iTheorie logo

Privacy Policy

iTheorie is registered as a company with the Netherlands Chamber of Commerce (KvK) under number 08204150.

This privacy policy applies to any processing of personal data of our (potential) customers and users of our websites and services, including itheorie.nl.

We consider it important that our services are reliable and transparent. We handle personal data discreetly and carefully and ensure that all processing complies with applicable laws and regulations, including the General Data Protection Regulation (GDPR).

In the interest of transparency, we also provide information about the processing of data other than personal data, such as technical and statistical data.

iTheorie reserves the right at any time, without any prior notice, to amend the information on its website(s). The website(s) of iTheorie are written and maintained with due care. However, iTheorie does not guarantee the accuracy, completeness or up to date nature of texts, prices, price changes, images and other content of the website(s) or their functioning. iTheorie is not liable for any damage that arises or may arise from incorrect or incomplete information or from the (temporary) unavailability or malfunctioning of the website(s).

The use of all information on the iTheorie website(s) is at the visitor’s and user’s own risk. The intellectual property rights in respect of all displayed information and methods on the iTheorie website(s) belong to iTheorie.

Visitors and users of the iTheorie website(s) are not permitted, without the written permission of iTheorie, to copy, distribute or modify information in any manner whatsoever.

iTheorie is the data controller within the meaning of the GDPR.

For privacy related questions or to exercise your rights, you can contact us via the contact form. You can also reach us at Energiestraat 5, 8051TE, Hattem.

Article 1 Privacy Policy Notice

1.1 iTheorie provides this privacy policy to inform you about the policy and use relating to privacy, and about the choices you can make with regard to the collection and use of personal data.

1.2 iTheorie respects and protects your privacy. We make reasonable efforts to ensure that personal data is treated confidentially and processed, stored and managed in accordance with the GDPR. Our website is structured so that in many cases you can visit the website without identifying yourself. However, to use our services you generally need an account and this involves the processing of personal data.

1.3 As a data subject, under the GDPR you have the following rights:

  • right of access (Art. 15 GDPR)
  • right to rectification (Art. 16 GDPR)
  • right to erasure (Art. 17 GDPR)
  • right to restriction of processing (Art. 18 GDPR)
  • right to data portability (Art. 20 GDPR)
  • right to object (Art. 21 GDPR)
  • right to lodge a complaint with the Dutch Data Protection Authority (Art. 77 GDPR)

1.4 iTheorie retains agreements and data necessary for financial administration for at least 7 years, in accordance with legal obligations. We do not retain other data longer than necessary for the purposes stated in this policy, as further explained in Article 6.

Article 2 Purpose of Data Collection

2.1 iTheorie processes personal data in order to maintain relationships with customers and users and to provide our services.

2.2 iTheorie uses personal data in particular for:

  • creating and managing an account
  • providing the online learning environment and related functionalities
  • processing purchases and payments
  • customer support and communication, including service messages
  • securing our systems and preventing fraud and misuse
  • analysis and improvement of our website and services

2.3 Study results and learning data. Within our learning environment we process data on study progress and results, such as completed practice exams, answers, scores, progress, error patterns and usage statistics. We use this data to ensure the learning environment functions, to display progress, to improve your learning experience, and to create aggregated analyses for quality improvement and product development. Where possible, we use anonymised or aggregated data for these purposes. If data can still be traced (directly or indirectly) back to a user, it remains personal data and falls under the GDPR.

2.4 Payment data. Bank account details and payment details are used solely to process payments. Storage and processing may (in part) take place with a payment service provider. iTheorie does not store full payment card details.

2.5 Legal basis. iTheorie processes personal data on the basis of one or more of the following legal grounds:

  • performance of a contract (for example, providing a course or service)
  • legal obligation (for example, statutory tax retention obligations)
  • legitimate interests (for example, security, fraud prevention, improving services)
  • consent, where this is required by law (for example, certain cookies or marketing)

2.6 Marketing. If we keep you informed about services and offers, we do so in accordance with the law. Where required, we request your consent in advance and you can unsubscribe at any time via the unsubscribe link or via the contact form.

Article 3 Links to Third Party Websites and Data Sharing

3.1 Links to third party websites are displayed solely for your convenience. If you use these sites, you leave iTheorie. iTheorie does not manage these sites and accepts no responsibility for these sites, their content or the privacy policy applied on those sites. If you decide to visit a third party site linked to this site, you do so entirely at your own risk.

3.2 iTheorie does not sell or rent personal data to third parties. We may share personal data with third parties if this is necessary for the performance of our services, to comply with a legal obligation, or where you have given your consent.

