General Terms and Conditions of IXLY BV.
These general terms and conditions apply to all agreements and offers for services and products, including subscriptions, between commercial clients and Ixly BV, established in Utrecht Ch. of Comm. Utrecht: 30204571, VAT no.: 8145.04.255.B.01.
The rates are excluding VAT. The payment term is 14 days. In the event of exceeding of the payment term, statutory interest can be charged. In the event of late payment we will have the right to deactivate the service without any right to refund.
Ixly BV retains the right to adjust the rates for tests and subscriptions in the interim. These rate changes will be notified at least one month in advance.
Most of the invoicing will take place automatically, on the first workday of every month. The use of the web applications during the previous month and the licences for the next month will be charged. As the client/commissioning party you are responsible for checking the accuracy of invoice details in the system. Late payment may result in deactivation of accounts in the web applications, without suspension of the payment obligation.
An agreement will come into effect by registration through one of our websites where these terms and conditions can be read, or by signing an offer. The minimum contract period is 12 months, following which the contract can be cancelled monthly, with a notice period of one month. There is no right of refund of unused credits when cancelling the subscription.
Both parties can at any time terminate the agreement for any reason whatsoever. The original contract term and the notice period must be observed thereby. Refunds will not be issued.
You are not permitted to transfer advantages or obligations ensuing from the agreement in any manner whatsoever to third parties without prior permission in writing from Ixly BV.
If this agreement is terminated in conformity with the terms and conditions, neither Ixly BV nor you can be held liable for damage or loss suffered by the other party.
Ixly BV retains the right to refuse a request for an agreement without stating reasons.
The standard Data processing agreement forms part of the general terms and conditions and has been included as an appendix.
You acknowledge and will unconditionally take note of the fact that services, content, source codes and information on the website are protected by Ixly BV’s copyright, trademarks, service marks, or other property rights and laws. Neither the agreement nor the use of Ixly BV products will give you any right to copyright or trademark, and this will not affect in any manner whatsoever Ixly BV’s exclusive property rights to the copyright and trademark. You agree that you will not in any manner whatsoever change, copy, reproduce, rent out, give in loan, sell or redesign the content of the website. This applies also to the tests, the code and the software.
Intellectual property of your database and content
You have the ownership of your own database, for all applications. This means that you can request an export of your data, including user data, test data and results, and content in the 360-Toolkit and the Process-Toolkit. However, this may involve costs for providing this data, for data export, depending on the nature and volume of the data.
Guarantee provided by commercial users
If you use the website as a professional and use the product to advise other parties you will guarantee that:
You are competent, qualified, licensed, or authorised to use psychological tests for the various fields in which you are employed, such as assessment, coaching, providing training and Human Resource Management. All this is in accordance with the applicable legislation and regulations (in your country).
You will act and make use of the product in accordance with national and international professional standards and professional ethics.
You will act and make use of the product in accordance with the national and international legislation and regulations, instructions and guidelines and all other applicable government rules or rules of semi-public institutions.
Ixly BV can for specific services or products test your reliability and knowledge as a professional prior to providing you with access to this service. Ixly BV retains the right to refuse you access without stating reasons.
Privacy and information security
The protection of your privacy is of the utmost importance to us. We apply the following rules when dealing with your information:
We do not pass on any personal information to third parties.
All information is saved and processed in a secure environment.
At the expiry of your account all personal information will be removed from our database.
Your test results and other personal information will only be used in an anonymous form for statistical analysis.
The reports will be automatically removed after two years. A shorter period is possible if you deem this to be desirable.
Ixly BV retains the right to use the information related to professionals and their clients in a complete and anonymous form for the further development of the tests and its services. This applies – but is not limited – to research, for example for the development of norm groups and the conducting of statistical analysis. Ixly BV will never make direct contact in writing or in another manner with you or your clients, unless you have expressly requested this to ensure the correct provision of service.
Ixly BV has implemented an extensive information management system to safeguard information security. This management system describes all measures that have been taken to safeguard the confidentiality, the data integrity and availability of your details. This management system is annually assessed by an independent party.
