Privacy Policy & Data Security

The provision of contact (Email) and other relevant information is required from you to enable us to communicate with you and to provide the services available on our website. We’ll inform you at the point of collecting information from you (including via this Privacy Policy), whether you’re required to provide the information to us. If you don’t provide the information requested we may not be able to provide the services which require the use of this information (e.g. certain features or assessments).

Personal information is processed by us, an entity incorporated in accordance with the laws of Germany and with the following contact details:

• Information in accordance with section 5 TMG
• Sophienstraße 63, 76133,  Karlsruhe, Germany
• Contact E-Mail: [email protected]
• Contact details for our Data Protection Officer: [email protected]

After you have taken the test we only retain your E-mail address to send out your personalised report. Processing of the sent data happens automatically. You have the choice of using a pseudonym as a name and also the age input is taken in as categorised input reducing any chance of tracing back the information to your identity. Furthermore, your personalised evaluation is also automatically deleted by us after its sent to you. The collected information throughout the questionnaire is depersonalised and used to make the test more intuitive, improve our measurement instruments, and future recommendations.

As a worldwide digital service, we need to work with a number of providers, some of which are located outside the UK and the European Economic Area (EEA), e.g. in the U.S., in order to be able to operate our website and to make our services available online. Some of our staff also operate outside Germany. Consequently, some of your personal data may be transferred outside Germany.

We’ll ensure that any transfer of your personal information outside the EEA where the GDPR applies to such transfer will be subject to the appropriate or suitable relevant safeguards (e.g. European Commission approved contract), as permitted under the GDPR, with those measures designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information.

In general, we use contract clauses for such transfers (as per the Article 46.2 of the GDPR), unless the country in question is judged adequate under the Article 45 of the GDPR.

Here’s a list of third party providers we’ll share your information with, if necessary:

• Microsoft, to deliver our non-newsletter e-mails, e.g., when we respond to your messages. Again, we’ll also collect information regarding e-mail delivery and opening rates to improve deliverability and help with troubleshooting.
• Stripe and PayPal, to process payments and conduct anti-fraud checks.
• Google, to analyze the behaviour of our visitors as well as to host our website, databases, and related assets and services.
• Teams and Signal, for our everyday communication and planning.

We’ve listed all our third party providers here to be as transparent as possible. In practice, “sharing” is a very generous term when it comes to us transferring your information outside our company. We always transfer as little data as we can, also encrypting it where possible. For instance, our e-mail service provider would need to know your e-mail address to deliver a personalised evaluation.

Similarly, we may discuss an issue you’re having on Teams or Signal, which technically counts as us transferring your information (such as the e-mail address linked to your account) to Teams & Signal servers – however, they wouldn’t be permitted to use that information for anything beyond what’s necessary to provide their service to us.

We use all reasonable security and access control measures to secure our accounts on third party websites and the data stored therein.

We keep your information only for as long as we need it to provide services to you and to fulfil the purposes described in this policy or as otherwise described in our Terms and Conditions.

Here are some examples of categories of data along with their periods of retention:

• Payment and order data, including relevant access logs – unlimited;
• Email and associated evaluation input – unlimited;
• Content submitted to our website, such as comments or forum posts – unlimited.

We’ll regularly delete emails that aren’t linked to any meaningful activity and have been inactive for more than two years. We’ll depersonalize your information or remove it entirely from our systems once we no longer need it to comply with our legal or regulatory obligations, or for other purposes described in this policy.

We take reasonable technical and organisational precautions to prevent the loss, misuse, or alteration of your personal information. For instance, we store this information on our secure (password and firewall-protected) servers, encrypt traffic to and from the website, and anonymize or pseudonymize personal information where possible.

Still, we can’t guarantee the complete security of data sent over the internet – for example, you may use your actual name in your email, someone may discover a vulnerability in the encryption protocol that we use, your internet service provider may record the data you send, and so on. Please take care when posting sensitive data.

We will process your data when we have to deliver you your personalised evaluation. This results in us having to process your data for purposes of providing you with both the Services, as well as to perform our obligations under the Services Terms and Conditions.

Subject to obtaining your consent, and as long as you do not withdraw any such consent, we may also process your data for the following purposes:

• To send you electronic commercial communications (if you subscribe to a newsletter), to attain feedback or to answer the requests you may address us when contacting us;
• To process information obtained through cookies, as described in more detail in the Cookie Policy, and subject to the terms set forth therein;
• We use Google Analytics for profiling purposes based on user behavior and how they browse the Site and use the Services, to build audiences. Please note that this data cannot lead to identifying a users personal identity and is anonymous. We may attain this information by means of cookies. In those cases, your acceptance of the installation and use of cookies results in a data processing for profiling purposes, as described in this paragraph.
• When we have to comply with a legal obligation applicable to us from time to time, such as those set forth in tax and anti-money laundering laws and regulations. In any such cases, the data will be processed only during the periods set forth by said laws, being deleted thereafter.

Finally, we may also process your data to protect our legitimate interests, as long as said data is strictly necessary to fulfil the goals set forth below, namely:

• To review, monitor, investigate, and analyze how to improve the Services and/or the Site, as well as to keep our Services and the Site secure and operational and prevent abusive activity (e.g. fraud, spam, phishing activities, etc.). This may include sending you feedback forms to assess any problems in the service or know how to improve your user experience. The interests at stake are ensuring a correct and safe environment for both other users and us, taking those interests prevalence over your legitimate interests (we need to create and maintain an environment which is in accordance with the law, the legitimate interests of other parties, what other users may expect from our end, and to protect other users’ security when accessing the Site and using the Services);
• Besides any commercial electronic and non-electronic commercial communication sent when we have obtained your consent as mentioned above, we may also send you those kind of communications when you are our client. In this last case, we will only send you information belonging to us and concerning services and/or products identical or similar to the ones you have contracted with us. In these cases, we have a legitimate interest in processing your contact information to keep you informed about any of our products and services, prevailing this interest over your right to personal data given the non-sensitive nature of the data in question and the fact that the contractual relationship built with our clients results in those clients expecting these kinds of communications; and
• Upon dissociating the data we have so as to be impossible to be associated to you or any other person, to perform statistical and other analysis on information we collect (technical and metadata) to analyze and measure user behavior and trends, to understand how people use our services, in order to improve and optimize our performance of such services.

You have the right to withdraw your consent at any time. You also have the right to request access to, and rectification of, or erasure of your personal data, or restriction of processing, or to object to processing, as well as the right to data portability. We allow you to exercise the above-mentioned rights at any time by opening a support ticket via the Help Center, by contacting our Support Center ([email protected])

You can update any information we may have from you by sending us a written communication. Please remember that it is your duty to keep the information updated so we can correctly provide you with the Services, and you undertake to verify the information you have handed us from time to time to make sure that it is accurate.

You are entitled to ask us, now or at any moment, not to send you any kind of emails or commercial communications. Note that this will not prevent the sending of emails or other communications related to the Services, as those communications are necessary to perform the relationship we have with you.

We may amend this Privacy Policy from time to time. Alternatively, we may post any non-material changes to this Privacy Policy on the Site with a notice advising of the changes in advance of the effective date of the changes. We may also notify you of material changes to this Privacy Policy, before the effective date of the changes, by sending an email or otherwise. If you do not agree to any non-substantial change to this Privacy Policy, you have the freedom to not use our service.

This policy is drafted both in plain and legal versions. In case of any discrepancies, the legal version included herein shall prevail and take precedence with respect to the plain version.