1. General Information The protection of your personal data is important to us. We process your data in accordance with applicable legal regulations, in particular the General Data Protection Regulation (GDPR) and the Austrian Telecommunications Act (TKG). The controller responsible for data processing is Viktoriia Dibrova. Further details can be found in the Imprint. This Privacy Policy provides information about the type, scope, and purpose of the processing of personal data on our website. 2. Access Data & Server Log Files Our hosting provider may automatically collect and store information in so-called server log files, which your browser transmits to us. This includes in particular: ● IP address ● date and time of the request ● requested page (URL) ● browser type and version ● operating system This data is processed to ensure the security, stability, and proper functioning of the website (legal basis: Art. 6(1)(f) GDPR – legitimate interest). Server log data is stored for a limite d period and then automatically deleted. 3. Use of Cookies & Tracking Technologies Technically necessary cookies We use technically necessary cookies that are required for the proper functioning of the website, in particular for user authentication and the maintenance of login sessions. These cookies do not require consent. The legal basis is § 165 TKG and Art. 6(1)(f) GDPR (legitimate interest in providing a functional and secure website). These cookies are generally stored only for the duration of the session or for a limited period where technically necessary. Authentication via Third Parties You may also register or log in using Google Login (OAuth). If you choose this option, we receive certain personal data from Google, in particular your name and email address, for the purpose of creating or accessing your user account and providing the requested login functionality. The legal basis for this processing is Art. 6(1)(b) GDPR (performance of a contract or steps prior to entering in to a contract). Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information about data processing by Google can be found in Google’s privacy information. 4. Collection and Processing of Personal Data We process the following personal data: - first name and last name - email address - phone number (if provided) - password (stored in hashed form) - answers submitted within the platform - test results, scores, and progress data - usage data (e.g. completed tasks, time spent) This data is processed for the purpose of providing our services, tracking learning progress, and ensuring the proper functioning of the platform : ● Art. 6(1)(b) GDPR (performance of a contract) ● Art. 6(1)(a) GDPR (consent) ● Art. 6(1)(f) GDPR (legitimate interest) Personal data is collected when you voluntarily provide it to us, for example by creating an account or using our platform. We store this data for as long as your account remains active or as required to comply wi th legal obligations. 5. Third-Party Providers & Data Transfers We use external service providers to operate and provide our website. In doing so, personal data may be processed by these providers only to the extent necessary for the provision, security, and technical operation of the website and platform. Hosting Provider Our website is hosted by VMHeaven.io (cloud VPS hosting). This provider processes technical data such as IP addresses and server requests in order to ensure the operation and security of the website. Authentication (Google Login) If you choose to log in via Google, certain personal data (such as your name and email address) is transmitted to us by Google. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Where personal data is transferred to recipients outside the EEA, such transfers take place only in accordance with the GDPR, in particular on the basis of an adequacy decision or appropriate safeguards. 6. Rights of Data Subjects Unde r applicable data protection law, you may have the right to: ● access your personal data (Art. 15 GDPR) ● request rectification of inaccurate or incomplete data (Art. 16 GDPR) ● request erasure of your personal data (Art. 17 GDPR) ● request restriction of processing (Art. 18 GDPR) ● receive your data in a portable format, where applicable (Art. 20 GDPR) ● object to processing, where applicable (Art. 21 GDPR) ● withdraw consent at any time, where processing is based on consent (Art. 7 GDPR) ● lodge a complaint with a competent supervisory authority Please direct any requests to: wup.group.academy@gmail.com 7. Data Security We implement appropriate technical and organizational security measures to protect your personal data against accidental or intentional manipulation, loss, destruction, or unauthorized access. 8. Changes to This Privacy Policy We reserve the right to update this Privacy Policy to reflect changes in legal requirements or in our services or data processing practices. Th e current version is always available on this website. Where required by law, we will inform users of significant changes. Contact: wup.group.academy@gmail.com