Privacy and Data Protection

Metrisquare BV handles personal data with care. Below you can read which measures we have taken to protect your data and which measures we have for information security

Anonymous Testing

Metrisquare does not archive data in their systems. We never require any personal data to be entered: tests can be conducted using anonymous identifiers. Entering a date of birth, gender or name is always optional.

Secure Communication

Data is always sent securely with SSL so that it cannot be intercepted by third parties.

Professional usage

We manually check every new user of the platform to prevent the system from being used by non-professional users.

ISO 27001

At Metrisquare, we operate by the guidelines set out in ISO 27001 for protecting data. If required by your organisation, we are willing to agree on custom contracts for additional protection of the data.

Data storage

Our server is in a secure datacenter, where all access, both remote as well as physical access is monitored. The datacenter is ISO 27001 certified by TüV.

When you use the Metrisquare software, reports are stored locally on your own system and NOT on our server. Data that is stored on our server is safe: the server is housed in a data center in Europe that is ISO 27001 certified by TÜV Rheinland.

Continuity

Metrisquare is a decentralised platform: members are given the unique option to develop, share and manage their own test instruments in the online cloud. Furthermore, each time you log in, the latest test definitions are downloaded to your own computer. Raw data are always stored locally as well, on your computer or network. Therefore, even in an unlikely event causing Metrisquare not to exist anymore, you could still use the tests.

Dedicated server with escrow

We provide dedicated servers for institutes as well. Such a server is only used by your institute and can be part of an escrow agreement. This means that, in case Metrisquare can no longer provide the promised services, a third party will provide you with the documents and files needed to continue the services. Please contact us to discuss the options.

Identity and Responsibility

Metrisquare B.V. is located in the Netherlands, Europe. Metrisquare provides a service to professional users, usually for scientific research, educational purposes or for screening or diagnosis of mental health patients. Metrisquare does not provide services to patients directly. Please refer to the contact information for contacting us.

Purpose of data processing on our servers

Metrisquare processes and stores data for the following reasons:

Scoring diagnostic measurements and generating reports of the results. For most instruments in the Metrisquare platform, the only required personal data are gender and age. For some instruments, also the education level is needed to analyse the results. Raw measurements, e.g. the time needed to complete a certain task, are compared to normative data which are usually specified for a certain gender, age and education level. Although it is never obligatory to provide such data in the Metrisquare platform, comparison to such norms is only possible when providing such data.
Monitoring the safety of the system and data. In order to make sure the system is only used for the professional purposes it was designed for, we regularly monitor system logbooks. These logbooks contain information about the subsystems used, including the date, time and IP-address of the user’s computer. In case of security problems, we will use these data to investigate the order of events leading to that situation.
Invoicing, bookkeeping, royalties and taxes. The instruments in the Metrisquare platform have been developed by Metrisquare, as well as by other members who have published tests. In order to monitor copyrights as well as for financial bookkeeping, we monitor the usage of the instruments.
Improvement of the performance and usability of the system and instruments. In order to continously improve the user experience, we monitor which subsystems have been accessed and whether errors occurred while using those subsystems. Statistical, anonymous measurements are also collected, for monitoring the quality and performance of the instruments.
Communication. Metrisquare collects contact details, to contact users on relevant topics, such as software updates.

Third Parties

Metrisquare does not share personal data to any third parties, with the following exceptions:

When required by law
When required for solving specific technical problems. Normally, technical issues are solved by Metrisquare staff. However, in case specific expertise is required urgently and Metrisquare would not be able to provide that expertise, we can hire assistance from third parties. In this case, that company will be bound to agree to our privacy requirements by contract. In all cases, access to the data is logged for tracability.
For monitoring copyrights. The member of the platform who has published the instrument, can see which members have used the test and how often.

Under no circumstances, any personal data will be used or provided to others for profiling users, nor for political or advertising purposes.

Storage of Data

Metrisquare data are stored in a European data centre, in Germany. The datacentre is certified by TüV and is ISO 27001 certified. The data are stored permanently, until deletion is requested by the user or by law. In order to review the data collected for your account, to request removal, or to revoke permission for usage of these data, or for compaints on this issue, please contact us.

Cookies

Metrisquare stores so called cookies in your browser for improving the user experience only. The cookie contains details on the session, enabling us to e.g. offer the site in your language.

Data Processing Agreement

Institutes using Metrisquare systems need to sign a data processing agreement with Metrisquare in case they are inputting personal data in the platform.

Security Measures

For the protection of the data, we have adopted various security measures, not limited to:

We do not store passwords. Using a one-way algorithm, we can determine whether your password is correct, but we can not see your password in any way.
When using the Metrisquare software, most of the data are stored on your computer only. Reports are also generated on your computer then, not accessible by us.
Data which are not required for usage of the instruments is not required.
All collected data is stored in a highly secure data center in Germany.
Data of various users is stored in seperated locations whenever possible.
Automatic, detailed logbooks, allow us to investigate the cause of any issues and incidents quickly.
Using a monitoring system, our servers are monitored continously.
A proactive policy enables us to protect our systems against the latest security threats.
A backup system allows us to recover from incidents quickly.
Any credentials required to access the systems for maintenance are stored in encrypted containers.
We are using SSL and TLS for securing communication.
The source code of the various systems is stored in a version management system, allowing us to track any changes to the software in the deepest details.

Cookie	Duration	Description
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
et-pb-recent-items-colors	Always	Cookie used by website theme for styling.
et-pb-recent-items-font_family	Always	Cookie used by website theme for styling.
wp-settings-time-1	1 year	WordPress uses this cookie to customize your view of admin interface, and possibly also the main site interface.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
_ga	2 years	De hoofdcookie die door Google Analytics wordt gebruikt, is de _ga-cookie. Met _ga kan een service onderscheid maken tussen verschillende gebruikers. Deze cookie blijft 2 jaar actief. Hij wordt gebruikt door sites waarvoor Google Analytics is geïmplementeerd, waaronder Google-services.
_gid	24 hours	This cookie is placed by Google Analytics. The cookie is used to store information about how visitors use a website and help create an analysis report on how the website is doing. The collected data, including the number of visitors, the source they come from and the pages visited are stored in anonymous form.