This document sets out the terms and conditions for the processing of personal data (hereinafter also referred to as "data") and cookies in the area of mind-test.org website, run via the website made available at the URL: mind-test.org, hereinafter referred to as the "Website".

§1. HOW TO CONTACT THE DATA CONTROLLER?

The administrator of the personal data processed within the Service is the company: partnership "NOWANO s.c." based ul. Śląska 17/9, 98-300 Wieluń, Poland, NIP-EU: PL8322086684 / REGON: 386080273

The Service Provider can be contacted on telephone number: +48 532 498 552 (contact in Polish and English) and by e-mail address: contact@mindtestonline.com.

§2. ON WHAT BASIS WE PROCESS YOUR DATA

When collecting personal data, we always inform you of the legal basis for processing it. This derives from the provisions of the RODO / GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data on the free movement of such data and repealing Directive 95/46/EC - General Data Protection Regulation). When we inform you about:

• 6(1)(a) RODO / GDPR - this means that we process personal data on the basis of consent received,

• 6(1)(b) RODO / GDPR - this means that we process personal data because it is necessary for the performance of a contract or for taking steps prior to entering into a contract, at your request,

• 6(1)(c) RODO / GDPR - this means that we process personal data in order to comply with a legal obligation,

• 6(1)(f) RODO / GDPR - this means that we process personal data in order to pursue legitimate interests

§3. INFORMATION ON DATA PROCESSING FOR THE CONCLUSION AND PERFORMANCE OF CONTRACTS, POSSIBLE REDRESS AND DEFENCE

1. We may process personal data necessary for the performance of a contract concluded with you. However, even before the conclusion of the contract, we may process personal data necessary in order to take action at your request. The processing of this data takes place on the basis of Article 6(1)(b) of the RODO / GDPR.

2. In the case of a contract for the provision of paid services, we may process your data in order to fulfil our accounting and tax obligations. The processing of this data is based on Article 6(1)(c) of the RODO / GDPR.

3. During the execution of the contract and after its execution, we process the personal data of the contracting party for the purpose of possible claims processing and their assertion. Our legitimate interest is, for example, to be able to respond to a possible complaint, to which we are obliged under separate provisions of civil law. In this case, we will process personal data based on the legitimate interest of defending against or asserting possible claims. The processing of this data takes place on the basis of Article 6(1)(f) of the RODO / GDPR.

4. We will store this data for the period necessary to fulfil the stated purposes, but no later than until the statute of limitations for claims arising under separate laws.

5. You have the right of access, rectification, erasure, restriction of processing, the right to data portability, as well as the right to lodge a complaint to the supervisory authority. In the situation of data processing for the purpose specified in point 3, you also have the right to object to the processing.

6. Provision of this data is voluntary, but failure to do so will prevent the conclusion of the contract or its execution.

7. The recipients of this data are our web host, email service provider, IT service provider, telecommunications service provider, accounting and invoicing software service provider, banking and electronic payment service provider, legal, consulting and debt collection service provider and other service providers that we use for the designated purpose.

§4. INFORMATION ON PROCESSING FOR DIRECT MARKETING PURPOSES

1. We may process your personal data for direct marketing purposes. This happens, for example, when we reply to your message with details of our offer.

2. The processing of this data takes place on the basis of Article 6(1)(f) of the RODO / GDPR.

3. We will keep your data until the time necessary for the purpose of performance.

4. You have the right of access, rectification, erasure, restriction of processing, the right to data portability, the right to object to processing, and the right to lodge a complaint with a supervisory authority.

5. Provision of this data is voluntary and failure to provide this data will prevent direct marketing activities.

6. The recipients of this data are: our hosting provider, IT service provider, email service provider, telecommunications service provider, advertising service provider.

§5. INFORMATION ON DATA PROCESSING FOR SECURITY PURPOSES

1. From the moment you access our website, for the purpose of service security, we process data such as: the public IP address of the device from which the request came, the type and language of the browser, the date and time of the request, the number of bytes sent by the server, the URL of the page previously visited, if the visit was made via this link, information about the error that occurred during the query.

2. Our legitimate interest in this processing is to keep server event logs and protect the Service from potential hacking attacks and other abuses. Including, being able to determine the IP address of a person performing unauthorised activity in an area of the Service, such as attempting to breach security, or publishing prohibited content, or attempting unauthorised activities using our servers.

3. The processing of this data takes place on the basis of Article 6(1)(f) of the RODO / GDPR.

4. We will store this data for the period necessary to fulfil the stated purposes, but no later than until the statute of limitations for claims arising under separate laws.

