OET
person

Privacy Policy

Effective date: 31 July 2023  

Cambridge Boxhill Language Assessment Pty Ltd and its related entities including OET USA, LLC in the United States of America and OET Global Pty Ltd (ACN 649 033 036) (“we”, “our”, or “us), may collect, use, disclose and otherwise handle your personal and sensitive information in accordance with this Privacy Policy (“Privacy Policy” or “Policy”).  

This Privacy Policy applies to information that we collect (a) on our website, https://oet.com, and through our products and services (collectively, the “Services”), including the OET Test, (b) from our current and future suppliers and service providers, and (c) from individuals seeking employment with us. If you do not agree to provide this information, we may not be able to communicate with you or provide our Services to you.  

From time to time, we may share personal information with related companies and entities (related entities). This Privacy Policy applies to the use of your Personal Information by us and by those related entities. Those related entities may also have their own privacy policies which set out additional detail or differences in their privacy practices. To the extent that those privacy policies are inconsistent with this Privacy Policy, those privacy policies will prevail over this Privacy Policy in relation to the actions of those related entities.  

Certain capitalised terms are defined in Section 15 (Glossary) of this Privacy Policy.  

 

01. Who we are

OET is the global leader in English language testing for healthcare. We empower internationally trained healthcare professionals to communicate effectively in healthcare settings.

Since 2013, OET has been owned by Cambridge Boxhill Language Assessment Unit Trust, a venture between Cambridge Assessment English (Aus) and Box Hill Institute. 

If you have any questions, comments, or concerns about how we handle your Personal Information, you may contact our Privacy Officer via email at privacy@oet.com.au, or write to us at:

United States of America

Australia

OET USA, LLC

Cambridge Boxhill Language Assessment Pty Ltd

1209 N Orange St

PO Box 16136

County of New Castle

Collins St West

Wilmington, Delaware 19801

VIC 8007

United States of America

Australia

United Kingdom

Europe

Representative: The DPO Centre Ltd 

Representative: The DPO Centre Ltd 

Address: The DPO Centre Ltd, 50 Liverpool Street, London, EC2M 7PR

Address: The DPO Centre Ltd, Alexandra House, 3 Ballsbridge Park, Dublin, D04 C7H2, Ireland 

Email: UKrep@oet.com.au 

Email: EUrep@oet.com.au 

Telephone: +44 (0) 203 797 1289

Telephone: +353 1 631 9460 

Website: https://www.dpocentre.com/ 

Website: https://www.dpocentre.com/ 

We will endeavour to respond to you within a reasonable time.

OET Test delivery partners operate throughout the world, including across Europe, Asia, Australia and New Zealand, North America, South America, Africa and the Middle East.

CBLA is a joint data controller with Cambridge Assessment English and its related entities for the purposes of conducting the OET Test (collectively referred to in this Policy as “Cambridge Assessment”).

02. Personal Information we collect

Below are some examples of the Personal Information we may collect through the Services (such as when you apply to take the OET Test, register to use our OET Store or myOET):

  • Identifiers: including your real name, postal and email addresses, telephone number, unique personal identifier, online identifier, account name, national identity card number, passport number and expiry date, contact details, photograph, your US Medical Licensing Examination ID and other similar identifiers;
  • Sensitive Information / Protected classification characteristics under California or US federal law: such as date of birth, race, colour, national origin, citizenship, marital status, details of medical conditions, and gender;
  • Commercial information: including credit history, information about your transactions with us, and information required for payment processing, such as bank account, credit card, or debit card details;
  • Internet or other similar network activity: such as browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement;
  • Professional or employment-related information: such as current or past job history;
  • Geolocation data: such as physical location or movements if you have accepted sharing location in your maps tool (Google Maps, Apple Maps or Bing);
  • If you are based in California, the Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) that we collect are: name, signature, national identity card number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, education, employment, employment history, bank account number, credit card number, debit card number, any other financial information, or medical information. Some Personal Information included in this category may overlap with other categories;
  • Non-public education information (if you are based in California this is information as specified in the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99): such as test results, the location where the test was taken, number of attempts in taking a test, and transcripts; and
  • Other information you provide to us: we may collect your feedback regarding the Services (such as your test day experience, review of a particular event, preparation material or testimonials). We may also hold details of our interactions with you, including any contact we have with you by email, online, on the telephone or via social media.

We may link together different types of information or link information to Personal Information. If linked information directly or indirectly identifies an individual person, we treat the linked information as Personal Information.

In this Privacy Policy, to “process” Personal Information means to perform any operation on Personal Information, whether or not by automated means, such as collection, recording, organizing, storing, adapting, use, disclosure, combining, erasing or destroying.