3.3 Categories of recipients. We may share personal data with service providers, such as:

  • hosting and cloud providers
  • payment service providers
  • IT and security service providers
  • analytics and statistical service providers
  • customer service or communication platforms (if used)

3.4 Processors. Where third parties act as processors on behalf of iTheorie, we enter into a data processing agreement where required and make arrangements regarding security, confidentiality and the use of data.

3.5 External services and responsibilities. For some external services, including services from Google, Google may act as a processor or as an independent data controller, depending on the service and configuration. For information about how Google handles business data and its responsibilities in the area of data protection, please refer to: https://business.safety.google/privacy/

3.6 Transfers outside the European Economic Area. Where we use service providers that process data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or other legally permitted mechanisms.

Article 4 Security

4.1 iTheorie takes appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure and alteration. Such measures may include encryption, access control, logging, monitoring and secure connections (TLS).

4.2 When collecting or transmitting important data, we use encryption and secure connections where appropriate.

Article 5 Suspected Misuse

5.1 iTheorie reserves the right to act proactively and correctively in the event of suspected misuse. This may include the (temporary) recording of relevant data and logs as possible evidence, insofar as necessary for security, fraud prevention and enforcing our terms. Where necessary, we may request additional data about the user from third parties, insofar as permitted by law. Where sufficient evidence exists, iTheorie may take appropriate measures, including exclusion from the service or reporting to the competent authorities.

Article 6 Cookies, IP Addresses, Analytics and Retention Periods

6.1 iTheorie may collect information via cookies and similar technologies (such as local storage) and via technical data such as IP address, browser information, device characteristics and log data. We do this to ensure the website and learning environment function properly, to ensure security and to gain insight into how our services are used so that we can improve them.

6.2 Cookies may be functional, analytical and, where applicable, marketing cookies. Where required by law, we request consent in advance via a cookie banner. You can also remove or block cookies via your browser settings. Please note that the website or learning environment may then not function properly.

6.3 Anonymisation and aggregation. For analysis and reporting we may aggregate or anonymise data. Data is only anonymous if it can no longer be linked (directly or indirectly) to a person. IP addresses and cookie identifiers may in many cases constitute personal data.

6.4 Retention periods. iTheorie does not retain personal data longer than necessary for the purposes for which it was collected, unless a longer retention period is legally required or necessary to pursue legitimate interests, such as preventing fraud or handling disputes.

In principle, iTheorie applies the following retention periods:

  • Financial administration and invoice data are retained for at least 7 years in accordance with statutory tax retention obligations.
  • Account data is retained for as long as the account is active. After termination or deletion of the account, such data may be retained for up to 12 months for administrative purposes, customer support and preventing misuse of the service.
  • Study progress, practice exams, answers, scores and other study results within the learning environment are retained for as long as the account is active and for up to 12 months after termination of the account, so that users can consult their progress and support can be provided.
  • Study results and usage data may be used by iTheorie for statistical analysis, research and improvement of the learning environment and services. Where possible, this data is anonymised or aggregated so that it can no longer be linked to an individual.
  • Technical log data and security logs are generally retained for up to 6 months, unless longer retention is necessary for investigating security incidents or misuse of the service.
  • Analytical data about the use of the website and the learning platform is retained for up to 14 months, depending on the settings of the analytics tools used.
  • Communication via customer support or contact forms may be retained for up to 24 months for handling questions, complaints and disputes.

Where data has been fully anonymised and can no longer be linked to a natural person, it may be used for statistical analysis and improvement of our services. In that case, such data is no longer personal data within the meaning of the GDPR.

6.5 Automated analysis. iTheorie may analyse study progress to display progress and improve the learning experience. We do not make decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you, unless this is necessary for the contract or permitted by law and with appropriate safeguards.

Article 7 Changes to the Privacy Policy

7.1 iTheorie reserves the right to amend this privacy policy. The most up to date version will be published on the website. In the event of material changes, we may inform you via the website or by email where appropriate.

Article 8 Complaints

8.1 If you believe this privacy policy is not being complied with, or if you have questions or complaints about the processing of personal data, please contact us via the contact form. You also have the right to lodge a complaint with the Dutch Data Protection Authority.

Article 9 Transitional and Final Provisions

9.1 Without prejudice to any legal provisions, this policy applies for the entire duration of registrations and for as long as we process personal data in connection with our services.

9.2 Minors. Our services may be used by minors. If you are under 16 years old, it may be that consent from a parent or legal guardian is required for certain processing activities. In that case, please contact us via the contact form.

For questions regarding this privacy policy, the website or iTheorie, you can contact us via the contact form.