Descubre nuestro portal: tu preparación para los exámenes AESA impulsada por IA.
Probar gratis Iniciar sesión
Mobile menu MENU
fallback
lingua ES angle-down

Privacy Policy

Last updated: 19 May 2026

This Privacy Policy describes how personal data is processed for users visiting quizvds.it and its related subdomains (in particular exam.quizvds.it).

1. Data Controller

The Data Controller of personal data is:

EGWeb di Guatta Mattia
Via Giuseppe Verdi 9, 25010 Montirone (BS) – Italy
VAT no.: 04768540983
Email: info@quizvds.it

2. Categories of personal data collected

a) Account registration data (on the exam portal)

  • First and last name
  • Email address
  • Password (stored encrypted, never in clear text)

b) Payment data (for paid plans)

  • Billing data (name, address, tax code/VAT)
  • Credit card data is not processed or stored by the Controller, but directly by Stripe and PayPal (autonomous controllers)

c) Navigation data

  • IP address, browser, operating system
  • Pages visited, date and time of visits
  • Technical errors recorded in system logs

d) Service usage data

  • Quiz results
  • Personal usage statistics
  • Number of exam simulations performed (for the rate limiting system)

e) Data for abuse prevention system (rate limiting)

  • User IP address, stored server-side
  • Count of simulations executed in the last 120 minutes
  • Used exclusively to enforce the limit of 3 free simulations every 2 hours (abuse prevention)

f) Statistical data (Google Analytics)

  • Pseudonymous data on site interaction (pages viewed, duration, traffic source)
  • Anonymous unique browser/device identifier
  • Collected only with user consent via the Consent Management Platform

g) Data for personalized advertising (Google AdSense + IAB TCF v2.2)

  • Browser/device identifiers
  • Browsing history on this and other sites using the same advertising services
  • Inferred interests based on behavior
  • Ad interaction data (impressions, clicks)
  • Collected only with explicit consent via the IAB TCF v2.2 CMP (Google Funding Choices)

3. Purposes and legal bases of processing

# Purpose Legal basis (GDPR)
1Creation and management of user accountPerformance of contract (art. 6.1.b)
2Service delivery (quizzes, simulations)Performance of contract (art. 6.1.b)
3Payment and invoicing managementPerformance of contract + legal obligation (art. 6.1.b/c)
4Sending service emails (confirmations, password reset)Performance of contract (art. 6.1.b)
5Sending newsletter and commercial communicationsExplicit consent (art. 6.1.a), revocable
6Site security (Cloudflare, reCAPTCHA, Wordfence)Legitimate interest (art. 6.1.f)
7Abuse prevention via rate limiting (server-side IP)Legitimate interest (art. 6.1.f) – Service protection
8Tax and accounting obligationsLegal obligation (art. 6.1.c)
9Legal defenceLegitimate interest (art. 6.1.f)
10Statistical web traffic analysis (Google Analytics)Consent (art. 6.1.a), revocable
11Personalized advertising (Google AdSense + 210+ IAB TCF v2.2 partners)Consent (art. 6.1.a), revocable anytime via CMP

Provision of data for purposes 1-4, 7 and 8 is necessary: without it, the service cannot be provided. Provision for purposes 5, 10 and 11 (newsletter, analytics, advertising) is optional.

4. Google AdSense advertising and IAB TCF v2.2

This site uses Google AdSense to display advertisements. Consent management for advertising is handled via the Google Funding Choices Consent Management Platform (CMP), compliant with the IAB Transparency and Consent Framework (TCF) v2.2.

When the user provides consent via the CMP banner, personal data (device identifiers, IP, inferred interests) may be shared with Google Ireland Ltd and over 200 advertising partners registered with the IAB TCF v2.2 framework for:

  • Selection and display of personalized ads
  • Measurement of ad and content performance
  • Service development and improvement
  • Audience market research

The complete and updated list of advertising partners is available via the "Manage options" button of the CMP, or by consulting:

The user can revoke consent at any time by clicking the "Manage cookies" button on the site, or by clearing browser cookies.

5. Free limit system (rate limiting)

To ensure the sustainability of the free Service and prevent automated abuse, the Controller applies a limit of 3 free exam simulations every 2 hours for non-registered/non-paying users.

To enforce this limit, we process:

  • The user's IP address, stored server-side for a maximum of 2 hours
  • A technical session cookie (CAKEPHP) storing navigation state
  • A counter cookie (sess_*) storing the number of simulations performed (expires after 2 hours)

Legal basis is the Controller's legitimate interest (art. 6.1.f GDPR) in protecting the Service from abuse. The user can object to the processing (art. 21 GDPR), but in that case will not be able to access the unlimited free tier.

