Privacy Policy

The data controller is the operator of the CogniveraIQ Service. Full contact details are on the /kontakt page. For data protection matters please contact us via the contact form.

We have not appointed a Data Protection Officer (DPO) as we are not legally required to do so — we do not process special categories of data on a large scale or carry out large-scale systematic monitoring.

We deliberately minimise data collection. By default, when you take the test, we do NOT require registration or personal data. The following categories of data may be processed:

• Technical data: IP address, device identifier, browser type, screen resolution, operating system, browser language, referrer. Collected automatically by the server and analytics tools.

• Test session data: your answers, time spent on questions, selected test version, selected language. Stored only in your browser's session storage and discarded when you close the tab. We do NOT send this to our servers.

• Form data (only if you voluntarily use the form): email address, message content — only when you contact us through the contact form.

• Cookies and similar technologies: see the cookie policy.

We process data for the following purposes and on the following legal bases:

• Providing the test service — basis: Art. 6(1)(b) GDPR (performance of a contract for electronic services to which you are a party).

• Security, fraud prevention, server logs — basis: Art. 6(1)(f) GDPR (legitimate interest — protection against attacks, abuse, unauthorised access).

• Statistics and analytics — basis: Art. 6(1)(a) GDPR (your consent via the cookie banner) or Art. 6(1)(f) (legitimate interest — for anonymous statistics).

• External advertising (Google AdSense) — basis: Art. 6(1)(a) GDPR (your consent).

• Responding to contact requests — basis: Art. 6(1)(f) GDPR (legitimate interest — replying to correspondence).

The Service may display advertisements provided by Google AdSense and other advertising networks ("ad networks"). These networks may use cookies and similar technologies to display ads tailored to your interests based on your browsing history on our and other sites.

Google uses DART cookies to serve ads to users based on their visits to this and other websites. You can opt out of DART cookie usage by visiting the Google Ads privacy policy: https://policies.google.com/technologies/ads

Privacy policies of ad networks: * Google AdSense: https://policies.google.com/privacy

We do not control cookies set by ad networks and are not responsible for their content or behaviour.

Data may be shared with:

• Infrastructure providers (hosting, CDN) — only as necessary to provide the Service.

• Ad networks (Google AdSense) — for cookies and advertising identifiers, with your consent.

• Analytics tools (if implemented) — for anonymised statistics.

• Authorities — only when required by law (e.g. court order, administrative decision).

We do NOT sell personal data. We do NOT share personal data for third-party marketing purposes.

Some data recipients (e.g. Google) may be located outside the European Economic Area (EEA), including in the USA. In such cases data is protected by Standard Contractual Clauses (SCC) approved by the European Commission and the Data Privacy Framework (DPF).

• Server logs (IP addresses, technical data) — maximum 12 months.

• Test session data — only in your browser's session storage, discarded when you close the tab.

• Contact form messages — up to 24 months after the end of correspondence.

• Analytics data — according to the analytics provider's policy.

After the retention period, data is deleted or anonymised.

You have the right to:

• Access your data — get a copy of your data (Art. 15 GDPR).

• Rectification of inaccurate or incomplete data (Art. 16 GDPR).

• Erasure ("right to be forgotten", Art. 17 GDPR).

• Restriction of processing in certain situations (Art. 18 GDPR).

• Data portability in a structured format (Art. 20 GDPR).

• Objection to processing based on legitimate interest (Art. 21 GDPR).

• Withdraw consent at any time, without affecting the lawfulness of processing carried out before the withdrawal (Art. 7(3) GDPR).

• Lodge a complaint with a supervisory authority — for users in the EU/EEA, your local data protection authority. For users in the UK, the Information Commissioner's Office (ICO) at https://ico.org.uk

To exercise any right, contact us via the contact form. We respond within 30 days.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know what personal information is collected, used, shared, or sold.
• Right to delete personal information.
• Right to correct inaccurate personal information.
• Right to opt out of the sale or sharing of personal information.
• Right to limit the use of sensitive personal information.
• Right to non-discrimination for exercising your rights.

We do NOT sell personal information as defined by CCPA. To exercise your rights, contact us via the contact form.

We use appropriate technical and organisational measures to protect data from unauthorised access, disclosure, alteration or destruction, including:

• HTTPS/TLS encrypted connections.
• Restricted data access to a minimum necessary.
• Regular software updates.
• Backups and recovery procedures.

However, please note that no internet system is 100% secure. Use of the Service is at your own risk.

The Service is not directed at children under 16 (or the applicable age in your jurisdiction). We do not knowingly collect personal data from children. If we learn that we have unintentionally collected data from a child, we will promptly delete it. Parents/guardians who suspect such a situation are asked to contact us.

We reserve the right to update this policy. We will notify of material changes prominently on the website. The date of the last update is at the top of the document. We recommend checking this page regularly.

For data protection matters, contact us via the contact form available at /kontakt.