EPSO EU Testing is a study tool for EU competition (EPSO) candidates. The data controller is the operator of eutesting.org (see Impressum for full identification and contact details). This site is not affiliated with EPSO or any EU institution.
We collect the minimum possible:
localStorage / sessionStorage) — we store your language choice, your quiz answers, your progress, your dark-mode preference, and your cookies-consent flag. These remain on your device only and never reach our server.active, past_due, canceled) and the current period end date. We do not store, see or transmit your payment-card number, expiry, CVV or billing address — these are handled entirely by Stripe on Stripe's own domain (Stripe Checkout).We do not collect precise location data, advertising identifiers, biometric data, or any third-party data.
We rely on the following third-party data processors, each operating under a GDPR-compliant Data Processing Agreement:
Beyond these two processors the site is self-contained: static HTML, self-hosted fonts, no analytics, no advertising networks, no external CDN, no tracking pixels.
You have the right to access, rectify, erase (subject to §6 above), restrict the processing of, port, and object to the processing of your personal data. To exercise these rights, use the contact form on the site. You also have the right to lodge a complaint with your national data protection authority (in Germany: the Hamburg Commissioner for Data Protection, datenschutz-hamburg.de).
This site uses no analytics (no Google Analytics, Plausible, Matomo or equivalent), no advertising networks, no tracking pixels, and no fingerprinting. No data is sold or shared with marketers. Your IP address is not stored beyond the hosting provider's operational logs.
Cookies and similar storage set on the eutesting.org domain are strictly necessary for the service you request:
nf_jwt and a refresh token (Netlify Identity) — keep you signed in across page reloads. Deleted when you log out or close the browser.cookies_consent_v1 (localStorage) — records that you have dismissed the cookies notice so we do not show it again.If you proceed to a Stripe Checkout or Billing Portal page, Stripe sets its own cookies on its own domain (checkout.stripe.com, billing.stripe.com) for security, fraud prevention and session continuity. These cookies are controlled by Stripe, not by us — see Stripe's cookies policy.
Netlify (data hosting, authentication, serverless functions) is a US-incorporated company that processes data in the EU and the US. It relies on the EU-US Data Privacy Framework and Standard Contractual Clauses approved by the European Commission to ensure an adequate level of protection for personal data transferred outside the EEA.
Stripe processes EU customers' data primarily through Stripe Payments Europe, Ltd. in Dublin (Ireland), with some technical processing in the US under Standard Contractual Clauses and the EU-US Data Privacy Framework.
You may cancel your subscription at any time via the Manage subscription link inside your account menu (which opens the Stripe Billing Portal). Cancellation takes effect at the end of the current billing period — premium access remains until then.
You may request the deletion of your account at any time by contacting us through the contact form. Upon deletion, we remove your email address and account record from our database within 30 days, subject to the billing-data retention obligation explained in §6. Cancelling your subscription does not automatically delete your account; closing your account does not automatically refund any unused portion of a paid period.
You may also export your personal data (a copy of what we hold) at any time via the same contact channel.
This policy may be updated to reflect site or legal changes. The date above indicates the current version; material changes will be flagged in the site footer.