Privacy verklaring

1. General

We value the protection of your personal information. Therefore we carefully handle the processing of personal information of our users.

We process personal data only on behalf of the employer.

We advise you to read this privacy policy carefully and if you have any questions or comments please feel free to contact us.

2. What is Personal Information?

Personal information is data that is directly or indirectly traceable to a (living)person. Examples of personal data are: name, address, date of birth, telephone number, location data, email address or an IP address.

3. Why do we process Personal Information?

We processes Personal Information with the aim of providing services and allowing these services to function as good as possible, to improve the functioning of our services and to generate statistics. The data is shared with the employer.

In addition, data is processed for security purposes and to be able to communicate efficiently with users of our services.

4. Based on what grounds do we process personal data?

Except that we processes personal data with your explicit consent, we do so because it is necessary for the functioning of our services on the basis of the agreement with our customers (your employer) and on the grounds of our legitimate interest in the fulfillm ent of our business processes.

In order to be able to use our services (such as: prehiring, preboarding, onboarding, continuous learning and offboarding) it is therefore necessary that you provide personal information such as; first name, last name, email. Without this personal data, we are not able to perform our services (completely) properly. Additional personal information can be processed when your employer asks for certain human resource related information. This information is not required to create an Appical account.

Indirectly from your employer

When your employer uses our services, your employer may provide your information to us on your behalf, for example when they register you as a user of our services or contact our support team for issues relating to your account. We may collect your name, email address, and employment related information. Where we receive personal information about you from your employer, we require that your employer has provided you with the information set out in this Privacy Policy, has collected and disclosed that information with your knowledge or consent and ensure you have not objected to our Processing of your personal information.

Sensitive information

We generally do not collect sensitive information about you, unless you provide it to us voluntarily. For example, you may provide sensitive information such as racial or ethnic origin, sexual orientation, health information or religious or philosophical beliefs in a workflow that your employer has created. You consent to us collecting sensitive information which you provide to us voluntarily. If we need to collect any sensitive information for a specific purpose, we will ask for your consent.

5. What kind of (categories) Personal Information do we process?

We process the following personal information:

First name, Last name & Email address.

This information is required to create an account. Additional data can be entered by Employer or by You but this is optional.


First name, Last name & Email address, Skype ID, Linkedin ID, Job title & department, phone number, profile picture, IP Address, or any information asked through HR Forms by your employer.

HR Forms

Our feature HR Forms allows your employer to directly collect certain information for human resource purposes.

As a user, when you respond to HR Forms hosted by us, we collect, on behalf and upon instructions of your employer, information relating to you and your use of our services from a variety of sources:

(i) Information we collect directly from the user:
HR Forms responses

We collect and store the HR Forms responses from employees. Your employer is responsible for that data and manages it. The employer is usually the same person that invited the employees to take the HR Form and sometimes they have their own privacy policy. We have established and documented rules that control the access, authorization, and dissemination of information and restricting the access to company’s networks. The policy for access control is based on the principle of the least privilege. Core principles are need-to-know, need-to-use and access levels and privileges by role. Segregation of duties for requesting, authorizing, and reviewing access levels and privileges is implemented. Management of privileged access rights is implemented. A policy for secret authentication information of is defined and implemented.

During employment measures are implemented to ensure that all (permanent and short term) staff comply to the information security requirements. All staff will be instructed at employment and trained during employment as is required based on their role and access to information according to the information classification guidelines. During employment employees are made aware of rules and procedures concerning security.

A program for information security awareness, education and training is defined and implemented. Staff awareness on information security requirements is validated during employment on regular intervals.

Our customers own all textual and visual content within their courses. The customer specific content will remain property by our customers and will not be re-used for other purposes.

6. Sharing Personal Information with third parties and (categories of) recipients

We only share personal information with third parties if this is necessary for our services, when there is a legal obligation, or when we are specifically requested by the customer (the employer). We do not pass on personal data to third parties other than; Digital Ocean, Intercom Mailchimp (Mandrill) and Amazon (Amazon Web Services). Sub-processors that comply with the EU-U.S. Privacy Shield might process data outside the EEC.

7. How long do we store Personal Information?

We do not store Personal Information any longer than necessary. Specifically, this means that the Personal Information is removed from our system when a user is deleted or 18 months after a user is deactivated (access to Appical is cancelled) by the employer.

8. Right to withdraw consent, access, rectification and erasure of Personal Information

At all times you are entitled to revoke your consent with regard to the processing of personal information by us, the right to inspect and correct the processed Personal Information and the erasure and transfer of the Personal Information processed / stored by us. You can also submit a complaint about the processing of Personal Information to the Dutch Data Protection Authority.

9. Source of Personal Information

Personal information that is not obtained from you directly is obtained from your employer.

10. Cookies

A cookie is a small file that is stored on your computer or telephone. Appical uses cookies to remember your preferences and to recognize its users on a subsequent visit. Cookies also enable us, among other things, to collect information about the use of our services and to improve and adapt these to the wishes of our users. [We ask permission to be allowed to place the cookies. If you agree, we can view your browsing habits and see what you have done on our website and in the app. If you do not agree with this, this may affect the operation of the site and app.]

We use the following types of cookies:
– Functional Cookies
– Statistic Cookies
– Marketing Cookies

Disable cookie collection
It is possible to set your browser so that you do not receive cookies. However, in that case it may be that you can not make use of certain services, or that our website and app work less well.

11. Security

We value the protection of your Personal Information. Therefore we apply the highest possible security standards, technical and organizational measures to protect your Personal Information against abuse.

Appical has an ISO27001:2013 certification for Information Security Management. ISO 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system. It ensures organisations can apply a framework to business processes to help identify, manage and reduce risks to information security, and considers not only IT but all business operations.