When you deal with us, you will need to identify yourself in order for us to provide our Services to you, as we do not accept the use of pseudonyms. Where we need to collect Personal Information by law, or under the terms of the contract between us and you do not provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with Services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case.

03. How we collect information

We will only collect your Personal Information by lawful means. We do not collect Personal and Sensitive Information unless the information is reasonably necessary for our business functions or activities or we have another legal basis to do so. Except in limited circumstances (e.g., where needed to establish, exercise or defend legal claims), we will obtain your consent before collecting any Sensitive Information. Personal Information may be collected directly from you or your authorised representative, or may be collected from a third party, including:

  1. licensees or representatives authorised by us to provide services to you;
  2. OET Recognising Organisations including education institutions, government agencies and health care recruiters, employers, boards and councils in relation to any issues, complaints, or allegations such as malpractice, including to respond to any issues or queries that they raise in relation to you and your test; and
  3. any third parties with whom you may make queries about your test.

We collect information as follows:

  1. When you register to take the OET Test: When you register for the OET Test, we collect your Personal Information, such as your name, email, address, phone number, date of birth, gender, occupation, nationality, language, identification number and (for passports), expiry date, password, physical characteristics, your photograph, partner affiliate codes and information related to our Services. We collect this information so that we may: administer the OET and otherwise provide you the Services (including any OET verification requested), keep you informed about CBLA and OET, respond to your inquiries, and provide you with information about our Services.
  2. When you create an account with us: When you register to create an account on our website, we will collect your email address and a password.  If you elect to sign in via your Google account, we may also collect your name, email address, language preference and profile picture that you use on your Google account. We collect this information so that we may: administer your account, provide you with Services, keep you informed about CBLA, respond to your inquiries, and provide you with further information about our Services.
  3. When you communicate with us: We collect your Personal Information (such as your name, address, telephone number, email address, contact preferences, and information related to our Services) when you communicate with us via our website, social networks, the OET store, and other online channels, e.g. through your Facebook or Twitter identity.
  4. When you make a payment to us: If you make a payment to us, we will ask for payment information and other information required for processing your payment.
  5. When the information is made publicly available: Where permitted by law, we may collect publicly available information from online sources (such as professional social networks) and other sources (such as professional events or from other organisations) including your contact details, your role and position within an organisation, and in the course of conducting our sales and marketing activities. Where collected in this manner, we will provide you with the opportunity to opt-out of our use of this information either at the time of sign up or any time later by unsubscribing through our communications to you.
  6. From Third Parties: We may collect Personal Information about you via third parties that we contract with to provide our Services such as our test venues. However, we will only collect your Personal Information in this way if it is unreasonable or impractical to collect this information directly from you or if we are otherwise permitted to do so by law.
  7. Through Server Logs: A server log is a list of the activities that a server performs. Our servers automatically collect and store in server logs your search queries, Internet Protocol (IP) address, browser type, browser language, the date and time of your request and referral URL and certain cookies that identify your browser or account.
  8. From Your Computer, Tablet or Mobile Telephone: We collect information about your computer, tablet or mobile telephone (Device), such as model, operating system version, mobile network information, telephone number, internet service provider and similar identifiers. We may associate your Device information with your account. We may collect and store information (including Personal Information) on your Device through browser web and web application data caches. We may collect information from sensors that provide us with information on nearby devices, Bluetooth address, Wi-Fi access points and information made available by you or others that indicates the current or prior location of the user. We also may collect IP addresses and MAC addresses. How we collect this data depends on how you access the Services. Certain Services may collect this data even when you are not actively using the Services.
  9. Cookies and Similar Technologies: We use cookies (small, often encrypted, text files that are stored on your computer or mobile device) and similar technologies to provide the Services and help collect data. Our cookies procedure in Section 16 below explains how we use cookies to collect information about the way you use the Services and how you can control them.
04. How we use your Personal Information

We will only use your Personal Information when applicable law allows us to. Most commonly, we will use your Personal Information in the following circumstances:

