Privacy Policy
1. Who are we and what do we do
Theorieja offers online courses that help you optimally prepare for the Dutch theory exam. We develop innovative and accessible ways to learn the right traffic rules and insights. You can find more information about us and our services at www.theorieja.nl.
2. Application of this policy
This privacy policy explains which personal data we process, why we do this and how we protect it. The policy applies to everyone who visits our website or uses our services. We process personal data in accordance with the GDPR and the Dutch GDPR Implementation Act (UAVG).
3. Are you under 16 years old?
Our services are intended for users who are at least 16 years old. If you are younger than 16 years old, you need the consent of your parents or legal guardian to use our services.
4. Which Personal Data do we process and what do we use them for?
We process different Personal Data for different purposes. Below are the following points:
D. Customer contact details:
E. First and last name, address details and email address
This data is used to: Contact you, Address you by your name, Remind you that you have started a registration procedure and what is needed to complete it, Activate your personal account, Possibly send you an email about the Service you purchased.
We may process this Personal Data because this data is necessary to execute the agreement between you and Theorieja. We also have a legitimate interest in reminding you of your almost completed registration procedure. We also find it customer-friendly to support you in your almost completed registration process.
F. Customer data:
G. Account data (including contact details), progress data and data related to previous Services.
This data is used to: Register which package you have purchased from us, Allow you to use the Services, Give you insight into your progress and provide advice, See which Services you have previously purchased from us, Optimize and renew our Services.
We may process this Personal Data because this is necessary for the execution of our agreement with you. Based on our legitimate interest in improving and optimizing our Services, we may process this personal data.
H. Customer banking details:
I. Credit card details, bancontact details and/or other payment details.
J. This data is used to check, process and administer your payments for our Services
We may process this Personal Data because this data is necessary to execute the agreement between you and Theorieja. We are also legally obliged to keep financial records for the Tax Authorities.
K. Contact details via the contact form on the Website, by mail, phone or social media:
L. Information that you make known to us when you send us a message via our contact form or via our social media, for example your first and last name, email address/username and any Personal Data included in the message.
M. This data is used to: Contact you based on your message, Improve our Services, we process your feedback.
N. We have the right to process this Personal Data, because we have a legitimate interest in receiving this information from you and because you voluntarily make this data public.
O. The privacy policy of social media pages is also managed by the social medium itself. Below you can see how each medium handles your Personal Data: WhatsApp: Privacy Policy, TikTok: Privacy Policy, Snapchat: Privacy Policy, Instagram: Privacy Settings and Information, Facebook: Data Policy
P. Reviews, photos and videos on the Website or via social media:
Q. This data is used to promote our course to others and generate name recognition. The student has the right to withdraw the expressed media at any time. Theorieja will do everything reasonable to comply with this.
R. We may process this Personal Data based on your explicit consent. This consent can always be withdrawn. Theorieja will then no longer use the data for this purpose and will do everything reasonable to remove previous expressions.
T. Technical information:
U. Information about the device you use for our Services, the IP address with which the times, the location from where you use our Services and information about the browser you use.
V. This data is used to: Adapt our Website to your device, such as on a mobile phone. And recognize and prevent abuse of our platform
AA. We may process this Personal Data, because we have a legitimate interest in offering you a well-functioning website. To prevent abuse of our platform, we also have the legitimate interest in logging your activity.
5. How long are Personal Data retained?
We retain your Personal Data for as long as you have an account with us and we need it for the purposes described above. After you delete your account, your data is anonymized or deleted within 30 days, except for data we are legally required to keep longer. For example, we retain order and invoice data for 7 years due to fiscal retention obligations, and we keep consent records for as long as they are needed as evidence. Data we process solely on the basis of your consent is deleted earlier when you withdraw your consent or request it. For more information about deleting your Personal Data and your other rights, see 'Your rights and our contact details'.
6. Are your Personal Data shared with others?
We use external service providers for, among other things, sending emails, processing payments, hosting our platform and measuring website usage. An up-to-date overview of these subprocessors is shown at the end of this section. We only provide these external service providers with Personal Data that is necessary for them to perform the services they provide to us. These external service providers act as (Sub)Processors within the meaning of the General Data Protection Regulation (GDPR). In the processor agreements that we have concluded with all our (Sub)Processors, agreements are made, among other things, about what they may do with your Personal Data, how they must secure it and when they must delete it. Apart from the foregoing, we only share your Personal Data with third parties if this is necessary for the execution of our services or when we are legally obliged to do so.
Our subprocessors
Below are the external parties that process personal data on our behalf as (sub)processors.
Google Ireland LimitedEU (Ireland), possible US transfer (DPF)
Advertising — Google Ads conversion measurement and tag management (Consent Mode v2; only after consent). Privacy policy
Mollie B.V.Netherlands (EU)
Payment — Payment processing (iDEAL and other payment methods). Privacy policy
Railway Corp.US (EU transfer — verify SCCs)
Hosting — Application and database hosting. Privacy policy
TikTok Technology LimitedEU (Ireland), possible US transfer (SCCs)
Advertising — TikTok Pixel conversion measurement (only after marketing consent). Privacy policy
TrackdeskEU
Advertising — Affiliate tracking (only after marketing consent). Privacy policy
Twilio SendGridUS (EU transfer — verify DPF certification/SCCs)
Email — Delivery of transactional and marketing emails. Privacy policy
7. Transfer of data outside the European Economic Area
If one of our (Sub)Processors is established outside the European Economic Area (EEA), we may transfer Personal Data outside the EEA. Personal Data will only be transferred to countries and/or parties that ensure an adequate level of protection that meets European standards. Any transfer of data outside the EEA always takes place in accordance with Chapter V of the General Data Protection Regulation (GDPR).
