This Privacy Policy explains how disctest.org («we», «us», or «our») collects, uses, stores, and protects personal data when you visit our website or purchase our DISC behavioral assessment services. disctest.org is a brand operated by Cecilia Eloísa Alba Ortiz, established as a sole trader under Spanish law at C/ Jiménez Aranda 1, 41015 Sevilla, Spain. We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

By using disctest.org, you agree to the practices described in this policy. If you do not agree, please do not use our services.

1. Who We Are

disctest.org is a brand operated by Cecilia Eloísa Alba Ortiz, a sole trader registered in Spain and established at C/ Jiménez Aranda 1, 41015 Sevilla, Spain (European Union). The DISC behavioral assessment services delivered through disctest.org are provided to organizations and individuals worldwide. For all data protection matters, you may contact us at contact@disctest.org.

2. What Data We Collect

Depending on how you interact with our platform, we collect the following categories of personal data:

Identification and account data: Full name, corporate email address, company name, and job title, collected when you create an account or purchase an assessment.

Behavioral assessment responses: Answers provided by candidates completing the DISC assessment questionnaire. These responses are processed to generate the behavioral profile and 17-page Strategic Dossier. Individual responses are not accessible by the purchasing HR Administrator — only the final report is delivered. Assessment data is not shared with any third party.

Billing and invoicing data: Company name, billing address, and tax identification number (VAT/CIF), collected for companies requiring formal invoices. Payment card data is processed exclusively by Stripe, Inc. and is never stored on our servers.

Navigation and usage data: IP address, browser type, pages visited, and session duration, collected via technical and analytics cookies. See Section 7 for full cookie details.

Support communications: Messages sent to us via email or the Smartsupp asynchronous written chat widget.

What we do not collect: We do not collect payment card numbers, bank account details, or any financial credentials. We do not collect sensitive personal data (health, biometric, or racial data) at any point in the assessment or purchasing process.

3. How We Use Your Data

We use the personal data we collect exclusively for the following purposes:

• Delivering the DISC assessment service: Processing responses, generating dossiers, and providing HR Administrator dashboard access.
• Processing payments and issuing invoices: Using billing and company data to complete transactions and issue compliant invoices.
• Sending purchase confirmations and delivering dossiers: Delivering results and access links to the email address provided at checkout.
• Responding to support enquiries: Using email and chat data to resolve questions through our Smartsupp asynchronous written support channel.
• Improving website performance: Using anonymized usage data to understand how visitors navigate our site and improve the experience.
• Fraud prevention and security: Using IP address and session data to detect and prevent unauthorized access.
• Legal and regulatory compliance: Retaining transaction and invoicing records as required by applicable tax law.

We do not use your personal data for automated decision-making or profiling unrelated to the DISC assessment service you have purchased. We do not use your data for advertising purposes.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data on the following legal bases under Article 6 of the GDPR:

Contract performance (Art. 6.1.b): Processing your name, email, and billing information is necessary to fulfill the assessment purchase contract and deliver the service you have paid for.

Legitimate interests (Art. 6.1.f): Anonymized usage analytics and fraud prevention are processed on the basis of our legitimate interest in operating a secure and functional platform. We have assessed that these interests do not override your privacy rights.

Legal obligation (Art. 6.1.c): We retain invoicing and transaction records as required by Spanish tax law (Ley General Tributaria) and EU financial regulations.

Consent (Art. 6.1.a): Where we send optional marketing communications, we will request explicit consent and provide a clear, immediate opt-out mechanism. This consent may be withdrawn at any time without affecting prior processing.

5. How Long We Keep Your Data

Assessment responses and dossiers: Retained for the duration of your active account plus 12 months to allow access to completed reports. After this period, data is permanently and irreversibly deleted.

Billing and invoicing records: Retained for 7 years as required by Spanish and EU tax law (Ley General Tributaria).

Email and support communications: Retained for 3 years from the date of last contact for support continuity and dispute resolution.

Anonymized usage analytics: Retained for a maximum of 26 months, after which data is aggregated and stripped of all identifiers.

Session cookies: Deleted automatically at the end of your browser session. See Section 7 for full cookie details.

After the applicable retention period, your data is securely deleted or irreversibly anonymized using industry-standard methods.

6. Third-Party Processors

We share personal data with a limited number of trusted third-party service providers who process data strictly on our behalf. All processors are bound by data processing agreements and are required to protect your data in accordance with GDPR and applicable law. We do not sell, rent, or share your personal data with any third parties for their own marketing or commercial purposes.

7. Cookies and Tracking Technologies

We use a minimal set of cookies on disctest.org. We do not use advertising cookies, social media tracking pixels, or cross-site tracking technologies of any kind.

You can manage or disable non-essential cookies at any time through your browser settings. Disabling essential cookies may prevent checkout or assessment completion from functioning correctly.

8. International Data Transfers

disctest.org is operated from the European Union (Spain). If you are located outside the EU, your data will be transferred to and processed within the EU, which provides an equivalent or higher level of data protection than most other jurisdictions.

Transfers to the United States (Stripe, Inc.): Payment data is processed by Stripe, Inc., based in the United States. This transfer is covered by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of protection for your personal data.

All behavioral assessment data and account data is hosted on servers within the European Economic Area (EEA) and is not transferred outside the EEA under any circumstances.

9. Your Rights Under GDPR

If you are located in the European Economic Area or the United Kingdom, you have the following rights regarding your personal data:

Right of access: You may request confirmation of whether we are processing your data and obtain a copy of it.

Right to rectification: You may request correction of inaccurate or incomplete personal data we hold about you.

Right to erasure («right to be forgotten»): You may request deletion of your personal data where there is no legal basis for us to continue processing it.

Right to restriction of processing: You may request that we limit how we use your data while a dispute is resolved or a request is verified.

Right to data portability: You may request your data in a structured, machine-readable format where technically feasible.

Right to object: You may object to processing based on legitimate interests. We will comply unless we have compelling legitimate grounds that override your rights.

Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

10. California Residents — CCPA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following additional rights:

Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months, and the purposes for which we use it.

Right to delete: You may request deletion of personal information we have collected from you, subject to certain legal exceptions (for example, we are required to retain invoicing records).

Right to opt out of sale: We do not sell personal information to third parties under any circumstances. You do not need to opt out.

Right to non-discrimination: We will not discriminate against you — in pricing, service level, or any other way — for exercising any of your CCPA rights.

To exercise your CCPA rights, contact us at contact@disctest.org. We will respond within 45 days as required by law.

11. Security

We implement technical and organizational measures designed to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

Encryption in transit: All communications between your browser and our platform are protected by TLS/SSL encryption.

Encryption at rest: Data stored on our servers is encrypted using industry-standard algorithms.

Access control: Assessment data is accessible only by authorized HR Administrators from the purchasing organization. Internal disctest.org staff operate under strict confidentiality protocols.

Payment isolation: Payment card data is processed exclusively by Stripe, Inc. We never store, transmit, or have access to your raw payment credentials.

Continuous auditing: We conduct periodic security reviews to maintain the integrity, availability, and confidentiality of personal data on our platform.

No method of data transmission or storage is 100% secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within the timeframes required by applicable law.

12. Children’s Data

disctest.org is a professional B2B service intended exclusively for organizations and adults aged 18 and over. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly. If you believe a minor’s data has been submitted to our platform, please contact us immediately at contact@disctest.org.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will update the «Last updated» date at the top of this page. We encourage you to review this policy periodically. Your continued use of disctest.org after any changes constitutes your acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how we handle your personal data, please contact us directly: