Privacy & Data Protection Notice
Last updated: 31 March 2026
1. Who We Are
PopQuiz.ie is operated by [Controller Name / Entity], contactable at [contact email]. For the purposes of the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the data controller is the higher education institution whose lecturer has deployed the quiz. PopQuiz.ie acts as a data processor on behalf of that institution.
2. What Data We Collect
2a. Lecturer Accounts
| Data | Purpose | Legal Basis |
|---|---|---|
| Username, email address | Account creation and authentication | Legitimate interest (Art. 6(1)(f)) |
| Password (bcrypt hash) | Account security | Legitimate interest (Art. 6(1)(f)) |
| Quiz content (questions, answers) | Delivering quizzes to students | Contractual necessity (Art. 6(1)(b)) |
2b. Students Taking a Quiz
| Data | Purpose | Legal Basis |
|---|---|---|
| Student number (as entered by student) | Identifying the student's submission for grading | Public task / legitimate interest of the institution (Art. 6(1)(e)/(f)) |
| Quiz answers and score | Assessment and grade reporting | Public task (Art. 6(1)(e)) |
| IP address | Academic integrity verification (detecting shared devices, proxied access) | Legitimate interest (Art. 6(1)(f)) |
| Browser user agent string | Academic integrity verification and debugging | Legitimate interest (Art. 6(1)(f)) |
| Session identifier, client UUID | Preventing duplicate submissions, session management | Legitimate interest (Art. 6(1)(f)) |
| Lockout status and reason | Recording academic integrity violations (e.g., tab switching) | Legitimate interest (Art. 6(1)(f)) |
| Timestamp of submission | Audit trail and grade verification | Legitimate interest (Art. 6(1)(f)) |
3. What We Do Not Collect
- We do not use cookies for advertising or tracking
- We do not use analytics services (Google Analytics, etc.)
- We do not share data with third parties for marketing
- We do not build student profiles across quizzes or institutions
- Students do not need to create an account to take a quiz
4. Where Data Is Stored
All data is stored on servers operated by HEAnet (Ireland's National Education and Research Network), located in Ireland. No data is transferred outside the European Economic Area (EEA). Quiz content is stored as encrypted-at-rest files on the server filesystem. Database records are stored in a server-local database.
5. Data Retention
Quiz results are retained for the duration of the academic year in which the quiz was administered. Lecturers may delete individual quizzes and all associated student data at any time via the dashboard. At the end of each academic year, the institution's designated administrator may request bulk deletion of all data for their institution.
Lecturer accounts remain active until the lecturer requests deletion or the institution requests removal.
6. Data Sharing
Student quiz results are accessible only to the lecturer who created the quiz. We do not share student data across lecturers, departments, or institutions. We do not sell or license any data to third parties.
We may disclose data if required by law or a valid court order.
7. Your Rights Under GDPR
If you are a student or lecturer, you have the right to:
- Access the personal data we hold about you (Art. 15)
- Rectification of inaccurate data (Art. 16)
- Erasure ("right to be forgotten") of your data (Art. 17), subject to the institution's academic record-keeping obligations
- Restriction of processing (Art. 18)
- Data portability (Art. 20) — we can export your data in CSV format
- Object to processing based on legitimate interest (Art. 21)
To exercise these rights, contact your institution's data protection officer or email us at [contact email]. We will respond within 30 days.
You also have the right to lodge a complaint with the Data Protection Commission (dataprotection.ie) if you believe your rights have been infringed.
8. Academic Integrity Monitoring
During a quiz, PopQuiz.ie monitors whether the student navigates away from the quiz window (e.g., switching tabs or applications). This monitoring is performed client-side in the browser and is designed to support academic integrity during timed assessments. If a violation is detected, the quiz session may be terminated and the event recorded alongside the student's submission.
This processing is carried out under the legitimate interest of the institution in maintaining fair assessment conditions. The monitoring does not access any other applications, files, or browser history on the student's device.
9. Security Measures
- All connections use HTTPS/TLS encryption in transit
- Passwords are stored using bcrypt hashing (never in plaintext)
- Correct quiz answers are never transmitted to student devices
- Access to quiz results is restricted to the quiz creator
- Infrastructure is managed by HEAnet, which maintains ISO 27001-aligned security practices
10. Changes to This Notice
We may update this notice to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page indicates when the notice was last revised. We encourage you to review this page periodically.
11. Contact
For questions about this privacy notice or our data practices, contact:
[Your Name]
[contact email]
This notice is provided in compliance with the General Data Protection Regulation (EU) 2016/679 and the Irish Data Protection Act 2018.