Privacy & Data Protection Notice

Last updated: 31 March 2026

Summary: PopQuiz.ie is a classroom quiz tool used by your lecturer. We collect only the data needed to run the quiz and report your grade. We do not sell data, run advertising, or profile you. Your data stays in Ireland on HEAnet infrastructure.

1. Who We Are

PopQuiz.ie is operated by [Controller Name / Entity], contactable at [contact email]. For the purposes of the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the data controller is the higher education institution whose lecturer has deployed the quiz. PopQuiz.ie acts as a data processor on behalf of that institution.

2. What Data We Collect

2a. Lecturer Accounts

Data Purpose Legal Basis
Username, email address Account creation and authentication Legitimate interest (Art. 6(1)(f))
Password (bcrypt hash) Account security Legitimate interest (Art. 6(1)(f))
Quiz content (questions, answers) Delivering quizzes to students Contractual necessity (Art. 6(1)(b))

2b. Students Taking a Quiz

Data Purpose Legal Basis
Student number (as entered by student) Identifying the student's submission for grading Public task / legitimate interest of the institution (Art. 6(1)(e)/(f))
Quiz answers and score Assessment and grade reporting Public task (Art. 6(1)(e))
IP address Academic integrity verification (detecting shared devices, proxied access) Legitimate interest (Art. 6(1)(f))
Browser user agent string Academic integrity verification and debugging Legitimate interest (Art. 6(1)(f))
Session identifier, client UUID Preventing duplicate submissions, session management Legitimate interest (Art. 6(1)(f))
Lockout status and reason Recording academic integrity violations (e.g., tab switching) Legitimate interest (Art. 6(1)(f))
Timestamp of submission Audit trail and grade verification Legitimate interest (Art. 6(1)(f))

3. What We Do Not Collect

4. Where Data Is Stored

All data is stored on servers operated by HEAnet (Ireland's National Education and Research Network), located in Ireland. No data is transferred outside the European Economic Area (EEA). Quiz content is stored as encrypted-at-rest files on the server filesystem. Database records are stored in a server-local database.

5. Data Retention

Quiz results are retained for the duration of the academic year in which the quiz was administered. Lecturers may delete individual quizzes and all associated student data at any time via the dashboard. At the end of each academic year, the institution's designated administrator may request bulk deletion of all data for their institution.

Lecturer accounts remain active until the lecturer requests deletion or the institution requests removal.

6. Data Sharing

Student quiz results are accessible only to the lecturer who created the quiz. We do not share student data across lecturers, departments, or institutions. We do not sell or license any data to third parties.

We may disclose data if required by law or a valid court order.

7. Your Rights Under GDPR

If you are a student or lecturer, you have the right to:

To exercise these rights, contact your institution's data protection officer or email us at [contact email]. We will respond within 30 days.

You also have the right to lodge a complaint with the Data Protection Commission (dataprotection.ie) if you believe your rights have been infringed.

8. Academic Integrity Monitoring

During a quiz, PopQuiz.ie monitors whether the student navigates away from the quiz window (e.g., switching tabs or applications). This monitoring is performed client-side in the browser and is designed to support academic integrity during timed assessments. If a violation is detected, the quiz session may be terminated and the event recorded alongside the student's submission.

This processing is carried out under the legitimate interest of the institution in maintaining fair assessment conditions. The monitoring does not access any other applications, files, or browser history on the student's device.

9. Security Measures

10. Changes to This Notice

We may update this notice to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page indicates when the notice was last revised. We encourage you to review this page periodically.

11. Contact

For questions about this privacy notice or our data practices, contact:
[Your Name]
[contact email]

This notice is provided in compliance with the General Data Protection Regulation (EU) 2016/679 and the Irish Data Protection Act 2018.