Any liability with regard to the use of the product, or with regard to the termination of the agreement, in particular related to the interpretation and conclusion of test results and the loss of data, is excluded. The product contains information that can be used and can assist in making a decision, but can never be relied on as a sole source of information. Ixly BV cannot be held liable for misuse of your personal password or your candidates’ passwords.
Although Ixly BV spends a lot of time on ensuring the quality and availability of its online services we do offer our service on an “as it is” basis. This means inter alia that we do not provide any guarantee that our services and the content of the website will be available in an uninterrupted and timely manner, secure or free of errors. The current state of affairs on the internet and the speed and reliability of connections prevent the provision of guarantees. Over the past years we have achieved an availability of 99.5% or higher, however no rights can be derived from that.
It is important that users meet the system requirements, such as having Flash installed. The current system requirements are listed below:
- Internet Explorer (IE 8 or higher) or a recent version of Chrome, Firefox or Safari *. With IE8 the layout is sometimes not optimal because it does not support a number of layout functions.
- Java script enabled and Flash (8 or higher) installed. Flash is necessary for the proper functioning of Competence tests using Video recordings.
- Sufficiently fast internet connection. As a guideline 2 Mbps for normal use and 4 Mbps for webcam tests.
- A minimum of 512 MB of RAM memory and sufficient free disk space. A minimum of 1024mb for webcam tests.
- Screen resolution of at least 1024×768 pixels.
- We only officially support an open internet connection. In practice it is usually only necessary that port 80, 443 and 1935 are open (for webcam tests).
- The system requirements can change for new releases.
The helpdesk is available for questions from 08:30 hours until 18:00 hours, preferably by email: email@example.com. We will contact you within half an hour to answer questions and to start to resolve any problems.
No complaint whatsoever will be officially regarded as submitted unless the complaint is made in writing or by email to Ixly BV, within two weeks after you discovered the shortcoming or error, or reasonably could have discovered this, together with a specification of all details that are related to the subject and the nature of the complaint. Complaints can only be submitted in Dutch or English.
This agreement will be governed and interpreted in accordance with Dutch law. The Utrecht (the Netherlands) District Court has exclusive jurisdiction concerning claims ensuing from this agreement.
Additional terms and conditions for API users.
The Test Toolkit offers the option to request tests through an API through other software systems and to integrate these in HR processes. It is conditional for this that tests will always be made available on an individual basis after login codes and will not be available to the public. The client must provide access in advance to the application within which the test will be conducted. Ixly BV can provide permission for making (specific) tests available through the API. Ixly BV has the right to monitor the use in accordance with the arrangements made and will be entitled to terminate the cooperation if the application is not in accordance with the arrangements made.
The party that requests tests through the API must have sufficiently competent IT personnel available and must have a sufficiently stable system available in order to be able to set up the API properly. Ixly BV exclusively offers for the provision of service through an API a helpdesk for those who are responsible for the proper functioning of the system and not directly to (end) users and candidates.
Data processing agreement
Table of contents
Article 1. Definitions.
Article 2. Subject of this Processing Agreement
Article 3. Commencement and duration
Article 4. Scope of Processing Authorisation of Ixly bv
Article 5. Security of the Processing operations
Article 6. Confidentiality by Employees of Ixly bv
Article 7. Sub-processor(s)
Article 8. Assistance associated with rights of Data Subjects
Article 9. Personal Data Breach
Article 10. Return of Personal Data
Article 11. Obligation to provide information and audit
Annex 1. The Processing of Personal Data
Annex 2. Appropriate technical and organisational measures
Annex 3: Agreements regarding Personal Data Breaches
This Data Processing Agreement forms part of all agreements Ixly concludes with its Controllers and is valid unless a separate agreement has been concluded at the request of the Controller.
In so far as Ixly BV processes Personal Data for Controller in the context of the Agreement, pursuant to Article 4, part 7 and part 8, of the Regulation, Controller qualifies as processing controller for the Processing of Personal Data and Ixly BV as Processor;
The parties in this Data Processing Agreement, within the meaning of Article 28, third paragraph, of the Regulation, wish to lay down their agreements about the Processing of Personal Data by Ixly BV.
