GDPR Compliance

1. Introduction

This GDPR Policy outlines how BTW MAXPROFIT LTD ("we", "us", or "our") complies with the General Data Protection Regulation (GDPR) when processing personal data of individuals in the European Economic Area (EEA) through our EasyExam browser extension and website (collectively, the "Service").

We are committed to protecting your privacy and ensuring that your personal data is processed lawfully, fairly, and transparently. This policy complements our Privacy Policy and provides additional information required under the GDPR.

2. Data Controller

BTW MAXPROFIT LTD, a company registered in Cyprus with its registered office at Πειραιώς, 30, Floor 1, Flat/Office 1 Στρόβολος 2023 CY, is the data controller responsible for your personal data.

As the data controller, we determine the purposes and means of processing personal data collected through our Service.

3. Legal Basis for Processing

Under the GDPR, we must have a legal basis for processing your personal data. We process your personal data on the following legal grounds:

3.1 Consent

We process some of your personal data based on your consent, which you provide when you sign up for our Service or agree to certain features. You have the right to withdraw your consent at any time.

3.2 Contract Performance

We process your personal data to fulfill our contractual obligations to you, such as providing the Service according to our Terms of Service.

3.3 Legitimate Interests

We may process your personal data based on our legitimate interests, such as improving our Service, ensuring security, preventing fraud, and marketing our products to you. We balance our interests against your rights and interests.

3.4 Legal Obligations

We may process your personal data to comply with legal obligations, such as tax laws, corporate regulations, or court orders.

4. Your GDPR Rights

Under the GDPR, individuals in the EEA have the following rights regarding their personal data:

4.1 Right to Access

You have the right to request a copy of the personal data we hold about you and information about how we process it.

4.2 Right to Rectification

You have the right to request correction of any inaccurate personal data we hold about you and to complete any incomplete personal data.

4.3 Right to Erasure

You have the right to request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

4.4 Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

4.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

4.6 Right to Object

You have the right to object to the processing of your personal data in certain circumstances, such as when processing is based on legitimate interests or for direct marketing purposes.

4.7 Rights Related to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

4.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes the GDPR.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the details provided in the "Contact Us" section. We will respond to your request within 30 days. We may request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights.

5. Data Protection Principles

We adhere to the following principles when processing your personal data:

• Lawfulness, fairness, and transparency: We process your data lawfully, fairly, and in a transparent manner.
• Purpose limitation: We collect your data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.
• Data minimization: We limit our collection of personal data to what is necessary for the purposes for which it is processed.
• Accuracy: We take reasonable steps to ensure that your personal data is accurate and, where necessary, kept up to date.
• Storage limitation: We store your personal data for no longer than necessary for the purposes for which it is processed.
• Integrity and confidentiality: We process your personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
• Accountability: We are responsible for and can demonstrate compliance with the GDPR principles.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Different types of personal data may be kept for different periods, depending on the purpose for which it was collected. For example:

• Account information is retained for as long as your account is active or as needed to provide you with the Service.
• Transaction data is retained for tax and accounting purposes according to relevant laws.
• Usage data may be retained for a shorter period to analyze service performance and make improvements.

When your personal data is no longer required, we will securely delete or anonymize it in accordance with our data retention policy.

7. International Data Transfers

We may transfer your personal data to countries outside the EEA. When we do so, we ensure that appropriate safeguards are in place to protect your personal data, such as:

• Transferring to countries that have been deemed to provide an adequate level of protection by the European Commission.
• Using specific contracts approved by the European Commission that give personal data the same protection it has in Europe.
• Transferring data to organizations that are part of the EU-US Privacy Shield (where applicable).

If you would like further information on the specific mechanism used by us when transferring your personal data out of the EEA, please contact us using the details provided in the "Contact Us" section.

8. Data Breach Procedures

We have implemented procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you without undue delay and provide information about the breach and the steps we are taking to address it.

9. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this GDPR Policy and our privacy practices.

If you have any questions about this GDPR Policy or our privacy practices, or if you would like to exercise any of your GDPR rights, please contact our DPO using the details provided in the "Contact Us" section.

10. Changes to This GDPR Policy

We may update our GDPR Policy from time to time. We will notify you of any changes by posting the new GDPR Policy on this page and updating the "Last updated" date at the top of this GDPR Policy.

You are advised to review this GDPR Policy periodically for any changes. Changes to this GDPR Policy are effective when they are posted on this page.

11. Contact Us

If you have any questions about this GDPR Policy or would like to exercise any of your GDPR rights, please contact us:

• By email: [email protected]
• By visiting the contact page on our website: Contact Us
• By mail: Data Protection Officer, BTW MAXPROFIT LTD, Πειραιώς, 30, Floor 1, Flat/Office 1 Στρόβολος 2023 CY