📜 PRIVACY NOTICE
Hyppobrain & Sophron
Last updated: 18 november 2025
1. Who we are
This Privacy Notice applies to:
Hyppobrain – our public-facing website and strategic learning services.
Sophron – our digital assessment platform for digital competence (currently in pilot phase).
Data Controller:
Hyppobrain
Poekstraat 5, 9921 Vinderhoute, Belgium
BE08 32 75 21 26
📧hello@hyppobrain.com
Hyppobrain processes personal data in accordance with the EU General Data Protection Regulation (GDPR).
PART A – HYPPOBRAIN (PUBLIC WEBSITE)
2A. Personal data we collect
2A.1 Information you provide
When you contact us via the website’s contact form, email or telephone, we may collect:
Name (if provided)
Email address
Optional phone number
The content of your message
2A.2 Automatically collected data
Our website collects only minimal, technically necessary information for security and functionality, such as:
(Anonymised) IP address
Browser and device type
Pages visited
We do not use advertising cookies or analytics tools such as Google Analytics.
Some third-party scripts (e.g. for security, embedded forms or social content) may require cookies.
These are only activated after you give consent via our cookie banner.
3A. Why we process this data
| Purpose | Legal basis (GDPR) |
|---|---|
| Responding to your enquiry | Contract performance / Consent |
| Website security & functionality | Legitimate interest (Art. 6.1f) |
| Registering cookie preferences | Legal obligation (ePrivacy/GDPR) |
4A. Sharing your data
We work exclusively with EU-based, GDPR-compliant processors for:
hosting and security
contact form handling
cookie consent management
We do not sell your data,
We do not share your data outside the EEA,
We do not share your data with advertisers.
5A. Retention periods (Hyppobrain)
| Data type | Retention period |
|---|---|
| Contact requests | 12 months |
| Technical logs | Up to 30 days |
| Cookies | As shown in our Cookie Policy |
PART B – SOPHRON (ASSESSMENT PLATFORM – PILOT PHASE)
2B. Personal data we process
During the Sophron pilot, we intentionally limit data processing to what is strictly necessary:
Email address (for communication and access)
Unique technical ID (pseudonym, unless the client supplies names)
Closed-question assessment responses
Derived scores / competence levels
We do NOT process:
❌ special categories of data (health, religion, ethnicity, etc.)
❌ free-text fields
❌ behavioural or commercial tracking data
Important clarification:
The Sophron application does not store IP addresses or location data.
However, as with any online service, our hosting and security infrastructure may temporarily process IP addresses in technical logs. These logs are used exclusively for security monitoring and are automatically deleted after a short period.
3B. Why we process Sophron data
| Purpose | Legal basis (GDPR) |
|---|---|
| Running the digital competence assessment | Contract performance / Consent |
| Reporting (individual / team / organisation) | Legitimate interest (Art. 6.1f) |
| Improving the tool during the pilot phase | Legitimate interest + data minimisation |
Sophron is only used within a contractual relationship with a participating organisation or with explicit user consent.
4B. Processors & Data Location
Sophron uses a limited set of EU-based, GDPR-compliant processors to provide:
hosting and storage
email communication
authentication
security
workflow automation (if required during pilots)
We do not publicly list individual processors.
Full processor details are shared transparently with clients through:
Data Processing Agreements (DPAs)
Data Protection Impact Assessments (DPIAs) when required
This protects both data security and our intellectual property.
5B. Retention periods (Pilot)
| Data type | Retention period | Notes |
|---|---|---|
| Assessment responses | Up to 6 months | Automatically deleted after pilot |
| Individual reports | Up to 12 months | Then deleted or anonymised |
| Aggregated anonymous data | Retained indefinitely | Used only for tool improvement |
6. Your GDPR rights
You have the right to:
access your personal data
correct inaccurate data
request deletion (“right to be forgotten”)
restrict processing
object to processing
withdraw consent at any time
request data portability
To exercise these rights, contact:
📧hello@hyppobrain.com
We may ask you to verify your identity for security reasons.
7. How we protect your data
We implement appropriate technical and organisational measures, including:
EU-based hosting
encrypted connections (HTTPS/TLS)
data minimisation & pseudonymisation where possible
role-based access (“need-to-know”)
automated deletion after retention periods
monitoring and handling of security incidents
No system is completely risk-free,
but we maintain a level of security appropriate to the nature of the data we process.
8. Cookies & Tracking
Hyppobrain and Sophron:
do not use advertising or marketing cookies
do not use analytics tools such as Google Analytics
use only technically necessary cookies by default
activate third-party cookies only after consent via the cookie banner
See our Cookie Policy for details.
9. Questions & Complaints
For questions or concerns about this Privacy Notice:
📧hello@hyppobrain.com
You also have the right to lodge a complaint with the Belgian Data Protection Authority (GBA):
https://www.gegevensbeschermingsautoriteit.be