The biometric record contains some or all of the following information:

• a digitized representation of your fingerprint (the template), passport
• an image of your fingerprint, along with your name, address, telephone number (if provided)
• date of birth or age, identification document number
• a scanned copy of your identification document (such as your driver’s license, passport, etc.), which includes your digitized photograph

The biometrics record is paired with ID information and information about your testing appointment session.

Unless otherwise required by law, the personal information (including your fingerprint image and template) collected using biometrics is retained on behalf of the USMLE program sponsors in a secure, centralized database in the United States on test day and for a period of 5 years from the date of your most recent testing appointment with Prometric.

Access to your biometric information will be limited as described in the Privacy Notice for USMLE Candidates. Employees or agents of the USMLE sponsors who have access to the data are bound by confidentiality agreements. The data may be made available to third parties if required by law or as necessary to complete a testing fraud investigation directly related to the relevant candidate(s).

No.

Biometric Enabled Check-In Privacy Notice

For USMLE Candidates

Biometrics is part of Prometric’s identity management system and is designed to improve the security and integrity of the testing process. The USMLE program uses Biometric Enabled Check-In as part of standard test day procedures. This biometrics program is implemented by Prometric (whose corporate headquarters are located at 1501 South Clinton Street, Baltimore, MD 21224, U.S.A.) which acts on behalf of the USMLE program sponsors, as a data processor.

This Privacy Notice describes the privacy and security practices that have been established for the Biometric Enabled Check-In program.

About Biometric Enabled Check-In

The biometrics program converts a fingerprint to a digital image that is used for identity verification purposes. During the Biometric Enabled Check-In, you will place your finger on a scanner at the test center. The equipment will create a digitized representation of your fingerprint (a “template”). This representation template will be paired with other personal information you provide to your registration entity, allowing accurate identification during the testing process. As you move in and out of the test lab at the test center, you will use your finger to authenticate yourself at the scanners located in the test center.

Personal Information Collected as Part of the Biometrics Program

The biometric record contains some or all of the following information: a digitized representation of your fingerprint (the template), an image of your fingerprint, along with your name, address, telephone number (if provided), date of birth or age, identification document number, and a scanned copy of your identification document (such as your driver’s license), which includes your digitized photograph. The biometrics record is paired with ID information and information about your testing appointment session.

Purposes and Uses for the Personal Information

The personal information collected under the Biometric program is used:

• To verify your identity on an ongoing basis throughout the test day
• To identify and prevent testing fraud and maintain the integrity of the testing process by detecting and preventing test taking by unauthorized individuals
• To improve security at test centers by detecting and preventing unauthorized access of individuals to secure areas
• As required by law

Personal Information Disclosed to Third Parties

Your personal information (including your fingerprint template) may be provided to the following:

• Data processors, like Prometric, who process the data and who are bound by contracts to limit their use of the information to the purposes specified in this notice
• Third parties if required by law or as necessary to complete a testing fraud investigation directly related to the relevant candidate(s).

Information Storage

Unless otherwise required by law, the personal information (including your fingerprint image and template) collected using biometrics is retained on behalf of the USMLE program sponsors in a secure, centralized database in the United States on test day and for a period of 5 years from the date of your most recent testing appointment with Prometric. Upon expiration of that time period, all demographic information collected using biometrics and the fingerprint image and template are deleted. Although the U.S. and many other countries do not have comprehensive data protection laws, the USMLE sponsors and Prometric will treat your personal information such that it will receive appropriate protection through data transfer contracts and/or certification to the EU-US Safe Harbor Program.

Privacy and Information Security

Appropriate technical, physical and administrative safeguards have been implemented to help protect your personal information against unauthorized access or loss. Access to information collected under the Biometric Enabled Check-In program is limited to those employees or agents of the USMLE program sponsors who have a need to access it and who are bound by confidentiality agreements.

The USMLE program sponsors and Prometric are committed to protecting your privacy and will only use the personal information collected under the Biometric Enabled Check-In program for the purposes described in this Privacy Notice.

Questions

If you have concerns about the Biometric Enabled Check-In program, please contact us.

When you schedule your exam through Prometric, you will be asked whether you consent to the collection, use, processing and storage of your biometric information. Your consent will be effective until and unless you affirmatively withdraw that consent in writing to privacy@nbme.org or via www.prometric.com/datasubjectrequests.