English
Privacy Policy Questia
1. General provisions
1.1 Introduction. We place special emphasis on protecting the privacy of our users and others who provide us with their personal data. This privacy policy (the “Privacy Policy”) provides you with the information you need to know about the way we, Uniqverse Pro s.r.o., a limited liability company, Id. No.: 02878658, with its registered office at Rybalkova 1433/14, Vinohrady, 120 00 Prague 2, Czech Republic, receive, store and further process your personal data in our capacity as a data controller especially in connection with the provision of our services through the Questia mobile application (the “App”), our website www.questia.cz (the “Site”) or in any other way (hereinafter jointly referred to as “Questia”).
1.2 Use. This Privacy Policy explains and informs you about (i) how we collect and process your personal data; (ii) your rights and how you can exercise them.
1.3 Familiarisation. We recommend that you thoroughly familiarise yourself with this Privacy Policy. By using Questia and providing your personal data, you confirm that you have been informed about how we use your personal data, as set out in this Privacy Policy and in the relevant privacy notices.
1.4 Applicable legislation. This Privacy Policy provides you with the information that follows from Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “GDPR”).
2. Controller’s contact details
2.1 Contact details. You may contact us directly at our email address support@questia.cz or at our address listed above (“Contact Information”).
3. Terms and definitions
3.1 Personal data – mean all information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, surname, date of birth, location data, email.
3.2 Processing of personal data – means any operation or set of operations which is performed on your personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3.3 Controller – means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
3.4 Processor – means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
3.5 Purpose – the reason for which the controller processes your personal data.
3.6 Cookies – cookies are small data files (text files) that a website (web) asks your browser to store on your device, when you as a user visit the website, to remember information about you, such as your language preferences or login details. The cookies we use can be divided into cookies used by us, which are essential to provide you with the Site’s features, and third- party cookies, which are cookies from another domain (for advertising and marketing purposes). This also includes other techniques that work in a similar way.
3.7 Recipient – means the person who receives the personal data.
3.8 Third party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
3.9 Consent – means any freely given, specific, informed and unambiguous indication of your wishes by a statement or by a clear affirmative action, signifying agreement to the processing of personal data relating to you.
4. Personal data processed, purposes, manner and
duration of personal data processing
4.1 Scope of personal data being processed.
4.1.1 Personal data sources. We obtain your personal data from various sources, in particular:
● when you register on the Site or in the App;
● when you use Questia (through the App or the Site).
4.1.2 Data collected. We only process personal data that you provide to us through the sources described above. We process the following personal data, in particular:
● Registration data: name and surname, email, telephone number, password, gender, age.
● Transaction data: data about the conclusion of a contract, individual purchase orders, use of Questia, complaints, etc.
● Data about using Questia: any data provided by you or gathered by us in the context of using Questia, in particular data on the completion of tasks, current scores, your Questia profile, number of steps taken and distance travelled (based on number of steps taken) etc.
● Cookie data: we may use cookies and other tracking technologies to automatically collect the following information when you access or use the Site or the App: device information (hardware model, information about the operating system and its version, unique device identifiers, mobile network information, device storage information), location information (IP address, time zone, mobile service provider information), usage data (including, but not limited to: frequency of use, areas and features of our Site or the App you visit, usage patterns in general, engagement with particular features).
4.1.3 Purpose, grounds and duration of processing. We process your personal data for the following purposes:
● Providing access to Questia. We process the personal data described above for the purpose of providing access to Questia, in particular for the possibility of actively using Questia to improve physical fitness. We process such personal data for the duration of the contractual relationship we have with you. For this purpose, the legal basis for processing is the necessity of performing a contract.
● Further developing Questia. We also use the personal data described above to improve Questia as a whole and our related services, especially to debug Questia and to further enhance the Questia experience, based on our legitimate interest in further improving our services for a period of 2 years from the date of collecting the data.
● Promoting Questia. If you use Questia, we also use your personal data described above to promote Questia and our other products and services, including sending you promotional communications. The legal basis for such processing is our legitimate interest in promoting our activities; we process your personal data for the duration of the contractual relationship and for 2 years thereafter.
