GDPR Compliance
Your rights under European data protection law
Last Updated: February 4, 2026
This page explains your rights under the General Data Protection Regulation (GDPR) and how GoLevel complies with European data protection law.
What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations that process personal data of individuals in the European Union, regardless of where the organization is located.
GoLevel's GDPR Compliance
GoLevel is committed to full compliance with GDPR requirements. We have implemented appropriate technical and organizational measures to ensure the protection of your personal data.
Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Consent: When you voluntarily provide information or agree to data processing
- Contract: To provide our educational services and fulfill our obligations
- Legitimate Interest: For anonymous analytics to improve question quality
- Legal Obligation: To comply with applicable laws and regulations
Your Rights Under GDPR
As a data subject under GDPR, you have the following rights:
Right to Information
You have the right to be informed about how your personal data is collected, used, and processed. This information is provided in our Privacy Policy.
Right of Access
You can request access to your personal data and receive information about how we process it. Contact us at gdpr@golevel.com to make a request.
Right to Rectification
You can request correction of inaccurate or incomplete personal data. We will update your information promptly upon verification.
Right to Erasure
Also known as the "right to be forgotten," you can request deletion of your personal data under certain circumstances.
Right to Restrict Processing
You can request that we limit the processing of your personal data in specific situations, such as when you contest the accuracy of the data.
Right to Data Portability
You can request to receive your personal data in a structured, commonly used format, or have it transmitted to another controller.
Right to Object
You can object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
Rights Related to Automated Decision-Making
You have rights regarding automated decision-making and profiling. GoLevel's adaptive learning uses automated processing to personalize your experience.
How to Exercise Your Rights
To exercise any of your GDPR rights, you can:
Contact Our Data Protection Officer
- Email: dpo@golevel.com
- GDPR Requests: gdpr@golevel.com
- Contact Form: Send us a message
- Response Time: Within 30 days (may be extended to 60 days for complex requests)
What We Need From You
To process your request efficiently and securely, please provide:
- Clear identification of which right you wish to exercise
- Sufficient information to verify your identity
- Specific details about your request
- Any relevant account information (if applicable)
Data Processing Activities
Here's how we process personal data in compliance with GDPR:
| Processing Activity | Data Categories | Legal Basis | Retention Period |
|---|---|---|---|
| Account Management | Email, username, preferences | Contract | Until account deletion |
| Anonymous Analytics | Usage patterns, performance data | Legitimate Interest | Up to 2 years |
| Customer Support | Contact information, support history | Contract | Up to 3 years |
| Marketing Communications | Email address, preferences | Consent | Until consent withdrawn |
Data Transfers
When we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:
- Adequacy Decisions: We transfer data to countries with adequate protection as determined by the European Commission
- Standard Contractual Clauses: We use EU-approved contractual clauses for transfers to third countries
- Certification Schemes: We work with service providers that have appropriate certifications
- Binding Corporate Rules: For transfers within corporate groups with approved BCRs
Data Security Measures
We implement appropriate technical and organizational measures to ensure data security:
Technical Measures
- End-to-end encryption
- Secure data storage
- Access controls and authentication
- Regular security updates
Organizational Measures
- Staff training on data protection
- Data protection impact assessments
- Incident response procedures
- Regular compliance audits
Data Breach Notification
In the unlikely event of a data breach that poses a risk to your rights and freedoms:
- We will notify the relevant supervisory authority within 72 hours
- We will inform affected individuals without undue delay if there is a high risk
- We will provide clear information about the nature of the breach and steps taken
- We will offer guidance on protective measures you can take
Children's Data Protection
Special protections apply to children's personal data under GDPR:
- For children under 16, we require parental consent for data processing
- We use age-appropriate language in our privacy notices
- We collect minimal data from all users, including children
- Parents can exercise rights on behalf of their children
Automated Decision-Making and Profiling
GoLevel uses automated processing for educational purposes:
- Adaptive Learning: Our algorithm adjusts question difficulty based on your performance
- Content Recommendations: We suggest relevant topics and materials
- Progress Tracking: Automated analysis of your learning progress
You have the right to:
- Obtain human intervention in automated decision-making
- Express your point of view regarding automated decisions
- Contest decisions made solely by automated processing
Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with GDPR requirements.
How to File a Complaint
You can contact your local data protection authority or the authority in the country where the alleged infringement occurred. We encourage you to contact us first so we can address your concerns directly.
Updates to GDPR Compliance
We regularly review and update our GDPR compliance measures to ensure continued protection of your rights. Any significant changes will be communicated through:
- Updates to this page with revised date
- Email notifications to registered users
- In-app notifications for material changes
- Prominent notices on our website
Contact Information
For any GDPR-related questions or to exercise your rights:
GDPR Contact Details
- Data Protection Officer: dpo@golevel.com
- GDPR Requests: gdpr@golevel.com
- General Privacy: privacy@golevel.com
- Contact Form: Send us a message
- Response Time: Within 30 days (may be extended to 60 days for complex requests)
Our Commitment: GoLevel is committed to protecting your privacy and ensuring full compliance with GDPR. We believe that strong data protection enhances trust and enables us to provide better educational services.