How do we deal with your data?
Drillster is a personalized learning tool. For the provisioning of the Drillster learning service, we collect a minimum of personal data, being a name, an email address, and optionally a third party ID. In accordance with the General Data Protection Regulation (GDPR), we protect your data in the best possible way.
- When you use Drillster via your employer, training institute, or school, then the protection of your personal data is contractually covered in the data processing agreement that your employer, training provider, publisher, or school has signed with Drillster. For more information on these privacy and security arrangements, please contact your employer, training provider, school, or university.
As a general rule:
- Drillster only collects personal information that is needed to provide the Drillster service to the learners, to provide information to potential customers, and to provide support to customers, users, and interested parties.
- Drillster stores the information in its data center in The Netherlands.
- Data will no longer be stored than necessary to provide the Drillster learning service. As the learning history determines the order and frequency in which learning items are offered to users, historic data will only be deleted when a user is unsubscribed from a course or when a user account is deleted upon request of the Drillster Customer or the end-user.
- Data is encrypted at rest and in transit. Drillster and its subcontractors are ISO27001 certified and handle all personal data in accordance with GDPR regulations.
- If you send a request to email@example.com, firstname.lastname@example.org, if you fill out a web form on drillster.com, request a demo account or if you subscribe to the Drillster news updates, we will collect the following information:
- first name and last name
- email address
- telephone number (dependent on form type)
- organization name (dependent on form type)
- When sending a ticket to the Drillster Support desk or when requesting a Drillster demo, or downloading a whitepaper from our website, data may be stored outside of the European Economic Area. Drillster confirms that the data:
- (i)is located in a country or territory recognized by the EU Commission as having an adequate level of protection;
- ii) is subject to Standard Contractual Clauses; or
- (iii) has other legally recognized appropriate safeguards in place, such as the Binding Corporate Rules, which guarantee the same level of protection and safeguards as the default protection committed to under this security policy.
- If there is no more exchange of information between you and Drillster, we will delete your data after 6 months.
- If you applied for a job at Drillster and were not selected, we will delete the information that you provided us during the application process, 1 month after the decision for non-selection was taken.
- Drillster will only use your personal information for the purpose for which you provided us the information. We will not share it with other parties. Your data will be stored in The Netherlands or The United States. All data centers are ISO27001, SOC 1 Type 2, and GDPR compliant.
- If you would like to have your personal data deleted prior to the above mentioned time frames, then please contact us via email@example.com and we will honor your request.
Clause 3 Technical and organizational facilities
3.1 The Processor shall directly or indirectly take suitable technical and organizational measures to safeguard Personal Data against loss or any form of unlawful Processing. Taking into account the available technology and the cost of implementation, these measures shall guarantee a level of security appropriate to the risks inherent in the processing and nature of the data to be protected. The Processor shall in any event take measures to safeguard Personal Data against deletion, whether this be accidental or unlawful, against loss or intentional elimination, falsification, unauthorized dissemination or granting of access, or any other form of unlawful Processing.
3.2 The technical and organizational measures taken by the Processor are listed in Annex 2. The Controller acknowledges that it is aware of the measures in question and, by signing this Data Processing Agreement, the Controller gives its consent to the measures taken by the Processor.
Clause 4 Confidentiality
4.1 The Processor shall ensure that all employees who are involved in the performance of the Agreement sign a confidentiality agreement – which may or may not form part of their employment contract – which should at least include an obligation to observe confidentiality in respect of the Personal Data. The Processor shall take steps aimed at enforcing compliance with this obligation to observe confidentiality, such as employee screening and data-storage device security.
4.2 The processor shall take such measures, as the screening of staff and the security of data carriers, to guarantee compliance with the confidentiality obligation.
4.3 The processor takes organizational measures to guarantee that only authorized staff can access the Personal Data of Controller and that the Personal Data of Controller will only be accessed if absolutely necessary for providing the service as described in the Agreement.
Clause 5 Processing of data outside Europe
5.1 The Processor is only allowed to transfer Personal Data to countries outside of the European Economic Area when the applicable legal obligations are observed and/or after prior written permission is obtained from the Controller.
If you would like to have your personal data deleted prior to the above mentioned time frames or for more information about our privacy practices, please contact us via firstname.lastname@example.org or +31 88 375 05 00 and we will honor your request or answer your question.