Is this a legal certification?

No. This tool provides readiness guidance only. It is not legal advice, certification, or a formal compliance audit. Always consult with a qualified legal professional for definitive compliance status.

How long does the assessment take?

Most users complete the assessment in under 10 minutes, depending on the complexity of your organization.

Yes. All answers are processed locally in your browser. We do not store your responses on any server.

Do I need to be an expert to answer these questions?

No. The questions are designed for business owners and managers. If you don't know an answer, you can indicate your confidence level.

Privacy Policy

Viktoria Compliance is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights under the GDPR. Assessment data is processed entirely in your browser and is never transmitted to our servers. If you choose to receive a compliance report, we collect your email address and assessment score through our API.

Last updated: 15 March 2026

1. Data Controller

Tina Gabrovec, operating as Viktoria Compliance
Tisina 3g, 9251 Tisina, Slovenia
Email: info@viktoria-compliance.eu

This organization is the Data Controller responsible for your personal data under the General Data Protection Regulation (GDPR) and the NIS2 Directive.

2. Personal Data We Collect

When you complete the Viktoria Compliance assessment and request a detailed PDF report, we collect the following personal data:

Email address: Required to send you the personalized assessment report
Assessment score: Your overall compliance readiness score (0-100)
Company sector: Industry classification (e.g., healthcare, finance, retail)
Country: Country of operation for your organization
Employee count: Organizational size category for contextualization
Timestamp: Date and time when the assessment was submitted

Your individual assessment answers are stored only in your browser's local storage and are not transmitted to our servers.

3. Legal Basis for Processing

We process your personal data on the basis of:

Contract performance (Article 6.1.b GDPR): Processing is necessary to provide you with the requested compliance assessment report and personalized recommendations.
Legitimate interest (Article 6.1.f GDPR): We have a legitimate interest in maintaining records of assessments completed to improve our service, understand compliance trends across European SMEs, and provide aggregated analytics to support regulatory guidance.

4. Data Recipients and Processing

Your personal data is transmitted to and stored in Google Sheets, which is hosted by Google LLC and Google Germany GmbH. We rely on Standard Contractual Clauses (SCCs) and Google's supplementary data transfer agreements to ensure GDPR-compliant transfers of data. Your data remains confidential and is not shared with marketing firms, data brokers, or other third parties without your explicit consent.

5. Data Retention Period

We retain your personal data for a maximum of 24 months from the date of submission. After this period, all data will be permanently deleted from our records. This retention period allows us to provide follow-up communications, generate compliance trend reports, and support any inquiries you may have about your assessment.

6. Your Rights Under the GDPR

You have the following rights with respect to your personal data:

Right of access (Article 15): You may request a copy of your personal data that we hold. We will provide this in a portable, machine-readable format within 30 days.
Right to rectification (Article 16): You may correct or update inaccurate personal data.
Right to erasure (Article 17): You may request deletion of your data, subject to applicable legal retention requirements.
Right to restrict processing (Article 18): You may request that we limit how we use your data.
Right to data portability (Article 20): You may request your data in a structured, commonly used format suitable for transfer to another service provider.
Right to object (Article 21): You may object to processing based on legitimate interest.
Right to lodge a complaint: You have the right to lodge a complaint with your national data protection authority.

7. Local Storage

This site does not use cookies, tracking pixels, or third-party analytics tools. We do not track you across websites or use third-party tracking services.

Your assessment progress, individual answers, and consent preferences are stored exclusively in your browser's localStorage for convenience, allowing you to resume an incomplete assessment. This data is stored only on your device and is never transmitted to our servers unless you explicitly submit your assessment to request a report. You can delete this data at any time by clearing your browser's local storage.

For more details on how we use localStorage and the distinction between cookies and local storage, see our Cookie & Local Storage Policy.

8. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. All data transmission to Google Sheets occurs over encrypted connections (HTTPS/TLS).

9. Data Protection Impact Assessment

Our processing of personal data in the assessment tool is low-risk. We collect limited categories of data with a clear lawful basis, implement appropriate safeguards, and maintain a retention policy aligned with GDPR requirements.

10. Exercising Your Rights

To exercise any of your rights, please contact us at:

Email: info@viktoria-compliance.eu
Address: Tina Gabrovec, operating as Viktoria Compliance, Tisina 3g, 9251 Tisina, Slovenia

We will respond to your request within 30 days. If you have not received a response within this timeframe, you may lodge a complaint with your national data protection authority.

11. Children's Privacy

Viktoria Compliance is intended for use by organizations (businesses, government agencies, non-profits). We do not knowingly collect personal data from individuals under 18 years old. If we become aware that a minor has provided personal data, we will delete it promptly.

12. Policy Changes

We may update this privacy policy from time to time to reflect changes in our data practices or applicable law. We will notify you of material changes by updating the "Last updated" date. Your continued use of Viktoria Compliance after such changes constitutes your acceptance of the updated policy.

13. Questions or Concerns

If you have questions about this privacy policy or our data handling practices, please contact us at info@viktoria-compliance.eu. We are committed to transparency and welcome your inquiries.