Legal
Privacy Policy
Last updated: 30 March 2026
This privacy policy explains how DWG Data Science Company collects, uses, stores, and shares personal data when you use founderpersonalityquiz.com and related Founder Personality Quiz services. It is designed to be clear and practical while reflecting our obligations under the GDPR and other applicable European and German data protection laws.
1. Data controller
The controller responsible for processing your personal data is:
(DWG Datenwissenschaftliche Gesellschaft Berlin mbH)
Schumannstraße 1b, 10117 Berlin, Germany
Commercial register: Amtsgericht Charlottenburg, HRB 245436 B
Contact: braesemann@dwg-datascience.com
Unless expressly stated otherwise in a service-specific notice, you can use this contact address for all privacy-related enquiries.
We have assessed whether a Data Protection Officer must be appointed under Article 37 GDPR and § 38 BDSG. At present, we have not appointed a Data Protection Officer because we do not consider the applicable appointment threshold to be met. If this changes, we will update this policy accordingly.
2. The data we collect
2.1 Account and sign-in data
If you sign in or create an account, we may receive information needed to identify and authenticate you, such as your email address, display name or full name, language or locale information, and a provider account identifier.
2.2 Quiz responses and results
We collect the answers you submit, the quiz session data needed to process them, and the resulting founder personality profile and related outputs generated for you.
2.3 Contact and support information
If you contact us, we may process your name, email address, message content, and any other information you choose to share with us.
2.4 Payment and order information
If we make paid services or digital products available, we may process billing, transaction, and order information needed to complete the purchase and meet legal and accounting obligations.
2.5 Technical, usage, and security data
When you use the website, we may process technical and usage data such as IP address, device and browser information, page interactions, timestamps, and security-related log data. We also use cookies and similar technologies as described in our Cookie Policy. Analytics cookies are only set after your affirmative opt-in consent.
2.6 Special category data
The standard Founder Personality Quiz is not designed to request special category personal data within the meaning of Article 9(1) GDPR, such as health data or data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, or data concerning sex life or sexual orientation. Founder Personality Quiz is intended to describe founder-related behavioural tendencies and is not intended as a medical or mental-health assessment. If a specific future flow were to involve special category data, we would identify that separately and rely on an applicable Article 9(2) GDPR condition, typically explicit consent where required.
3. How we use your data and our legal bases
3.1 To provide the website, quiz, and account features
We process your data to operate the website, authenticate your account, deliver the quiz, generate results, and provide requested services.
Legal basis: Article 6(1)(b) GDPR
3.2 To send service and transactional communications
We use your contact details to send account, security, support, order, or other service messages needed to operate the website or perform a contract with you.
Legal basis: Article 6(1)(b) GDPR
3.3 To respond to non-contractual enquiries and protect our operations
Where you contact us outside a contractual relationship, we may use your details to handle the enquiry, keep appropriate records, and protect our legal and operational interests.
Legal basis: Article 6(1)(f) GDPR
3.4 To improve the website and understand usage
Where you have agreed to analytics, we use usage information to understand how the website is used and to improve its design and performance.
Legal basis: Article 6(1)(a) GDPR
3.5 To keep the service secure and prevent misuse
We process security and operational data to detect abuse, defend against fraud, keep accounts secure, and protect the integrity of the website and our systems.
Legal basis: Article 6(1)(f) GDPR
3.6 For scientific, statistical, and product-improvement purposes
We may analyse quiz and service data to improve the scientific validity, reliability, and utility of Founder Personality Quiz, to develop the service, and to support scientific or statistical work related to founder personality and entrepreneurship. We consider this processing to serve our legitimate interests because it helps us maintain and improve the quality, safety, and research value of the service. We seek to keep this processing proportionate by limiting access, reducing identifiability through pseudonymisation or anonymisation where possible, and avoiding unnecessary use of directly identifying data.
You have the right to object to this processing at any time on grounds relating to your particular situation. See Section 8 below for more detail.
