English
Privacy Policy Questia
1. General provisions
1. 1 Introduction. We place special emphasis on protecting the privacy of our users and
others who provide us with their personal data. This privacy policy (the “Privacy Policy”)
provides you with the information you need to know about the way we, Uniqverse Pro s.r.o., a
limited liability company, Id. No.: 02878658, with its registered office at Rybalkova 1433/14,
Vinohrady, 120 00 Prague 2, Czech Republic, receive, store and further process your
personal data in our capacity as a data controller especially in connection with the provision
of our services through the Questia mobile application (the “App”), our website
www.questia.cz (the “Site”) or in any other way (hereinafter jointly referred to as “Questia”).
1.2 Use. This Privacy Policy explains and informs you about (i) how we collect and process
your personal data; (ii) your rights and how you can exercise them.
1.3 Familiarisation. We recommend that you thoroughly familiarise yourself with this
Privacy Policy. By using our Questia and providing your personal data, you confirm that you
have been informed about how we use your personal data, as set out in this Privacy Policy and
in the relevant privacy notices.
1.4 Applicable legislation. This Privacy Policy provides you with the information that
follows from Regulation (EU) No 2016/679 of the European Parliament and of the Council of
27 April 2016 (the “GDPR”).
2. Controller’s contact details
2.1 Contact details. You may contact us directly at our email address support@questia.cz or
at our address listed above (“Contact Information”).
3. Terms and definitions
3.1 Personal data – mean all information relating to an identified or identifiable natural
person. An identifiable natural person is one who can be identified, directly or indirectly, in
particular by reference to an identifier such as name, surname, date of birth, location data,
email.
3.2 Processing of personal data – means any operation or set of operations which is
performed on your personal data or on sets of personal data, whether or not by automated
means, such as collection, recording, organisation, structuring, storage, adaptation or
alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise
making available, alignment or combination, restriction, erasure or destruction.
3.3 Controller – means the natural or legal person, public authority, agency or other body
which, alone or jointly with others, determines the purposes and means of the processing of
personal data; where the purposes and means of such processing are determined by Union or
Member State law, the controller or the specific criteria for its nomination may be provided
for by Union or Member State law.
3.4 Processor – means a natural or legal person, public authority, agency or other body which
processes personal data on behalf of the controller.
3.5 Purpose – the reason for which the controller processes your personal data.
3.6 Cookies – cookies are small data files (text files) that a website (web) asks your browser
to store on your device, when you as a user visit the website, to remember information about
you, such as your language preferences or login details. The cookies we use can be divided
into cookies used by us (technical cookies), which are essential to provide you with the Site’s
features, and third-party cookies, which are cookies from another domain (for advertising and
marketing purposes). This also includes other techniques that work in a similar way.
3.7 Recipient – means the person who receives the personal data.
3.8 Third party – means a natural or legal person, public authority, agency or body other
than the data subject, controller, processor and persons who, under the direct authority of the
controller or processor, are authorised to process personal data.
3.9 Consent – means any freely given, specific, informed and unambiguous indication of
your wishes by a statement or by a clear affirmative action, signifying agreement to the
processing of personal data relating to you.
4. Personal data processed, purposes, manner and
duration of personal data processing
4.1 Scope of personal data being processed.
4.1.1 Personal data sources. We obtain your personal data from various sources, in
particular:
● when you register on the Site or in the App;
● when you use Questia (through the App or the Site).
4.1.2 Data collected. We only process personal data that you provide to us through the
sources described above. We process the following personal data, in particular:
● Registration data: name and surname, email, telephone number, password, gender,
age.
● Transaction data: data about the conclusion of a contract, individual purchase orders,
use of Questia, complaints, etc.
● Data about using Questia: any data provided by you in the context of using Questia,
in particular data on the completion of tasks, current scores, your Questia profile, etc.
● Cookie data: we may use cookies and other tracking technologies to automatically
collect the following information when you access or use the Site or the App: device
information (hardware model, information about the operating system and its version,
unique device identifiers, mobile network information, device storage information),
location information (IP address, time zone, mobile service provider information),
usage data (including, but not limited to: frequency of use, areas and features of our
Site or the App you visit, usage patterns in general, engagement with particular
features).
4.1.3 Purpose, grounds and duration of processing. We process your personal data for the
following purposes:
Processing of user data
● Providing access to Questia. We process the personal data described above for the
purpose of providing access to Questia, in particular for the possibility of actively
using Questia to improve physical fitness. We process such personal data for the
duration of the contractual relationship we have with you. For this purpose, the legal
basis for processing is the necessity of performing a contract.
● Further developing Questia. We also use the personal data described above to
improve Questia as a whole and our related services, especially to debug Questia and
to further enhance the Questia experience, based on our legitimate interest in further
improving our services for a period of 2 years from the date of collecting the data.
● Promoting Questia. If you use Questia, we also use your personal data described
above to promote Questia and our other products and services, including sending you
promotional communications. The legal basis for such processing is our legitimate
interest in promoting our activities; we process your personal data for the duration of
the contractual relationship and for 2 years thereafter.
● Promoting our partners’ offers. If you use Questia, we also use your personal data
as described above to display communications and offers from our partners, including
the sale of special partner-sponsored items and other features directly on Questia. For
this purpose, we do not transfer any of your personal data to our partners; our partners
may only gain access to anonymous statistical data about the number of views of their
communications and offers, etc. The legal basis for such processing is our legitimate
interest in promoting our partners’ activities; we process your personal data for the
duration of the contractual relationship and for 2 years thereafter.
● Fulfilling general legal obligations. We also process your registration Registration
data and transaction Transaction data in the case of users in accordance with the
applicable accounting or value added tax laws, as we are required to retain such data
for a certain period of time (this specific period of time may vary according to the
applicable laws in each country). Where such legal obligation exists, we will retain the
relevant documents together with your personal data for the period of time laid down
by the applicable laws.
● Protecting our rights and legitimate interests. We also process your personal data
as described above on the basis of a legitimate interest consisting in the recovery of
our receivables from you or in the protection and recovery of our receivables. For this
purpose, we process your personal data for a period corresponding to the statutory
limitation period.
● Site and App operation and security (functional cookies). We process your cookie
Cookie data that are essential for the operation of the Site and the App, including their
presentation and functionality and ensuring your security. We use such data to identify
you as a visitor when you browse or repeatedly access our Site and the App. The legal
basis for this processing is our legitimate interest in the proper functionality and
operation of our Site and the App. We generally retain your personal data for up to 2
years after you visit our Site and the App.
● Promotion and marketing on our Site and in the App (marketing cookies). We
process your cookie data that are essential for targeting and displaying our advertising
(marketing cookies), and your data may also be transferred to third parties. We use
such data to display marketing communications to you regarding products and services
in which you have expressed an interest and promote our brand through online
promotion. The legal basis for this processing is therefore your consent given via the
cookies sidebar. We retain your data for the duration of your consent, but in any case
for no longer than for 2 years after we have received your consent.
● Site traffic analysis (analytical cookies). We also process your cookie data that are
necessary for the analysis of traffic at our Site (analytical cookies). We use such data
to monitor traffic at our Site, optimise the Site, ensure the security of your data and
improve continuity and user-friendliness of the Site, and your data may also be
transferred to third parties. We process your data on the basis of your consent, which
you have given us via the cookies sidebar. We retain your data for as long as your
consent is valid, but in any case for no longer than 2 years after we have received it.
4.2 Cookies
4.2.1 When you use our Site and the App, we may process your personal data (cookie Cookie
data) via cookies and other tracking technologies. Cookies are small text files stored in your
web browser that allow us or a third party to recognise you. Cookies may be used to collect,
store and share parts of information about your activities on various websites, including our
Site and the App. This also applies to other similar technologies used for this purpose.
4.2.2 Specifically, we use the following cookies:
● Essential cookies are essential to ensure the proper functioning of the website;
● Optional cookies – analytics and marketing cookies.
4.2.3 You can adjust the settings to allow or reject all cookies or only some cookies. Rejecting
cookies may negatively affect the functionality of websites, including our Site. You can
modify your choices regarding cookies or delete them from your electronic device at any
time. Detailed information regarding cookies can be found on the website of the respective
web browser provider.
4.2.4 Data anonymisation. We will anonymise the data processed for the purposes set out
above in the course of processing. Without doing certain additional steps, such anonymised
data cannot be linked to any individual to whom such data may relate. The anonymised data
will be used mainly for the further development of Questia. Adequate technical and
organisational measures will be taken to safeguard the rights and freedoms of individuals and
to prevent any re-identification of data subjects. We will not attempt to re-identify the
individual to whom the anonymised data relate.
4.3 Manners of data processing. To the extent and for the purposes described above, we
process your personal data by automated means, including the use of statistical methods. In
some cases, we may also process your personal data manually.
4.4 Consequences of failure to provide data. The provision of your personal data is a
requirement necessary to enter into a contract for the provision of our services. If you do not
provide such data, we may not be able to provide you with our services.
5. Transfer of personal data to third parties and
recipients of personal data
5.1 Transfers of personal data. We may transfer the personal data we collect in the ways
described above to third parties, especially to those who provide certain services related to the
provision of our services, including IT support, organisation and storage of personal data, etc.
These entities are in the position of processors or controllers of your personal data.
5.2 Recipients. We may share the personal data we collect especially with our IT system
suppliers who may have access to your personal data in certain cases and act as data
processors, with our external accounting service providers, who are essential to our
performing of our legal obligations and act as data processors, and finally with our external
legal service providers, who are essential for recovering our receivables and for protecting our
legal claims and act as data processors or data controllers.
