Sumadi Global BV wants you to be familiar with how we collect, use and disclose information. This Privacy Policy describes our practices in connection with information collected through the Sumadi Website (the “Website”). The Website is used by your academic institution (the “Institution”) to detect instances of academic dishonesty. The Institution is a data controller and the BV is its data processor. The Institution requires its students to use the Website for proctoring during assessments through the Institution’s learning management system or testing system. The Institution collects and processes data for its internal purposes, and passes this data to the BV for analysis so that the BV can provide the Institution with services related to the detection of academic dishonesty (the “Services”). The Institution is responsible for determining the appropriate legal basis for using the Website.

For questions or concerns about our Privacy Policy and the treatment of data we collect, contact:

“Personal Information” is information that identifies you as an individual or relates to an identifiable individual, such as:

  • Name
  • Postal address
  • Email address
  • Telephone number
  • Educational records
  • Work history
  • Emergency contact details
  • Demographic data, including, where relevant, gender, date of birth, racial and ethnic origin, health and disability information.
  • National and student ID numbers, such as a social security or tax ID
  • Membership in professional or industry associations
  • Credit and debit card number
  • Bank account details
  • Profile picture
  • Social media account ID
  • Facial features and expressions
  • Vocal tones
  • Biometric data

The information shown above is for illustrative purposes only, Sumadi only collects the information necessary to develop the supervision, this information is provided by The Institution and is subsequently processed as established with The Institution.

The Website gathers Personal Information during a proctored assessment or test. We need to collect Personal Information in order to provide the Services to the Institution. If you do not provide the Personal Information requested, we may not be able to provide the Services, which may affect your status as an enrolled student at the Institution under the Institution’s academic integrity policies.

Sumadi only stores facial biometric information and information necessary for the supervision process such as photos, videos and audios. All these data are encrypted and can only be accessed by approved representatives of the institutions that contract Sumadi’s services.

We do not routinely collect or process sensitive data about you. However, where this is the case we will ensure we take appropriate precautions to protect your data.

We may collect personal data from third parties, such as service providers, advertisers, and social media platforms. The types of data we may collect include name, address, email, and other information that can be used to identify an individual.

We collect this data to improve the user experience, to provide personalised content or advertising, or for fraud prevention and security purposes. We may share this data with third parties, including service providers, or other entities that process the data on our behalf.

We use the data that we collect from third parties to better understand our users and to improve our products and services. We may also use this data for other legitimate business purposes.

We recognise the right of the data subjects to be informed about their data being collected from other sources. In such instances we will provide the following information:

  • Our identity as the controller
  • The contact details of our Data Protection Officer
  • The purposes for processing the personal data
  • The legal basis for processing the data
  • Our contact details
  • Information about their rights

If you have any questions about how we collect or process personal data, please contact us at

We, our affiliates and our service providers use Personal Information for legitimate business purposes including:

    • Providing the functionality of the Services to the Institution.
    • To provide the Services’ functionality to you.
    • We will engage in the following activities to manage our contractual relationship with the Institution and/or to comply with a legal obligation. We will engage in this activity with your consent, as provided to your Institution.
    • Aggregating and/or anonymizing Personal Information.
    • We may aggregate and/or anonymize Personal Information so that it will no longer be considered Personal Information.
    • Accomplishing our business purposes.
    • For data analysis, for example, to improve the efficiency of our Services;
    • For audits, to verify that our internal processes function as intended and are compliant with legal, regulatory or contractual requirements;
    • For fraud and security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft;
    • For developing new services;
    • For enhancing, improving, or modifying our current services;
    • For identifying usage trends, for example, understanding which parts of our Services are of most interest to users; and
    • For operating and expanding our business activities, for example, understanding which parts of our Services are of most interest to our users so we can focus our energies on meeting our users’ interests.

We will only use your personal data for the purposes for which it was collected, as outlined in this Privacy Policy, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to find out more about how the processing for the new purpose is compatible with the original purpose, please email us. If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground for processing.

