Privacy Statement
Welcome to IHIQS.org. We (IHIQS.org) may process personal data as referred to in the General Data Protection Regulation (GDPR) (hereinafter: “Personal Data”). We may do this, for example, when you visit our website at the domain <https://IHIQS.org>, including all of its subdomains, and/or when you use our products and/or services.
In this privacy statement, we explain which Personal Data we process about you and for what purposes we do so. This privacy statement was last amended on October 10, 2025.
1. When does this privacy statement apply?
This privacy statement only applies to the processing of Personal Data by us (IHIQS.org) as the controller. When an organisation processes Personal Data through one of our products or services, that organisation is the controller and we act as the processor. In such cases, this privacy statement does not apply, and we recommend that you consult the privacy statement of the relevant controller.
2. “Personal Data”
For a proper understanding of this privacy statement, it is important to understand what “Personal Data” is. When we use the term “Personal Data” in this privacy statement, we mean “personal data” as defined in the General Data Protection Regulation (GDPR). That is to say, “any information relating to an identified or identifiable natural person.” But more simply, it refers to all information that relates to you and can be traced back to you.
3. Your privacy is very important to us
Careful handling of Personal Data is very important to us. Personal Data is therefore processed by us carefully and in accordance with this privacy statement and the applicable laws and regulations.
This means, among other things, that we:
- clearly define the purposes before processing Personal Data;
- store as little Personal Data as possible and only the Personal Data that is necessary for the specific purposes;
- only process Personal Data if there is a valid basis for doing so;
- take appropriate security measures to protect Personal Data. We also impose these obligations on parties that process Personal Data for us;
- respect your rights, such as the right to access, correct, transfer, or delete your Personal Data.
We emphasise that we do not process any special categories of Personal Data. Thus, we do not process any Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, as described in Article 9(1) of the GDPR.
Please note that, while intellectual ability or a diagnosis of being highly gifted may sometimes be assessed by psychologists or educational professionals, the data itself is generally not considered “data concerning health” as defined by the GDPR. Health data in the GDPR refers to information related to the physical or mental health of a natural person, including the provision of health care services, which reveals information about their health status. However, data on giftedness is typically an assessment of cognitive ability or potential, not a medical diagnosis of a health condition, impairment, or illness. Therefore, it does not trigger the strict protections of Article 9 of the GDPR.
Our services are intended for persons aged 18 calendar years and older. We do not knowingly collect data from persons aged younger than 18 calendar years.
If you have any questions or would like to receive more information about how we handle your Personal Data, please contact us using the contact details provided in this privacy statement.
4. IHIQS.org
We find it important to inform you as detailed as possible about the purposes and activities of processing of Personal Data, the legal basis for that processing, the period for which we retain that Personal Data, and the parties which may be involved in that processing.
| Purpose of Processing | Categories of Personal Data Processed | Legal Basis (GDPR Art. 6) |
|---|---|---|
| Website Functionality (strictly necessary) | Country, browser information, device type. | Our legitimate interest is the continuous analysis and improvement of the website’s performance and user experience. |
| Website Analytics (statistical insight) | Duration of visit, referrer (other site/search engine, incl. keywords), clicked links. | Our legitimate interest is the continuous analysis and improvement of the website’s performance and user experience. |
| Social Media Extensions | No Personal Data is collected by IHIQS.org | Consent can be granted or withdrawn via a Consent Management Platform or link to cookie settings. We emphasize that consent withdrawal won’t affect prior processing. |
| Communication (contact form) | Name, E-mail, submitted question. | Our legitimate interest is to be able to respond to communication. |
| Membership Application | First name, surname, E-mail, Country, Date of Birth, Proof of membership eligibility (IQ score), Type of proof, optional shared notes. | Contractual Necessity (to assess the application and fulfil the membership agreement). |
| Invoicing and Accounting | Payment method, date, name, address, E-mail, Payment-ID, total amount. | Contractual Necessity (for billing, to get paid) and Legal Obligation (for bookkeeping and to comply with Dutch tax law, i.e., the Algemene wet inzake rijksbelastingen). |
| Member Platform Use | Name, E-mail, optional profile info (photo, location, expertise, links), shared content (posts, replies). | Contractual Necessity (to deliver the platform service). |
5. Recipients of your personal data
We share your personal data only when necessary to fulfill the purposes described above, with the following categories of external service providers and partners:
| Recipient Category | Purpose of Sharing | Specific Providers/Examples |
|---|---|---|
| Data Processors | Companies that process data strictly on our behalf for essential services. | Google Workspace (Email/Form Storage), [Server/Email Provider] (Hosting/Communication). |
| Payment Processors (PSPs) | For secure handling and processing of your membership fee payments. | PayPal, Stripe, Mollie. |
| Accounting & Legal | To comply with legal bookkeeping and tax obligations. | Boekhoudkantoor Roos Administraties. |
| Member Platform Host | For hosting and managing the member-only community and user profiles. | Mighty Networks. |
| Affiliate Partners | To track and verify eligible commissions for referrals. | 123Test. |
| Social Media Platforms | For displaying social media extensions on our website. | LinkedIn, Facebook, Instagram. |
We ensure that all external processors are bound by a Data Processing Agreement (DPA) to guarantee they process your personal data securely and confidentially, strictly according to our instructions.
6. International data transfers
Your data may be transferred to and processed by providers located outside the European Economic Area (EEA), such as those located in the United States (e.g., Google Workspace, Mighty Networks).
We ensure that any such transfer is protected by appropriate safeguards as required by the GDPR. These safeguards typically include:
- The use of Standard Contractual Clauses (SCCs) adopted by the European Commission.
- Conducting Transfer Impact Assessments (TIAs) and implementing supplementary measures to ensure that your data maintains a level of protection essentially equivalent to that guaranteed within the EEA.
By engaging with our services, you acknowledge that your data may be transferred to these third parties in accordance with these safeguards.
7. Retention
We retain your Personal Data only for as long as necessary to fulfil the purposes for which it was collected and to satisfy any legal, accounting, or reporting requirements.
| Processing Activity | Category of Data Subject | Retention Period | Reason |
|---|---|---|---|
| Contact Form | Contact persons | 1 month after submission. | To finalise communication. |
| Application | Rejected candidates | 1 month after submission. | To finalise the rejection process. |
| Application | Verified, non/late-paying candidates | 6 months after submission. | To finalise payment reminders. |
| Application | Actual members | 6 months after submission. | Members manage their sharing on the Member Platform themselves. |
| Invoicing/ Accounting | Paying customers | Legal term (7 years). | To comply with legal tax and audit requirements. |
| Member Platform | Users | Until the member deletes their data, account, or when the account is removed. With a maximum cool-down retention period post-account closure of 1 month. | To provide the service. |
8. Security
We protect your Personal Data by taking technical and organisational measures against unauthorised, unlawful, or accidental access, loss, destruction, or damage to Personal Data. We ensure that only the necessary persons have access to your Personal Data, that access to Personal Data is secure, and that our security measures are regularly checked and evaluated. We continuously take steps to improve data security.
We have implemented appropriate technical and organisational measures to protect your personal data.
- IQ Data Security: Given the high risk associated with the IQ test results, we process this data with a very high security level.
- Application Storage: Submitted application forms are not stored in the website’s Content Management System (CMS), but are sent securely via email (Google Workspace).
- Ongoing Review: We continuously review our security measures (indicated by ‘check’ in our register).