5. You have the right of access, rectification, erasure, restriction of processing, to object to the processing of your data, as well as the right to lodge a complaint with the supervisory authority.

6. Providing such data is a condition for using the Website. Failure to provide this data will prevent you from using the Website.

7. The recipient of this data is our hosting provider, IT service provider and telecommunications service provider.

§6. INFORMATION ON DATA RECIPIENTS

When processing your personal data, we use external services. Therefore, the recipients of your personal data may be third parties. When collecting personal data, we always inform you about these recipients, but for the primacy of the readability of the communication, we do so briefly. Therefore, we hereby clarify that when we inform you of particular categories of recipients, these are the following:

• IT service provider.

• Email service provider.

• Telecommunications service provider.

• Advertising services provider.

• Accounting service provider.

• Supplier of invoice processing software.

• Provider of legal / advisory / recovery services - these service providers are established on a case-by-case basis, as and when the need arises.

• Banking service provider.

• Provider of electronic payment services.

§7. INFORMATION ON TRANSFERS OF DATA TO THIRD COUNTRIES

1. Because we use third-party providers, your personal data may be transferred outside the European Economic Area, namely to the country: United States of America (USA).

2. The European Commission has found that some countries outside the European Economic Area (EEA) adequately protect personal data.

3. As the country to which we transfer personal data is not recognised as a secure country, the transfer of data is based on a contract, including standard data protection clauses adopted by the European Commission.

§8. ABSOLUTE RIGHTS OF DATA SUBJECTS

When we write about rights related to the processing of your personal data, we refer to the rights described below. The possibility of exercising the rights below is independent of the legal basis for processing your personal data.

Right of access to data

You have the right to obtain confirmation from us as to whether we are processing personal data relating to you. If this is the case, you have the right to access this data, and to receive further information about:

• the purposes of the processing,

• categories of data concerned,

• the recipients or categories of recipients to whom the data have been or will be disclosed,

• in particular about recipients in third countries or international organisations,

• as far as possible the intended period of retention and, where this is not possible, the criteria for determining that period,

• the right to request us to rectify, erase or restrict processing, to object to such processing, and the right to lodge a complaint with a supervisory authority,

• the source of the data, if your data were not collected from you,

• automated decision-making, including profiling, and the modalities of such decision-making, as well as the significance and foreseeable consequences of such processing for you.

Upon receipt of such a request, we are obliged to provide a copy of the personal data being processed. If such a request is received by e-mail and if no other objection is received, we will also provide the information by e-mail.

Right of rectification

You have the right to request us to immediately rectify personal data concerning you that is inaccurate. Having regard to the purposes of the processing, you have the right to request the completion of incomplete personal data, including by providing an additional statement.

The right to erasure (being forgotten)

You have the right to request us to delete personal data concerning you immediately. We are then obliged to delete your personal data without undue delay if one of the following circumstances applies:

• you have withdrawn your consent to process your personal data and we have no other basis for processing,

• you have raised an effective objection to the processing of data relating to you,

• Your personal data has been unlawfully processed,

• Your personal data must be deleted in order to comply with a legal obligation,

• Your data has been collected in connection with the offering of information society services.

Right to restrict processing

You have the right to request us to restrict processing in the following cases:

• where you contest the accuracy of the data, for a period allowing us to check its accuracy,

• the processing is unlawful and you object to the erasure of the data, requesting instead that its use be restricted,

• we no longer need your personal data for the purposes of the processing, but you need them to establish, assert or defend your claims,

• you have raised an objection to the processing of your data - until such time as we determine whether the legitimate grounds on our part override the grounds for your objection.

Automated decisions, including profiling

You have the right not to be subject to a decision that is based solely on automated processing, including profiling, and produces legal effects on you or similarly significantly affects you.

The law does not apply if this decision:

• is necessary for the conclusion or performance of a contract between you and us,

• is allowed by Union or Republic of Poland law and which provides for appropriate measures to protect your rights, freedoms and legitimate interests, or

• is based on your explicit consent.

§9. RELATIVE RIGHTS OF DATA SUBJECTS

When we write about rights related to the processing of your personal data, we refer to the rights described below. The possibility of exercising them depends in each case on the legal basis for processing your personal data.

Right to withdraw consent to processing

Where we process your personal data on the basis of your consent to do so, you have the right to withdraw the consent you have given at any time. Naturally, the withdrawal of the consent given does not affect the lawfulness of the previous processing of your personal data.

Right to data portability

You have the right to receive your personal data provided to us, in a structured and commonly used machine-readable format. You also have the right to send this personal data to another controller without hindrance from us, if the processing takes place:

• on the basis of consent or on the basis of a contract, and

• by automated means.