AGREE AS FOLLOWS:
Article 1. Definitions
The following definitions in this Data Processing Agreement have the meanings assigned to them in this article:
1.1 Data subject: the person to whom an item of Personal Data relates.
1.2 Data Breach in respect of Personal Data: a security breach which inadvertently or unlawfully results in the destruction, loss, modification or unauthorised provision of or access to data which has been transmitted, stored or otherwise processed.
1.3 Agreement: the Agreement between Controller and Ixly BV and the accompanying annexes.
1.4 Personal Data: any piece of information relating to an identified or identifiable natural person, that Ixly BV in the context of the Agreement processes for Controller.
1.5 Regulation: Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
1.6 Data Processing Agreement: this Agreement.
1.7 Processing: an operation or a set of operations in the context of the Agreement which are related to Personal Data or a set of Personal Data, whether or not conducted through automated processes, such as collection, recording, organising, structuring, storage, updating or amendment, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
Article 2. Subject of this Data Processing Agreement
2.1 This Data Processing Agreement regulates the Processing of Personal Data by Ixly BV in the context of the Agreement.
2.2 The nature and the purpose of the Processing, the type of Personal Data and the categories of Data Subjects have been described in Annex 1.
2.3 Ixly BV guarantees to apply the appropriate technical and organisational measures, in order to ensure that the Processing will meet the requirements of the Regulation and ensures the protection of the rights of the Data Subject.
2.4 Ixly BV guarantees to comply with the requirements of the applicable legislation and regulations relating to the processing of Personal Data.
Article 3. Entry into force and term
3.1 This Data Processing Agreement will take effect at the moment on which the principal agreement has been concluded by the Parties.
3.2 This Data Processing Agreement ends after the principal agreement has ended and in so far Ixly BV erased or returned all Personal Data pursuant to Article 10.
3.3 None of the Parties may terminate this Data Processing Agreement before the end of term except if required by amendments of legislation or case law.
Article 4. Scope of Processing authority Ixly BV
4.1 Ixly BV shall only process the Personal Data on instruction and based on instructions of Controller except for deviating statutory provisions applicable to Ixly BV.
4.2 If in Ixly BV’s opinion an instruction within the meaning of paragraph 1 is contrary to a statutory provision relating to data protection, it shall notify Controller prior to processing, unless prohibited by law.
4.3 If Ixly BV, pursuant to a statutory obligation, must provide Personal Data, it shall notify Controller forthwith, if possible prior to the provision.
Article 5. Security of Processing
5.1 Ixly BV shall implement technical and organisational protection measures as described in Annex 2.
5.2 The Parties acknowledge that safeguarding an appropriate security level may always require taking additional protection measures. Ixly BV shall safeguard a security level that matches the risk.
5.3 Ixly BV shall not process Personal Data outside the European Union, unless with express written permission from Controller and save for deviating statutory provisions.
5.4 Ixly BV shall notify Controller without undue delay after becoming aware of unlawful processing of Personal Data or security breaches as referred to in paragraphs 1 and 2. This information is provided to persons who have been registered as organisation administrators in the Test Toolkit.
5.6 Ixly BV shall assist Controller in ensuring compliance with the obligations pursuant to Articles 32 up to and including 36 of the Regulation.
Article 6. Confidentially by Employees of Ixly BV
6.1 The Personal Data are of a confidential nature and are subject to a duty of confidentiality. Ixly BV has instructed its Employees to maintain confidentiality. We shall supply the Information security policy which forms part of the employment agreements of Ixly BV and agreements with relevant suppliers on request.
Article 7. Sub-processor
7.1 If Ixly BV instructs another processor for carrying out specific processing activities on behalf of Controller, the same Data Protection obligations as set out in this Data Processing Agreement shall be imposed on that other processor.
