About GDPR

GDPR stands for General Data Protection Regulation. It is a regulation in the European Union that was created to make sure your personal information is protected and your privacy is respected. Find out more at the European Commission

Basically, GDPR is like a rulebook that companies have to follow to keep your sensitive data safe and give you more control over it. It's like having your own personal bodyguard who keeps your information secure. Companies have to take steps to make sure your data is kept safe and they have to make it easy for you to access and manage your data whenever you want.

Who does the data protection law apply to?

  1. A company or organization that handles personal data as part of its operations through its branches in the EU, regardless of where the data is processed.
  2. A company that is located outside the EU but offers goods/services (whether paid or free) or monitors the behavior of individuals in the EU.

What is considered sensitive data?

Sensitive data, as defined by GDPR, refers to personal information that is considered particularly private. It includes details such as a person's name, photograph, email address, bank account details, updates shared on social media, location information, medical records, or computer IP address.

Basically, it's any information that can directly or indirectly identify an individual. GDPR places extra emphasis on protecting sensitive data to ensure individuals' privacy is respected and their personal information is kept secure.

What steps should be taken to comply with GDPR?

Please note that according to GDPR, Marquiz is the processor, and you are the controller.

The data controller is the one who interacts with the client, collects data, and determines how to process it further.

Data Processor (Operator) — receives personal data from the controller, stores it, or processes it somehow, as directed by the controller. The processor does not work with individuals but only processes their data strictly on behalf of the controller.

The activities of Marquiz are regulated by the Privacy policy - our main document that guarantees visitor protection and privacy.

To comply with the GDPR law, there are a few things you should do:

  1. Create documents that outline how you handle and protect personal data, making sure they align with the GDPR regulations.
  2. Sign a Data Processing Agreement (DPA). You can sign our Data Processing Agreement, using Adobe e-Sign here
  3. Enable a Cookie notification for your quiz. This notification should inform users that their data may be collected and stored through cookies when they interact with your quiz. You can set this up in the quiz settings.
  4. Comply with the requirements of the law: Notify the ICO (information-commissioners-office) in case of leaks of personal data, etc., respond to requests from users (i.e., a user writes to you who wants to delete their data).

By following these steps, you'll be taking some important measures to ensure compatibility with the GDPR law.

Where and how to sign a Data Processing Agreement (DPA)

Processing conducted by a processor on behalf of a controller must be governed by a written contract or other legal act.

To sign the Data Processing Agreement, you need to use this link

When signing, please provide your company name, your full name, and your signature.

Once we sign DPA on our end, it will be automatically sent to the email address you specified.

If you have any questions, feel free to reach out to our support at support@marquiz.io