, screenshots)
3 Data privacy for assessments administrated remotely:
- In order to ensure the validity of your test results, Sulitest Impact requires your consent to collect the personal data mentioned above in order to ensure test security, integrity and validity of the test by preventing fraud or fraudulent behavior:
The following additional data will be collected and processed on top of the data collected in controlled environment:
- Screenshots of the TASK web application
- Video of the TASK web application - in case of suspicious activity
- Webcam and microphone recordings of your device - in case of suspicious activity
- Keystrokes events

III. Data Retention and Deletion
1 Data storage
All personal data collected during the assessment process, including video, audio, and screen recordings, is securely stored in an object storage located in Europe.
The following security measures are in place to ensure the protection of your data:
- Private Access: The storage is configured with strict access controls. Only authorized personnel are granted access to the stored data. This access is granted on a need-to-know basis and is closely monitored.
- Encryption: All data is encrypted both at rest and during transmission. Data is encrypted using industry-standard 256-bit Advanced Encryption Standard Galois/Counter Mode (AES-GCM) while stored. Additionally, any data transferred to and from our systems is encrypted using TLS (Transport Layer Security) to prevent unauthorized interception.
- Access Logging and Auditing: We maintain detailed logs of all access to the stored data, ensuring that any access to your personal information is tracked and can be audited for security and compliance purposes.
- Data Minimization: We store only the data necessary to ensure the security and integrity of the assessment, in line with the principles of GDPR. Personal data that is no longer required is securely deleted.By implementing these security measures, we ensure that your data is protected from unauthorized access and handled in compliance with relevant data protection regulations.
2 Data deletion
2.1 Application Data
We retain your personal data for a limited period, strictly necessary to fulfill the purposes for which it was collected.In the context of TASK, we retain your data for a period of 4 years. This period corresponds to the validity period of your TASK certificate plus one additional year, in order to respond to any requests for access to the certificate or to retake the certificate. Candidate data is retained even if the organization that invited the candidate stops using the service. Candidate data will only be deleted upon explicit request from the candidate. The retention of your data allows us to offer you a better user experience, provide you with a quality service, and meet your needs effectively.
2.2 Surveillance Data
All recorded data (video, audio, etc.) will be securely stored for a period of 90 days after the end of the assessment. After this period, the recordings will be permanently deleted, unless they are needed for an ongoing investigation or legal proceedings.Extended Retention for Investigations: If an incident of cheating is suspected, the recorded data may be retained for the duration of the investigation and any legal proceedings. You can request the deletion of your data at any time by contacting our Data Protection Officer at robin@sulitest.org. The request will be processed within one week and, unless the recordings are necessary for an investigation, the data will be deleted within 30 days.
3 Right to object
You have the right to object to the processing of your personal data based on legitimate interests, including profiling. If you object, we will stop processing your data unless we have compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.
If you object to the processing of your personal data, we may not be able to continue offering the assessment service, as it is necessary for maintaining test integrity. However, we will review all objections to determine if we can accommodate your request while still fulfilling our contractual obligation.
To object, please contact our Data Protection Officer at robin@sulitest.org. We will carefully consider your objection and provide you with a response within 1 month.

Stay in the loop!

Are you interested in sustainability education, the latest news on our movement, key events in the sector and our various partnerships?

Thank you! Your submission has been received!
Oops ! Une erreur s'est produite lors de la soumission du formulaire.
ResourcesNewsSulitestReturn to Homepage
Nous utilisons les cookies afin de fournir les services et fonctionnalités proposés sur notre site et d'améliorer l'expérience de nos utilisateurs. En savoir plus
J'accepte