Privacy policy
Privacy policy
Version 4.1 - May 2026
Introduction
TestGorilla B.V., a Dutch limited liability company registered with the Trade Register of the Chamber of Commerce ("TestGorilla", "our"), has created this Privacy Policy to explain how we collect, use, and disclose personal data. This Privacy Policy applies to all Candidates, customers ("you") who use the TestGorilla Platform. GDPR means the General Data Protection Regulation 2016/679.
1. What Kind of Information Do We Collect
We may require the following types of personal data from you when you use our platform:
Full name
Gender (optional)
E-mail address
Username and password (optional)
Video and webcam stills and recordings (optional)
Demographic data (optional)
IP address
Career-related information (e.g. education, job history, salary expectation) (optional)
Answers you provide to open-ended and custom test questions (excluding multiple choice questions)
Communications between you and us
2. For What Purposes Do We Use Your Personal Data?
We use your personal data to help us provide and support the services on our Platform:
2.1. Service Provision: As part of your application procedures with future employers, we use your information to provide assessment and talent sourcing services.
2.2. Communication: Sending emails, newsletters, and other messages to keep you informed of our services and the Platform.
2.3. Website Monitoring: To check the Platform and technology services are being used appropriately and to optimize the user experience.
2.4. Platform Optimization: To improve, test, and monitor the effectiveness of our Platform and diagnose or fix technology problems.
2.5. Managing Suppliers: To manage our supply chain and business relationships.
2.6. Easy Access: To help you efficiently access your information after you sign in and to remember your preferences.
2.7. Statistics: To monitor metrics such as the total number of visitors, traffic, and demographic patterns.
2.8. Development: To develop and test new products and features and improve our tests and Platform.
2.9. Benchmarks: To provide aggregated, anonymized test score benchmarks to our customers.
We only process your personal data for the above purposes and ensure it is only available to those who need access.
3. Our Legal Grounds for Using Your Personal Data
We process your personal data for the following reasons:
3.1. You have given us consent. Where we process personal data with your consent, you can withdraw consent at any time.
3.2. We require to process personal data for the performance of our contractual relationship with you.
3.3. We need to process personal data to comply with legal obligations in the Netherlands and other applicable jurisdictions.
3.4. Processing is necessary for our legitimate business interests, including: sharing skill sets with customers matching your interests; managing our business relationship with you; understanding and responding to inquiries; improving our Platform; managing our supply chain; sharing data in connection with acquisitions; providing onboarding and instructional information.
4. With Whom Do We Share Your Personal Data?
Other than with our sub-processors, we share your information with the following parties:
4.1. Customers: You consent to sharing your information, including assessment results, with the TestGorilla customers to whom you apply. When a Customer invites you to complete an assessment, that Customer receives your results and acts as an independent data controller in respect of its use of your results for recruitment and hiring purposes. The Customer is solely responsible for how it uses your results, how long it retains them, and for handling any data subject requests that relate to its own use of your data. You can exercise your GDPR rights in relation to the Customer’s processing directly against that Customer.
4.2. Test Authors: We share aggregated candidate test feedback with subject matter experts who have developed tests for the Platform.
4.3. Suppliers: Who support our business, including IT and communication suppliers, outsourced business support, and professional advisors.
4.4. Joint Controllership with Customers (Article 26 GDPR)
Where a Customer invites you to complete an assessment on the Platform, TestGorilla and that Customer act as joint controllers in respect of certain processing activities, in accordance with Article 26 of the GDPR. Specifically, both TestGorilla and the Customer jointly determine the purposes and means of: (a) collecting your assessment data via the invitation sent by the Customer; (b) transmitting your results from the Platform to the Customer; and (c) storing your results on the Platform during the period in which the Customer has access to them.
TestGorilla and its Customers have entered into a joint controller arrangement that sets out their respective GDPR responsibilities. In summary: TestGorilla is responsible for managing your rights in respect of processing carried out on the Platform (including access, rectification, erasure, and portability of your data on the Platform), and for notifying the relevant Customer of any security incident on the Platform affecting your data. The Customer is responsible for managing your rights in respect of its own use of your results for hiring decisions, and for its own security incident obligations. You can exercise your rights under the GDPR against either TestGorilla or the relevant Customer. To contact TestGorilla regarding the Platform processing, please use privacy@testgorilla.com. To exercise rights regarding a Customer’s use of your results, please contact that Customer directly.
5. Safety and Security
TestGorilla has taken appropriate technical and organizational measures using the latest technology to protect your personal data against loss or any form of unlawful processing. Passwords are stored in a hashed format.
6. Your Rights
Under the GDPR, you have the following rights with respect to your personal data:
6.1. Access: You are entitled to ask if we are processing your personal data and request a copy of it.
6.2. Correction: You are entitled to request that incomplete or inaccurate personal data be corrected.
6.3. Erasure: You are entitled to ask us to delete or remove personal data in certain circumstances.
6.4. Restriction: You are entitled to ask us to restrict the processing of certain personal data.
6.5. Portability: You have the right to receive a copy of personal information you have provided to us in a structured format.
6.6. Objection: Where we process personal data based on legitimate interests, you may challenge this processing.
To exercise any of these rights, please contact us at privacy@testgorilla.com.
7. Third-Party Applications, Websites, and Services
We are not responsible for the practices employed by any applications, websites, or services linked to or from the Platform. When you use a link to access a third-party site, our Privacy Policy does not apply.
8. How Long Do We Keep Your Data?
We keep your information only as long as needed to provide the services on our Platform. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
9. Where Will Your Information Be Held?
Your information will be held on servers in the European Economic Area. We will take steps to protect your personal data in accordance with this Privacy Policy if it is transferred outside the EEA.
10. Children
Our Platform does not seek to address anyone under the age of 16 ("Children"). We do not knowingly collect personal information from Children. If you become aware that a Child has provided us with personal information, please contact us.
11. Changes to This Policy
We may modify or update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. Changes take effect when posted.
12. How to Contact Us
If you have any questions about this Privacy Policy, please contact us via: privacy@testgorilla.com