Privacy policy

This privacy policy describes how we deal with the data of the users of the Drillster platform. Questions about this policy? Don’t hesitate to contact us.

How we deal with your data

Drillster is a personalized learning tool. Through our activities we process personal data. We are committed to protecting and respecting your privacy in the best possible way. Through this Privacy Policy we inform you how we process your personal data.

About us

Drillster B.V. is a company with limited liability established and existing under the laws of the Netherlands, having its registered office in (3454 PV) De Meern, the Netherlands, at Rijnzathe 16 (“Drillster”, “we”, “us” or “our”). We are registered with the Dutch Chamber of Commerce in Utrecht, Netherlands with file number 34245954. Drillster also has a branch office in France: Drillster France EURL, registered at R.C.S. Paris under number 833 143 555.

To whom does this Privacy Policy apply?

Drillster offers an adaptive online learning- and testing platform, which can be used to develop, to test and to maintain knowledge, in a fast and efficient way. Companies, organizations, educational institutions and individual users can upload teaching material available on the platform for their own use or use by trainees, students or others.


This Privacy Policy applies to you when you use our website (“Website”) and (application) and the Drillster mobile iOS and Android applications. Through our Website you can obtain information about our service, contact us, subscribe to our newsletter, request downloadable documents, and apply for a job. This Privacy Policy is also applicable to you when you test the application through a Drillster demo account, which you can also request via the Website.


When you use Drillster via your employer, training institute or school, then your employer, training provider, publisher, or school is responsible for the processing of your personal data. Such party qualifies as a data controller and Drillster as data processor. The protection of your personal data is contractually covered in the data processing agreement that we concluded with your employer, training provider, publisher or school. We advise you to contact your employer, training provider, school, or university on their privacy and security arrangements.

How does Drillster process your personal data?

We process your personal data for various reasons. In the overview below we indicate the personal data Drillster uses for which specific purpose, what the legal ground is for processing these data, and how long Drillster stores the data.


1. The Website

If you visit the Website, we collect some technical information about your visit. For example, we collect the date and time of your visit, IP address, or other unique number, browser, items you visit and other log information (such as URL referrer and the country of the IP address). This personal data is necessary to allow the Website to function optimally and to display information in the desired manner. The processing of this personal data is therefore necessary for the purposes of the legitimate interests pursued by Drillster.


We also collect information about your visit to our Website via cookies. You can find more information about the personal data that we process in our Cookie Policy.


2. Newsletter

You can subscribe to Drillster’s newsletter on the Website by providing your email address. Our newsletter will keep you informed of the activities and development of the Drillster adaptive learning application and the Drillster organization. You will receive the newsletter on a regular basis. If you no longer wish to receive the newsletter, you can unsubscribe by unselecting the newsletter box in the “my profile” section of your Drillster account or by using the unsubscribe button at the bottom of each newsletter. A possibility to unsubscribe is also included in every individual newsletter. In case you unsubscribe, Drillster advises you to regularly check the Website for new developments or promotions.


In addition to your email address, we also use the information we receive via tracking software when we send you marketing emails. These include the time the email was received and opened, the content of the opened email, the hyperlinks clicked on, your IP address, your operating system and the browser you are using.


We process your email address to send you an email. The other personal data mentioned here is processed because it is important for us to keep improving our emails. The processing of this personal data is necessary for the purposes of the legitimate interests pursued by Drillster.


The personal data we process in the context of email tracking will be deleted one month after collection. The email address and the data that show that you have subscribed to the newsletter will be deleted five years after you unsubscribe from the newsletter, as this is prescribed by the Dutch Authority for Consumers & Markets (“Autoriteit Consument & Markt”).


3. Drillster demo account

If you would like to try our services, you can request a demo account via our Website. We then process your name, email address, company (optional) and phone number (optional). After filling in your information, we will contact you by e-mail and generate a demo account and password for you, which you can use for a limited amount of time (six months).


Drillster stores, processes and maintains your account details and other data related to your demo account in order to provide the service to you. An e-mail address is required to enable you to set and reset your own password and to send notifications that are part of the default Drillster service offering. Notifications can be sent if you are invited to participate in a training, when drills or tests have been shared with you, or the demo version ends. The processing of above-mentioned personal data is necessary for the performance of the user contract with you. Without these personal data we cannot create an account and cannot provide the service to you.


Drillster furthermore stores and processes all of the information and content (drill, story and test content) that you create or use on the Drillster application. We process this information in order to personalize the learning experience, to generate learning statistics and to optimize your learning results. The processing of these personal data is therefore necessary for the purposes of the legitimate interests pursued by Drillster.


Drillster stores your account data for as long as your demo account is active. When you indicate via that you wish to delete your Drillster account, this will be done within 48 hours. After personal data or learning content have been deleted, it can take up to 48 hours before all personal data and other related data will be deleted from all backup systems.


4. Careers

Want to join an awesome international scale-up in the EdTech and education industry? We’re always looking for talent! If you apply for a position, we will process your name, email address, phone number, information from your CV and cover letter (references, list of marks, certificates, etc.). We also consult (business) social media, such as LinkedIn and Facebook. The personal data we collect in the first phase of the application process is needed to assess whether you would be suitable for the position. The processing of these personal data is therefore necessary for the purposes of the legitimate interest pursued by Drillster. We store your personal data for a maximum of four weeks after rejection or, with your consent for a period of one year.


