360Testing Limited. (“TheTestMart”, “us” or “we”) respects the privacy of all data subjects whose personal information we process in the context of providing our online services available at https://www.thetestmart.com/ to our customers (the “Customer(s)” and the “Services”, respectively), including the privacy of:
- data subjects whose Personal Information is included in the content which our Customers upload to the Services (“Customer Content”); and
- individual users of our Services, who use the Service on behalf of our Customers (the (“Permitted User(s)” or “you”).
We believe that you have a right to know our practices regarding the personal information we may collect and process in the context of our Services, and we are committed to protecting the personal information entrusted with us. Please read the following carefully in order to understand TheTestMart’s views and practices regarding the processing of personal information and how TheTestMart treats it
1. Table of Contents
- Who we are
- Your acknowledgment of this policy
- Which information may we collect about Users?
- How do we collect information about our Users?
- What are the purposes of the collection and processing of information?
- Sharing Personal Information with Third Parties
- Your Rights
- Location of Your Data
- Social Features
- Third Party Service Providers and Third Party Software
- Links to Third Party Websites
- Data Retention
- Have any Questions?
3. Who we are
In this policy, references to TheTestMart, or to “we” or “us” are to TheTestMart and its affiliates, including without limitation 360Testing Ltd., which is a registered company in Auckland, New Zealand, Company number no. 9429048366359. Individuals wishing to contact us about data protection issues may do so by writing to us at the above address or by emailing us
4. Your acknowledgment of this policy
5. Which Personal Information may we process?
During and as part of the use of our Services, we collect and process: (i) non-identifiable and anonymous information, which consists of technical information and behavioral information that does not pertain to a specific individual (“Non-Personal Information”); and (ii) personal information, which is information relating to an identified or identifiable natural person (“Personal Information”), all with respect to two types of data subjects:
5.1 Personal Information which relates to Permitted Users: (Permitted Users are those individuals who have opened an account to use our services and use our Services on behalf of our Customers, such as Customers’ employees or contractors).
- Technical and Behavioral Information.
- Any Non-personal Information connected or linked to or associated with any Personal Information shall be deemed as Personal Information, as long as such connection, linkage or association exists.
- Opening an Account: Personal Information is collected from the details the Permitted Users provide when opening an account in order to use the Services: full name, business email address, position in the company (e.g., CEO, HR, manager), phone number and country of residence. Permitted Users may also, voluntarily, provide a profile picture for their account. Additional information may be requested in the future.
- Use of Social Network Accounts: Alternatively, Permitted Users may sign up to the Services via one of their existing social network accounts (e.g. GitHub or Google). When registering to the Service through such existing third-party accounts, then such third-party accounts provide us with access to certain information, which is detailed and displayed in the notice which appears during the integration process, which may include the Permitted User’s name, email address, profile photo and user-id on such account. Please read such notices carefully in order to understand what information is made available to us via such third-party accounts. We may collect login information and other relevant information necessary to enable us to access such third-party accounts in order to collect the aforementioned information. Please remember that the manner in which third-party accounts use, store or disclose your information is governed solely by their policies and we will have no liability or responsibility for the privacy practices or other actions of such third parties. If you do not agree to these practices, please do not use third-party accounts in order to use our Services. You hereby agree that such information will be stored even after the linkage to your third-party accounts expires, for any reason.
- Communications with TheTestMart: we may collect and process any Personal Information Permitted Users may provide to us as part of any communications with us, by any means, including email correspondence and by use of the chatbot available on the Site.
- Geolocation data: during your use of the Services, TheTestMart will access, collect, process, monitor and/or remotely store “geolocation data”, including through the collection of IP addresses and other similar information to determine your location for analytics, advertising and security purposes.
- Identifiers: during your use of the Services, we will access, collect, process, monitor and/or remotely store online identifiers, such as Internet Protocol (IP) address, AD-ID or other unique identifiers, for the purpose of providing you with targeted advertising and for statistical and metric purposes.
- Technical and Behavioral Information: to the extent that the Technical and Behavioral Information detailed above under Section 5.1.1 will be linked to or associated with a specific individual then such information will be considered as Personal Information
- Recording of the Services’ User Interface: in order to provide support services to our Customers and their Permitted Users, TheTestMart may record (through a third-party service provider) the Services’ user interface, and as a result thereof the Permitted Users’ interactions with the Services’ user interface, and any Personal Information related thereto, may be captured. Please note that we only record the browser windows where the Services’ user interface is open and not any other screen on the applicable workstation or device
5.2 Personal Information included in the Customer Content: In order to use TheTestMart’s Services, Customers and Permitted Users may upload certain Personal Information pertaining to third parties, such as the Customer’s clients, to the Services (the Customer Content). For example, when performing a test via the Services, in a ‘live’ environment, the test may entail the processing of Personal Information included in the Customer Content available in such an environment. Personal Information included in the Customer Content may be recorded in the outputs produced as a result of the use of the Services, such as in screenshots, HTML files, element locate data, element locate results and runtime console logs.