  • to perform the contract we are about to enter into or have entered into with you;
  • to communicate with you and provide you with information and support about the Services (including the OET Test, OET Ready preparation material, OET Test results, OET store and myOET and the Recognising Organisation Portal) you have requested;
  • to provide the OET Candidate and Venue mobile application, including to facilitate its use on test days;
  • to allow us to administer the OET Test, or other events we run, including to provide your Personal Information to third parties who operate test venues for the administration of the OET Test;
  • to allow you to take the OET Test and all of the steps required to support the administration of the OET Test to you;
  • to allow us to prevent and investigate any fraud, other misuses of the Services, or allegations such as malpractice;
  • to provide your OET Test results and any associated credentials or digital badges () to you;
  • to provide your OET Test results to relevant third parties including Recognising Organisations, education institutions, and healthcare employers, bodies and councils and (at your request) to other third parties such as your employer;
  • to provide you with the Services you have requested in the OET store or myOET and to provide the third parties who participate in the OET store or myOET with the Personal Information that you have provided;
  • to share your Personal Information with our related bodies corporate, business or venture partners, selected third parties, and service providers who assist us in administering the Services (including the OET Test);
  • to manage and administer any account you may hold with us including processing payments and refunds and providing receipts;
  • to enable us to undertake quality assurance and process evaluation as well as research in relation to the OET Test both generally and specifically;
  • to administer and protect our business and the Services (including troubleshooting, data analysis, security, testing, system maintenance, support, reporting, technical functionality, and hosting of data) and in the context of a business reorganization or group restructuring exercise;
  • to use data analytics to improve our website, Services, client relationships and experiences;
  • to manage our relationship with you, including notifying you about changes to our terms or Privacy Policy, asking you to leave a review or take a survey, and responding to your questions and inquiries;
  • to personalise and customise your experiences on our website or use of any of our Services;
  • to comply with legal or regulatory obligation; and
  • for any other purpose which we disclose to you at the relevant time and which you agree to.

We may also use your Personal Information for the promotion and marketing of our Services such as:

  • to manage our alumni contacts including sending invitations to join our alumni network;
  • to conduct promotions and competitions;
  • to promote and market our Services to you or provide you with information that we believe you may be interested in from us, our business or venture partners subject, as the case may be, with your prior consent; and
  • to help us research the needs of our customers and candidates to improve existing Services or create new Services, and to market our Services with a better understanding of your needs and the needs of customers and candidates generally (such as your test day experience, feedback on your experience with us compared with other English language or similar tests, OET Test preparation material feedback or any other testimonials).

You can opt-out of receiving promotional and marketing material from us by clicking on the unsubscribe link at the bottom of any email you have received from OET or by emailing us at privacy@oet.com.au.  

If you elect not to receive promotional and marketing material from us, we will not email you to inform you that you have a new alert within your OET account.  However, you will still receive alerts via your OET account. 

Legal basis

Under certain laws, such as the GDPR, we are required to have a ‘legal basis’ for each activity that involves processing your personal information.  The lawful basis that we rely on impacts which rights are available to you.  For the purposes set out above, we rely on the following lawful bases:

  • ‘Performance of a contract’ (i.e., the OET Terms and Conditions) – to allow us to administer the OET Test, provide you with our Services, and to provide you with other programs you choose to use.
  • ‘Legitimate interests’ – where we have a legitimate interest to process your personal information for a business purpose that is not necessary to perform our obligations under the OET Terms and Conditions, and where that legitimate interest is not outweighed by any impact on your rights and freedoms. For example, to undertake quality assurance, administer customer feedback surveys, and to analyse use of the Services in order to make improvements to them.  Where consent is not required by law, we rely on legitimate interests to send marketing communications relating to our Services.  We also rely on our legitimate interest to process personal information that is necessary for us to establish, exercise or defend our legal rights. 
  • ‘Consent’ – we collect your consent for certain optional activities, such as personalised advertising carried out using cookie technologies or the sending of direct marketing communications.
  • ‘Compliance with a legal obligation’ – sometimes our processing of your personal information is necessary for us to comply with a legal obligation, such as responding to court orders or regulatory demands.
05. Employee applications and suppliers

We may use, where relevant, your Personal Information in specific ways if you have applied for employment with us or you are providing or seeking to provide services to CBLA. In these cases, we will use your Personal Information:

  • to process any job application submitted by you;
  • if you are an employee or other representative of a supplier or service provider to us, to communicate with you about your or your employer’s engagement with us and otherwise as specified in this Privacy Policy; and
  • carry out credit or reference checks where your organisation is being considered as a potential supplier or service provider to CBLA.

We reserve the right at all times to monitor, review, retain, and/or disclose any information as necessary to satisfy our obligations under applicable law.