● Promoting our partners’ offers. If you use Questia, we also use your personal data as described above to display communications and offers from our partners, including the sale of special partner-sponsored items and other features directly on Questia. For this purpose, we do not transfer any of your personal data to our partners; our partners may only gain access to anonymous statistical data about the number of views of their communications and offers, etc. The legal basis for such processing is our legitimate interest in promoting our partners’ activities; we process your personal data for the duration of the contractual relationship and for 2 years thereafter.
● Fulfilling general legal obligations. We also process your Registration data and Transaction data in the case of users in accordance with the applicable accounting or value added tax laws, as we are required to retain such data for a certain period of time (this specific period of time may vary according to the applicable laws in each country). Where such legal obligation exists, we will retain the relevant documents together with your personal data for the period of time laid down by the applicable laws.
● Protecting our rights and legitimate interests. We also process your personal data as described above on the basis of a legitimate interest consisting in the recovery of our receivables from you or in the protection and recovery of our receivables. For this purpose, we process your personal data for a period corresponding to the statutory limitation period.
● Site and App operation and security (functional cookies). We process your Cookie data that are essential for the operation of the Site and the App, including their presentation and functionality and ensuring your security. We use such data to identify you as a visitor when you browse or repeatedly access our Site and the App. The legal basis for this processing is our legitimate interest in the proper functionality and operation of our Site and the App. We generally retain your personal data for up to 2 years after you visit our Site and the App.
● Promotion and marketing on our Site and in the App (marketing cookies). We process your cookie data that are essential for targeting and displaying our advertising (marketing cookies), and your data may also be transferred to third parties. We use such data to display marketing communications to you regarding products and services in which you have expressed an interest and promote our brand through online promotion. The legal basis for this processing is therefore your consent given via the cookies sidebar. We retain your data for the duration of your consent, but in any case for no longer than for 2 years after we have received your consent.
● Site traffic analysis (analytical cookies). We also process your cookie data that are necessary for the analysis of traffic at our Site (analytical cookies). We use such data to monitor traffic at our Site, optimise the Site, ensure the security of your data and improve continuity and user-friendliness of the Site, and your data may also be transferred to third parties. We process your data on the basis of your consent, which you have given us via the cookies sidebar. We retain your data for as long as your consent is valid, but in any case for no longer than 2 years after we have received it.
4.2 Cookies
4.2.1 When you use our Site and the App, we may process your personal data (Cookie data) via cookies and other tracking technologies. Cookies may be used to collect, store and share parts of information about your activities on various websites, including our Site and the App. This also applies to other similar technologies used for this purpose.
4.2.2 Specifically, we use the following cookies:
● Essential cookies are essential to ensure the proper functioning of the website;
● Optional cookies – analytics and marketing cookies.
4.2.3 You can adjust the settings to allow or reject all cookies or only some cookies. Rejecting cookies may negatively affect the functionality of websites, including our Site. You can modify your choices regarding cookies or delete them from your electronic device at any time. Detailed information regarding cookies can be found on the website of the respective web browser provider.
4.2.4 Data anonymisation. We will anonymise the data processed for the purposes set out above in the course of processing. Without doing certain additional steps, such anonymised data cannot be linked to any individual to whom such data may relate. The anonymised data will be used mainly for the further development of Questia. Adequate technical and organisational measures will be taken to safeguard the rights and freedoms of individuals and to prevent any re-identification of data subjects. We will not attempt to re-identify the individual to whom the anonymised data relate.
4.3 Manners of data processing. To the extent and for the purposes described above, we process your personal data by automated means, including the use of statistical methods. In some cases, we may also process your personal data manually.
4.4 Consequences of failure to provide data. The provision of your personal data is a requirement necessary to enter into a contract for the provision of our services. If you do not provide such data, we may not be able to provide you with our services.
5. Transfer of personal data to third parties and
recipients of personal data
5.1 Transfers of personal data. We may transfer the personal data we collect in the ways described above to third parties, especially to those who provide certain services related to the provision of our services, including IT support, organisation and storage of personal data, etc. These entities are in the position of processors or controllers of your personal data.
5.2 Recipients. We may share the personal data we collect especially with our IT system suppliers who may have access to your personal data in certain cases and act as data processors, with our external accounting service providers, who are essential to our performing of our legal obligations and act as data processors, and finally with our external legal service providers, who are essential for recovering our receivables and for protecting our legal claims and act as data processors or data controllers.
