Please find below the types of personal data we may require from you and which we process in order to provide our services on the Platform:
Type of User
address, postal code, city, state
date of birth
your username and password when you register for an account
demographic data (optional)
career-related information (e.g. education, job history)
the answers you give to test questions
communications between you and us
In some cases, you may provide personal data to us about other people (such as Candidates). You must ensure that you have given those individuals appropriate notice that you are providing their information to us and have obtained their consent to that disclosure.
We use your personal data to help us provide and support (the services on) our Platform. Here is how:
we use the information to carry out and administer the tests you book or take;
sending emails, newsletters, and other messages to keep you informed of the Platform. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link. We also use the personal data to deal with inquiries and complaints made by you relating to the Platform and to address your questions, issues, and concerns;
to check the Platform and our other technology services are being used appropriately and to optimize their functionality;
improve, test, and monitor the effectiveness of our Platform and diagnose or fix technology problems;
who deliver services to us;
to help you efficiently access your information after you sign in and to remember information so you will not have to re-enter it during your visit or the next time you visit the Platform;
monitor metrics such as total number of visitors, traffic, demographic patterns and patterns in our test results (on an anonymized and aggregated basis);
develop and test new products and features.
use aggregated and anonymized test scores and aggregated demographics to provide benchmarks to our customers and improve our services.
We only process your personal data for the above purposes and ensure that it is only available to those who have a legitimate need to know and would require access to it.
We will process your personal data for a number of reasons:
You have given us consent; Where we are processing personal data with your consent, you can withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
We require to process personal data for the performance of the contractual relationship with you;
We need to process personal data to comply with the legal obligations we are subject to in The Netherlands or in other jurisdictions, which include such obligations as accessing, preserving and sharing your personal data in response to a legal request such as a search warrant, court order, or subpoena;
processing is necessary for our legitimate business interests. Our legitimate interests are:
managing our business and relationship with you or your company or organization;
understanding and responding to inquiries and User feedback;
understanding how our Users use the Platform;
identifying what our Users want and developing our relationship with you, your company or organization;
improving our Platform and offerings;
managing our supply chain;
developing relationships with business partners;
sharing data in connection with acquisitions and transfers of our business;
If we have a good faith belief it is necessary to (i) detect, prevent and address fraud and other illegal activity and (ii) to protect ourselves, you, and others, including as part of investigations.
Other than with our sub-processors, we share your information with the following parties:
Customers: With our (prospective) customers we share information of Candidates in case customers administered tests to them or in case candidates agree to share test results with specific customers.
Test authors: We share aggregated candidate test feedback to subject matter experts who have developed tests for product improvement.
Suppliers: Who support our business including IT and communication suppliers, outsourced business support, business intelligence, marketing, and advertising agencies, and back-up vendors. Our suppliers have to meet minimum standards regarding information security and they will only be provided data in line with their function.
TestGorilla has taken appropriate technical and organizational measures by using the latest technologies to protect your personal data against loss or unlawful processing. We keep on improving our safeguards to help keep the information collected through the Platform secure and take steps to verify your identity before granting you access to your account. In addition, we use state-of-art encryption technologies. It will also be good to know that we are SOC2 type 2 certified. We request you to also do your part to help us. You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to emails between you and us, at all times. We are not responsible for the functionality, privacy, or security measures of any other organization.
In accordance with the GDPR you have the following rights in respect of your personal data that we hold:
you are entitled to ask us if we are processing your personal data and, if we are, you can request access to your personal data. This enables you to receive an overview of the personal data we hold about you and certain other related information;
you are entitled to request that any incomplete or inaccurate personal data we hold about you is corrected;
you are entitled to ask us to delete or remove personal data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims;
you are entitled to ask us to restrict the processing of certain of your personal data about you, for example, if you want us to establish its accuracy or if the processing is unlawful;
you have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person;
where we are processing your personal data based on legitimate interests, you may challenge this. However, we may be entitled to continue processing your information as stated in the GDPR. You also have the right to object where we are processing your personal information for direct marketing purposes;
Residents in other jurisdictions may have similar rights to the above. We have appointed a data protection officer, Otto Verhage (a.i.), who you can approach if you want to exercise any of these rights, or for any questions or concerns that you may have. Please contact email@example.com. You also have a right to lodge a complaint with a data protection supervisory authority, in particular in a member state in the European Union where you are habitually resident, where we are based, or where an alleged infringement of Data Protection law has taken place.
We generally keep your information only as long as needed to provide the services on our Platform. We will retain your information as necessary to comply with legal, accounting, or regulatory requirements. The retention period for candidate data that is available to customers (e.g. name, email address, and test scores) is 2 years. Webcam pictures taken as an anti-cheating measure are retained for 6 months. Video recordings of candidates answering custom questions are retained for 2 years. Information we receive about you may be accessed, processed, and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.
Your information will be held on servers in the European Economic Area. We will take steps to protect your information in line with locally applicable data protection requirements. Your information may be transferred to and maintained on computers located outside of your country, where the data protection laws may differ from those in your jurisdiction. Where we transfer your personal data to a country that does not have an adequate level of data protection safeguards, rest assured that we have implemented the required supplementary security safeguards. If you are located outside the European Economic Area and choose to provide information to us, please note that we transfer the information to the European Economic Area.
Our Platform does not seek to address anyone under the age of 16 (“Children”). We do not knowingly collect personal data from children under 16. We conduct our verification tests with the aim of also establishing we are not dealing with Children. If you are a parent or guardian and you are aware that your Children have provided us with personal data, please contact us. If we become aware that we have collected personal data from a child under age 16 without verification of parental consent, we take steps to remove that information from our servers.