Privacy Policy

1. Who is responsible for the app and website?

Controller: Max Riedel
Address: Gartenstr. 137a, 60596 Frankfurt, Germany
Email: eu.quiz.app@gmail.com

The EU Quiz App is an independent educational tool not affiliated with the European Personnel Selection Office (EPSO) or any European Union institution.

2. Scope of this Privacy Policy

This Privacy Policy applies to:

• The EU Quiz mobile application (iOS)
• The website associated with the EU Quiz App
• All data processing activities related to these services

This policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable German data protection laws.

3. What personal data do we process?

We process the following categories of personal data:

3.1. App Preferences and Local Settings

• Selected app language
• Locally stored bookmarks and quiz progress
• User preferences and settings

Legal basis: Contract performance (Art. 6(1)(b) GDPR) - necessary to provide the app functionality.

3.2. Purchase and Entitlement Information

• Information about whether premium access is active
• Transaction data provided by Apple's in-app purchase system
• Receipt and entitlement verification data

Legal basis: Contract performance (Art. 6(1)(b) GDPR) - necessary to provide premium features.

Note: We do not collect or store payment card details. Payment processing is handled exclusively by Apple through its App Store infrastructure.

3.3. Advertising-Related Data (Free Version Only)

When you use the free version of the app, we may process:

• Advertising identifiers (IDFA on iOS)
• Device and app usage data for ad delivery and frequency capping
• Non-personalized contextual information

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) for ad delivery and fraud prevention; Consent (Art. 6(1)(a) GDPR) where required for personalized advertising.

Note: The processing of advertising data is primarily carried out by Google AdMob. Where required by law, we will request your consent before processing data for personalized advertising.

3.4. Support and Communication Data

When you contact us via email:

• Your email address
• The content of your message
• Any additional information you voluntarily provide

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) to respond to inquiries and improve service quality.

3.5. Technical Diagnostics (Voluntary)

If you choose to send technical diagnostics through our support flow:

• Device model
• iOS version
• App version
• Locale settings

Legal basis: Consent (Art. 6(1)(a) GDPR) - you actively choose to send this data.

3.6. Website Access Data

When you visit our website, the following technical data may be automatically processed by our hosting provider:

• IP address (anonymized where technically possible)
• Browser type and version
• Operating system
• Referring website
• Access time and date
• Pages visited

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) for website security, stability, and technical administration.

4. Data stored on your device

Certain information is stored locally on your device to enable app functionality:

• Language preference
• Bookmarked quiz questions
• Quiz progress and scores
• App settings

This local storage is used solely to provide the app experience and is not used for advertising tracking or profiling. Data stored locally remains on your device until you delete the app, clear the app data, or change the settings.

5. How do we use your personal data?

We use your personal data for the following purposes:

5.1. Service Provision

• To provide, operate, and maintain the app and website
• To enable core features such as quiz functionality, progress tracking, and bookmarks
• To determine and verify premium access status

Legal basis: Contract performance (Art. 6(1)(b) GDPR).

5.2. Advertising (Free Version)

• To display ads in the free version of the app
• To control ad frequency and prevent fraud
• To measure ad performance

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) and consent (Art. 6(1)(a) GDPR) where required.

5.3. Customer Support

• To respond to support requests and inquiries
• To troubleshoot technical issues
• To improve support quality

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

5.4. Security and Legal Compliance

• To protect against abuse, fraud, and security threats
• To comply with legal obligations
• To enforce our terms and conditions

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) and legal obligation (Art. 6(1)(c) GDPR).

6. Website usage and cookies

6.1. Technical Access Data

When you visit our website, basic technical information is processed automatically by our hosting provider to deliver the website and ensure its security and stability. This includes IP addresses, browser types, and access times.

6.2. Cookies and Tracking Technologies

This website does not use cookies, tracking technologies, or analytics tools for user tracking or profiling.

No personal data is actively collected through the website unless you voluntarily contact us via email.

7. Advertising and third-party services

7.1. Google AdMob / Google Mobile Ads

The free version of the app displays ads delivered by Google AdMob. Google may process device or advertising-related information in accordance with its own privacy policy and your device permissions and settings.

Data shared with Google AdMob may include:

• Advertising identifiers (IDFA)
• Device information
• App usage data
• Location data (if you have granted location permissions)

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) for ad delivery; Consent (Art. 6(1)(a) GDPR) for personalized advertising where required.

Your choices:

• Depending on your location, you may be presented with consent choices before personalized ads are displayed
• You can manage privacy and advertising choices through your device settings (iOS Settings > Privacy > Advertising)
• You can reset your advertising identifier in your device settings
• Where available, you can use the app's privacy options to manage ad preferences

For more information about Google's privacy practices, please visit: https://policies.google.com/privacy

7.2. Apple App Store

Premium purchases are handled exclusively through Apple's App Store infrastructure. Apple may share limited transaction and entitlement information with us to determine whether premium access is active.

Apple acts as a data controller for payment processing and may have its own privacy policy. We do not receive your full payment card details.

8. In-app purchases

8.1. Payment Processing

All premium purchases are processed through Apple's App Store infrastructure. We do not collect or store payment card details. Payment processing is subject to Apple's terms and privacy policy.

8.2. Entitlement Verification

Apple may share limited transaction and entitlement information with us to verify premium access status. This information is used solely to provide premium features.

Legal basis: Contract performance (Art. 6(1)(b) GDPR).

