Skip to content
 

Privacy policy

Last updated: 28 October 2025

Savvy.codes B.V. (“we,” “us,” “our”) respects your privacy and handles personal data in accordance with the EU General Data Protection Regulation (GDPR) and other applicable data-protection laws.

1. Who we are

QNOMI is a service provided by Savvy.codes B.V., based in the Netherlands.
Email: [email protected]
Chamber of Commerce: 88707881 | VAT: NL864740670B01

2. Data we collect

a. Organisation data

When your organisation becomes a QNOMI customer, we collect:

  • Company name, address, Chamber of Commerce number and VAT number
  • Main contact person’s name, email address and phone number
  • Billing and payment details
  • Details of colleagues who have access to the platform (name, email, role)

We use this information to:

  • Set up and manage your organisation’s QNOMI environment

  • Identify and authorise the correct users for access

  • Handle billing and account administration

  • Provide customer support and prevent misuse

b. User accounts within your organisation

For each user with access to QNOMI, we process:

  • Name and email address
  • Activity and technical logs (timestamps, browser type)

These data are used for access management, platform security and service improvement.

c. Assessment participants

For each participant who completes an assessment, we process:

  • Full name, email, organisation, role within the organisation and gender
  • Responses to test questions or statements
  • Reports or scores generated from those responses

This data is processed on behalf of the organisation that invited the participant.
That organisation is the data controller, and QNOMI acts as its data processor.

3. Legal bases

We process personal data based on:

  • Performance of a contract – to provide the QNOMI service to your organisation

  • Legal obligations – such as tax and accounting requirements

  • Legitimate interests – such as platform security, fraud prevention and product improvement

For assessments that include sensitive or special-category data (e.g., personality or behavioural data), the organisation must ensure a valid legal basis — usually the participant’s explicit consent.

4. Data retention

  • Organisation and user data: kept as long as your organisation remains a customer and up to 12 months thereafter for administrative purposes.

  • Assessment data: kept as long as the organisation or participant has an active account.

If a user or participant requests deletion of their account, related data will be deleted or anonymised within a reasonable period, unless a longer retention period is required by law.

5. Data sharing

We only share personal data with:

  • Trusted service providers (e.g., hosting, email, billing, analytics) bound by data-processing agreements;

  • Public authorities when required by law.

We do not sell personal data.

6. Security

We apply technical and organisational measures to protect data, including:

  • Encryption (AES-256 at rest, TLS in transit)

  • Role-based access control and account-level permissions

  • Regular backups, logging and security audits

7. Your rights

Under applicable data-protection law, you have the right to:

  • Access, correct or delete your personal data

  • Object to or restrict processing

  • Withdraw consent (where applicable)

  • Request data portability

To exercise your rights or request account deletion, email [email protected].
Deletion requests for both organisation and participant accounts can be made this way.

8. International transfers

Data is stored within the European Economic Area (EEA).
If data is transferred outside the EEA, we ensure appropriate safeguards (such as EU Standard Contractual Clauses).

9. Changes

We may update this Privacy Notice from time to time.
The latest version will always be available on our website and becomes effective on the date it is published.

10. Contact

Questions or requests about this Privacy Notice? [email protected]