Figure 3 –Table showing the relationship between categories of collected data, purposes, legal bases, and retention periods: Individuals who participated in free online practice tests and mock exams
Relevant assumptions:
You have taken one of the practice tests or mock exams made available for free by LégiSchool on the websites www.deroudilleavocat.com or www.legischool.com
Data categories
Objectives
Legal Basis
Shelf life
Training contracts or training agreements
📧 Email addresses
To allow those who wish to do so to assess their knowledge and take practice tests or mock exams free of charge
Allow LégiSchool to send the results of practice tests and mock exams to the students who took them via their personal email accounts
The processing is necessary for the performance of a contract to which the user is a party (Article 6(1)(b) of the GDPR)
3 years after submitting the practice test or exam
Then destruction (no archiving)
❌✅ Test (quiz) results, answers to the test (quiz) questions
Allow LégiSchool to be notified of the results of the practice tests
Enable LégiSchool to assess the difficulty level of the practice tests and mock exams offered online, and to adjust the difficulty level to suit the audience
The processing is necessary for the legitimate interests of LégiSchool (Article 6(1)(f) of the GDPR)
3 years after submitting the practice test or exam
Then destruction (no archiving)
👩💼 👨💼 Personal information: name
📞 Phone numbers
Allow LégiSchool to be informed of the identities of the individuals who participated in the online practice tests and mock exams
The processing is necessary for the legitimate interests of LégiSchool (Article 6(1)(f) of the GDPR)
3 years after submitting the practice test or mock exam
Then destruction (no archiving)
☝️Claim forms:
Personal information: last name, first name, email address, phone number
Nature of the complaint
Date of the claim
Allow users to submit complaints to LégiSchool
The processing is necessary for the performance of a contract to which the learner is a party (Article 6(1)(b) of the GDPR)
No data retention: information is fully anonymized
Communication
📧 Mailing lists
Last name, first name, email addresses, date of consent to receive electronic communications (“opt-in”), associated segment (DPO mock test, 360-question survey, etc.)
Allow LégiSchool to keep its users informed about its training offerings
Enable users to stay informed about LégiSchool’s training offerings
User Consent (Article 6.1(a) of the GDPR)
3 years after obtaining consent, and then,
Destruction (no archiving)
Statistics (anonymized data) made available to the healthcare professional or their institution
📊 📈 📉 Statistical data
Allow LégiSchool to compile statistics on its learners and courses
Enable LégiSchool to assess customer satisfaction and meet its quality standards (Qualiopi)
The processing is necessary for the legitimate interests of LégiSchool (Article 6(1)(f) of the GDPR)
3 years from the date of data collection, and then
Irreversible anonymization
Accounting
📒 Accounting data (if applicable, customer identification information if the customer is an individual)
Enable LégiSchool to meet its accounting obligations
The necessity arising from a legal obligation imposed on LégiSchool (Article 6.1(d) of the GDPR)
10 years from the end of the fiscal year