We may otherwise collect, use or disclose your Personal Information, where the collection, use or disclosure is:

  1. in accordance with this Privacy Policy or any agreement you enter into with us; or
  2. required or authorised by applicable law, including without limitation the Australian Privacy Principles under the Privacy Act, the CCPA, and the GDPR.
06. Retention

When the Personal Information that we collect is no longer required, we will destroy, delete it in a secure manner, or ensure that the information is de-identified, unless (a) we are required by applicable law to retain a copy of the Personal Information, (b) the information is required to resolve disputes, to enforce agreements and similar essential purposes, or for the prevention of fraud, or (c) the information is contained in a Commonwealth record. To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information, and whether we can achieve those purposes through other means, and the applicable legal requirements

07. Disclosure to others

We may share your Personal Information in the following circumstances:

Service Providers

We may share Personal Information collected via the Services with service providers. This includes our test delivery partners who operate our test venues and those parties who provide Services to us or through us in the ordinary operation, administration or promotion of our business (such as payment processing, candidate and IT support, scanning and assessment of OET Test papers, web hosting, video encoding, data storage, or the digital credential company that issues our digital badges), and otherwise in accordance with our Privacy Policy. These service providers are only permitted to use your Personal Information for the purposes for which we have engaged them and for related purposes, such as for improving the delivery of their products and services. The list of current test venues may be reviewed at https://oet.com/test/book-a-test. Whilst we will endeavor to keep this list up to date, it may contain errors and inaccuracies from time to time and there may be additional countries with test venues not specified in the current list for the purpose of conducting the OET Test.

Additionally, we may share your information with companies that are conducting marketing and advertising to benefit us. These third party companies may use your contact information for communications and marketing purposes that support our activities. You are under no obligation to respond and the companies are restricted from using your contact information for any other purpose. We will use reasonable efforts to ensure that any service provider with which we share Personal Information agrees to safeguard it in substantially the same manner as we have described in this Privacy Policy and in accordance with all applicable laws.

Recognising Organisations

We may disclose your Personal Information to relevant Recognising Organisations who recognise OET Test results. Those Recognising Organisations may only use the Personal Information for verifying OET Test results. See the list of Recognising Organisations at https://oet.com/test/who-recognises-oet

Regulatory and Legal Compliance Purposes

Applicable law may require us to disclose your Personal Information if: (i) reasonably necessary to comply with legal process (such as a court order, subpoena or search warrant) or other legal requirements; (ii) disclosure would mitigate our liability in an actual or threatened lawsuit; (iii) necessary to protect legal rights of CBLA, users, customers, business partners or other interested parties; or (iv) necessary for the prevention or detection of crime (subject in each case to applicable law).

We are also required to disclose Personal Information to regulatory authorities in certain circumstances. For example, we are required under each Australian State’s Health Practitioner Regulation Law Act to disclose some of your Personal Information to the Australian Department of Home Affairs and the Australian Health Practitioners Regulation Agency for regulatory purposes. In these circumstances, we endeavour to only disclose the necessary Personal Information to satisfy our obligations under Australian or any other law.

Cambridge Assessment

CBLA may share any relevant information from your OET Test application or test with Cambridge Assessment for purposes such as administering the OET Test or reviewing OET Test results for statistical and fraud detection purposes. You can refer to the privacy policy for Cambridge Assessment by following this link: http://www.cambridgeenglish.org/footer/data-protection.

OET Services

Where you consent to participate in services offered by CBLA (which includes services that are a subset of the OET store and myOET) we may disclose your Personal Information to other third parties who provide services such as

  • Recognising Organisations;
  • Other Government, Healthcare Boards and Councils;
  • Universities and other education providers;
  • Teachers and preparation course providers;
  • Recruitment agencies;
  • Potential employers;
  • Immigration agents; and
  • Any other third parties as disclosed via the OET store and myOET or like services offered by CBLA at any time.

Preparation providers

We may disclose your personal information to any preparation provider you engaged with in preparing for the OET for the purpose of monitoring their performance in the delivery of preparation courses.

Recruiters and prospective employers

Where you redeem a token, coupon or other code provided by a recruiter to access a product or service offered by CBLA, we may disclose your personal information to that recruiter, and any prospective employer who engaged that recruiter, for the purpose of informing them of your progress towards the OET and performance in the OET. 

Other disclosures

We may also disclose your Personal Information to related third parties or third parties who we have contracted with to undertake research for us in relation to either OET, the OET store and myOET, preparation testing or other Services offered by CBLA. We will seek to anonymise the information provided, however, where this is not possible or where it may impact the ability for the research to be conducted, the Personal Information provided will be subject to strict use restrictions and safeguards against unauthorised access.

We may aggregate information collected through the services and remove identifiers so that the information no longer identifies or can be used to identify an individual (Anonymized Information). We share Anonymized Information with third parties and does not limit third parties’ use of the Anonymized Information because it is no longer Personal Information.

We may share Personal Information if we are involved in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control (in whole or in part). We require that the shared Personal Information remain subject to the promises made in the then-current Privacy Policy, unless and until you agree to new privacy terms.

08. Overseas transfers and disclosures

Some OET IT systems and data are hosted on servers in countries outside of the country in which you are located and we may send your information to one of those servers as part of our business. If you are located outside of Australia, you acknowledge that CBLA is an Australian headquartered business and that by choosing to take the OET Test, create an account with us or participate in programs, your personal information will be processed in Australia, as well as the countries listed below, and that these countries may not provide an equivalent level of data protection to that of your country of residence.

