Privacy and GDPR
Download as PDF document
Identity and responsibility
Metrisquare B.V. is located in the Netherlands, European Union. We have conformed our products and services to the ISO 270001 norm for information protection. Metrisquare provides a service to professional users, usually for scientific research, educational purposes or for screening or diagnosis of mental health clients. Metrisquare does not provide services to patients directly. Please refer to the contact information for contacting us.
Purpose of data processing on our servers
Metrisquare processes and stores data for the following reasons:
- Scoring diagnostic measurements and generating reports of the results. For most instruments in the Metrisquare platform, the only required personal data are gender and age. For some instruments, also the education level is needed to analyse the results. Raw measurements, e.g. the time needed to complete a certain task, are compared to normative data which are usually specified for a certain gender, age and education level. Although it is never obligatory to provide such data in the Metrisquare platform, comparison to such norms is only possible when providing such data.
- Monitoring the safety of the system and data. In order to make sure the system is only used for the professional purposes it was designed for, we regularly monitor system logbooks. These logbooks contain information about the subsystems used, including the date, time and IP-address of the user's computer. In case of security problems, we will use these data to investigate the order of events leading to that situation.
- Invoicing, bookkeeping, royalties and taxes. The instruments in the Metrisquare platform have been developed by Metrisquare, as well as by other members who have published tests. In order to monitor copyrights as well as for financial bookkeeping, we monitor the usage of the instruments.
- Improvement of the performance and usability of the system and instruments. In order to continously improve the user experience, we monitor which subsystems have been accessed and whether errors occurred while using those subsystems. Statistical, anonymous measurements are also collected, for monitoring the quality and performance of the instruments.
- Communication. Metrisquare collects contact details, to contact users on relevant topics, such as software updates.
Metrisquare does not share personal data to any third parties, with the following exceptions:
- When required by law
- When required for solving specific technical problems. Normally, technical issues are solved by Metrisquare staff. However, in case specific expertise is required urgently and Metrisquare would not be able to provide that expertise, we can hire assistance from third parties. In this case, that company will be bound to agree to our privacy requirements by contract. In all cases, access to the data is logged for tracability.
- For monitoring copyrights. The member of the platform who has published the instrument, can see which members have used the test and how often.
Under no circumstances, any personal data will be used or provided to others for profiling users, nor for political or advertising purposes.
Storage of the data
Metrisquare data are stored in a European data centre. The data are stored permanently, until deletion is requested by the user or by law. In order to review the data collected for your account, to request removal, or to revoke permission for usage of these data, or for compaints on this issue, please contact us.
Metrisquare stores so called cookies in your browser for improving the user experience only. The cookie contains details on the session, enabling us to e.g. offer the site in your language.
Data processing agreement
Institutes using Metrisquare systems need to sign a data processing agreement with Metrisquare in case they are inputting personal data in the platform.
For the protection of the data, we have adopted various security measures, not limited to:
- We do not store passwords. Using a one-way algorithm, we can determine whether your password is correct, but we can not see your password in any way.
- When using the Metrisquare DigiDiag software, most of the data are stored on your computer only. Reports are also generated on your computer then, not accessible by us.
- Data which are not required for usage of the instruments is not required.
- All collected data is stored in a highly secure data center in Europe.
- Data of various users is stored in seperated locations whenever possible.
- Automatic, detailed logbooks, allow us to investigate the cause of any issues and incidents quickly.
- Using a monitoring system, our servers are monitored continously.
- A proactive policy enables us to protect our systems against the latest security threats.
- A backup system allows us to recover from incidents quickly.
- Any credentials required to access the systems for maintenance are stored in encrypted containers.
- We are using SSL and TLS for securing communication.
- The source code of the various systems is stored in a version management system, allowing us to track any changes to the software in the deepest details.