Privacy policy
Privacy policy
Version 4.2 - May 2026
Introduction
TestGorilla B.V., a Dutch limited liability company registered with the Trade Register of the Chamber of Commerce under no. 77597249 (“TestGorilla”, “we,” “us” or “our”) is committed to protecting and respecting your privacy. This privacy policy (“Privacy Policy”) explains how we collect, use, share, and protect data that identifies or is associated with an individual person (“personal data”) in relation to our website www.testgorilla.com, including the services offered on such website (the “Platform”), and your choices about the collection and use of your information. TestGorilla operates an employee and applicant (“Candidates”) testing platform that allows employers and customers (“customers”) to instruct Candidates to take aptitude, personality, and skills tests through the Platform. This Privacy Policy applies to you as an individual accessing and using our Platform to take aptitude, personality, and skills tests (“you”, “Candidate” or “User”). To use our Platform, TestGorilla needs to process certain personal data of the Users. This Privacy Policy applies to all acts of processing of personal data where TestGorilla acts as a controller in the sense of the General Data Protection Regulation (“GDPR”). Before accessing or using the Platform, please ensure you have read and understood our Privacy Policy.
1. What kind of information do we collect
Information we collect when you use our platform
Please find below the types of personal data we may require from you and which we process in order to provide our services on the Platform:
Full name
Gender (optional)
E-mail address
Username and password (optional)
Video and webcam stills and recordings (optional)
Demographic data (optional)
IP address
Career-related information (e.g., education, job history, salary expectation) (optional)
Answers you provide to open-ended and custom test questions (excluding multiple choice questions)
Communications between you and us
2. For what purposes do we use your personal data?
We use your personal data to help us provide and support (the services on) our Platform. Here is how:
2.1 Service provision: As part of your application procedures with future employers of your choice, we use the information to carry out and administer assessment tests and share the results of such tests with such future employers. Alternatively, we use the information to carry out and administer assessment tests and share the results of such tests with selected future employers that match your skills and interests;
2.2 Communication: Sending emails, newsletters, and other messages to keep you informed of our services and the Platform, including your test results generated by the Platform, or contacting you about potential job opportunities. You may opt out of receiving any or all of these communications from us by following the unsubscribe link. We also use the personal data to deal with inquiries and complaints made by you relating to the Platform and to address your questions, issues, and concerns. In addition, we may send you information and guidance to help you get started with and make effective use of our Platform, such as onboarding resources, feature overviews, or tips on using assessments.
2.3 Website monitoring: To check the Platform and our other technology services are being used appropriately and to optimize their functionality;
2.4 Platform optimization: improve, test, and monitor the effectiveness of our Platform and diagnose or fix technology problems;
2.5 Managing suppliers: who deliver services to us;
2.6 Easy access: To help you efficiently access your information after you sign in and to remember information so you will not have to re-enter it during your visit or the next time you visit the Platform;
2.7 Statistics: Monitor metrics such as the total number of visitors, traffic, demographic patterns, and patterns in our test results (on an anonymized and aggregated basis);
2.8 Development: Develop and test new products and features, and improve our tests and Platform;
2.9 Benchmarks: Use aggregated and anonymized test scores and aggregated demographics to provide benchmarks to our customers and improve our services;
We only process your personal data for the above purposes and ensure that it is only available to those who have a legitimate need to know and would require access to it;
3. Our legal grounds for using your personal data
We will process your personal data for the following reasons:
3.1 You have given us consent; where we are processing personal data with your consent, you can withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
3.2 We require to process personal data for the performance of the contractual relationship with you;
3.3 We need to process personal data to comply with the legal obligations we are subject to in The Netherlands or in other jurisdictions, which include such obligations as accessing, preserving, and sharing your personal data in response to a legal request such as a search warrant, court order, or subpoena;
3.4 Processing is necessary for our legitimate business interests. Our legitimate business interests are:
Sharing skill sets and test data with TestGorilla customers matching your skill sets and interests;
Managing our business and relationship with you;
Understanding and responding to inquiries and User feedback;
Understanding how our Users use the Platform;
Identifying what our Users want and developing our relationship with you, your company, or organization;
Improving our Platform and offerings;
Managing our supply chain;
Developing relationships with business partners;
Sharing data in connection with acquisitions and transfers of our business;
If we have a good faith belief that it is necessary to (i) detect, prevent, and address fraud and other illegal activity and (ii) to protect ourselves, you, and others, including as part of investigations.
Providing Users with onboarding and instructional information to support their use of the Platform
4. With Whom Do We Share Your Personal Data?
Other than with our sub-processors, we share your information with the following parties:
4.1. Customers: You consent to sharing your information, including assessment results, with the TestGorilla customers to whom you apply. When a Customer invites you to complete an assessment, that Customer receives your results and acts as an independent data controller in respect of its use of your results for recruitment and hiring purposes. The Customer is solely responsible for how it uses your results, how long it retains them, and for handling any data subject requests that relate to its own use of your data. You can exercise your GDPR rights in relation to the Customer’s processing directly against that Customer.
4.2. Test Authors: We share aggregated candidate test feedback with subject matter experts who have developed tests for the Platform.
4.3. Suppliers: Who support our business, including IT and communication suppliers, outsourced business support, business intelligence, marketing and advertising agencies, and back-up vendors. Our suppliers have to meet minimum standards regarding information security, and they will only be provided with data required for their function.
