How we deal with your data
Drillster B.V. is a company with limited liability established and existing under the laws of the Netherlands, having its registered office in (3454 PV) De Meern, the Netherlands, at Rijnzathe 16 (“Drillster”, “we”, “us” or “our”). We are registered with the Dutch Chamber of Commerce in Utrecht, Netherlands with file number 34245954. Drillster also has a branch office in France: Drillster France EURL, registered at R.C.S. Paris under number 833 143 555.
Drillster offers an adaptive online learning- and testing platform, which can be used to develop, to test and to maintain knowledge, in a fast and efficient way. Companies, organizations, educational institutions and individual users can upload teaching material available on the platform for their own use or use by trainees, students or others.
When you use Drillster via your employer, training institute or school, then your employer, training provider, publisher, or school is responsible for the processing of your personal data. Such party qualifies as a data controller and Drillster as data processor. The protection of your personal data is contractually covered in the data processing agreement that we concluded with your employer, training provider, publisher or school. We advise you to contact your employer, training provider, school, or university on their privacy and security arrangements.
How does Drillster process your personal data?
We process your personal data for various reasons. In the overview below we indicate the personal data Drillster uses for which specific purpose, what the legal ground is for processing these data, and how long Drillster stores the data.
1. The Website
If you visit the Website, we collect some technical information about your visit. For example, we collect the date and time of your visit, IP address, or other unique number, browser, items you visit and other log information (such as URL referrer and the country of the IP address). This personal data is necessary to allow the Website to function optimally and to display information in the desired manner. The processing of this personal data is therefore necessary for the purposes of the legitimate interests pursued by Drillster.
You can subscribe to Drillster’s newsletter on the Website by providing your email address. Our newsletter will keep you informed of the activities and development of the Drillster adaptive learning application and the Drillster organization. You will receive the newsletter on a regular basis. If you no longer wish to receive the newsletter, you can unsubscribe by unselecting the newsletter box in the “my profile” section of your Drillster account or by using the unsubscribe button at the bottom of each newsletter. A possibility to unsubscribe is also included in every individual newsletter. In case you unsubscribe, Drillster advises you to regularly check the Website for new developments or promotions.
In addition to your email address, we also use the information we receive via tracking software when we send you marketing emails. These include the time the email was received and opened, the content of the opened email, the hyperlinks clicked on, your IP address, your operating system and the browser you are using.
We process your email address to send you an email. The other personal data mentioned here is processed because it is important for us to keep improving our emails. The processing of this personal data is necessary for the purposes of the legitimate interests pursued by Drillster.
The personal data we process in the context of email tracking will be deleted one month after collection. The email address and the data that show that you have subscribed to the newsletter will be deleted five years after you unsubscribe from the newsletter, as this is prescribed by the Dutch Authority for Consumers & Markets (“Autoriteit Consument & Markt”).
3. Drillster demo account
If you would like to try our services, you can request a demo account via our Website. We then process your name, email address, company (optional) and phone number (optional). After filling in your information, we will contact you by e-mail and generate a demo account and password for you, which you can use for a limited amount of time (six months).
Drillster stores, processes and maintains your account details and other data related to your demo account in order to provide the service to you. An e-mail address is required to enable you to set and reset your own password and to send notifications that are part of the default Drillster service offering. Notifications can be sent if you are invited to participate in a training, when drills or tests have been shared with you, or the demo version ends. The processing of above-mentioned personal data is necessary for the performance of the user contract with you. Without these personal data we cannot create an account and cannot provide the service to you.
Drillster furthermore stores and processes all of the information and content (drill, story and test content) that you create or use on the Drillster application. We process this information in order to personalize the learning experience, to generate learning statistics and to optimize your learning results. The processing of these personal data is therefore necessary for the purposes of the legitimate interests pursued by Drillster.
Drillster stores your account data for as long as your demo account is active. When you indicate via firstname.lastname@example.org that you wish to delete your Drillster account, this will be done within 48 hours. After personal data or learning content have been deleted, it can take up to 48 hours before all personal data and other related data will be deleted from all backup systems.
Want to join an awesome international scale-up in the EdTech and education industry? We’re always looking for talent! If you apply for a position, we will process your name, email address, phone number, information from your CV and cover letter (references, list of marks, certificates, etc.). We also consult (business) social media, such as LinkedIn and Facebook. The personal data we collect in the first phase of the application process is needed to assess whether you would be suitable for the position. The processing of these personal data is therefore necessary for the purposes of the legitimate interest pursued by Drillster. We store your personal data for a maximum of four weeks after rejection or, with your consent for a period of one year.
