GDPR — Your Rights
Last updated: May 2026 · Regulation (EU) 2016/679
1. Data controller
Maximus Rothron
Email: [email protected]
To exercise your GDPR rights, contact us at the same email address.
2. Data we collect
- Email address — provided when completing the quiz (with consent) or at payment (via Stripe)
- Name — if provided at payment through Stripe
- Payment data — processed exclusively by Stripe; we do not store card data
- IP address — stored at checkout consent moment (legal proof)
- Language preference — cookie
mic_lang, stored locally in your browser
3. Purpose and legal basis
- Contract performance (Art. 6(1)(b) GDPR) — delivery of the purchased digital product
- Legitimate interest (Art. 6(1)(f) GDPR) — fraud prevention, legal evidence of consent
- Consent (Art. 6(1)(a) GDPR) — sending content by email (quiz opt-in)
- Legal obligation (Art. 6(1)(c) GDPR) — retention of accounting records
4. Data retention
- Order and transaction data: 5 years (legal accounting obligation)
- Email from quiz (marketing consent): until consent is withdrawn
- IP address from checkout consent: 3 years (legal evidence)
5. Third-party processors
-
Stripe Inc. — payment processing.
Stripe Privacy Policy.
Stripe is PCI DSS Level 1 certified and GDPR compliant.
-
Brevo (Sendinblue) — email delivery.
Brevo Privacy Policy.
Brevo is a European company, GDPR compliant.
We do not sell, rent, or transfer your data to any other third parties.
6. Your rights
Access
You can request a copy of the data we hold about you.
Rectification
You can request correction of inaccurate or incomplete data.
Erasure
You can request deletion of your data, within legal retention obligations.
Portability
You can request your data in a structured, commonly used, machine-readable format.
Restriction
You can request restriction of processing in certain circumstances.
Objection
You can object to processing based on legitimate interest.
Withdraw consent
You can withdraw consent at any time without affecting the lawfulness of prior processing.
Complaint
You can lodge a complaint with the Romanian ANSPDCP or your local supervisory authority.
7. How to exercise your rights
Send an email to [email protected]
with the subject "GDPR Request", specifying the right you wish to exercise.
We will respond within 30 days.
8. Supervisory authority
ANSPDCP (Romanian National Supervisory Authority for Personal Data Processing)
www.dataprotection.ro