Disclosure of Personal Information

We will not sell, rent or disclose your Personal Information to a third party except as described herein. We only disclose Personal Information to our affiliates, vendors and partners listed below and then only for the purpose of fulfilling our contractual obligations to the Institution:

  • (AWS)

Purpose: Cloud service provider

Location: International


  • (Datadog)

Purpose: Logging & Monitoring

Location: USA


Other Uses and Disclosures

We also use and disclose your Personal Information as necessary or appropriate, especially when we have a legal obligation or legitimate interest to do so:

    • To comply with our legal obligations – We may be legally obliged to disclose your personal information without your knowledge to the extent that we are required to do so by law which can include laws outside your country of residence; in connection with any ongoing or prospective legal proceedings; to respond to requests from public and government authorities that can include authorities outside your country of residence; in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
    • To cooperate with law enforcement. For example, when we respond to law enforcement requests and orders.
    • For other legal reasons. To enforce our terms and conditions; and To protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
    • In connection with a sale or business transaction. We have a legitimate interest in disclosing or transferring your Personal Information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).Such third parties may include, for example, an acquiring entity and its advisors.

Other Information

“Other Information” is any information that does not reveal your specific identity or does not directly relate to an identifiable individual.

  • Browser and device information
  • App and/or Website usage data
  • Information collected through cookies, pixel tags and other technologies
  • Information that has been aggregated in a manner such that it no longer reveals your specific identity.

If we are required to treat Other Information as Personal Information under applicable law, then we may use and disclose it for the purposes for which we use and disclose Personal Information as detailed in this Policy.

Collection of Other Information

We and our service providers collect Other Information in a variety of ways, including:

    • Through your browser or device
    • Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are using. We use this information to ensure that the Services function properly.
    • Through your use of the Apps
    • When you download or use the Apps, we and our service providers may track and collect App usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number.
    • Using cookies
    • Cookies are pieces of information stored directly on the computer that you are using. Cookies allow us to collect information such as browser type, time spent on the Services, pages visited, language preferences, and other traffic data. We and our service providers use the information for security purposes, to facilitate navigation, to display information more effectively, and to personalize your experience. We also gather statistical information about use of the Services in order to continually improve their design and functionality, understand how they are used and assist us with resolving questions regarding them. Cookies further allow us to select which of our advertisements or offers are most likely to appeal to you and display them while you are on the Services. We may also use cookies or other technologies in online advertising to track responses to our ads. We do not currently respond to browser do-not-track signals. If you do not want information collected through the use of cookies, most browsers allow you to automatically decline cookies or be given the choice of declining or accepting a particular cookie (or cookies) from a particular website. You may also wish to refer to If, however, you do not accept cookies, you may experience some inconvenience in your use of the Services. You also may not receive advertising or other offers from us that are relevant to your interests and needs.
    • Using pixel tags and other similar technologies
    • Pixel tags (also known as web beacons and clear GIFs) may be used to, among other things, track the actions of users of the Services (including email recipients), measure the success of our marketing campaigns, and compile statistics about usage of the Services and response rates.
    • Analytics. This website uses Google® Analytics Premium, a web analytics service provided by Google Ireland Limited (“Google”). Google Analytics Premium uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookies about your use of the website and your current IP-address will be transmitted by your browser to and will be stored by Google on servers in the United States and other countries. On behalf of the operator of this website Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address collected through Google Analytics will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You may also stop the transmission of information generated by the cookies about your use of the website and of your IP address to Google, by downloading and installing the Google Analytics Opt-out Browser Add-on.
    • Using Adobe Flash technology (including Flash Local Shared Objects (“Flash LSOs”)) and other similar technologies
    • We may use Flash LSOs and other technologies to, among other things, collect and store information about your use of the Services. If you do not want Flash LSOs stored on your computer, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel. You can also go to the Global Storage Settings Panel and follow the instructions (which may explain, for example, how to delete existing Flash LSOs (referred to as “information”), how to prevent Flash LSOs from being placed on your computer without your being asked, and how to block Flash LSOs that are not being delivered by the operator of the page you are on at the time). Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications.
    • IP Address
    • Your IP address is automatically assigned to your computer by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses the Services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Services. We may also derive your approximate location from your IP address.
    • Physical Location
    • We may collect the physical location of your device by, for example, using satellite, cell phone tower or WiFi signals. We may use your device’s physical location to provide you with personalized location-based services and content. We may also share your device’s physical location, combined with information about what advertisements you viewed and other information we collect, with our marketing partners to enable them to provide you with more personalized content and to study the effectiveness of advertising campaigns. In some instances, you may be permitted to allow or deny such uses and/or sharing of your device’s location, but if you do, we and/or our marketing partners may not be able to provide you with the applicable personalized services and content.

Uses and Disclosures of Other Information

We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Information with Personal Information. If we do, we will treat the combined information as Personal Information as long as it is combined.


We seek to use reasonable organizational, technical and administrative measures to protect Personal Information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.

Our obligations

Sumadi Global BV takes the responsibility of the management and security of your personal data extremely seriously. In accordance with the General Data Protection Regulation, Sumadi, acting as a data controller and data processor, follows the key principles of data protection. These require that personal data to be:

    • Processed lawfully, fairly and in a transparent manner;
    • Collected for specified and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
    • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
    • Accurate and kept up to date. Every reasonable step will be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
    • Kept for no longer than is necessary for the purposes for which the personal data is processed;
    • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Your rights under GDPR

Under GDPR, the data subjects have certain important rights. These include (but are not limited) to the following:

    • The right of access to the data – You have the right to obtain confirmation as to whether personal data concerning you is being processed, and, where that is the case, access to that personal data.
    • The right of rectification – You have the right to request the rectification of any inaccurate or incomplete personal data concerning yourself.
    • The right to “be forgotten”/ Right of erasure – This refers to your right to have your personal data deleted from our database, including from any third parties who may have access to that data. However, where there are legal requirements for Sumadi to store the data for a certain period of time, related to our business, which includes elements of your personal data, we will not be able to delete that data until after the statutory retention period.
    • The right to restrict the processing of your data – You have the right to ask Sumadi to restrict the processing of your personal data where you challenge the accuracy of the personal data we are storing; Sumadi no longer needs your personal data for the purposes of the processing, or you have objected to processing
    • The right to object to processing – You have the right to object to processing of your personal data.
    • The right to Data portability – You have the right to receive the personal data concerning you, which you provided to Sumadi, in a structured, commonly used and machine-readable format.

Choices and Access

How you can access, change or delete your Personal Information.

If you would like to request to review, correct, update, suppress, restrict or delete Personal Information that you have previously provided, or if you would like to request to receive an electronic copy of your Personal Information for purposes of transmitting it to another organization (to the extent this right to data portability is provided to you by applicable law), you may contact us using the “Contact Us” information below. We will respond to your request consistent with applicable law.

In your request, please make clear what Personal Information you would like to have changed, whether you would like to have your Personal Information suppressed from our database or otherwise let us know what limitations you would like to put on our use of your Personal Information. For your protection, we will only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.

Please note that we need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a payment, you may not be able to change or delete the Personal Information provided until after the completion of such transaction).

If you are a resident of California, under 18 and a registered user of the Services, you may ask us to remove content or information that you have posted to the Services by writing to us at the Contact Us address below. Please note that your request does not ensure complete or comprehensive removal of the content or information, as, for example, some of your content may have been reposted by another user.

Retention Period

We retain Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law.

The criteria used to determine our retention periods include:

    • The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you are a student);
    • Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
    • Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

Third Party Service

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any website or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates.

In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the Apps or our Social Media Pages.

Use of Services by Minors

The Services are not directed to individuals under the age of sixteen (16), and we do not knowingly collect Personal Information from individuals under sixteen (16).

Jurisdiction and Cross – Border Transfer

Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Services you understand that your information may be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country, but only in accordance with the Institution’s direction. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.

If you are located in the European Economic Area (“EEA”): Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here). For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission to protect your Personal Information. You may obtain a copy of these measures by following this link.

Update to this privacy policy

The “Last Updated” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on the Services. Your use of the Services following these changes means that you accept the revised Privacy Policy.

Contacting Us

Sumadi Global BV, with its principal place of business at Barbara Strozzilaan 201, 1083 HN, Amsterdam, the Netherlands, is the company responsible for collection, use and disclosure of your Personal Information under this Privacy Policy.

If you have any questions about this Privacy Policy, please contact us at or at the postal address above. Because email communications are not always secure, please do not send sensitive information in your emails to us.

We have appointed EU Representatives under Article 27 of the EU GDPR. Our appointed representative is:

Office of General Counsel. You can get in touch with us in any of the following ways:

By email:

Call: +31 20 240 25 74 [Office Hours]

Through our website:

Barbara Strozzilaan 201,1083 HN Amsterdam, the Netherlands

According to Article 37 of the GDPR we have appointed a Data Protection Officer (DPO). Our appointed DPO is:

Adam Brogden

By email:

Call: + 441 772 217 800

GDPR Local Ltd

1st Floor Front Suite 27-29 North Street, Brighton England BN1 1EB

Additional Information For Individuals in the EEA

If you are located in the EEA, you also may lodge a complaint with a data protection authority for your country or region or where an alleged infringement of applicable data protection law occurs.