Should you have a question, suggestion or are you interested in learning the Drillster way, please don’t hesitate and contact us. We always love to hear from you! If you contact us, we will process personal data that you fill in or provide to us, such as your name, email address, company name, phone number and the content of your message. We use this personal data to ensure that we can answer you properly. The processing thereof is necessary for the purposes of the legitimate interests pursued by Drillster.
If you have a demo account, your personal data is stored for as long as your account is active and will deleted immediately if you indicate (email@example.com) that you wish to delete your Drillster account. In other cases, we will delete your personal data within six months after you requested the demo account.
6. Other data processing activities
We process personal data if supervisory authorities and inspection services oblige us to do so, such as the Tax and Customs Administration or the Dutch Data Protection Authority (“Autoriteit Persoonsgegevens”). These personal data are stored as long as necessary for these purposes or as prescribed by specific legal obligations.
Access to personal data
The following third parties have access to your personal data.
1. Employees of Drillster
Drillster employees do not have access to personal data with the exception of the employees of the support desk who may have to use your user name (e-mail address) and/or name details to research your account in case you report service issues and our HR employee in case you apply for a position.
We engage parties that process personal data on our behalf (processors), for example to host the Website, store and manage personal data (including backups) and send newsletters. We for example use Google Cloud, Zendesk and Active Campaign. Drillster has taken appropriate security measures for this data (encryption), and has signed data processing agreements with all these parties ensuring an appropriate level of protection.
3. Authorities and legal-aid counsellors
Drillster may provide your personal data to third parties if Drillster is obliged to do so on account of national or international laws, case law and/or regulations, if Drillster it considers necessary to do so in defense of its own rights.
Protection of your personal data
Drillster takes appropriate technical and organizational measures to protect your (personal) information against loss or any form of unlawful use, such as:
- Drillster BV and Drillster France EURL are ISO27001 certified;
- Hosting our service is done in either Europe (The Netherlands) or the USA. This depends on the privacy location that our customer has chosen;
- Data centers we use have industry-recognized certification such as ISO 27001, ISO31000 and SOC2;
- Access to the production environment is entirely separated from public access and two-factor authentication is required;
- We scan all public facing servers periodically for vulnerabilities;
- Access to the application is secured with an EV SSL certificate, combined with strong passwords.
- Measures have been taken against code injection and cross-site scripting attacks.
Content of third parties
Data processing outside the European Economic Area
Drillster makes use of data centers in the Netherlands and outside the European Economic Area, namely in the United States of America. Depending on the region that the user resides in, the personal data will be stored in one of these data centers. Organizations that have signed a user agreement with Drillster can further enforce that all their user accounts are stored in the same geographical data center, being either in the Netherlands or the United States of America.
We further engage third parties that transfer personal data outside the European Economic Area, such as to the United States of America when transferring personal data to Active Campaign (marketing data) and Zendesk (customer service). Drillster has taken adequate protection measures to ensure that these transfers of personal data are in compliance with Dutch privacy legislation.
Under European privacy law, you have a number of rights with regard to your privacy.
- Right to access. This is the right to ask us if we have personal data from you and to have access to it.
- Right to rectification. You have the right to request the rectification of inaccurate personal data concerning you.
- Right to be forgotten. In some cases, you have the right to ask Drillster to erase your personal data.
- Right to restriction. You have the right to obtain restriction of processing of your personal data or to stop the processing temporarily.
- Data portability. This is the right to receive your personal data which you have provided to us in order to transmit those data to another controller.
- Right to object. You have the right to object to processing of personal data. Where personal data are processed for direct marketing purposes (see “How does Drillster process your personal data?”), you always have the right to object to processing of personal data for such marketing.
- Withdraw consent. Where the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
If you would like to exercise one of these rights, you can send a request to firstname.lastname@example.org. Drillster will then respond within four weeks to such a request. If Drillster decides to deny your request, it shall inform you on the grounds of this decision.
Please be advised that you can review the personal data that is stored in your Drillster demo account by going to the “My profile” section in your Drillster demo account. You can amend this data yourself. You may also change your Drillster account settings through the “My profile” section.
Please contact us via email@example.com or our contact form on the Website any time for more information about our privacy practices – for example with regard to the balancing test that we have made in order to base some of our data processing activities on the legal ground “legitimate interest”. If you have complaints, please also contact us. We will be happy to find a solution! You can also submit a complaint here to the Dutch Data Protection Authority here (in Dutch).
Last update: 19 May 2021