4.4. Joint Controllership with Customers (Article 26 GDPR): Where a Customer invites you to complete an assessment on the Platform, TestGorilla and that Customer act as joint controllers in respect of certain processing activities, in accordance with Article 26 of the GDPR. Specifically, both TestGorilla and the Customer jointly determine the purposes and means of: (a) collecting your assessment data via the invitation sent by the Customer; (b) transmitting your results from the Platform to the Customer; and (c) storing your results on the Platform during the period in which the Customer has access to them.
TestGorilla and its Customers have entered into a joint controller arrangement that sets out their respective GDPR responsibilities. In summary: TestGorilla is responsible for managing your rights with respect to processing carried out on the Platform (including access, rectification, erasure, and portability of your data on the Platform), and for notifying the relevant Customer of any security incident on the Platform that affects your data. The Customer is responsible for managing your rights in respect of its own use of your results for hiring decisions, and for its own security incident obligations. You can exercise your rights under the GDPR against either TestGorilla or the relevant Customer. To contact TestGorilla regarding the Platform processing, please use privacy@testgorilla.com. To exercise rights regarding a Customer’s use of your results, please contact that Customer directly.
5. Safety and security
TestGorilla has taken appropriate technical and organizational measures by using the latest technologies to protect your personal data against loss or unlawful processing. We continue to improve our safeguards to help keep the information collected through the Platform secure, and we take steps to verify your identity before granting you access to the Platform or your account. In addition, we use state-of-the-art encryption technologies. Furthermore, TestGorilla is SOC2 type 2 certified. We request that you also do your part to help us. You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to emails between you and us at all times. We are not responsible for any other organization's functionality, privacy, or security measures.
6. Your Rights
Under the GDPR, you have the following rights with respect to your personal data that we hold:
6.1 Access: You are entitled to ask us if we are processing your personal data, and, if we are, you can request access to your personal data. This enables you to receive an overview of the personal data we hold about you and certain other related information;
6.2 Correction: You are entitled to request that any incomplete or inaccurate personal data we hold about you be corrected;
6.3 Erasure: You are entitled to ask us to delete or remove personal data in certain circumstances. There are also exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims;
6.4 Restriction: You are entitled to ask us to restrict the processing of certain of your personal data about you, for example, if you want us to establish its accuracy or if the processing is unlawful;
6.5 Portability: You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person;
6.6 Objection: Where we are processing your personal data based on legitimate interests, you may challenge this. However, we may be entitled to continue processing your information as stated in the GDPR. You also have the right to object to where we are processing your personal information for direct marketing purposes.
Residents in other jurisdictions may have similar rights to the above. If you want to exercise any of these rights, or if you have any questions or concerns that you may have, please contact our data protection officer via privacy@testgorilla.com. You also have a right to lodge a complaint with a data protection supervisory authority, in particular in a member state in the European Union where you are habitually resident, where we are based, or where an alleged infringement of Data Protection law has taken place.
7. Third-party applications, websites, and services
We are not responsible for the practices employed by any applications, websites, or services linked to or from our Platform, including the information or content contained within them. Please remember that when you use a link to go from our Platform to another application, website, or service, this Privacy Policy does not apply to those third-party applications, websites, or services. Your browsing and interaction on any third-party application, website, or service, including those with a link on our Platforms, are subject to that third party’s rules and policies. In addition, please be informed that we are not responsible and do not have control over any third parties you authorize to access your account. If you are using a third-party app, website, or service and you allow them to access your account, you do so at your own risk.
8. How long do we keep your data?
We keep your information only as long as needed to provide the services on our Platform. We will retain your information as necessary to comply with legal, accounting, or regulatory requirements. The retention period for your data that is available to customers (e.g. name, email address, test scores, and answers to custom questions) is 2 years. Webcam pictures taken as an anti-cheating measure and video recordings of you answering custom questions are retained for 6 months. After the retention period, personally identifiable information is deleted permanently. However, TestGorilla and the Customer(s) that invited you to take an Assessment retain your test scores on (an) anonymized profile(s) for score benchmarking and psychometric analyses. Information we receive about you may be accessed, processed, and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.
9. Where will your information be held?
Your information will be held on servers in the European Economic Area. We will take steps to protect your information in line with locally applicable data protection requirements. Your information may be transferred to and maintained on computers located outside of your country, where the data protection laws may differ from those in your jurisdiction. We may transfer information on the condition that all appropriate safeguards required by applicable laws are in place. This may include a prior data transfer impact assessment, the adoption, monitoring, and evaluation of supplementary technical, organizational and legal measures, enforceable data subject rights, and that effective legal remedies for data subjects are available. When we transfer your personal data to a country that does not have an adequate level of data protection safeguards, be assured that we have implemented the required supplementary security safeguards. Unless an adequacy decision or alternative transfer mechanism applies, we have entered into and shall maintain Standard Contractual Clauses with our sub-processors (including our affiliates) located outside the EEA. If you are located outside the European Economic Area and choose to provide information to us, please note that we transfer the information to the European Economic Area.
10. Children
Our Platform does not seek to address anyone under the age of 16 (“Children”). We do not knowingly collect personal data from children under 16. We conduct our verification tests with the aim of also establishing we are not dealing with Children. If you are a parent or guardian and you are aware that your Children have provided us with personal data, please contact us. If we become aware that we have collected personal data from a child under age 16 without verification of parental consent, we take steps to remove that information from our servers.
11. Changes to this Policy
We may modify or update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
12. How to contact us
If you have any questions about this Privacy Policy, please contact us via privacy@testgorilla.com.