This website and the PMX Test are operated by:

Gheith Ben Salem Einzelunternehmen (sole proprietorship) Hohe Warte 21 71254 Ditzingen Germany

Email: my@potentialmaximizer.com VAT ID: DE337082272

In accordance with Article 4(7) of the General Data Protection Regulation (GDPR), Gheith Ben Salem is the data controller responsible for the processing of your personal data through this website and all related services.

We only collect and process personal data that is necessary to operate the PMX Test, deliver your results, improve our services, and fulfill legal requirements.

a) Data You Provide

When you choose to take the PMX Test, we collect:

• First name – used to personalize your report and communication.

• Email address – required to send your results and any follow-up content.

• Your test responses – collected via Google Forms to generate your personalized strengths report.

If you purchase a result report, we also collect:

• Billing and payment data (via Stripe or PayPal) – to process the transaction securely.

b) Data Collected Automatically

When you visit our website, we may collect certain information automatically through cookies and similar tracking technologies:

• IP address, browser type, device type

• Page views, clicks, time spent on page

• Referral URLs (e.g., which site brought you to us)

• Marketing data (e.g., via Facebook Pixel)

This data is used to analyze website performance, personalize user experience, and optimize our marketing campaigns.

c) Why We Use Your Data

We process your personal data to:

• Deliver the PMX Test and your result report

• Personalize communication with you

• Send follow-up emails and support content

• Process payments if you make a purchase

• Improve our services based on usage behavior

• Measure the effectiveness of our marketing and content

We do not sell your personal data under any circumstances.

Under the General Data Protection Regulation (GDPR), we are required to specify the legal basis on which we process your personal data. The following legal grounds apply to the PMX Test and this website:

a) Consent (Art. 6(1)(a) GDPR)

We process your personal data – such as your name, email address, and test responses – based on your explicit consent when you choose to take the PMX Test and submit your information. You may withdraw this consent at any time by contacting us.

b) Contract Performance (Art. 6(1)(b) GDPR)

If you purchase a report or service from us, we process your data as necessary to fulfill our contractual obligations – including processing payments and delivering your purchased content.

c) Legitimate Interest (Art. 6(1)(f) GDPR)

We may process certain data, such as website usage or cookie tracking, to pursue our legitimate interests in:

• Improving our website and services

• Measuring marketing effectiveness

• Preventing abuse or misuse of our systems

We ensure that our legitimate interests do not override your fundamental rights and freedoms.

d) Legal Obligation (Art. 6(1)(c) GDPR)

We may retain transaction data and email communications as required by German tax or commercial law.

We use trusted third-party platforms to store and process your data securely. All providers comply with GDPR standards, and where data is transferred outside the European Economic Area (EEA), appropriate safeguards (such as EU Standard Contractual Clauses) are in place.

a) Systeme.io

Our website and email marketing platform are hosted on Systeme.io. Personal data such as your name and email address are stored securely on their EU-based servers. Systeme.io complies with GDPR.

Privacy Policy:https://systeme.io/privacy-policy

b) Google Forms

We use Google Forms to collect your test responses. Google LLC may process and store this data outside the EU (e.g., in the USA), under Standard Contractual Clauses.

Privacy Policy:https://policies.google.com/privacy

c) Stripe

Stripe processes payment data securely on our behalf when you purchase a test report. We do not store any credit card information ourselves. Stripe complies with GDPR and uses secure encryption.

Privacy Policy:https://stripe.com/privacy

d) PayPal

If you choose to pay via PayPal, your payment will be processed through PayPal (Europe) S.à r.l. et Cie, S.C.A., a Luxembourg-based payment service provider. PayPal processes payment and transaction data, including your name, email, billing information, and method of payment.

Privacy Policy:https://www.paypal.com/myaccount/privacy/privacyhub

e) Facebook Pixel

We use Facebook Pixel for advertising and analytics. It may track your activity on our site and link it with your Facebook profile. Meta Platforms Inc. (USA) is the controller for this tool. Data transfers are secured under Standard Contractual Clauses.

Privacy Policy:https://www.facebook.com/about/privacy

Data Security Measures

• SSL encryption (HTTPS)

• Secure access controls

• Data minimization practices

• Regular audits of external service providers

We retain personal data only for as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law (e.g., for tax or accounting obligations).

a) Test Participants (Free or Paid)

• First name, email address, and test responses: retained for up to 2 years to allow follow-up support and possible re-access to your results. You may request deletion earlier at any time (see Section 8).

b) Customers (Purchases via Stripe or PayPal)

• Payment-related data: retained for 10 years, as required by German tax and commercial law (Section 257 HGB, Section 147 AO).

c) Email Marketing Data

• Retained until you unsubscribe or request deletion.

d) Analytics and Website Logs

Retained for up to 26 months, depending on the tool.

You have the following rights under the GDPR:

• Right to Access (Art. 15) – to know what personal data we hold about you

• Right to Rectification (Art. 16) – to correct inaccurate or incomplete data

• Right to Erasure (Art. 17) – to request deletion of your personal data

• Right to Restriction (Art. 18) – to limit processing of your data in certain situations

• Right to Data Portability (Art. 20) – to receive your data in a machine-readable format

• Right to Object (Art. 21) – to object to processing based on legitimate interest or for direct marketing

• Right to Withdraw Consent (Art. 7(3)) – to withdraw consent at any time

• Right to Lodge a Complaint (Art. 77) – to complain to a supervisory authority

Supervisory Authority:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg Lautenschlagerstraße 20, 70173 Stuttgart Website:https://www.baden-wuerttemberg.datenschutz.de