Article 8. Assistance on account of Data Subject’s rights
8.1 Ixly BV shall assist Controller for the fulfilment of Controller’s obligation to respond to requests for exercising the Data Subject’s rights laid down in Chapter III
Article 9. Personal Data Breach
9.1 Ixly BV informs Controller without undue delay, as soon as he became aware of a Personal Data Breach, in accordance with the agreements laid down in Annex 3.
9.2 Ixly BV also informs Controller after a notification by virtue of the first paragraph relating to Personal Data Breach developments.
9.3 In respect of the notification to the authorised supervisory authority and the Data Subject, the Parties will bear the costs to be made.
Article 10. Return of Personal Data
10.1 After termination of the Agreement Ixly BV, at the discretion of the Controller, ensures that all Personal Data will be returned to Controller or will be erased. Ixly BV erases copies, save for statutory provisions to the contrary.
10.2 The Personal Data will be returned as dataset in a generally applicable file format.
Article 11. Obligation to disclose information and audits
11.1 Ixly BV shall provide all information, necessary to prove that the obligations from this Data Processing Agreement have been and will be complied with.
11.2 Ixly BV shall provide all necessary cooperation to audits.
11.3 With an annual frequency Ixly BV shall provide Controller with a statement of an independent external expert, in which he gives his opinion on the mentioned compliance.
Article 12. Liability
12.1 If a Party fails attributably in the performance of its obligations under this Processing Agreement, the Regulation and/or other Personal Data Processing legislation and regulations, this Party will be liable for the damage suffered by the other Party as a result.
12.2 The liability of the Parties is limited to direct damage and to the maximum amount paid out by the insurer of the Party that is held liable.
Annex 1. The Processing of Personal Data
- The subject/nature and purpose of the Processing:
The subject/nature and purpose of the Processing lies with Controller. Generally, the purpose is to advise the Data Subjects about their careers, support with career decisions, supporting information for selection decisions, personal development and competence development. In addition, login data are being registered.
- The type of Personal Data:
Primarily it concerns normal Personal Data such as name and address details. In some questionnaires health data are requested, for advice regarding rehabilitation. If this is the case, extra permission will be asked for and the purpose will be explained.
- Description categories Personal Data:
Name, date of birth, email, gender, education level, answers to questions of and results of tests and questionnaires.
- Description categories Data Subjects
- a) Data Subjects are employees of organisations or controllers of Controller
- b) Applicants, candidates or participants or organisations or Controllers.
- Description categories receivers of Personal Data
- a) The advisor of Controller (psychologist, recruiter, coach, trainer) may individually inspect these data of the Data Subject. The advisor consults with and asks permission for sharing Personal Data of the Data Subject with his Controllers.
- b) After permission of Controller, Customer Support of Ixly may inspect data of the Data Subject for support purposes.
Annex 2. Appropriate technical and organisational measures
Ixly BV is ISO27001 certified and has taken a lot of data protection measures. The most important are:
- Encryption and security certificates
- Password policy with individually traceable logins
- Traceability of changes
- Back-up with retention
- Application of firewalls
- Anonymisation of Personal Data
- Frequent workplace management for updates and patches
- Monitoring and registration
- Information security policy
- Annual external data security check
A document with an exhaustive description of the technical and organisational measures is available to Controllers on request.
Annex 3: Agreements relating to Personal Data Breaches
In this Annex, agreements on how Ixly BV will inform Controller on Personal Data Breaches will be further specified.
- The notification will be reported forthwith, but no later than 24 hours after having become aware of the security incident and/or Data Breach.
- The Security Officer of Controller is the (first) contact for reporting a Data Breach.
- For the notification the ‘Notification form data breaches and/or security incidents’ will be used, in accordance with the notification to the Data Protection Authority. As soon as the Processor has more information on the Data Breach and/or incident, this additional information will be communicated to the Controller forthwith.
- Notification forms data breaches and/or security incidents will be sent to the contact of Controller with as subject: “data breach”.
Information provided by Ixly BV
- Nature of the Personal Data Breach.
- The Personal Data and Data Subject.
- Probable consequences of the Personal Data Breach.
- Measures proposed or taken by Ixly BV to deal with the Personal Data Breach, including, as appropriate, the measures to limit any consequential adverse effects.