We use essential cookies to keep the site secure and functional. With your consent, we also run session recording and analytics (Microsoft Clarity and Google Analytics 4) and load fonts from Google. See our Cookie Policy for full details.
How we collect, use, store, and protect your personal data. Covers website visitors, platform users, assessment participants, and our benchmark dataset.
Last Updated: May 2026 · Version 2.0Section 01
The Bi Method B.V. (KvK registration pending), registered in the Netherlands ("The Bi Method", "we", "us", "our"), is the Data Controller for personal data collected through our website, marketing activities, and our Benchmark Dataset.
For personal data collected through our platform on behalf of Client Organisations conducting team assessments, we act as a Data Processor. The Client Organisation is the Data Controller for their employees' data. See Section 5 for details.
Our primary data protection supervisory authority is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
Data protection enquiries: privacy@thebimethod.com
Section 02
This Privacy Policy applies to personal data we process in connection with:
This policy does not cover the data practices of Client Organisations (employers) who use us to assess their teams. Those organisations are Data Controllers bound by their own privacy obligations and our Data Processing Agreement.
Section 03
| Category | Data Collected | Purpose |
|---|---|---|
| Website & Analytics | IP address, browser type, pages visited, time on page, device type | Website performance, UX improvement, security |
| Contact Forms | Name, email, company, role, message | Responding to enquiries, sales follow-up |
| Account Registration | Name, email, company, country, role, password (hashed) | Account creation, authentication, billing |
| Payment & Billing | Billing name, billing address, VAT number. Card details processed by Stripe — we do not store full card details. | Processing payments, invoicing |
| Assessment Responses | Responses to The Bi Method assessment, anti-pattern scores, severity classifications, timestamp | Generating team reports; building anonymised Benchmark Dataset |
| Platform Usage | Login times, feature usage, report generation activity, session duration | Security monitoring, product improvement |
| Communications | Email content, support history | Customer support, record-keeping |
| Marketing Preferences | Email, communication preferences, opt-in/out history | Marketing where consented |
What We Do Not Collect
We do not collect biometric data, health or medical data, racial or ethnic origin, political opinions, religious beliefs, or trade union membership. Our assessments relate to observable team behavioural patterns — they are not psychological or medical assessments.
Section 04
Under EU GDPR, we are required to have a lawful basis for every processing activity:
| Processing Activity | Lawful Basis | Notes |
|---|---|---|
| Providing the Platform | Contract (Art. 6(1)(b)) | Necessary to perform the subscription contract |
| Account management and billing | Contract (Art. 6(1)(b)) | Necessary for the subscription agreement |
| Website analytics and security | Legitimate Interests (Art. 6(1)(f)) | Our interest in operating and securing our website |
| Generating assessment reports | Contract (Art. 6(1)(b)) | Client Organisation is Data Controller for participant data |
| Building the Benchmark Dataset | Legitimate Interests (Art. 6(1)(f)) | Benchmark Data is irreversibly anonymised and not personal data |
| Marketing to existing customers | Legitimate Interests (Art. 6(1)(f)) | Soft opt-in; opt-out available anytime |
| Marketing to new contacts | Consent (Art. 6(1)(a)) | Explicit opt-in required; consent recorded with timestamp |
| Legal compliance | Legal Obligation (Art. 6(1)(c)) | Required by applicable law |
| Responding to enquiries | Legitimate Interests (Art. 6(1)(f)) | You initiated contact and expect a response |
Section 05
Key Distinction — Controller vs Processor
When Client Organisations use The Bi Method to conduct team assessments, the employees completing those assessments are data subjects of the Client Organisation (the Data Controller), not of The Bi Method. We process assessment data only on documented instructions from the Client Organisation.
If you are an employee who completed a Bi Method assessment and want to exercise your data rights, contact your employer first. You may also contact us at privacy@thebimethod.com — we will direct your request appropriately.
A Data Processing Agreement (DPA) governing this relationship is available at thebimethod.com/dpa.
Section 06
Genuine Anonymisation — Not Pseudonymisation
The Bi Method Benchmark Dataset is built exclusively from anonymised, aggregated data. The anonymisation process is technically irreversible. No individual or organisation can be identified. Consistent with Recital 26 of the EU GDPR, anonymised data is not personal data and is not subject to GDPR rules, including erasure rights.