CBLA may hold or transfer the data we collect to recipients in or to the following countries (in addition to your home country):

  • Australia;
  • UK;
  • Ireland;
  • Dubai;
  • Philippines;
  • India;
  • Egypt;
  • New Zealand;
  • Singapore;
  • Canada;
  • USA; and
  • any country in which a test venue is located that you may attend (see https://oet.com/test/book-a-test). While we endeavour to keep that list accurate and up to date, it may contain errors and inaccuracies from time to time, and there may be additional countries with test venues not specified in the current list; and
  • to recruiters in the country/countries you are interested in migrating to, based on the information you provide us with when you create your account; and
  • to relevant Recognising Organisations located in any other country as specified at https://oet.com/test/who-recognises-oet While we endeavour to keep that list accurate and up to date it may contain errors and inaccuracies from time to time, and there may be additional Recognising Organisations in additional countries not specified in the current list.

This information is stored and accessed only as required to provide our Services to you. Where we transfer data to offshore servers, the data is subject to use restrictions and safeguards against unauthorised access. The information disclosed to overseas recipients consists of any information you have given us to provide the relevant Services. By accepting Services from us, you consent to us providing your Personal Information to the relevant overseas recipient as mentioned above. Where required by law, CBLA takes appropriate steps to ensure there are adequate safeguards in place for the transfer of your Personal Information, including relevant data protection clauses in our contracts.

9. Minor’s privacy

The Services are not directed to or intended for use by minors under the age of 18. Consistent with the requirements of applicable law, if we learn that we have received any information directly from a minor without his or her parent’s verified consent, we will use that information only to respond directly to that minor (or his or her parent or legal guardian) to inform the minor that he or she cannot use the Services and subsequently will delete that information.

California Minors:  While the Service is not intended for anyone under the age of 18, if you are a California resident who is under the age of 18 and you are unable to remove publicly available content that you have submitted to us, you may request removal by contacting us at: privacy@oet.com.au. When requesting removal, you must be specific about the information you want to be removed and provide us with specific information, such as the URL for each page where the information was entered, so that we can find it. We are not required to remove any content or information that: (1) federal or state law requires us or a third party to maintain; (2) was not posted by you; (3) is anonymized so that you cannot be identified; (4) you don’t follow our instructions for removing or requesting removal; or (5) you received compensation or other consideration for providing the content or information. Removal of your content or information from the Service does not ensure complete or comprehensive removal of that content or information from our systems or the systems of our service providers. We are not required to delete the content or information posted by you; our obligations under California law are satisfied so long as we anonymize the content or information or render it invisible to other users and the public.

10. Security of Personal Information

We take precautions intended to help protect information that we process but no system or electronic data transmission is completely secure.  Any transmission of your Personal Information is at your own risk and we expect that you will use appropriate security measures to protect your Personal Information.

You are responsible for maintaining the security of your account credentials for the Services. We will treat access to the Services through your account credentials as authorized by you. Unauthorized access to password-protected or secure areas is prohibited and may lead to criminal prosecution. We may suspend your use of all or part of the Services without notice if we suspect or detect any breach of security. If you believe that information you provided to us is no longer secure, please notify us immediately using the contact information provided below.

If we become aware of a breach that affects the security of your Personal Information, we will provide you with notice as required by applicable law. To the extent permitted by applicable law, we will provide any such notice that we must provide to you under applicable law at your account’s email address. By using the Services, you agree to accept notice electronically.

All payments are processed securely by SecurePay for OET Global Pty Ltd. and Stripe for OET USA, LLC, using measures that comply with the Payment Card Industry Data Security Standard (“PCI DSS“).

11. Your rights

You have the right to seek access to any of your Personal Information held by us unless there is a valid reason under applicable law (including the Privacy Act or Data Protection Act 2018 (UK)) for us to withhold the information. Valid reasons include:

  • We have reason to suspect that unlawful activity or misconduct of a serious nature has been engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
  • Giving access would reveal evaluative information generated within us in connection with a commercially sensitive process.

If your personal details change, or you believe the information we hold about you is incorrect, incomplete or out-of-date, please contact us so that we can correct our records.