Legal basis: Article 6(1)(f) GDPR and, where required by law or by a specific flow, Article 6(1)(a) GDPR
3.7 For marketing communications where you opt in
If you choose to receive newsletters or promotional updates, we will use your contact details for that purpose until you withdraw your consent.
Legal basis: Article 6(1)(a) GDPR
3.8 Automated decision-making
Founder Personality Quiz does not currently make decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you within the meaning of Article 22 GDPR. The automated generation of quiz results is intended to provide informational output, not to make binding or high-stakes decisions about you.
4. Institution-specific sharing
We may work with institutions in connection with specific programmes, events, courses, incubators, accelerators, or research initiatives. Rather than maintaining a general public list of unofficial or prospective institutional recipients in this policy, we will identify the relevant institution in the applicable signup, popup, consent flow, or other programme materials where that institution's involvement is relevant to your use of Founder Personality Quiz.
If you access Founder Personality Quiz through an institution-specific program, event, course, incubator, accelerator, or research initiative, any sharing with that institution will only take place where the relevant signup or popup flow clearly names the institution and you expressly agree before the sharing happens.
In that situation, the institution may receive identified quiz-related data relevant to the program. The institution will act under its own responsibility for its own purposes. Founder Personality Quiz data should not be used as the sole basis for admissions, funding, hiring, or other similarly significant evaluative decisions.
5. Recipients and service providers
We share personal data only where necessary to provide the service, operate our business, comply with the law, or where you have agreed. We aim to share the minimum data needed for each purpose.
| Recipient | Purpose | Destination / access | Transfer mechanism |
|---|---|---|---|
| Hetzner | Hosting, infrastructure, and storage for the core Founder Personality Quiz service as our data processor. | Germany | No third-country transfer identified in the ordinary hosting setup described here. Hetzner privacy policy: hetzner.com/legal/privacy-policy |
| Google Analytics | Website analytics, only after affirmative analytics consent. For this analytics processing, we and Google may act as joint controllers to the extent Google processes the data for its own analytics and service-improvement purposes. | Ireland and the United States | For transfers to Google LLC in the United States, we rely on the EU-U.S. Data Privacy Framework adequacy decision where applicable. Google states that Google LLC and relevant U.S. subsidiaries are certified under the DPF for analytics-related transfers. Google privacy information: policies.google.com/privacy ; transfer frameworks: policies.google.com/privacy/frameworks ; measurement controller terms: support.google.com/analytics/answer/9012600 |
| Google sign-in and Google email services | Authentication, account access, and business communications. | Ireland and the United States | Google states that Google Ireland Limited is the relevant EEA service provider/controller for many consumer services and that Google LLC and relevant U.S. subsidiaries are certified under the EU-U.S. Data Privacy Framework. Where additional contractual safeguards are required, Google also offers SCC-based protections in relevant contexts. Google privacy information: policies.google.com/privacy ; transfer frameworks: policies.google.com/privacy/frameworks |
| LinkedIn sign-in | Authentication when you choose LinkedIn as the sign-in provider. | Ireland and the United States | LinkedIn states that LinkedIn Ireland Unlimited Company is the EEA controller, and that transfers outside the EEA may rely on the EU-U.S. Data Privacy Framework and, for certain transfers, the European Commission's Standard Contractual Clauses. LinkedIn privacy information: linkedin.com/legal/privacy-policy ; EEA privacy notice: linkedin.com/legal/privacy/eu |
| Stripe | Payment processing and anti-fraud measures if and when paid services are offered. | Ireland and, where relevant, the United States | Stripe states that its EU entities operate from Ireland and that transfers to Stripe, LLC in the United States may rely on the EU-U.S. Data Privacy Framework and, where applicable, Standard Contractual Clauses. Stripe privacy information: stripe.com/privacy ; privacy center: stripe.com/privacy-center/legal |
| Public authorities, courts, advisers, and counterparties | Legal compliance and the establishment, exercise, or defence of legal claims. | Depends on the request or proceeding | Transfer mechanism depends on the recipient, legal basis, and jurisdiction involved. |
Where Google Analytics is used, the essential elements of the arrangement are that we decide to deploy analytics on our website and determine the website-side analytics purposes, while Google provides the analytics service and may also process data for its own purposes in accordance with its own privacy documentation. You may exercise your data protection rights both with us and, where relevant, with Google. We remain your primary point of contact for the use of Google Analytics on this website. Further information is also available in Google's Measurement Controller-Controller Data Protection Terms linked above.
