1. Data Controller

GRUPO GLOBAL EDUCA, S.L.

• CIF: B19907047
• Address: Avenida de la Constitución, 4 – Murcia, Spain
• Email: datos@goaletest.com
• Data Protection Officer (DPO), if applicable: name/contact, in accordance with GDPR and LOPDGDD requirements.

2. Purposes of Processing and Data Categories

We process the following categories of data:

• Identification and contact details: name, surname, email, phone number.
• Academic data and responses to the GOALE® vocational test.
• Contact form information: queries, comments, messages.
• Technical and website usage data: IP address, browser type, cookies, access date and time, logs (for security, statistical analysis, and to improve user experience).

The main purposes are:

• To carry out and process the GOALE® test.
• To send a personalised guidance report.
• To manage the contact form.
• To offer complementary services (advisory, admissions, sessions).
• To improve experience through analytics and security management.

3. Lawful Basis for Processing

The processing is based on:

• Explicit user consent when completing the test or form.
• Execution of pre-contractual measures, when the user requests advice, reports or other services.
• Legal obligation, when data must be retained due to tax, administrative, or accounting regulations.

4. Data Retention Periods

• Access and usage data: up to 2 years, unless longer legal obligations apply.
• Test and contact data: as long as there is an active relationship or consent. Afterwards, data is blocked or deleted in line with legal criteria, except when mandatory retention applies (e.g. tax retention for 5–10 years).

5. Principles Applied

We apply the principles of the GDPR and LOPDGDD:

• Purpose limitation: we collect only necessary data.
• Data minimisation: only strictly useful data.
• Accuracy: corrections are encouraged.
• Storage limitation: data is deleted or blocked in due time.
• Integrity and confidentiality: through technical and organisational measures; and
• Accountability, as required by the GDPR.

6. Automated Decision-Making and Profiling

The GOALE® test uses automated profiling (RIASEC model + AI) to provide vocational recommendations. Information on the logic used, potential consequences, and the right to human intervention is detailed below:

• No final decision is made solely through automation.
• The right to human intervention and review upon request is guaranteed.

7. Data Recipients

Personal data will not be disclosed unless with your consent or due to legal obligation. Specifically:

• Educational institutions or universities if expressly requested by you.
• Data processors (tech providers, hosting, mailing, automation platforms, messaging services) under contract and with legal safeguards.
• No international data transfers will take place without adequate safeguards (e.g. EU Standard Contractual Clauses) unless expressly authorised.

8. User Rights (ARSULIPO)

You may exercise your rights of Access, Rectification, Erasure, Restriction, Objection, Portability, and Withdrawal of Consent by writing to datos@goaletest.com, attaching a copy of your ID or another form of identification. You will receive a response within the legal timeframe (maximum 1 month). You may also file a complaint with the Spanish Data Protection Agency (AEPD) if necessary.

9. Security Measures

Appropriate technical and organisational measures are implemented, including:

• Use of SSL/TLS encryption and encryption of sensitive data.
• Restricted access control and permission policies.
• Internal audits, incident management procedures, staff training.
• Impact assessments when processing requires it (e.g. profiling or data volume).
• Principle of data protection by design and by default (DPbDD), pursuant to Article 25 of the GDPR.

10. Minors

We do not collect data from children under the age of 14. If data from a minor is detected or suspected without authorisation, it will be immediately deleted. In case of doubt, parental or guardian authorisation may be requested.

11. Record of Processing Activities

In accordance with GDPR Article 30 and national legislation, we will maintain an up-to-date Record of Processing Activities, including purposes, data categories, recipients, retention periods and security measures implemented.

12. Internal Coordination and the Role of the DPO

Coordination between departments and ongoing staff training is ensured. The Data Protection Officer (DPO) acts as a consultation body and liaison with the AEPD, proactively monitoring compliance.

13. Policy Changes and Updates

This policy may be updated to reflect legal, technical or operational changes. The current version will be the one published on www.goaletest.com with a visible review date.

14. Other Legal Aspects

• Cookies used are governed by our separate Cookies Policy.
• Our site also complies with the LSSICE, and therefore includes accessible legal notices, terms of use and intellectual property notices separately.