Please note that the Customer Content (including Personal Information) collected as part of your use of the Services, may be accessed by our IT team, support team, customer success team, R&D team and/or by our account managers, worldwide, solely in order to provide our Services to our Customers and to fulfill our contractual obligations towards our Customers.
6. How do we collect Personal Information? There are three main methods we use to collect Personal Information:
6.1. We collect information via your entry, connection, access and/or use of the Services. In other words, when you access or use the Services, we are aware of your usage of the Services, and may gather, collect and record the information related to such usage. For example, when you use the Services, we collect your IP address and other online identifiers.
6.2. We collect information which you provide us voluntarily. For example, we collect Personal Information that you provide via the Services, such as the details provided when opening an account to use the Services.
6.3. We collect information provided by you via the Services as part of the Customer Content. Personal Information may be provided to us as part of any Customer Content uploaded in the context of your use of the Services (e.g., Personal Information included in the testing environment, where a test is being conducted).
7. What are the purposes of the collection and processing of information? There are three main methods we use to collect Personal Information:
7.1. Non-personal Information is processed in order to:
- Enhance your experience on the Services;
- Create statistical information and learn about the preferences of Permitted Users and general trends regarding the Services (e.g. understand which features are more popular than others);
- Deliver targeted advertising and run advertising campaigns related to our products and services;
- Keep the Services safe and secure; and
- Prevent fraudulent activity on our Services.
7.2. Personal Information is processed in order to:
- Enable the operation of the Services, including the process of opening an Account to use the Services;
- Provide Customers and their Permitted Users with technical support;
- Conduct internal operations, such as: troubleshooting, data analysis, testing, research, statistical analysis, as well as the improvement of the provided Services and the TheTestMart’s AI engine;
- Keep the Services safe and secured against fraudulent and criminal activity;
- Comply with our legal obligations and provide us with the ability to protect our rights and legitimate interests;
- Send advertisements, updates, notices, announcements and additional information related to TheTestMart and its Services, by email, SMS, phone or otherwise;
- Provide targeted and behavior-based advertising; and
- Maintain data processing records and general administrative purposes.
Note to Permitted Users located in the EU:
Please note that all Personal Information included in any Customer Content uploaded to the Services is processed in order to provide our Services to our Customers and to fulfill our contractual obligations towards our Customers. However, as a ‘data processor’, TheTestMart is not legally obligated to determine the legal basis for processing such data, and it is each Customer’s responsibility, in its capacity as a ‘data controller’, to determine the lawful basis for enabling TheTestMart to process such data.
In order for TheTestMart to process Personal Information relating to Permitted Users, as detailed herein, such processing must be justified by a “basis” for processing, as follows:
- the processing is necessary to comply with legal obligations – we may process your Personal Information for disclosure of information to authorities and to maintain data processing records and general administrative purposes, as required by legal obligations that apply to us; and
- the processing is in our legitimate interests – subject to your interests and fundamental rights, we shall perform the Personal Information processing activities described herein under our legitimate interest in: (i) marketing our products and services, including our legitimate interest in performing online advertising campaigns and sending advertisements, updates, notices, announcements and additional information related to TheTestMart and the Services; (ii) offering comfortable and safe access to our Website and Services, (iii) conducting internal operations, including troubleshooting, data analysis, testing, research and statistical purposes, Services and the TheTestMart’s AI engine; (iv) personalizing the Services and ensuring that TheTestMart provides the best Services to its Customers, (v) ensuring that the Services are safe and secured against fraudulent and criminal activity; and (vi) managing our internal operations, maintaining records and email tracking. Where we rely on legitimate interests as a lawful basis, we will carry out a balancing test to ensure that your interests, rights and freedoms do not override our legitimate interests.
Note to non-EU Permitted Users:
BY ENTERING, CONNECTING TO, ACCESSING OR USING THE SERVICES, YOU CONSENT TO THE COLLECTION AND PROCESSING OF YOUR PERSONAL INFORMATION AS SPECIFIED HEREIN.
8. Sharing Personal Information with third parties
8.2. In addition to using the information collected by us for the purposes described under Section 7 above, we may also share your Personal Information and the Customer Content in the following cases:
- TheTestMart’s Personnel: Personal Information that we collect and process may be transferred to or accessed by personnel of TheTestMart for the sole purpose of enabling the operation of the Services and to contact you (as detailed in Section 7 above). Please note that all of TheTestMart’s personnel that will have access to your Personal Information and the Customer Content are under an obligation of strict confidentiality with respect to such Personal Information.