9. Email support and technical diagnostics

9.1. Support Communications

If you contact us via email, we will process the information you provide to:

• Respond to your request
• Troubleshoot problems
• Improve support quality

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

9.2. Technical Diagnostics

If you use the app's built-in support or feedback flow, you may choose to include technical diagnostics such as:

• Device model
• iOS version
• App version
• Locale settings

Legal basis: Consent (Art. 6(1)(a) GDPR) - you actively choose to send this data.

10. Legal bases for processing

Where the GDPR applies, our processing relies on the following legal bases:

11. Sharing of personal data

We share your personal data only with the following third parties as necessary for the services described:

11.1. Apple

Purpose: App distribution and in-app purchase processing

Data shared: Limited transaction and entitlement information

Apple's role: Independent controller for payment processing

11.2. Google AdMob / Google Mobile Ads

Purpose: Advertising delivery in the free version

Data shared: Advertising identifiers, device information, app usage data

Google's role: Data processor/controller under its own privacy policy

11.3. Email Service Providers

Purpose: Handling support communications

Data shared: Email content and related metadata

Provider's role: Data processor under our instructions

11.4. Website Hosting and Infrastructure Providers

Purpose: Website hosting and technical infrastructure

Data shared: Technical access data (IP address, browser type, etc.)

Provider's role: Data processor under our instructions

Important: We do not sell your personal data to third parties. All third-party service providers are contractually bound to process your data only in accordance with our instructions and applicable data protection laws.

12. International data transfers

Some of our third-party service providers (such as Google AdMob) may process your personal data outside the European Economic Area (EEA), including in countries that may not offer the same level of data protection as the EU.

Safeguards for international transfers:

• We use service providers that are certified under the EU-US Data Privacy Framework (where applicable)
• We rely on Standard Contractual Clauses (SCCs) approved by the European Commission
• We ensure that appropriate technical and organizational measures are in place to protect your data

You have the right to obtain a copy of the safeguards used for international data transfers by contacting us at the email address below.

13. Data retention

13.1. Support Communications

Support emails and related communications are retained for as long as reasonably necessary to:

• Respond to your request
• Maintain records
• Resolve disputes
• Improve support quality
• Comply with legal obligations

Typically, this means retention for up to 2 years after the last communication, unless longer retention is required by law.

13.2. Local Device Data

Data stored locally on your device remains there until you:

• Delete the app
• Clear the app data
• Change the stored settings

13.3. Advertising and Purchase Data

Data related to advertising and purchases may be retained by third-party providers (Apple, Google AdMob) in accordance with their own privacy policies. We do not control these retention periods.

13.4. Website Access Data

Website access data is retained by our hosting provider for technical security and stability purposes, typically for up to 7 days, unless longer retention is required for security investigations.

14. Your rights under the GDPR

Depending on your location and applicable law, you have the following rights regarding your personal data:

14.1. Right of Access (Art. 15 GDPR)

You have the right to obtain confirmation about whether we process your personal data and, if so, access to that personal data and information about the processing.

14.2. Right to Rectification (Art. 16 GDPR)

You have the right to request the correction of inaccurate or incomplete personal data.

14.3. Right to Erasure (Art. 17 GDPR)

You have the right to request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

14.4. Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of processing in certain circumstances, such as when you contest the accuracy of the data.

14.5. Right to Data Portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

14.6. Right to Object (Art. 21 GDPR)

You have the right to object to processing based on legitimate interests at any time.

14.7. Right to Withdraw Consent (Art. 7(3) GDPR)

Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

14.8. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement.

14.9. How to Exercise Your Rights

To exercise any of these rights, please contact us at: eu.quiz.app@gmail.com

We will respond to your request within one month of receipt, unless the request is particularly complex, in which case we may extend this period by up to two additional months, notifying you of any extension.

15. Children's privacy

The EU Quiz App is intended as a general educational tool and is not specifically directed to children under the age of 16.

Our commitment:

• We do not knowingly collect personal data from children under 16 without parental consent where such consent is required by applicable law
• If we discover that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information

Parental contact: If you believe that personal data from a child has been provided inappropriately, please contact us at: eu.quiz.app@gmail.com

16. Automated decision-making

We do not use automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you.

17. Security measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

• Encryption of data in transit and at rest where technically feasible
• Regular security reviews and updates
• Access controls and authentication mechanisms
• Secure data storage and hosting

However, no method of transmission or storage is completely secure, and absolute security cannot be guaranteed.

18. Data Protection Officer

Given the scale and nature of our data processing activities, we are not required to designate a Data Protection Officer under Art. 37 GDPR. If you have any privacy concerns, please contact us directly at the email address provided in Section 1.

19. Supervisory Authority

Our supervisory authority for data protection matters is:

Hessischer Beauftragter für Datenschutz und Informationsfreiheit
(Hessian Commissioner for Data Protection and Freedom of Information)
(For users in Germany/Hesse)

Or, for users in other EU/EEA countries, the competent supervisory authority in your country of residence.

You have the right to lodge a complaint with any supervisory authority, particularly in the Member State of your habitual residence.

20. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable laws, or for other operational reasons.

Material changes will be communicated by:

• Updating the "Last updated" date at the top of this policy

Continued use of the app or website after an update constitutes acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

21. Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Email: eu.quiz.app@gmail.com

We will respond to your inquiry as soon as possible and in any event within one month of receipt, unless the request is particularly complex.

This Privacy Policy is governed by the laws of the Federal Republic of Germany. Any disputes relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the German courts.