1. Introduction
Early Warning Index ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
By using our Early Warning Index service, you consent to the data practices described in this policy.
3. What Data We Collect
We collect the following types of information:
3.1 Personal Information
- Name
- Email address
- Company name
- Role/position
3.2 Assessment Data
- Your responses to assessment questions
- Background information about your company (industry, size, geography, etc.)
- Calculated scores and classifications
3.3 Technical Data
- Session IDs for anonymous tracking
- Browser cookies (with your consent)
- IP address (for security and audit purposes)
3.4 Payment Information
- Payment records (processed securely by Stripe)
- We do NOT store your credit card details
4. How We Use Your Data
- Provide the Service: Process your assessment and generate reports
- Communication: Send you assessment results and follow-up information
- Improvement: Analyze aggregated data to improve our assessment methodology
- Legal Compliance: Meet legal and regulatory requirements
- Security: Detect and prevent fraud and abuse
5. Data Retention
We retain your personal data according to the following policies:
- Draft Assessments: Automatically deleted after 30 days
- Unpaid Assessments: Deleted after 90 days
- Paid Assessments: Kept for 5 years, then anonymized
- Audit Logs: Retained for 7 years for legal compliance
6. Your GDPR Rights
Under GDPR, you have the following rights:
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restriction: Limit how we use your data
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Object: Object to processing of your data
- Right to Withdraw Consent: Withdraw your consent at any time
To exercise these rights, please visit our Data Request Form or contact us at [email protected]
7. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encrypted connections (HTTPS/SSL)
- Secure database storage with access controls
- Regular security audits and monitoring
- Limited employee access on a need-to-know basis
- Secure payment processing via Stripe (PCI DSS compliant)
8. Third-Party Processors
We share your data with the following trusted third-party processors:
- Stripe: Payment processing (GDPR compliant)
- ZeptoMail: Email delivery service (GDPR compliant)
- Abacus.AI: Hosting infrastructure (GDPR compliant)
All third parties are contractually bound to protect your data in accordance with GDPR.
9. Cookies and Tracking
We use essential cookies to enable core functionality. We do NOT use tracking or advertising cookies. You can manage cookie preferences through our cookie consent banner.
10. International Data Transfers
Your data is primarily stored within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).
11. Data Breach Notification
In the unlikely event of a data breach that affects your personal data, we will notify you within 72 hours as required by GDPR, along with the relevant supervisory authority.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or through a prominent notice on our website.
13. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact:
Kenneth Dalsgaard
Email: [email protected]
14. Supervisory Authority
If you believe we have not handled your data appropriately, you have the right to lodge a complaint with your local data protection supervisory authority.