If you are resident in the European Union or the United Kingdom, below is a summary of your rights with respect to your Personal Information:

  • The right to erasure: At your request by emailing us at privacy@oet.com.au, we will remove all the data we have of you which we are not required legally to retain.
  • The right to restrict processing: You have the right to restrict processing when you have exercised one of the above rights and it may take some time to process that request. For example: when you contact us to update your details you have the right to request restriction until your details are being updated.
  • The right to withdraw consent: For the processing activities where we have asked you for consent, you have the right to withdraw this consent at any point by unsubscribing using the link in a message from us, or by contacting privacy@oet.com.au.
  • The right to object: You can object to the processing of your Personal Information.
  • The right to not be subject to automated decisions and profiling: None of our processing activities are purely automated and no decisions are made without human intervention. There are instances where we process data to analyse or predict behaviour but we will ask you for explicit consent when this processing will involve your Personal Information by way of a collection notice on candidate sign-up.
  • The right to data portability: If you have provided us with your Personal Information with consent or under the contact obligations, you have the right to request the data you have provided to us in a machine-readable format should you decide to move to another data controller.

Making a request

Requests for access or correction to your Personal Information or other privacy rights described above should be addressed to the OET Privacy Officer by emailing privacy@oet.com.au or by contacting us using the details set out in Section 01 above.  You can also update your details by logging in to your OET account. All requests will be responded to either by the customer service representative you have contacted or in writing within a reasonable period of time. As part of this process we will verify the identity of the individual requesting the information prior to providing access or making any changes. If we cannot fulfil your request, we will respond and provide you with an explanation.

12.Making a complaint

We have procedures in place to deal with your inquiries or complaints. If you have any questions about our policy or any complaint regarding our treatment of your Personal Information, please contact privacy@oet.com.au. If you feel we have intruded on your privacy or misused your data, you are able to complain.

You may also contact your local privacy / data protection supervisory authority. 

In Australia

If you reside in Australia, you can access the Office of the Australian Information Commissioner’s (OAIC) website at www.oaic.gov.au

The contact details for the OAIC are:

Office address: Level 3, 175 Pitt Street, Sydney 2000

Postal address (Sydney): GPO Box 5218 Sydney NSW 2001

Phone: 1300 363 992

Fax: + 61 2 9284 9666

Email: enquiries@oaic.gov.au

In the UK

Information Commissioners Office

https://ico.org.uk/make-a-complaint/

In the European Union

A list of national data protection authorities can be found here:

http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

13. California residents

Data Collection

Our Services collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device. In particular, the Services collect or may have collected in the last twelve (12) months the categories of Personal Information as described in Section 4 above.

Use of Personal Information

We may use or disclose the Personal Information we collect for one or more of the business purposes indicated in Section 6 above. We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing Personal Information

We may disclose your Personal Information to a third party for a business purpose. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract. We share your Personal Information with the categories of third parties listed in Section 9 above. In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a business purpose:

  • Identifiers
  • California Customer Records Personal Information categories
  • Protected classification characteristics
  • Non-public education information
  • Commercial information
  • Internet or other similar network activity
  • Geolocation data
  • Professional or employment-related information

Sales of Personal Information

Under the CCPA, the sale of Personal Information means “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s Personal Information by the business to another business or a third party for monetary or other valuable consideration” (Cal. Civ. Code § 1798.140(t)(1)). We make your Personal Information available to third parties, subject to your right to opt-out. In the preceding twelve (12) months, we have made available the following categories of Personal Information:

  • Identifiers
  • California Customer Records Personal Information categories
  • Protected classification characteristics
  • Non-public education information
  • Commercial information
  • Internet or other similar network activity
  • Geolocation data
  • Professional or employment-related information

We make your Personal Information available to the following categories of third parties:

  • Social Media
  • Advertisers and other third-party marketing service providers

Right to Opt-Out

If, at any time, we make your information available to third parties other than for a business purpose and you are 16 years of age or older, you may have the right under the CCPA to direct us not to (the “right to opt-out”). We do not make available the Personal Information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in may opt-out at any time.

To exercise the right to opt-out or right to opt-in, you (or your authorized representative) may submit a request to us by sending us an e-mail at privacy@oet.com.au. Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize certain information sharing practices. However, you may change your mind and opt back in at any time by sending us an e-mail at privacy@oet.com.au. We will only use Personal Information provided in an opt-out request to review and comply with the request.

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.

Right to Access Specific Information and Data Portability Right

You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of Personal Information we collected about you.
  • The categories of sources for the Personal Information we collected about you.
  • Our business or commercial purpose for collecting or selling that Personal Information.
  • The categories of third parties with whom we share that Personal Information.
  • The specific pieces of Personal Information we collected about you (also called a data portability request).
  • If we disclosed your Personal Information for a business purpose, the business purpose for which Personal information was disclosed, and the Personal Information categories that each category of recipient obtained.
  • If applicable, (i) the categories of your Personal Information that we have made available for valuable consideration; (ii) the categories of third parties to whom such Personal Information was made available; and (iii) the category or categories of Personal Information that we have made available to each category of third parties.