8. General aggregated (anonymized) data
We can convert your Personal Data into anonymized, aggregated data. This data is completely and irreversibly anonymized and merged, so that identification of a person is no longer possible. We can share this anonymized and merged data with business partners for analysis purposes, creating demographic profiles and improving our services.
9. How do we protect your Personal Data?
We protect all Personal Data that we process against unauthorized or unlawful access, modification, disclosure, use and destruction. To ensure the security of the data, we use various technical and organizational measures. For example, (personal) data is internally only available in a shielded environment that is only accessible to employees with a personal password. We maintain a strict clean desk policy, and access to (personal) data is only possible via two-factor authentication. Moreover, employees can only consult and use the data they need for their tasks, in accordance with the need-to-know principle. All portable devices of our employees are locked with a password and regular backups are made of the shielded environment in which the (personal) data is stored.
10. Cookies
Our website uses cookies. A cookie is a small and simple text file that can be placed on your computer when you visit our website. This text file identifies your browser and/or computer and ensures that our website recognizes your browser or computer on your next visit. Our website uses different types of cookies. Functional cookies are essential for the operation of our website and make it possible to navigate and use the functions that are incorporated in it. These cookies are used by Theorieja to optimize the functionality of certain pages. We also use analytical or statistical cookies. These cookies are used to measure the quality and effectiveness of the website. This allows us to see how many users visit the website and which pages are consulted. This information helps us improve our website and our services. The surfing behavior of large numbers of visitors is completely anonymized and processed into graphs and patterns that give us insight into how we can optimize our website. We also use tracking cookies that track the click and surfing behavior of our visitors. With these cookies we can see if and when you view your profile and whether you click through to our website. This information can also be used to display advertisements that better match your interests. This way, Theorieja's communication, both on our own website and on partner websites, can be made more personal and better tailored to the individual customer's wishes. Finally, we use Google Analytics cookies to analyze the use of our website and better understand how visitors use our website. These cookies help us improve the user experience. Google Analytics cookies are only placed after you have given consent for this via our cookie notification. Without your consent, no analytical cookies are placed and no user behavior is tracked. Specifically, we use the following parties. Marketing (only after your consent): Google Ads (conversion measurement), TikTok Pixel (conversion measurement) and Trackdesk (affiliate measurement). Analytics (only after your consent): Google Analytics (anonymized site statistics). Necessary: our own cookies for signing in, language preference and remembering your cookie choice (theorieja-consent, maximum 12 months). The current retention periods of the parties mentioned can be found in their own privacy statements, linked in the subprocessor overview in chapter 6. Before you make a choice, all marketing and analytics categories are off (Google Consent Mode v2); Google's base script then loads in cookieless mode and places no cookies. We ask for your consent again every 12 months, and also whenever this policy materially changes. You can adjust or withdraw your choice at any time via the Cookie settings link at the bottom of every page.
Cookie overview
Below you'll find the purpose, category and retention period for each cookie. Marketing and analytics cookies are only placed after you have given consent; before that, everything loads in cookieless mode (Google Consent Mode v2). The retention periods listed for external parties are their standard periods; the current periods are in their own privacy statements (see the subprocessor overview in chapter 6).
| Cookie | Purpose | Category | Retention |
|---|
| theorieja-consentTheorieja | Remembers your cookie preference | Necessary | 12 months |
| payload-tokenTheorieja | Keeps you signed in after logging in | Necessary | 60 days |
| _ga, _ga_*Google Analytics | Anonymized visit statistics | Analytics | Up to 24 months |
| _gcl_auGoogle Ads | Ad conversion measurement | Marketing | Up to 90 days |
| _ttpTikTok Pixel | TikTok ad conversion measurement | Marketing | Up to 13 months |
| trakdesk_cidTrackdesk | Affiliate/referral measurement | Marketing | Up to 12 months |
11. Third-party websites
On our website you will find hyperlinks that refer you to websites of partners, suppliers, advertisers, sponsors, licensors or other third parties. The content of these websites or the links that appear there are not our responsibility. We are also not responsible for the practices of websites that are linked to or from our website. The content and links on these external websites can be changed at any time. These websites have their own privacy policy, cookie policy, terms of use and customer policy. When you visit other websites, including websites that are accessible via a link from our website, the terms and conditions and policy of that respective website apply.
12. Changes to this privacy policy
We strive to continuously improve our service. Therefore, this privacy policy may be changed from time to time. When a change occurs, we publish the updated version of the privacy policy on our website, together with a clear notification that the policy has been adjusted.
13. Your rights and our contact details
As determined in the General Data Protection Regulation (GDPR), you have various rights regarding your Personal Data. You have the right to submit a request to correct or update your data. You can object to the processing of your data or request that your data be deleted from our file, without having to give a reason for this. You also have the right to withdraw your consent for processing. This only applies to processing that is based on your consent and has no effect on the lawfulness of the processing before the moment of withdrawal. In addition, you have the right to receive a copy of all Personal Data that we process from you. At your request, we can also forward this copy directly to another data controller. If you believe that we are processing your data unlawfully, you have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). Do you have questions, comments or concerns about how we handle your Personal Data? Then you can contact us via the details below: Theorieja Johan van Hasseltweg 40 1022 WV Amsterdam T: 020 211 7879 E: info@theorieja.nl W: www.theorieja.nl KvK number: 75461005