6. Processing methods

Data is processed using electronic tools with adequate security measures: password encryption, HTTPS, periodic backups, access control, application firewall and anti-DDoS protection (Cloudflare).

Passwords are stored exclusively in hashed form (non-reversible).

7. Data retention

Data category Retention period
Account data (active users)For the duration of the relationship + 12 months after deletion
Billing data10 years (Italian civil/tax obligation art. 2220 c.c.)
System logs6 months
Newsletter dataUntil consent is withdrawn
Quiz resultsFor the entire account duration
Google Analytics dataUp to 14 months (GA4 setting) or until consent is withdrawn
Advertising data (AdSense + TCF partners)Defined by individual vendors – see partner list
IP for rate limitingMaximum 2 hours

8. Data recipients and external processors

Data may be communicated to the following parties as Data Processors (art. 28 GDPR):

Provider Service Location
Virtual IT Consulting S.r.l.Hosting and data storage (cloud infrastructure with servers in EU)Italy / EU
Cloudflare Inc.CDN, security, anti-DDoS protectionIreland + USA
Brevo SASTransactional email and newsletterFrance (EU)
Stripe Payments Europe LtdCard paymentsIreland + USA
PayPal (Europe) S.à r.l. et CiePayPal paymentsLuxembourg
Google Ireland Ltd (reCAPTCHA)Form antibot protectionIreland + USA
Google Ireland Ltd (Analytics)Site traffic measurementIreland + USA
Google Ireland Ltd (AdSense + Funding Choices CMP)Personalized advertising + TCF v2.2 consent managementIreland + USA
IAB TCF v2.2 vendors (210+ partners)Personalized advertising and measurement (full list in CMP)EU / extra-EU
Accountant/tax officeTax complianceItaly

Data may also be communicated to public authorities upon request and within the limits of the law.

9. Extra-EU data transfers

Some providers (Cloudflare, Stripe, Google AdSense, Google Analytics, Google reCAPTCHA and 210+ IAB TCF partners) may process data in the United States and other non-EU countries. Such transfers are based on:

  • EU-US Data Privacy Framework (EU Commission adequacy decision of 10 July 2023), for certified providers
  • Standard Contractual Clauses approved by the EU Commission (Decision 2021/914), as additional safeguard

The updated list of transfers for IAB TCF vendors is available via the site CMP.

Copies of safeguards can be requested by writing to info@quizvds.it.

10. Rights of the data subject

Pursuant to artt. 15-22 GDPR, the user has the right to:

  • Access (art. 15): obtain confirmation of processing and a copy of the data
  • Rectification (art. 16): correct inaccurate or incomplete data
  • Erasure / right to be forgotten (art. 17): obtain data deletion
  • Restriction (art. 18): restrict processing in certain cases
  • Portability (art. 20): receive data in a structured format
  • Object (art. 21): object to processing based on legitimate interest
  • Withdraw consent: withdraw consent for newsletter, analytics or advertising at any time, without prejudicing the lawfulness of previous processing

Requests must be sent to info@quizvds.it. The Controller will respond within 30 days (extendable to 90 in complex cases).

11. Complaint to the Italian DPA

The user has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali):

12. Automated decision-making

The Controller does not carry out automated decision-making with significant legal effects pursuant to art. 22 GDPR. Personalized advertising via Google AdSense and IAB TCF v2.2 partners involves advertising profiling, but does not produce decisions with legal effects on the user.

13. Minors

The service is not intended for minors under 14. In case of registration by a minor, the Controller will delete the account.

14. Cookies

For information on cookies used, see the Cookie Policy.

15. Changes to this Privacy Policy

The Controller reserves the right to modify this Policy. Changes will be published on this page with the last update date. For substantial changes, the user will be notified by email or via site notice.

16. Legal references

  • Regulation (EU) 2016/679 (GDPR)
  • Italian Legislative Decree 196/2003 as amended by D.Lgs. 101/2018 (Privacy Code)
  • Directive 2002/58/EC (ePrivacy)
  • Italian DPA Provision of 10 June 2021 (cookies)
  • IAB Europe Transparency & Consent Framework v2.2
  • Google EU User Consent Policy

© 2026 EGWeb di Guatta Mattia – VAT 04768540983

Descargar las apps móviles
Descargar las apps móviles
Suscríbete a la Newsletter
Regístrate, es gratis
quizvds.it © 2026 EGWeb di Guatta Mattia - VAT: 04768540983