Right to Delete

You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.

Exercising Your Rights

If you are a California Resident and which to exercise any of the above rights relating to access, data portability, and deletion, please submit a verifiable consumer request to us by either:

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make such a request for access or data portability twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative, and describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information that relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

We endeavour to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response electronically. Any disclosures we provide will only cover the 12-month period preceding the receipt of the verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination

We will not discriminate against you if you choose to exercise any of the above rights granted to you by the CCPA. We are not discriminating against you if we deny a request relating to access, data portability, or deletion if we have a legitimate reason for the denial.

Shine the Light

California Civil Code Section 1798.83 (“Shine the Light Law”) permits users who are California residents to request in writing and obtain from us, once per calendar year, free of charge, a list of  third parties to whom we have disclosed Personal Information (if any) for direct marketing purposes in the preceding calendar year. To make such a request, please contact us at privacy@oet.com.au and write “Request for California Privacy Data” for the subject of your message.

Consumer Rights Notice

Under California Civil Code Section 1789.3, CBLA is required to provide California residents with the following specific consumer rights information:

  • This website is owned and operated by Cambridge Boxhill Language Assessment Pty Ltd.
  • Unless otherwise expressly stated, this website is provided without charge.

To file a complaint regarding this website or to receive further information regarding use of this website, please contact us via email at privacy@oet.com.au or send us a letter at the mailing address listed in Section 2. You also may contact the Complaint Assistance Unit of the Division of Consumer Services of California’s Department of Consumer Affairs in writing at 400 R Street, Suite 1080, Sacramento, California 95814 or by telephone at (916) 445-1254 or (800) 952-5210.

14. Updates to this policy

From time to time, we may update this Privacy Policy. If we change this Privacy Policy, we will post the updated Privacy Policy and its effective date on this page. We encourage you to take the time to review it any time you provide us with Personal Information.

We aim for there to be ‘no surprises’ in our dealings with your Personal Information. If we make significant changes to the Policy and we have your email address, we will send you an email informing you of these changes, how they may impact you, and remind you of your privacy rights.

15. Glossary

Cambridge Assessment means Cambridge Assessment English and its related entities, which are based in the United Kingdom.

CBLA means Cambridge Boxhill Language Assessment Pty Ltd as trustee for Cambridge Boxhill Language Assessment Unit Trust.

CCPA means the California Consumer Privacy Act of 2018.

GDPR means the European General Data Protection Regulation 2016/679.

OET is OET, our business name.

Personal Information means information that directly or indirectly identifies you.

Privacy Act means the Privacy Act 1988 (Cth).

Recognising Organisation means organisations that recognise OET Test results as proof of English language proficiency in some form.

Sensitive Information includes information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a professional or trade association or criminal record that is also Personal Information, or health information about an individual, or biometric information used for the purpose of automated biometric verification or identification, or biometric templates.

16. Cookies and similar technologies

Cookies

Cookies are small data files sent from a website and stored in a user’s web browser. We use cookies to personalise content and advertisements, to provide social media features and to analyse our traffic. While this information on its own may not constitute your Personal Information, we may combine the information we collect via cookies with Personal Information that we have collected from you to learn more about how you use the Services to improve them. We also share information about your use of our site with our social media, advertising and analytics partners.

We use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your device until you delete them). Below is a summary of the types of cookies used on our websites and how they are used. Specific cookies used are described at https://oet.com/cookies-policy.

  • Strictly Necessary Cookies: These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the website may not work if these cookies are blocked. These cookies do not store any personally identifiable information.
  • Performance Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our website. They help us understand which webpages are the most and least popular and see how visitors move around the website. All information collected by these cookies is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our website, and will not be able to monitor its performance.
  • Functional Cookies: These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third-party providers whose services we have added to our webpages. If you do not allow these cookies, then some or all of these services may not function properly.
  • Targeting Cookies: These cookies may be set on our website by our advertising partners, including Google. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other websites. They do not store directly Personal Information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. If you prefer that we not share your non-Personal Information with partners, including third parties that use tracking technologies to deliver targeted display advertising based on that information, please visit http://optout.networkadvertising.org/?c=1#!/to access the Network Advertising Initiative opt-out.
  • Social Media Cookies: These cookies are for a range of social media services including Linkedin and Facebook that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other websites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies, you may not be able to use or see these sharing tools.

