IQ Scan
Legal
Privacy Policy
Last updated: December 1, 2025
This Privacy Policy explains how EXIMGROUP OOD collects, processes, and protects your personal data when you use the IQScan platform. By accessing or using IQScan, you acknowledge that you have read, understood, and agree to this Policy.
Table of Contents
- Data Controller & Contact Information
- Data Collection Categories
- Legal Basis & Processing Purposes
- Cognitive Data Protections
- Data Sharing & International Transfers
- Data Retention Schedule
- Data Subject Rights
- Security Measures
- Cookies & Tracking
- Children’s Privacy
- Policy Updates
- Jurisdiction & Dispute Resolution
- Miscellaneous
1. DATA CONTROLLER & CONTACT INFORMATION
EXIMGROUP OOD
EIK: 204472018
Perushtitsa St. 61, Block 1, Burgas 8000, Bulgaria
Designated Contacts:
- Privacy Inquiries: privacy@iqscan.online
- Data Protection Matters: dpo@iqscan.online
- Legal Communications: legal@iqscan.online
- General Support: support@iqscan.online
2. DATA COLLECTION CATEGORIES
2.1 Account & Service Data
- Email address
- Name or nickname
- Authentication credentials & access logs
- Subscription & billing information
- Support communications
2.2 Cognitive Performance Data
- IQ test results and scoring metrics
- Training progress and improvement data
- Response patterns and timing
- Behavioral interaction during assessments
2.3 Technical & Operational Data
- Device & browser characteristics
- IP address & approximate location
- Usage patterns & session analytics
- Error logs & performance metrics
2.4 Payment Processing Data
- Transaction identifiers & status
- Subscription & billing details
- Limited payment instrument information
- Fraud prevention data
3. LEGAL BASIS & PROCESSING PURPOSES
3.1 Contractual Necessity
Required for:
- Account creation & authentication
- Test administration & scoring
- Subscription & billing processing
- Support communication
3.2 Legitimate Interests
- Service improvement & optimization
- Security monitoring & fraud prevention
- Business analytics & development
- Direct marketing (with opt-out)
3.3 Legal Compliance
- Accounting & tax obligations
- Regulatory reporting
- Legal dispute handling
4. COGNITIVE DATA PROTECTIONS
4.1 Enhanced Security Protocols
- Pseudonymization
- Purpose limitation
- Contextual integrity controls
- Regular protection reviews
4.2 Prohibited Uses
- No medical or diagnostic inference
- No employment/insurance evaluations
- No third-party profiling
- No automated decisions with legal effects
4.3 Research & Analytics
- Only anonymized aggregate data used
- Individual research requires explicit consent
- Separate disclosures for research participation
6. DATA RETENTION SCHEDULE
6.1 Retention Periods
- Account data: 24 months after last activity
- Cognitive data: 24 months
- Payment data: 7 years
- Technical logs: 6 months
- Backups: 90 days
6.2 Deletion Protocol
- Active removal within 72 hours
- Backup clearance within 90 days
- Deletion confirmation available
- Minimal retention for legal requirements
7. DATA SUBJECT RIGHTS
7.1 Your Rights
- Access
- Rectification
- Erasure
- Restriction
- Portability
- Objection
- Withdraw consent
7.2 How to Exercise Rights
Email: privacy@iqscan.online
- Verification proportional to sensitivity
- Response within 30 days
- Electronic delivery
7.3 Complaints
- Internal: privacy@iqscan.online
- DPA complaint
- Judicial remedies where applicable
8. SECURITY MEASURES
8.1 Technical Safeguards
- TLS 1.3 & AES-256 encryption
- Security assessments & penetration tests
- MFA for admin access
- Comprehensive logging
8.2 Organizational Measures
- DPIAs for high-risk processing
- Staff training & confidentiality
- Breach notification procedures
- Third-party audits
8.3 Breach Response
- Regulator notice within 72 hours
- User notice if high risk
- Clear mitigation info
- Post-incident review
10. CHILDREN’S PRIVACY
- Minimum age: 18+
- Reasonable age-verification measures
- Immediate deletion of minor accounts
11. POLICY UPDATES
11.1 Modification Rights
- Legal requirement updates
- Service enhancements
- Security improvements
11.2 Notification Protocol
- Material changes: 30 days notice
- Standard changes: 15 days
- Immediate: security/legal
- Continued use = acceptance
12. JURISDICTION & DISPUTE RESOLUTION
- Governing law: Bulgaria
- Informal negotiation: privacy@iqscan.online
- Complaints to DPA
- Court jurisdiction: Bulgaria
13. MISCELLANEOUS
- Severability: invalid terms do not affect remaining
- Entire agreement between you and EXIMGROUP OOD
- English version prevails