If you would like more information about the safeguards applicable to a particular transfer, or where copies of contractual safeguards are available to us, you may contact us using the details in Section 1.
We keep the transfer mechanisms described in this section under review. If the EU-U.S. Data Privacy Framework is changed, suspended, or invalidated, we may need to update the relevant transfer safeguards and this policy accordingly.
6. Self-hosting in Germany
We operate Founder Personality Quiz using self-hosted infrastructure in Germany because data sovereignty and responsible handling of user data are important to us. This does not remove the need to work with selected external providers where necessary, but it does mean we aim to keep core service infrastructure under our control and located in Germany.
7. How long we keep data
We keep personal data only for as long as necessary for the purposes described in this policy, unless a longer period is required by law or justified by overriding legal interests. Where possible, we anonymize data so it can no longer be linked back to you.
| Category | Retention approach |
|---|---|
| Account and sign-in data | Generally kept while your account remains active and for a reasonable period afterwards where needed for security, dispute handling, or legal compliance. |
| Identified or pseudonymized quiz and research-linked data | Up to 24 months after your last relevant activity or the end of the relevant programme, then deleted or anonymised unless longer retention is legally required. |
| Anonymized scientific or statistical data | May be retained for longer, including beyond the period above, where the data can no longer reasonably identify you. |
| Support communications | Normally up to 3 years after the matter is closed, reflecting the regular civil limitation period under § 195 BGB, unless a longer period is needed for legal reasons. |
| Security and authentication logs | Normally up to 12 months, unless longer retention is needed to investigate abuse, security incidents, or legal claims. |
| Payment and accounting records | Up to 10 years where required under applicable tax, accounting, or commercial law. |
8. Your rights
Under the GDPR, you may have the right to request access to your personal data, request correction, request deletion, restrict processing, object to certain processing, receive portable copies of data you provided to us, and withdraw consent where processing is based on consent.
These rights are not absolute and may be limited in some circumstances, for example where we must retain certain information to comply with law, defend legal claims, or where data has already been irreversibly anonymised.
Where we rely on Article 6(1)(f) GDPR, you also have the right to object at any time, on grounds relating to your particular situation, to processing based on our legitimate interests. This applies in particular to the scientific, statistical, product-improvement, security, and non-contractual enquiry processing described in this policy.
You also have the right to lodge a complaint with a supervisory authority. Our competent supervisory authority is:
Alt-Moabit 59-61, 10555 Berlin, Germany
Telephone: +49 30 13889-0
Email: mailbox@datenschutz-berlin.de
Website: datenschutz-berlin.de
To exercise your rights, contact us at braesemann@dwg-datascience.com.
9. Security
We use appropriate technical and organisational measures to protect personal data against accidental or unlawful loss, misuse, alteration, or unauthorised access. These measures include, for example, access restrictions, authentication safeguards, encryption in transit where appropriate, and logging or monitoring designed to help us detect misuse and protect our systems. Even so, no internet-based service can guarantee absolute security.
10. Children
Founder Personality Quiz is not intended for children under 16. If you believe a child has provided personal data to us in breach of this restriction, please contact us so we can review and, where appropriate, delete that data.
11. Changes to this policy
We may update this privacy policy from time to time to reflect changes in the law, our services, or our data-processing practices. The latest version will always be available on this page with an updated effective date.