5.3 Sufficient level of security. We provide a guarantee that we have entered into personal
data processing agreements with processors who ensure the same level of security of your
personal data as described in this Privacy Policy. We also strive to ensure that all controllers
with whom we share any personal data ensure adequate security of the personal data being
processed. Where personal data are transferred outside of the European Economic Area, we
ensure that in all cases a sufficient level of protection of the personal data so transferred is
provided in accordance with the GDPR.
5.4 Confidentiality and exemptions. We, including all processors and controllers, are
obliged to maintain the confidentiality of all personal data. An exception is the obligation to
disclose personal data to designated public authorities and other entities that are legally
entitled to request personal data (the Police of the Czech Republic, the Tax Authority, etc.).
6. Security of your personal data
6.1 Security measures and policies. We have implemented the necessary technical and
organisational measures in our system for internal control and information security processes
that are in line with best practice and correspond to the potential risk. We also take into
account the prospect of future technological advances to protect your personal data from
unauthorised disclosure, access or loss. These measures include, but are not limited to,
employee data protection training, regular data backups, data recovery procedures and
liability mechanisms for personal data breaches, as well as software and hardware protection.
7. Your rights
7.1 Information provided. If you exercise your rights in accordance with this Article 7 of the
Privacy Policy or other applicable law, we will inform each recipient who processes your
personal data of the action taken provided that the communication to the recipient is feasible
and/or does not require disproportionate effort.
7.2 1 Exercise of rights. If you wish to exercise your rights or obtain the relevant
information, please contact us using one of our contact details. When you contact us, we must
ask you to provide us with your identification details or other personal data that you have
previously provided to us. Providing this information is necessary to verify that you are the
one who sent the request. We will respond to you not later than within one month of receipt of
such a request, where we reserve the right to extend this time limit by two months.
7.3 2 Your rights. In accordance with the applicable laws, you may request access to your
personal data that we process as a data controller, you have the right to rectification, right to
erasure, and right to portability, the right to lodge a complaint, the right to request restriction
of processing and the right to object to personal data processing. You may revoke your
consent to personal data processing at any time.
7.4 3 Rectification of your personal data. In accordance with the GDPR, you have the right
to rectification of your inaccurate or incomplete personal data we process. If you request
rectification of your personal data, you can contact us using one of our contact details. We
take measures to ensure that your personal data are up to date and correct. You can contact us
with your request at any time if we are still processing your personal data.
7.5 4 Erasure of your personal data. You can request that we erase your personal data at
any time. After you contact us with such a request and if any of the grounds for erasure of
data applies, we will erase the personal data concerned from our databases without undue
delay unless we process some of your personal data on the grounds of our legal obligation or
for the establishment, exercise or defence of our legal claims.
7.6 5 Withdrawal of your consent to personal data processing. You may withdraw your
consent to the processing of personal data you have granted to us at any time without stating a
reason. If you wish to withdraw your consent, please let us know using one of our contact
details. Please note that withdrawal of consent does not affect the lawfulness of previous
processing based on the consent given.
7.7 6 Access to your personal data and their portability. You have the right to obtain
information on the processing of your personal data and a copy of the personal data processed
by us. If you so request, we may transfer all or only part of the personal data provided by you
(processed by automated means on the basis of a contract or consent) directly to a third party
(other personal data controller) specified by you in your request for the transfer of personal
data unless such request adversely affects the rights and freedoms of other persons and as long
as it is technically feasible.
7.87. Restriction of processing. If you request restriction of processing of your personal data,
in particular in cases where you have doubts as to the accuracy, lawfulness or our need to
process your personal data, we will assess your request and we may restrict the processing of
your personal data to the minimum necessary scope (processing for the purpose of the
assessment, enforcement or defence of our legal claims or for the protection of the rights of
another natural or legal person or for other reasons). However, if the restriction of processing
is lifted and we continue to process your personal data, we will inform you of this fact without
undue delay.
7.9 8 Objection to processing. You have the right to object at any time to the processing of
your personal data on the basis of your specific situation, if such processing is based on our
legitimate interest. We will not further process your personal data unless we can demonstrate
a compelling legitimate interest to do so or unless such processing relates to direct marketing.
7.10 9 Complaint with the Office for Personal Data Protection. You have the right to
lodge a complaint concerning our personal data processing with the Office for Personal Data
Protection, with its seat at Pplk. Sochora 27, 170 00 Prague 7, Czech Republic, website:
https://uoou.gov.cz/en.
8. Updates to this Privacy Policy
8.1 Updates. We regularly update this Privacy Policy. Any amendment to this Privacy Policy
is effective after it is published on the Site.
Questions and comments
If you have any questions or comments about any part of this Privacy Policy, if you need
support or if you have any claims, please contact us using one of our contact Contact details.