- Service Providers: we share Personal Information with vendors, commercial software providers, consultants and data processors who perform services on our behalf, including without limitation, companies that provide analysis, messaging services and services which host the Services. Please note that we collect, hold and manage your Personal Information and the Customer Content through third parties’ cloud based services, as reasonable for business purposes, which may be located in countries outside of the Customers’ and/or their Permitted Users’ jurisdiction. For more information regarding our service providers, please refer to Section 12 below.
8.3. For avoidance of doubt, TheTestMart may transfer and disclose Non-Personal Information, i.e., non-identifiable and anonymous information which consists of Technical And Behavioral Information that does not pertain to a specific individual, to third parties, at its discretion, including without limitation for statistical, analytical and research purposes and for customization, developing and improvement of our Services.
9. Data subjects’ rights
9.1. Customer Content: the Customer Content may contain Personal Information, as determined by the Customer. TheTestMart has implemented certain technical and organizational measures in its Services to assist its Customers in independently accessing the Personal Data included in such Customer Content. However, due to technical limitations and the nature of the Services, not all Personal Information contained in the Customer Content may be retrieved, accessed, amended, ported or restricted, as may be required under the data protection laws which are applicable to the Customer. Notwithstanding, all Personal Data is automatically deleted in regular 30-day intervals (or as otherwise set by the Customer) and may also be deleted at any time by the Customer, at its sole discretion. To the extent that the Customer, in its use of the Services, does not have the ability to exercise its obligations towards data subjects whose Personal Information is included on the Customer Content, please send us an email to: firstname.lastname@example.org, and, to the extent that we are technically capable to do so, we will make commercially reasonable efforts to assist.
9.2. Permitted Users: TheTestMart acknowledges that you have the right to access and change the Personal Information we collect and process about you. You may update the Personal Information that you entered when opening your account to use the Services, by using the designated page on your account. However, if you find that your are unable to do so or if you wish to access or to correct, amend, or delete Personal Information, please send us an email to: email@example.com and we will respond within a reasonable timeframe, but in any event no later than permitted by applicable law.
Note to Permitted Users located in the EU:
We hereby inform you of the following rights (by virtue of EU law), in respect of your Personal Information:
- Right to access: you may have the right to request a review of your Personal Information held by TheTestMart. We may refuse to comply with your access request if the request is manifestly unfounded, excessive or repetitive in nature.
- Right to erasure: under certain conditions, you may be entitled to require that TheTestMart will delete or “block” your Personal Information (e.g. if the continued processing of those data is not justified).
- Right to Portability: you may have the right to transfer your Personal Information between data controllers (i.e. to transfer your Personal Information to another entity). The right to data portability only applies where your Personal Information is processed by us with your consent or for the performance of a contract and when processing is carried out by automated means.
- Right to object to or withdraw consent: where that lawful basis for processing your Personal Information is either “public interest” or “legitimate interests”, those lawful bases are not absolute, and you may have the right to object to such processing. Where you object on the grounds of legitimate interest, we shall no longer process your Personal Information unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. If the processing of your Personal Information is based on your consent, you have the right to withdraw your consent to such processing at any time.
- The right to restrict processing: under certain circumstances, you may have the right to object to the processing of your Personal Information due to your particular situation.
- Right to lodge a complaint: you have the right to lodge a complaint before the relevant data protection authority or supervisory authority of your jurisdiction.
To exercise these rights, where applicable, please contact us by sending an email
10. Location of your data
Note to Permitted Users located in the EU:
If you are located in the EU, you have a right to request further information regarding the data transfer mechanisms used by us with respect to data transfers to third countries outside the EU.
In order to keep your Personal Information safe, we apply strict safeguards when transferring it outside of the EEA, which may include the following:
- Transferring your personal information to countries approved by the European Commission as having adequate data protection laws, such as Israel;
- Entering into standard contracts that have been approved by the European Commission and which provide an adequate level of high quality protection, with the recipients of your Personal Information;
- Transferring your Personal Information to organizations that are Privacy Shield Scheme certified, as approved by the European Commission
BY SUBMITTING YOUR PERSONAL INFORMATION, INCLUDING THE CUSTOMER CONTENT, THROUGH THE SERVICES, YOU ACKNOWLEDGE, AND AGREE, IN JURISDICTION WHERE SUCH CONSENT IS REQUIRED, TO SUCH TRANSFER, STORING AND/OR PROCESSING OF PERSONAL INFORMATION.
The Services are intended solely for Permitted Users over the age of sixteen (16). Therefore, TheTestMart does not intend and does not knowingly directly collect any Personal Information from Permitted Users under the age of sixteen (16) and does not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that minors under the age of sixteen (16) are not using the Services.
12. Third Party Service Providers and Third Party Software
12.1. During the Services provision period , we may use third-party service providers (such as hosting cloud services), who may collect, store and/or process your Personal Information and the Customer Content,. Such vendors may be located in countries that do not have the same data protection laws as the laws applied in the Customers’ and their Permitted Users’ jurisdiction.
12.3. Such third party service providers may include without limitation the following categories of service providers:
- Images editing services, including Applitools, which servers are located in the U.S. (Applitools Inc. is Privacy Shield certified);
- Cloud hosting services, including AWS, which servers are located in the U.S. (Amazon.com Inc. is Privacy Shield certified) and Microsoft Azure, which servers are located in the U.S. (Microsoft Corporation is Privacy Shield certified);
- Infrastructure services, including Intercom, which servers are located in the US. (Intercom Inc. is Privacy Shield certified) and Cloudinary, which servers are located in the U.S. (Cloudinary Inc. is Privacy Shield certified);
- UI recording services’, including Auryc.com, which is obligated by a DPA to the EU Model Clauses;
- Behavioral analytics services, including Mixpanel, which servers are located in the U.S. (Mixpanel Inc. is Privacy Shield certified) and Google Analytics, which servers are located in the U.S. (Google LLC is Privacy Shield certified); and
- Advertising and marketing services, including Facebook, which servers are located in the U.S. (Facebook Inc. is Privacy Shield certified) and HubSpot, which servers are located in the U.S. (HubSpot Inc. is Privacy Shield certified).
13.1. We take appropriate measures to maintain the security and integrity of our Services and prevent unauthorized access to them or use thereof through generally accepted industry standard technologies and internal procedures. Some of the security measures that we employ include, without limitation:
- the adoption of technical and organizational means, to ensure the security of the Customer Content, including Personal Information;
- compliance with the AICPA SOC 2® – SOC for Service Organizations: Trust Services Criteria and the SOC Type 2 auditing procedures and guidelines;
- the application of highly secure design and implementation methods to all our Services, including state of the art encryption mechanisms and secure architecture design to all storage and transmission mechanisms used for the processing and transmission of Customer Content and Permitted Users data, including Personal Information, to our third party service providers as described above; and
- the application of separation of duty among our employees and an access control management, which prevents unauthorized personnel from accessing the Customer Content and Permitted Users data, including Personal Information.
13.2. Please note, however, that there are inherent risks in transmission of information over the Internet or by using other methods of electronic storage and we cannot guarantee that unauthorized access or use of such information will never occur.
13.3. TheTestMart will comply with applicable law in the event of any breach of the security, confidentiality, or integrity of your Personal Information and will inform you of such breach as required by applicable law.
13.4. TO THE EXTENT THAT THETESTMART IMPLEMENTED THE REQUIRED SECURITY MEASURES UNDER APPLICABLE LAW, THETESTMART SHALL NOT BE RESPONSIBLE OR LIABLE FOR AN UNAUTHORIZED ACCESS, HACKING, OR OTHER SECURITY INTRUSIONS OR FAILURE TO STORE OR THE THEFT, DELETION, CORRUPTION, DESTRUCTION, DAMAGE, OR LOSS OF ANY DATA OR INFORMATION INCLUDED IN THE PERSONAL INFORMATION, INCLUDING THE CUSTOMER CONTENT.
14. Data retention
14.1. Permitted User’s Personal Information: Generally, we will keep Permitted User’s Personal Information only for as long as it is relevant and useful for the purpose for which it was originally collected.
14.2. Personal Information contained in Customer Content:
- TheTestMart will retain the Personal Information contained in Customer Content for the time period set by the Customer via the Services. Please note that if no other setting or requirement was explicitly presented by the Customer, all Customer Content which is included in the results of test run via the Services, including without limitation in test results, Screenshots, HTML Files, Element Locate Results and Runtime Console Logs, will be retained for a default period of thirty (30) days.
- TheTestMart will retain the Personal Information included in Element Locate Data without limitation of time, during the Customer’s engagement with TheTestMart.
- All the aforementioned retention periods can be reduced or extended by TheTestMart upon a Customer’s request. Upon termination of the Customer’s engagement with TheTestMart, all of the Customer Content is deleted. Furthermore, if you delete a test generated by the Services, then all the Customer Content associated with that test shall be deleted as well.
14.3. TheTestMart may store personal data for longer periods of time if the personal data is processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes and in such cases, the personal data will be subject to the implementation of appropriate technical and organizational measures to safeguard the rights and freedoms of the data subjects; or if it is under a statutory obligation to do so, and in such case TheTestMart shall notify the data subjects of that legal obligation (unless the Company is prohibited by applicable law from doing so), and will implement appropriate technical and organizational measures to ensure that the personal data retained is used to fulfil that statutory obligation and no other purpose. Please note that personal data which has been fully anonymized, as well as aggregated data, do not constitute ‘personal data’, and as such may be retained by the Company indefinitely.
16. Have any questions?