EPSOprep

Privacy Policy

1. Introduction

At EPSOprep.com, we are committed to protecting your privacy and ensuring transparency in how we collect, process, and use your personal data. This Privacy Policy outlines what data we collect, why we collect it, and how we handle your information in compliance with the General Data Protection Regulation (GDPR) and Swedish data protection laws.

By using EPSOprep.com, you agree to the collection, processing, and use of your data as described in this policy.

2. Who We Are

EPSOprep.com is operated by Blue Works Handelsbolag, a company registered in Sweden. If you have any questions about this Privacy Policy or how we handle your data, you can contact us at:

3. What Personal Data We Collect

We collect different types of data depending on your interactions with our website:

a) Information You Provide to Us

  • Account registration: Name, email address, and password.
  • Profile details: (optional) Profile picture, date of birth, education, and employment details.
  • Purchases: Billing details, transaction history (processed via Stripe, we do not store credit card details).
  • Communication: Emails and inquiries you send to us.

b) Information We Automatically Collect

  • Technical data: IP address, browser type, device type, operating system.
  • Usage data: Pages visited, time spent, actions performed on the website.

c) Cookies and Tracking Technologies

We use cookies to improve user experience and analyze site performance. You can manage or disable cookies in your browser settings.

4. How We Use Your Data

We process your personal data for the following purposes:

  • Providing our services – Access to online test preparation materials.
  • Managing payments and purchases – Secure transactions via Stripe.
  • Account management – Allowing you to log in, update preferences, and delete your account.
  • Sending newsletters and marketing communications (if you opt-in).
  • Ensuring website security – Fraud prevention, abuse detection.
  • Improving our services – User feedback and analytics.

Legal Basis for Processing Your Data

Under GDPR (Article 6), we process your data based on:

  • Contractual necessity (e.g., providing services you paid for).
  • Legal obligations (e.g., tax compliance).
  • Legitimate interest (e.g., preventing fraud).
  • Your consent (e.g., receiving marketing emails).

5. Data Retention

  • Account data: Retained as long as your account is active.
  • Billing data: Kept for 7 years in accordance with Swedish accounting laws.
  • Marketing data: Stored until youunsubscribe or request deletion.
  • Support requests: Deleted after 12 months unless legally required.

6. Your Rights Under GDPR

As an EU resident, you have the following data protection rights:

  • Right to Access – Request a copy of your personal data.
  • Right to Rectification – Correct incorrect or incomplete data.
  • Right to Erasure ("Right to be Forgotten") – Request deletion of your data.
  • Right to Restriction of Processing – Limit data processing under certain conditions.
  • Right to Data Portability – Receive your data in a machine-readable format.
  • Right to Object – Object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent – Opt-out of marketing emails at any time.

To exercise these rights, email us at [email protected].

7. How to Delete Your Account

You can request account deletion by emailing [email protected]. Upon deletion, all personally identifiable data will be removed, except for information required for legal or compliance purposes.

8. Data Security Measures

We implement industry-standard security measures to protect your data, including:

  • SSL encryption for secure data transmission.
  • Firewall and access controls to protect stored data.
  • Regular security audits to detect vulnerabilities.

While we take precautions, no method of online data transmission is 100% secure. You are responsible for keeping your login credentials safe.

9. Third-Party Services & Data Sharing

We do not sell or rent your data. We share data only with trusted third parties that help us operate EPSOprep.com:

a) Payment Processing (Stripe)

  • Your payment details are securely processed by Stripe.
  • EPSOprep.com never stores your credit card information.

b) Email & Newsletter Management (Brevo)

  • If you subscribe, your email is stored on Brevo (formerly Sendinblue).
  • You can unsubscribe at any time using the link in our emails.

c) Analytics & Cookies

  • We use Google Analytics to understand website usage.
  • Analytics data is anonymized and used for performance improvements.

10. International Data Transfers

Since we are based in Sweden, your data is stored in secure EU-based servers. If data is processed outside the EU (e.g., email service providers), we ensure GDPR-compliant safeguards, such as:

  • EU Standard Contractual Clauses (SCCs)
  • Data Processing Agreements (DPAs) with third-party providers

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect legal requirements or business changes. We will notify you of major updates via email or a notice on our website.

12. Contact Us

If you have questions, concerns, or data requests, contact us at: