GDPR Compliant

GDPR Compliance

Name: Testrize
Address: Herengracht 450, Amsterdam, 1017 CA, NL
Telephone: +31-20-123-4567
Price range: Free

Your data protection rights under the General Data Protection Regulation (GDPR)

Last Updated: January 15, 2025

Testrize LLC is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and what rights you have regarding your personal information.

If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, you have specific rights under GDPR that we fully respect and uphold.

Data Controller

Testrize LLC is the data controller responsible for your personal information. You can contact us at:

Testrize LLC

350 Fifth Avenue, Suite 7680

New York, NY 10118

United States

Email: dpo@testrize.com

Phone: +1 (888) 555-1234

Business Hours: Mon-Fri, 9AM-6PM EST

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

Request copies of your personal data

Right to Rectification

Request correction of inaccurate data

Right to Erasure

Request deletion of your data ("right to be forgotten")

Right to Restrict Processing

Request limitation of data processing

Right to Data Portability

Receive your data in a structured format

Right to Object

Object to processing of your data

Automated Decision-Making

Not be subject to automated decisions

Right to Lodge a Complaint

File a complaint with supervisory authority

How to Exercise Your Rights

To exercise any of your GDPR rights, please follow these steps:

Submit Your Request

Email us at dpo@testrize.com with your request. Please include your full name, email address, and specify which right(s) you wish to exercise.

Identity Verification

We may ask for additional information to verify your identity and ensure we're protecting your data from unauthorized access.

Response Timeline

We will respond to your request within 30 days. In complex cases, we may extend this by an additional 60 days and will inform you of any delay.

No Fee Required

You will not have to pay a fee to access your personal data or exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

Legal Basis for Processing

We only process your personal data when we have a legal basis to do so under GDPR:

Processing Activity	Legal Basis
IQ Test Administration	Consent
Results Delivery	Contract Performance
Payment Processing	Contract Performance
Email Communications	Consent
Service Improvement	Legitimate Interest
Fraud Prevention	Legitimate Interest
Legal Compliance	Legal Obligation
Marketing Communications	Consent

Data Protection Measures

We implement appropriate technical and organizational measures to ensure data security:

Technical Measures

256-bit SSL/TLS encryption for data transmission
AES-256 encryption for data at rest
Regular security audits and penetration testing
Secure cloud infrastructure with redundancy
Automated backup systems

Organizational Measures

Access controls and role-based permissions
Employee training on data protection
Confidentiality agreements with staff and vendors
Data Protection Impact Assessments (DPIAs)
Incident response procedures

Data Retention Periods

We retain your personal data only for as long as necessary:

Data Type	Retention Period	Reason
Test Results	7 years	Scientific validity and user access
Account Information	3 years after last activity	Service provision
Payment Records	7 years	Legal and tax requirements
Marketing Consent	Until withdrawn	Consent-based processing
Email Communications	2 years	Customer service
Analytics Data	26 months	Service improvement
Support Tickets	3 years	Quality assurance

International Data Transfers

Your personal data may be transferred to and processed in countries outside the EEA. We ensure appropriate safeguards are in place:

Transfer Safeguards

Standard Contractual Clauses (SCCs): We use EU-approved SCCs with all data processors outside the EEA
Adequacy Decisions: We transfer data to countries recognized by the EU as providing adequate protection
Data Processing Agreements: All vendors sign comprehensive DPAs ensuring GDPR compliance
Regular Audits: We conduct periodic reviews of international data transfers

US Data Transfers

Our primary servers are located in the United States. We comply with the EU-U.S. Data Privacy Framework principles and implement additional safeguards to protect your data.

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms:

72-Hour Notification

We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33.

User Notification

If the breach is likely to result in a high risk to your rights and freedoms, we will notify you directly without undue delay, including:

Nature of the personal data breach
Likely consequences of the breach
Measures taken to address the breach
Recommended actions you should take

Children's Privacy

Our services are intended for users aged 16 and above. We do not knowingly collect personal data from children under 16 without parental consent, in compliance with GDPR Article 8.

If you are a parent or guardian and believe your child under 16 has provided us with personal data without your consent, please contact us immediately at dpo@testrize.com.

We will take steps to delete such information from our systems within 30 days of verification.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of alleged infringement.

Lead Supervisory Authority

Data Protection Commission (Ireland)

21 Fitzwilliam Square South

Dublin 2, D02 RD28

Ireland

Phone: +353 (0)761 104 800

Email: info@dataprotection.ie

Website: www.dataprotection.ie

You can also contact your local supervisory authority. Find your local authority at: EDPB Member List

Contact Our Data Protection Officer

For any questions about this GDPR compliance statement or to exercise your rights, please contact our Data Protection Officer:

Contact Details

dpo@testrize.com

+1 (888) 555-1234

Mon-Fri, 9AM-6PM EST

48-hour response guarantee

This GDPR Compliance page was last updated on January 15, 2025

We are committed to protecting your privacy and ensuring GDPR compliance.