Calibration Framework

Privacy Policy

Trust & Compliance

Privacy commitments for the Calibration Framework.

This Privacy Policy explains how Techflection B.V. processes personal data on behalf of our customers, keeps it secure, and honors individual rights.

Last updated: December 24, 2025 EU data hosting Role-based access by design

Data roles

Controllers & processors

Customer organizations are Data Controllers. Techflection B.V. operates as the Data Processor to deliver the Calibration Framework.

Need help?

privacy@techflection.nl

Reach out anytime for privacy-related questions or to coordinate data subject requests with your organization.

At a glance

Privacy guardrails

GDPR aligned

Purpose limitation

Data is processed only to operate the Calibration Framework and support customer-directed workflows.

Access minimization

Role-based access limits visibility to assigned teams, reporting lines, and essential internal roles.

Security in depth

Encryption in transit, hardened authentication, and monitored environments keep customer data protected within the EU.

1. Who we are

Section link

Techflection B.V. ("we", "us", "our") provides the Calibration Framework, a software platform that enables organizations to assess performance, potential, and talent-related insights.

  • Customer organizations act as the Data Controller
  • Techflection B.V. acts as the Data Processor

If you are an employee whose data is processed in the platform, your employer determines how and why your personal data is processed.

2. What personal data we process

Section link

We process only the personal data necessary to provide the Calibration Framework, as instructed by our customers.

Employee data (entered by the employer)

  • Name
  • Job title, role, team, and reporting line
  • Performance ratings
  • Potential indicators
  • Core values assessments
  • Risk flags (e.g. flight risk, key employee)
  • Manager or HR notes

User account data

  • Login credentials (hashed passwords)
  • Role and access permissions
  • Audit logs (actions taken in the system)

Technical data

  • IP address
  • Device and browser information
  • Log files and error reports
  • Usage metadata (feature usage, timestamps)

We do not intentionally process special categories of personal data.

3. Purpose of processing

Section link

Techflection B.V. processes personal data solely to:

  • Provide and operate the Calibration Framework
  • Enable performance, potential, and talent calibration workflows
  • Generate dashboards, summaries, and reports
  • Enforce role-based access and auditability
  • Maintain platform security, stability, and performance
  • Provide customer support and resolve incidents
  • Comply with legal and contractual obligations

We do not use personal data for advertising or unrelated profiling.

5. Access control and confidentiality

Section link

Access to personal data is strictly limited through role-based access control:

  • HR administrators may access all data within their organization
  • HR partners may access only assigned teams
  • Managers may access only their reporting lines
  • Internal access at Techflection B.V. is limited to what is strictly necessary

All relevant actions are logged for audit purposes.

6. Data security

Section link

Techflection B.V. applies appropriate technical and organizational measures, including:

  • Encrypted data transmission (TLS)
  • Secure password hashing
  • Role-based authorization
  • Logical separation of customer data
  • Monitoring and logging of system activity
  • Controlled access to production systems

Data is hosted within the European Union unless otherwise agreed with the customer.

7. Data retention

Section link

Personal data is retained according to customer instructions:

  • Data is retained while customer accounts remain active
  • Customers may delete or anonymize employee data
  • Backups are retained for a limited period for recovery purposes only

Techflection B.V. does not retain personal data longer than necessary.

8. Subprocessors and data sharing

Section link

Techflection B.V. engages trusted subprocessors only where required to operate the platform, such as infrastructure hosting and monitoring services.

All subprocessors are bound by contractual data protection and confidentiality obligations.

9. International data transfers

Section link

Techflection B.V. does not process or store personal data outside the European Economic Area (EEA).

All infrastructure, subprocessors, and operational access are located within the EEA. No personal data is transferred to, accessed from, or processed in third countries.

10. Data subject rights

Section link

Depending on applicable law, individuals may have the right to:

  • Access their personal data
  • Rectify inaccurate data
  • Request deletion or restriction
  • Object to certain processing activities
  • Request data portability

Requests should be submitted to the employer (data controller). Techflection B.V. supports customers in fulfilling these requests.

11. Changes to this policy

Section link

We may update this Privacy Policy from time to time.

Material changes will be communicated to customers.

12. Contact details

Section link

For privacy-related inquiries:

Techflection B.V.

Email: privacy@techflection.nl

Questions about this policy?

Contact Techflection B.V. for privacy-related inquiries or to coordinate with your Data Controller.

Email privacy@techflection.nl