To power in-platform benchmark comparisons; to provide aggregate industry data to subscribed Consultants; to inform our published research and content; to improve our methodology; for investor reporting and platform valuation. We may commercially exploit this dataset.
Section 07
We use cookies and similar technologies on our website. When you first visit, a cookie consent banner will appear allowing you to accept, reject, or customise categories. You can update your preferences at any time using the "Cookie Preferences" link in the footer.
| Cookie Type | Purpose | Consent |
|---|---|---|
| Strictly Necessary | Authentication, security, session management, consent preference storage | No — essential |
| Analytics & Performance | Understanding how visitors use the site (Google Analytics 4, Microsoft Clarity). Only activated after consent. | Yes |
| Functional | Remembering preferences and settings | Yes |
We do not use marketing or retargeting cookies. Our full Cookie Policy is at thebimethod.com/cookies.
Section 08
We do not sell personal data. We share data only as follows:
Section 09
We are incorporated in the Netherlands and process data primarily within the European Union. Where our sub-processors are located outside the EU (for example, US-headquartered cloud providers), we ensure appropriate safeguards through EU Standard Contractual Clauses (SCCs) or European Commission adequacy decisions.
Section 10
| Data Category | Retention | Reason |
|---|---|---|
| Account data (active) | Duration of account + 2 years after closure | Contractual obligations, legal disputes |
| Assessment Data (active subscription) | Duration of subscription | Service delivery |
| Assessment Data (after subscription ends) | 90 days after termination | Data export window; permanently deleted after |
| Benchmark Dataset | Indefinitely | Anonymised data — not personal data under GDPR |
| Financial records | 7 years | Dutch accounting law (Burgerlijk Wetboek) |
| Contact and marketing enquiries | 3 years from last interaction | CRM management |
| Support communications | 3 years from resolution | Service improvement, disputes |
| Website analytics | 26 months | Trend analysis |
| Security logs | 12 months | Incident investigation |
Section 11
You have the following rights. We respond to all valid requests within one calendar month at no charge. Email privacy@thebimethod.com with subject "Data Rights Request".
Request a copy of all personal data we hold about you.
Request correction of inaccurate data.
Request deletion of your data in certain circumstances. Erasure does not extend to anonymised Benchmark Data or data we are legally required to retain.
Request we pause processing your data in certain circumstances.
Request your data in a structured, machine-readable format (JSON or CSV).
Object to processing based on legitimate interests at any time. Object to direct marketing at any time — we will stop immediately.
We do not make solely automated decisions with legal or significant effects. All Reports are presented to human reviewers.
Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
Identity verification: We verify your identity before fulfilling any data rights request.
Assessment participants: If you completed a Bi Method assessment as part of your employment, contact your employer first. They are the Data Controller. We will support them in fulfilling your request.
Section 12
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information.
The Bi Method does not sell, and has not sold in the preceding 12 months, personal information to third parties as defined under the CCPA. We also do not "share" personal information for cross-context behavioural advertising.
Email privacy@thebimethod.com with subject "CCPA Request". We will verify your identity and respond within 45 days. You may also designate an authorised agent to make requests on your behalf.
In the preceding 12 months, we may have collected: identifiers (name, email), commercial information (subscription details), internet activity (usage data, cookies with consent), and professional information (company name, role). See Section 3 for full details.
Section 13
We implement appropriate technical and organisational measures to protect personal data, including:
In the event of a breach likely to risk individuals' rights and freedoms, we will notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours as required by EU GDPR Article 33. Where the breach presents high risk to individuals, we will also notify affected individuals without undue delay.
If you discover a security issue, please report it responsibly to security@thebimethod.com. We investigate all reports promptly and do not take legal action against good-faith researchers.
Section 14
The Platform is for business and professional use only. We do not knowingly collect personal data from individuals under 18. If you believe we have inadvertently collected data from a minor, contact privacy@thebimethod.com and we will delete it promptly.
Section 15
We may update this Privacy Policy from time to time. For material changes, we will notify you by email and/or prominent notice on the Platform at least 30 days before the changes take effect. The "Last Updated" date at the top reflects the last update. Previous versions are available upon request.
Section 16
If you are not satisfied with how we handle your data or believe we are processing it unlawfully, you have the right to complain to:
We prefer to resolve complaints directly. Contact us first and we will make every effort to address your concerns promptly.