Privacy Notice

AonAssessmentPractice.com is operated by Assess.ly BV, a private limited company registered in the Netherlands (KVK 76121224), with its registered address at E. Van Slogterenlaan 7, 2104 CH, Heemstede. For privacy matters, contact support@assess.ly.

Assess.ly BV acts as the data controller for personal data we collect about you through the Service. Our payment provider, Paddle, acts as an independent data controller in respect of the personal data it processes as Merchant of Record (payments, tax, invoicing).

• Identification & contact: email address you provide to sign in or purchase.
• Account data: sign-in tokens (magic links), session identifiers.
• Usage data: which practice tests you start, attempt, and complete; scores and progress.
• Support messages: the content of any emails you send us.
• Technical data: IP address, browser, device identifiers, and log data (for security and abuse prevention).
• Cookies: see Section 9.

Payment card data is collected directly by Paddle and is not seen or stored by us.

We share personal data with the following categories of recipients:

• Paddle — our Merchant of Record for the sale of the product, payments, tax compliance, and invoicing.
• Hosting and infrastructure providers that operate the Service on our behalf.
• Email delivery providers for transactional emails such as sign-in links and receipts.
• Professional advisers (legal, accounting) where strictly necessary.
• Authorities where required by law.

We do not sell personal data.

Some of our service providers may process personal data outside the EU/EEA. Where this is the case, we rely on adequacy decisions or Standard Contractual Clauses (SCCs) approved by the European Commission to safeguard your data.

We keep account and usage data for as long as your account is active, and afterwards for as long as necessary to comply with legal obligations (e.g. tax records: up to 7 years in the Netherlands), resolve disputes, and enforce our agreements. After that, data is deleted or anonymised.

Under the GDPR you have the right to: access your personal data, rectify inaccurate data, erase your data, restrict or object to processing, request data portability, and withdraw consent at any time where processing is based on consent. You also have the right to lodge a complaint with a supervisory authority — in the Netherlands, the Autoriteit Persoonsgegevens. To exercise your rights, contact support@assess.ly. We aim to respond within one month.

We use a small number of cookies and similar technologies:

• Essential — required to sign you in and keep your session active.
• Functional — to remember your progress and preferences locally in your browser.

We do not currently use advertising or third-party tracking cookies. You can clear cookies and local storage in your browser settings.

We apply appropriate technical and organisational measures to protect personal data, including encryption in transit (TLS), access controls, and least-privilege principles for our team. No security measure is perfect — please use a strong, unique email password and notify us promptly of any suspected unauthorised access at support@assess.ly.

We may update this Privacy Notice. Material changes will be reflected by updating the "Last updated" date and, where appropriate, notifying you by email.