5. Contact

Should you have a question, suggestion or are you interested in learning the Drillster way, please don’t hesitate and contact us. We always love to hear from you! If you contact us, we will process personal data that you fill in or provide to us, such as your name, email address, company name, phone number and the content of your message. We use this personal data to ensure that we can answer you properly. The processing thereof is necessary for the purposes of the legitimate interests pursued by Drillster.


If you have a demo account, your personal data is stored for as long as your account is active and will deleted immediately if you indicate ( that you wish to delete your Drillster account. In other cases, we will delete your personal data within six months after you requested the demo account.


6. Other data processing activities

We process personal data if supervisory authorities and inspection services oblige us to do so, such as the Tax and Customs Administration or the Dutch Data Protection Authority (“Autoriteit Persoonsgegevens”). These personal data are stored as long as necessary for these purposes or as prescribed by specific legal obligations.

Access to personal data

The following third parties have access to your personal data.


1. Employees of Drillster

Drillster employees do not have access to personal data with the exception of the employees of the support desk who may have to use your user name (e-mail address) and/or name details to research your account in case you report service issues and our HR employee in case you apply for a position.


2. Processors

We engage parties that process personal data on our behalf (processors), for example to host the Website, store and manage personal data (including backups) and send newsletters. We for example use Google Cloud, Zendesk and Active Campaign. Drillster has taken appropriate security measures for this data (encryption), and has signed data processing agreements with all these parties ensuring an appropriate level of protection.


3. Authorities and legal-aid counsellors

Drillster may provide your personal data to third parties if Drillster is obliged to do so on account of national or international laws, case law and/or regulations, if Drillster it considers necessary to do so in defense of its own rights.

Protection of your personal data

Drillster takes appropriate technical and organizational measures to protect your (personal) information against loss or any form of unlawful use, such as:

  • Drillster BV and Drillster France EURL are ISO27001 certified;
  • Hosting our service is done in either Europe (The Netherlands) or the USA. This depends on the privacy location that our customer has chosen;
  • Data centers we use have industry-recognized certification such as ISO 27001, ISO31000 and SOC2;
  • Access to the production environment is entirely separated from public access and two-factor authentication is required;
  • We scan all public facing servers periodically for vulnerabilities;
  • Access to the application is secured with an EV SSL certificate, combined with strong passwords.
  • Measures have been taken against code injection and cross-site scripting attacks.

Content of third parties

The Website (not being the Drillster learning application) may contain hyperlinks that navigate you from the Drillster environment to the website or application of a third party. Drillster has no authority over the services and/or websites of third parties to which is linked. It therefore may be the case that for the use of those services and/or websites of third parties another privacy policy is applicable. This Privacy Policy is exclusively applicable to the personal data that is obtained through the Website and the demo account. Drillster does not accept any responsibility or liability for the (use and/or content of the) services and/or websites of third parties.


Data processing outside the European Economic Area
Drillster makes use of data centers in the Netherlands and outside the European Economic Area, namely in the United States of America. Depending on the region that the user resides in, the personal data will be stored in one of these data centers. Organizations that have signed a user agreement with Drillster can further enforce that all their user accounts are stored in the same geographical data center, being either in the Netherlands or the United States of America.


We further engage third parties that transfer personal data outside the European Economic Area, such as to the United States of America when transferring personal data to Active Campaign (marketing data) and Zendesk (customer service). Drillster has taken adequate protection measures to ensure that these transfers of personal data are in compliance with Dutch privacy legislation.

For more information about the safeguards for international data transfers, please contact us using the contact details listed below in this Privacy Policy.

Your rights

Under European privacy law, you have a number of rights with regard to your privacy.

  1. Right to access. This is the right to ask us if we have personal data from you and to have access to it.
  2. Right to rectification. You have the right to request the rectification of inaccurate personal data concerning you.
  3. Right to be forgotten. In some cases, you have the right to ask Drillster to erase your personal data.
  4. Right to restriction. You have the right to obtain restriction of processing of your personal data or to stop the processing temporarily.
  5. Data portability. This is the right to receive your personal data which you have provided to us in order to transmit those data to another controller.
  6. Right to object. You have the right to object to processing of personal data. Where personal data are processed for direct marketing purposes (see “How does Drillster process your personal data?”), you always have the right to object to processing of personal data for such marketing.
  7. Withdraw consent. Where the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

If you would like to exercise one of these rights, you can send a request to Drillster will then respond within four weeks to such a request. If Drillster decides to deny your request, it shall inform you on the grounds of this decision.


Please be advised that you can review the personal data that is stored in your Drillster demo account by going to the “My profile” section in your Drillster demo account. You can amend this data yourself. You may also change your Drillster account settings through the “My profile” section.


More information

Please contact us via or our contact form on the Website any time for more information about our privacy practices – for example with regard to the balancing test that we have made in order to base some of our data processing activities on the legal ground “legitimate interest”. If you have complaints, please also contact us. We will be happy to find a solution! You can also submit a complaint here to the Dutch Data Protection Authority here (in Dutch).


It is possible for this Privacy Policy to be amended in the future. It is therefore recommended to regularly visit the section on the Website on which the Privacy Policy is outlined. If there are subsequent substantive or material changes that may affect one or more of the parties involved to a considerable extent, we inform those involved in advance.


Versie 3.1
Laatste update: 4 april 2023