Cookies Set by Third Parties

To enhance our content and to deliver a better online experience for our users, we sometimes embed images and videos from other websites on the Services. We currently use, and may in future use content from websites such as Facebook, LinkedIn, and Twitter. You may be presented with Cookies from these third-party websites. Please note that we do not control these cookies. The privacy practices of these third parties will be governed by the third parties’ own privacy statements or policies. We are not responsible for the security or privacy of any information collected by these third parties, using cookies or other means. You should consult and review the relevant third-party privacy statement or policy for information on how these cookies are used and how you can control them. Below is a summary of the cookies on our website that are set by third parties.

Omneo

Omneo may use cookies on our website to collect information about your online activities and provide you with personalized marketing content. These cookies may track your browsing behavior across different websites and devices. We do not have access to or control over these cookies. Please refer to Omneo's privacy policy for more information on how they use and protect your personal data: https://www.omneo.io/privacy-policy.

Commerce Layer

Our website may use cookies from third-party provider Commerce Layer to enhance your shopping experience and personalize your interactions with our site. These cookies may collect information about your online activities and track your browsing behavior across different websites and devices. Please note that we do not have control over these cookies, and Commerce Layer's privacy policy governs how they use and protect your personal data, it can be found here https://commercelayer.io/legal/privacy-policy.

Auth0

To provide secure login functionality on our website, we use cookies from third-party provider Auth0 to authenticate users. These cookies may collect information about your device and browser, such as your IP address and user agent. Please note that we do not have control over these cookies, and you should consult Auth0's privacy policy (https://www.okta.com/au/privacy-policy/) for more information on how they use and protect your personal data.

Google Analytics

We use Google Analytics to measure and analyse the website’s internet usage to ensure the website meets CBLA’s business objectives with advertisers and users. and to gain insights on how to make the website more useful for advertisers as well as our users.

Data collected from Google Analytics includes:

  • the number of webpage views (or webpage impressions) that occur on our websites;
  • the number of unique visitors;
  • how long these unique visitors (on average) spend on our websites;
  • common entry and exit points to our websites;
  • files downloaded from the site;
  • forms filled in on the website;
  • Audience and device analysis; and
  • Referral source.

For more information regarding Google’s use of cookies, and collection and use of information, see the Google Privacy Policy (available at https://policies.google.com/privacy?hl=en). If you would like to opt-out of Google Analytics tracking, please visit the Google Analytics Opt-out Browser Add-on (available at https://tools.google.com/dlpage/gaoptout).

Hotjar

We use Hotjar to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and do not like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices (particularly, device IP address (captured and stored only in anonymised form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymised user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link: https://www.hotjar.com/legal/policies/privacy/. You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link: https://www.hotjar.com/legal/compliance/opt-out/.

Google Ads

Google Ads is an online advertising service by Google, which allows advertisers to display advertisements on the Google display network. We use the Google Ads remarketing feature to show you advertisements about OET Ready preparation, products and support. Google Customer Match allows advertisers to target custom audiences based on a list of email address on the Google display network. We may use Google Customer Match to target OET Ready preparation, product and support advertisements to you. If you wish to opt-out of Google Ads online, please visit https://support.google.com/ads/answer/2662922?hl=en.

Facebook Custom Audience

The Facebook Custom Audience program allows advertisers to target custom audiences based on an email address on Facebook. We may participate in the Facebook Custom Audience program to target OET Ready preparation, product and support ads to you. If you wish to opt-out of Facebook Custom Audience ads, you may control this via your Facebook privacy settings, or by clicking on the ad and selecting ‘Hide all from this advertiser’.

Other Similar Technologies

Our web pages may use other technologies such as web beacons to help deliver cookies on the Services and count users who have visited those websites. We also may include web beacons in our promotional email messages or newsletters to determine whether you open and act on them as well as for statistical purposes. In addition to standard cookies and web beacons, the Services can also use other similar technologies to store and read data files on your computer. This is typically done to maintain your preferences or to improve speed and performance by storing certain files locally.

How to Control and Delete Cookies

Cookies can be controlled, blocked or restricted through your web browser settings. Information on how to do this can be found within the Help section of your browser. All cookies are browser-specific. Therefore, if you use multiple browsers or devices to access websites, you will need to manage your cookie preferences across these environments. If you are using a mobile device to access the Services, you will need to refer to your instruction manual or other help/settings resource to find out how you can control cookies on your device.

Please note: If you restrict, disable or block any or all cookies from your web browser or mobile or other devices, the Services may not operate properly, and you may not have access to the Services available through the Services. We shall not be liable for any impossibility to use the Services or degraded functioning thereof, where such are caused by your settings and choices regarding cookies.

To learn more about cookies and web beacons, visit www.allaboutcookies.org.

Do Not Track: Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked.  If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about the browser’s user.  Not all browsers offer a DNT option and DNT signals are not yet uniform.  For this reason, many website operators, including us, do not respond to DNT signals.