Privacy and Data Protection
Metrisquare BV handles personal data with care. Below you can read which measures we have taken to protect your data and which measures we have for information security
Metrisquare does not archive data in their systems. We never require any personal data to be entered: tests can be conducted using anonymous identifiers. Entering a date of birth, gender or name is always optional.
Data is always sent securely with SSL so that it cannot be intercepted by third parties.
We manually check every new user of the platform to prevent the system from being used by non-professional users.
At Metrisquare, we operate by the guidelines set out in NEN 7510 for protecting data. If required by your organisation, we are willing to agree on custom contracts for additional protection of the data.
Our server is in a secure datacenter, where all access, both remote as well as physical access is monitored. The datacenter is ISO 27001 certified by TüV.
When you use the Metrisquare software, reports are stored locally on your own system and NOT on our server. Data that is stored on our server is safe: the server is housed in a data center in Europe that is ISO 27001 certified by TÜV Rheinland.
Metrisquare is a decentralised platform: members are given the unique option to develop, share and manage their own test instruments in the online cloud. Furthermore, each time you log in, the latest test definitions are downloaded to your own computer. Raw data are always stored locally as well, on your computer or network. Therefore, even in an unlikely event causing Metrisquare not to exist anymore, you could still use the tests.
Dedicated server with escrow
We provide dedicated servers for institutes as well. Such a server is only used by your institute and can be part of an escrow agreement. This means that, in case Metrisquare can no longer provide the promised services, a third party will provide you with the documents and files needed to continue the services. Please contact us to discuss the options.
Disclaimer / Privacy Statement
Identity and Responsibility
Metrisquare B.V. is located in the Netherlands, Europe. Metrisquare provides a service to professional users, usually for scientific research, educational purposes or for screening or diagnosis of mental health patients. Metrisquare does not provide services to patients directly. Please refer to the contact information for contacting us.
Purpose of data processing on our servers
Metrisquare processes and stores data for the following reasons:
- Scoring diagnostic measurements and generating reports of the results. For most instruments in the Metrisquare platform, the only required personal data are gender and age. For some instruments, also the education level is needed to analyse the results. Raw measurements, e.g. the time needed to complete a certain task, are compared to normative data which are usually specified for a certain gender, age and education level. Although it is never obligatory to provide such data in the Metrisquare platform, comparison to such norms is only possible when providing such data.
- Monitoring the safety of the system and data. In order to make sure the system is only used for the professional purposes it was designed for, we regularly monitor system logbooks. These logbooks contain information about the subsystems used, including the date, time and IP-address of the user’s computer. In case of security problems, we will use these data to investigate the order of events leading to that situation.
- Invoicing, bookkeeping, royalties and taxes. The instruments in the Metrisquare platform have been developed by Metrisquare, as well as by other members who have published tests. In order to monitor copyrights as well as for financial bookkeeping, we monitor the usage of the instruments.
- Improvement of the performance and usability of the system and instruments. In order to continously improve the user experience, we monitor which subsystems have been accessed and whether errors occurred while using those subsystems. Statistical, anonymous measurements are also collected, for monitoring the quality and performance of the instruments.
- Communication. Metrisquare collects contact details, to contact users on relevant topics, such as software updates.
Metrisquare does not share personal data to any third parties, with the following exceptions:
- When required by law
- When required for solving specific technical problems. Normally, technical issues are solved by Metrisquare staff. However, in case specific expertise is required urgently and Metrisquare would not be able to provide that expertise, we can hire assistance from third parties. In this case, that company will be bound to agree to our privacy requirements by contract. In all cases, access to the data is logged for tracability.
- For monitoring copyrights. The member of the platform who has published the instrument, can see which members have used the test and how often.
Under no circumstances, any personal data will be used or provided to others for profiling users, nor for political or advertising purposes.
Storage of Data
Metrisquare data are stored in a European data centre, in Germany. The datacentre is certified by TüV and is ISO 27001 certified. The data are stored permanently, until deletion is requested by the user or by law. In order to review the data collected for your account, to request removal, or to revoke permission for usage of these data, or for compaints on this issue, please contact us.
Metrisquare stores so called cookies in your browser for improving the user experience only. The cookie contains details on the session, enabling us to e.g. offer the site in your language.
Data Processing Agreement
Institutes using Metrisquare systems need to sign a data processing agreement with Metrisquare in case they are inputting personal data in the platform.
For the protection of the data, we have adopted various security measures, not limited to:
- We do not store passwords. Using a one-way algorithm, we can determine whether your password is correct, but we can not see your password in any way.
- When using the Metrisquare software, most of the data are stored on your computer only. Reports are also generated on your computer then, not accessible by us.
- Data which are not required for usage of the instruments is not required.
- All collected data is stored in a highly secure data center in Germany.
- Data of various users is stored in seperated locations whenever possible.
- Automatic, detailed logbooks, allow us to investigate the cause of any issues and incidents quickly.
- Using a monitoring system, our servers are monitored continously.
- A proactive policy enables us to protect our systems against the latest security threats.
- A backup system allows us to recover from incidents quickly.
- Any credentials required to access the systems for maintenance are stored in encrypted containers.
- We are using SSL and TLS for securing communication.
- The source code of the various systems is stored in a version management system, allowing us to track any changes to the software in the deepest details.