5.3 Sufficient level of security. We provide a guarantee that we have entered into personal data processing agreements with processors who ensure the same level of security of your personal data as described in this Privacy Policy. We also strive to ensure that all controllers with whom we share any personal data ensure adequate security of the personal data being processed. Where personal data are transferred outside of the European Economic Area, we ensure that in all cases a sufficient level of protection of the personal data so transferred is provided in accordance with the GDPR.
5.4 Confidentiality and exemptions. We, including all processors and controllers, are obliged to maintain the confidentiality of all personal data. An exception is the obligation to disclose personal data to designated public authorities and other entities that are legally entitled to request personal data (the Police of the Czech Republic, the Tax Authority, etc.).
6. Security of your personal data
6.1 Security measures and policies. We have implemented the necessary technical and organisational measures in our system for internal control and information security processes that are in line with best practice and correspond to the potential risk. We also take into account the prospect of future technological advances to protect your personal data from unauthorised disclosure, access or loss. These measures include, but are not limited to, employee data protection training, regular data backups, data recovery procedures and liability mechanisms for personal data breaches, as well as software and hardware protection.
7. Your rights
7.1 Exercise of rights. If you wish to exercise your rights or obtain the relevant information, please contact us using one of our contact details. When you contact us, we must ask you to provide us with your identification details or other personal data that you have previously provided to us. Providing this information is necessary to verify that you are the one who sent the request. We will respond to you not later than within one month of receipt of such a request, where we reserve the right to extend this time limit by two months.
7.2 Your rights. In accordance with the applicable laws, you may request access to your personal data that we process as a data controller, you have the right to rectification, right to erasure, and right to portability, the right to lodge a complaint, the right to request restriction of processing and the right to object to personal data processing. You may revoke your consent to personal data processing at any time.
7.3 Rectification of your personal data. In accordance with the GDPR, you have the right to rectification of your inaccurate or incomplete personal data we process. If you request rectification of your personal data, you can contact us using one of our contact details. We take measures to ensure that your personal data are up to date and correct. You can contact us with your request at any time if we are still processing your personal data.
7.4 Erasure of your personal data. You can request that we erase your personal data at any time. After you contact us with such a request and if any of the grounds for erasure of data applies, we will erase the personal data concerned from our databases without undue delay unless we process some of your personal data on the grounds of our legal obligation or for the establishment, exercise or defence of our legal claims.
7.5 Withdrawal of your consent to personal data processing. You may withdraw your consent to the processing of personal data you have granted to us at any time without stating a reason. If you wish to withdraw your consent, please let us know using one of our contact details. Please note that withdrawal of consent does not affect the lawfulness of previous processing based on the consent given.
7.6 Access to your personal data and their portability. You have the right to obtain information on the processing of your personal data and a copy of the personal data processed by us. If you so request, we may transfer all or only part of the personal data provided by you (processed by automated means on the basis of a contract or consent) directly to a third party (other personal data controller) specified by you in your request for the transfer of personal data unless such request adversely affects the rights and freedoms of other persons and as long as it is technically feasible.
7.7 Restriction of processing. If you request restriction of processing of your personal data, in particular in cases where you have doubts as to the accuracy, lawfulness or our need to process your personal data, we will assess your request and we may restrict the processing of your personal data to the minimum necessary scope (processing for the purpose of the assessment, enforcement or defence of our legal claims or for the protection of the rights of another natural or legal person or for other reasons). However, if the restriction of processing is lifted and we continue to process your personal data, we will inform you of this fact without undue delay.
7.8 Objection to processing. You have the right to object at any time to the processing of your personal data on the basis of your specific situation, if such processing is based on our legitimate interest. We will not further process your personal data unless we can demonstrate a compelling legitimate interest to do so or unless such processing relates to direct marketing.
7.9 Complaint with the Office for Personal Data Protection. You have the right to lodge a complaint concerning our personal data processing with the Office for Personal Data Protection, with its seat at Pplk. Sochora 27, 170 00 Prague 7, Czech Republic, website: https://uoou.gov.cz/en.
8. Updates to this Privacy Policy
8.1 Updates. We regularly update this Privacy Policy. Any amendment to this Privacy Policy is effective after it is published on the Site.
Questions and comments
If you have any questions or comments about any part of this Privacy Policy, if you need support or if you have any claims, please contact us using one of our Contact details.