Privacy Policy

1. Introduction

This Privacy Policy explains how ("Examinizer", "we", "us") collects, processes, and protects your personal data when you use examinizer.net. We are committed to full compliance with the General Data Protection Regulation (GDPR) and applicable Czech data protection law.

2. Data Controller

The data controller responsible for your personal data is:

Contact: support@examinizer.net

3. What Data We Collect

We collect only data that is necessary to provide our services:

• Account data: name, email address, password (stored as a salted hash — we never store your plain-text password)
• Test data: your answers, score, proficiency level, language tested, date and time of the test
• Certificate data: name as entered by you, email address, unique certificate ID, date of issue
• Payment data: transaction reference, amount, currency, payment status (card numbers are processed exclusively by our payment provider and are never stored on our servers)
• Technical data: IP address, browser type and version, device type, operating system, pages visited, time spent on pages
• Cookie data: see our Cookie Policy for full details

4. Legal Basis for Processing

We process your personal data on the following legal bases under GDPR Article 6:

• Contract performance (Art. 6(1)(b)): processing necessary to provide you with the test and certificate services you have requested
• Legitimate interests (Art. 6(1)(f)): analytics to improve our platform, fraud prevention, and security monitoring
• Consent (Art. 6(1)(a)): for non-essential cookies and marketing communications, where you have given explicit consent
• Legal obligation (Art. 6(1)(c)): retaining transaction records as required by Czech accounting and tax law

5. How We Use Your Data

• To create and manage your account
• To administer your language proficiency test and calculate your result
• To generate and deliver your official PDF certificate
• To process payments securely through our payment provider
• To enable certificate verification by third parties at examinizer.net/verify/
• To send you transactional emails (receipt, certificate delivery, account notifications)
• To improve platform performance and user experience through anonymised analytics
• To comply with our legal and regulatory obligations

6. Data Sharing and Third Parties

We do not sell your personal data. We share data only with trusted service providers who process it on our behalf under data processing agreements:

• Payment processors: Stripe Inc. — for secure payment handling (see Stripe Privacy Policy)
• Email delivery: for transactional emails including certificate delivery
• Analytics: Google Analytics (with Consent Mode v2 — analytics cookies are set only after your explicit consent)
• Hosting: our servers are located within the European Union

We may disclose your data if required by applicable law, court order, or governmental authority.

7. Data Retention

• Account data: retained while your account is active, and for 30 days after account deletion
• Certificate and test records: retained for 5 years to support certificate verification requests
• Payment records: retained for 10 years as required by Czech accounting law
• Analytics data: retained for 14 months (Google Analytics default)
• Technical logs: retained for up to 90 days for security purposes

8. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of access (Art. 15): request a copy of the personal data we hold about you
• Right to rectification (Art. 16): request correction of inaccurate data
• Right to erasure (Art. 17): request deletion of your personal data, subject to legal retention requirements
• Right to restriction (Art. 18): request that we limit how we process your data
• Right to data portability (Art. 20): receive your data in a structured, machine-readable format
• Right to object (Art. 21): object to processing based on legitimate interests
• Right to withdraw consent: where processing is based on consent, withdraw it at any time without affecting previous processing

To exercise any of these rights, contact us at support@examinizer.net. We will respond within 30 days. You also have the right to lodge a complaint with the Czech Office for Personal Data Protection (ÚOOÚ) at www.uoou.cz.

9. Cookies

We use cookies and similar technologies. Please see our Cookie Policy for detailed information on what cookies we use and how to manage them.

10. Children's Privacy

Our services are intended for users aged 16 and over. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include HTTPS encryption, hashed password storage, and access controls. However, no internet transmission is 100% secure and we cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The date at the top of this page shows when it was last revised. We will notify registered users of significant changes by email.

13. Contact

For any privacy-related questions or to exercise your data rights:
Email: support@examinizer.net