When exercising your right to data portability, you have the right to request that we send your personal data directly to another controller, insofar as this is technically possible. This right must not adversely affect the rights and freedoms of others.

Right to object

Where we process your personal data on the basis of Article 6(1)(f) of the RODO / GDPR, you have the right to object to the processing of that data on grounds relating to your particular situation.

We are then no longer allowed to process this personal data unless we can demonstrate the existence:

• valid legitimate grounds for processing, which must override your interests, rights and freedoms, or

• grounds for the establishment, exercise or defence of claims

Also, if you object to the processing of your personal data for direct marketing purposes, then we will not be able to process it for such purposes.

§10. COOKIES - INTRODUCTION

The website of the Service uses cookies. These are commonly used, small files containing a string of characters which are sent to and stored on the end device (e.g. computer, laptop, tablet, smartphone) used when visiting the Website. This information is sent to the memory of the browser used, which sends it back the next time you visit the website. We can categorise cookies according to three separation methods.

In terms of the purposes for which cookies are used, we distinguish between three categories:

• Necessary files - these files enable proper functioning of the Website and its functionalities, e.g. authentication or security cookies. Without saving them on your device, using the Website will be impossible.

• Functional files - files enabling remembering your selected settings and adjusting the Website to your needs and preferences, e.g. with respect to selected language, font size, website layout. They allow us to improve the functionality and efficiency of the Website. Without saving them on your device, using some of the Website functionalities will be limited.

• Business cookies - this category includes e.g. advertising cookies. Without them being stored on your device, use of certain functionalities of the Website may be limited.

In terms of the duration of their validity, we distinguish between two categories of cookies:

• session files - existing until the end of a given session,

• permanent files - existing after the session has ended.

In terms of differentiating the entity that administers cookies, we distinguish between:

• our cookies,

• third party cookies.

§11. DATA CONTROLLER COOKIES

The cookies we administer allow:

• access authentication,

• securing the Website against hacking attacks.

This makes it easier and more enjoyable to use the functionalities of the Website.

§12. THIRD-PARTY COOKIES

We use cookies administered by Google Inc. 1600 Amphitheatre Pkwy, Mountain View, CA 94043, United States as part of the services:

• Google Ads - they allow you to conduct and evaluate the quality of advertising campaigns carried out using the Google Ads service,

• Google Analytics – They allow us to evaluate the quality of advertising campaigns carried out using Google Ads, as well as to study user behaviour and traffic and to compile traffic statistics,

The information collected by Google Inc is anonymous and aggregated. In particular, they do not contain identifying characteristics (understood as personal data) of the users of the Website. When using the aforementioned services, we collect such data as the source of acquisition of users visiting the Website, as well as their behaviour on the Website, information on the devices and browsers they use, IP address, domain, demographic data (age, gender), interests and geographical data.

§13. CONSENT TO THE USE AND MANAGEMENT OF COOKIES

Consent to the processing of cookies is voluntary and may be withdrawn at any time. Please note, however, that a lack of consent to the use of certain cookies may result in restrictions on the use of the Website and its functionality, or even prevent such use.

You can give your consent to the processing of cookies:

• by means of the software settings installed on the telecommunications terminal equipment used by the User,

• by using the button containing a statement of consent to the processing of cookies or confirming that you have read its terms and conditions.

Most browser settings by default allow the placement of cookies and other information on your terminal device. If you do not agree to the storing of these files, it is necessary to change your browser settings accordingly. It is possible to disable their saving for all connections from a given browser or for a specific site, or to delete them. How you manage these files depends on the software you are using.

§14. CACHE

When you use the website of the Service, we may automatically use the cache memory installed on your device. Within the local memory, it is possible to store data inter-sessionally, i.e. between successive visits to the Website. The purpose of using the cache is to speed up the use of the Website, by eliminating the situation where the same data would be repeatedly downloaded from the Website, thereby overloading the User's internet connection. The cache may also store data such as your login password.

§15. LINKS TO OTHER WEBSITES OR SOFTWARE

The Website may contain links to other websites or software. We are not responsible for the privacy and cookie policies of such websites or software. We recommend that you read the privacy and cookie policies of these websites or software once you have accessed them or before you install them.

§16. CHANGES TO THE PRIVACY AND COOKIES POLICY

1. The Privacy and Cookies Policy shall take effect on the date of publication on the Website.

2. The Privacy and Cookies Policy is amended by publishing its new content on the Website.

3. We will publish information about changes to the Privacy and Cookies Policy in the area of the Website no later than 3 days before the date on which the new version becomes effective.