We understand that the security of your personal information is important. We use reasonable practices to protect your personal information from unauthorized use, disclosure, alteration, or destruction. We retain your information for only as long as needed to provide you with requested services, to meet our governance responsibilities, to comply with legal requirements, for business operations, and to protect against fraud and theft and as required or permitted by law. As with any website, no security controls are 100% effective; we cannot guarantee the prevention of breaches. We encourage our visitors to use common sense in protecting your id, password, and other personal information.
Our Information Security Program
We have implemented an information security program consisting of physical controls (to limit the access to physical media and devices containing the information), technical controls (to limit on-line access to information), and administrative controls (to limit the people who have access to your information) to protect your information. The effectiveness of our security program is periodically audited allowing for improvements to be made.
Data Retention and Destruction
We retain your information for only as long as needed to provide to provide you with requested services, to meet our governance responsibilities, to comply with legal requirements, for business operations, and to protect against fraud and theft and as required or permitted by law.
- Generally, GMAC retains the personal information that we have collected up to 10 years beyond delivery of the last product or service you have selected for security purposes;
- Palm vein pattern records are retained for 5 years or the period designated by local law;
- CCTV/video/audio is retained for 30 days (or legally required period) at the test center unless there is a security incident necessitating a longer retention period;
- Accommodation requests and related information is retained for 5 years; and
- Aggregated information from which an individual cannot be identified is retained for research and product development purposes for research and business operations.
You may request that we delete the information in your account. For more information about deletion limitations for test takers and others, please visit our Your Access and Choices page.
Your Role in Protecting Your Information
As a user, you contribute to our security efforts by creating a user-id and password to access your information on our websites. Creating a strong, difficult to guess password enhances the security of your information. Also, please remember to avoid sharing your user-id and password with anyone. It is also recommended that you do not save your user-id and password on your computer or anyone else’s computer.
When using our websites, you may post information, such as comments to blogs or forums, which may include, at your discretion, personal information. As the blogs and forums are publicly available, any personal information you post in these comments will be publicly available. To request deletion of any of this content please contact our Customer Care group. It may take up to 10 business days to complete your request.
Also, please refer to our section on Cookies and Similar Technologies and Your Access and Choices for more information on how you may protect the personal information you provide to us.