EU Data Protection Regulation

GDPR Compliance

At GeniuzQuiz, we are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). Learn about your rights and how we safeguard your information.

Regulation: EU 2016/679 | Effective Date: May 25, 2018 | Last Updated: December 10, 2025

Fully GDPR Compliant

GeniuzQuiz is fully compliant with the General Data Protection Regulation (GDPR). We implement appropriate technical and organizational measures to ensure a high level of security and protection for your personal data.

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law in the European Union that came into effect on May 25, 2018. It gives individuals greater control over their personal data and imposes strict obligations on organizations that process personal data.

Who Does It Apply To?

GDPR applies to any organization that processes personal data of individuals in the EU, regardless of where the organization is located.

What is Personal Data?

Any information relating to an identified or identifiable person, including names, email addresses, IP addresses, location data, and online identifiers.

Key Principles

Lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.

Your Data Protection Rights

Under GDPR, you have comprehensive rights regarding your personal data. Here's what you can do:

Right of Access

Request access to your personal data and receive a copy of the information we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure

Request deletion of your personal data ('right to be forgotten') under certain circumstances.

Right to Restriction

Request restriction of processing of your personal data in certain situations.

Right to Data Portability

Receive your personal data in a structured, machine-readable format and transfer it to another provider.

Right to Object

Object to processing of your personal data for direct marketing or other purposes.

Additional Rights

You also have the right to:

  • Withdraw consent: Where processing is based on consent, you can withdraw it at any time
  • Lodge a complaint: File a complaint with your local data protection authority
  • Not be subject to automated decisions: Request human review of automated decisions that significantly affect you

Request Data Deletion or Export

Exercise your GDPR rights instantly

Enter the email address associated with your GeniuzQuiz account

What happens next?

  • • You'll receive a confirmation email within 24 hours
  • • We'll verify your identity to ensure data security
  • • Your request will be processed within 30 days (GDPR requirement)
  • Warning: Data deletion is permanent and cannot be undone

By submitting this form, you confirm that you are the owner of the email address provided.

How to Exercise Your Rights

We make it easy for you to exercise your GDPR rights. Use the form above or contact us directly:

Self-Service Options

  • Account Settings:

    Access, update, or delete your account information directly from your dashboard

  • Data Export:

    Download your data in machine-readable format from your account settings

  • Privacy Settings:

    Control cookie preferences and marketing communications in your account

Contact Us Directly

For requests that require manual processing or if you need assistance:

Data Protection Officer

dpo@geniuzquiz.com

Privacy Team

privacy@geniuzquiz.com

Response Time

We will respond to your request within one month of receipt. In complex cases, we may extend this by two additional months and will inform you of any such extension.

Legal Basis for Processing

Under GDPR, we must have a valid legal basis for processing your personal data. Here are the legal bases we rely on:

Consent

You have given clear consent for us to process your personal data for a specific purpose.

Examples:

  • Marketing communications
  • Optional analytics cookies
  • Newsletter subscriptions

Contract

Processing is necessary for a contract we have with you, or to take steps before entering into a contract.

Examples:

  • Account creation and management
  • Service delivery
  • Payment processing

Legal Obligation

Processing is necessary for us to comply with legal obligations.

Examples:

  • Tax records
  • Financial reporting
  • Law enforcement requests

Legitimate Interests

Processing is necessary for our legitimate interests or those of a third party, unless overridden by your rights.

Examples:

  • Fraud prevention
  • Network security
  • Business analytics

What Data We Collect and Why

We only collect personal data that is necessary for providing our services and complying with legal obligations.

Account & Profile Data

What We Collect:

  • • Name, email address, password
  • • Company name, phone number
  • • Profile picture and preferences

Why We Collect It:

  • • To create and manage your account
  • • To provide customer support
  • • To communicate service updates

Legal Basis: Contract, Consent

Usage & Analytics Data

What We Collect:

  • • Device information, IP address
  • • Browser type, operating system
  • • Pages visited, features used
  • • Click patterns, time spent

Why We Collect It:

  • • To improve our services
  • • To understand user behavior
  • • To detect and prevent fraud
  • • To optimize performance

Legal Basis: Legitimate Interests, Consent (for cookies)

Payment & Billing Data

What We Collect:

  • • Payment method details (via processors)
  • • Billing address
  • • Transaction history

Why We Collect It:

  • • To process payments
  • • To send invoices and receipts
  • • To comply with tax obligations

Legal Basis: Contract, Legal Obligation

Quiz Respondent Data

What We Collect:

  • • Quiz responses and answers
  • • Contact information (if provided)
  • • Completion data

Why We Collect It:

  • • To provide quiz results
  • • To enable lead generation
  • • As directed by quiz creator

Legal Basis: Consent (provided to quiz creator)

Note: When you use GeniuzQuiz to collect data from quiz respondents, YOU act as the data controller and are responsible for obtaining necessary consents and complying with GDPR.

How We Protect Your Data

We implement appropriate technical and organizational measures to ensure a high level of security for your personal data.

Encryption

TLS 1.3 for data in transit and AES-256 encryption for data at rest

Access Controls

Role-based access control and multi-factor authentication for staff

Monitoring

24/7 security monitoring and automated threat detection systems

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Notify affected individuals without undue delay if there's a high risk
  • Take immediate steps to mitigate the breach and prevent future occurrences

International Data Transfers

Your personal data may be transferred to and processed in countries outside the EEA. We ensure appropriate safeguards are in place.

Safeguards for International Transfers

Standard Contractual Clauses (SCCs)

We use Standard Contractual Clauses approved by the European Commission to ensure your data receives adequate protection when transferred outside the EEA.

Adequacy Decisions

Where possible, we transfer data to countries that have been deemed to provide adequate protection by the European Commission.

Data Processing Agreement (DPA)

Enterprise customers can request a Data Processing Agreement (DPA) that includes:

  • Standard Contractual Clauses
  • Security measures and controls
  • Data subject rights procedures
  • Breach notification obligations

Contact legal@geniuzquiz.com to request a DPA

Data Retention

We only retain your personal data for as long as necessary to fulfill the purposes for which it was collected.

Retention Periods

  • Active accounts:

    Data retained while your account is active and for a reasonable period after

  • Financial records:

    Retained for 7 years for accounting and tax purposes

  • Marketing data:

    Retained until you opt out or withdraw consent

Secure Deletion

When data is no longer needed, we securely delete or anonymize it using industry-standard practices:

  • Secure deletion protocols
  • Data anonymization where possible
  • Backup deletion procedures

Your Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority.

EU Supervisory Authorities

You can file a complaint with the data protection authority in:

  • • Your country of residence in the EU
  • • Your place of work in the EU
  • • The place where you believe the infringement occurred

Find your local authority: EDPB Members

Contact Us First

We encourage you to contact us first so we can address your concerns:

Data Protection Officer

dpo@geniuzquiz.com

Mailing Address

GeniuzQuiz, Inc.
117 5th Avenue SW
Minot, ND 58702, USA

GDPR Contact Information

For questions about our GDPR compliance or to exercise your rights:

Data Protection Officer

dpo@geniuzquiz.com

For GDPR-related inquiries

Privacy Team

privacy@geniuzquiz.com

For data requests and privacy questions

Mailing Address

GeniuzQuiz, Inc.
ATTN: Data Protection Officer
117 5th Avenue SW
Minot, ND 58702
United States

Related Resources

Privacy PolicyCookie PolicySecurityTerms of Service

Last updated: December 10, 2025 | This page describes our GDPR compliance as of this date.