lifeintheuk-tests.uk
Log inGet started
HomePractice testsTopicsCheat sheetsStudy guidePricing
Legal

Data Protection Agreement

Our GDPR/UK-GDPR commitments — what we do with your data, how we secure it, and how we work with the people we trust to help us run the service.

Last updated: · Operated by SC QWERTYBIT SRL (RO38120209), Constantin Vodă 16, Bucharest, Romania.

1. Parties

This agreement is between you (the “Data Subject”) and SC QWERTYBIT SRL, RO38120209, Constantin Vodă 16, Bucharest, Romania (the “Controller”).

2. Subject matter and duration

The Controller processes personal data as described in our Privacy Policy for as long as you have an account, plus the retention periods set out below.

3. Categories of data and data subjects

  • Data subjects: registered users of lifeintheuk-tests.uk.
  • Categories of personal data: name, email, hashed password, study history, payment metadata (tokenised), IP address.
  • Special-category data: none collected.

4. Controller obligations

  • Process personal data lawfully, fairly and transparently.
  • Collect only what is strictly necessary for the service.
  • Keep personal data accurate; correct it on request without undue delay.
  • Implement appropriate technical and organisational measures (TLS 1.3 in transit, AES-256 at rest, role-based access, full audit logs, annual penetration tests).
  • Notify affected users and the supervisory authority within 72 hours of a personal-data breach.

5. Sub-processors

We engage the following sub-processors, each bound by an equivalent data-protection agreement:

  • Stripe Payments Europe Ltd (Ireland) — payments.
  • Supabase Inc (USA, EU data residency) — hosting and authentication.
  • Vercel Inc (USA, EU edge) — frontend hosting and CDN, under SCCs.

6. International transfers

Personal data is hosted in the EU. Where a sub-processor processes data outside the EU/UK we rely on EU Standard Contractual Clauses and apply supplementary measures (encryption, pseudonymisation) where appropriate.

7. Data Subject rights

You may exercise your rights of access, rectification, erasure, restriction, portability and objection by writing to our Data Protection Officer at office@qwertybit.com. We respond within 30 days at no cost (unless requests are manifestly unfounded or excessive).

8. Retention

  • Account data: until deletion, or 24 months of inactivity.
  • Backups: rolling 30-day window, then permanently deleted.
  • Invoices and payment records: 10 years (Romanian Fiscal Code).

9. Audit

Data subjects, on reasonable notice, may request a copy of our latest security and compliance audit report (anonymised).

10. Contact

Data Protection Officer: office@qwertybit.com
General contact: office@qwertybit.com
Postal: SC QWERTYBIT SRL, Constantin Vodă 16, Bucharest, Romania

11. Supervisory authority

You may lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP), Bd. Magheru 28-30, Bucharest, dataprotection.ro.

Privacy Policy →Terms of Service →