Privacy policy for the website and for the use of the mobile app “Quiz and Run”
- General information
1.1 What is personal data?
Personal data is information that discloses or may disclose the identity of the user. We adhere to the principle of data avoidance. As far as possible, we refrain from collecting personal data.
1.2 Handling of personal data
Your personal data will only be processed if we have obtained your consent to do so (Art. 6 I p. 1 a GDPR) or if the processing of the data is necessary for our legitimate interests and if the balancing of interests shows that there are no overriding interests, fundamental rights or freedoms on your part (Art. 6 I p. 1 f GDPR).
We may use processors to process your personal data, with whom we have concluded a contract for order processing if necessary, but we will not pass on your personal data to third parties beyond this.
Your personal data will be processed in the EU and in countries classified by the EU as safe or appropriate. If personal data is processed in the USA, care is taken to ensure that the services we use are certified under the “Data Privacy Framework”.
1.3 Collection of personal data when using the “Quiz and Run” mobile app
When you install our mobile application, certain necessary data is sent to the store you are using. This includes your user name, the time of download, your payment details and the unique identifier of your device. You also have the option to rate our app in the respective store. We have no influence on this data collection and processing and accept no responsibility for it. Further information on this can be found in the privacy policy of the respective store used.
After downloading the app to your mobile device, you can use it offline. We do not collect any personal data when you use or download the app.
1.4 Usage data when you visit our website
General technical information is collected when you visit the website. This includes the IP address used, time, duration of the visit, browser type and, if applicable, the originating page. For technical reasons, this usage data is registered in a log file and can be used and stored for the purpose of statistical analysis of this website. This usage data is not linked to your other personal data.
1.5 In-app purchases
If you make in-app purchases, we also do not process any of your personal data in this context. Such data, in particular data relevant for electronic payment processing, is collected and processed exclusively by the respective app store. Please observe the data protection provisions of the app store when using it.
If you have any questions about the processing of your personal data by the respective app store, please contact the app store through which you made the download or in-app purchase directly.
1.6 Duration of storage
We only store your personal data after the end of the purpose for which the data was collected for as long as this is required by law (in particular tax law).
| Type of data | Storage period |
| Tax data | 10 years |
| Commercial or business letters (including e-mails and faxes) and other documents, insofar as these are relevant for taxation. | 6 years with the end of the calendar year in which the last entry in the book, the inventory, the opening balance sheet, the annual financial statement or the management report was made, the commercial or business letter received or sent, the accounting document created, the recording made or the other documents created. |
| Transaction and registration data | 10 years from the end of the calendar year in which the last entry was made in the book, the inventory was drawn up, the opening balance sheet, the annual financial statements or the management report prepared, the commercial or business letter received or sent, the accounting document created, or the recording undertaken or the other documents created. |
| Consent to data processing under data protection law | For the duration of the possibility of the data subject to assert rights. |
| (Electronic) correspondence that is not relevant under tax law | As long as necessary to fulfill the task, unless the processing serves to assert, exercise or defend legal claims. |
| Usage data in accordance with section 1.3 of this privacy policy | max. 30 days |
- Your rights
2.1 Information
You can request information from us as to whether we process your personal data and, if this is the case, you have a right to information about this personal data and to the further information specified in Art. 15 GDPR.
2.2 Right to rectification
You have the right to rectification of inaccurate personal data concerning you and may request the completion of incomplete personal data in accordance with Art. 16 GDPR.
2.3 Right to erasure
You have the right to obtain from us the erasure of personal data concerning you without undue delay. We are obliged to erase it immediately, in particular if one of the following reasons applies
Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
You withdraw your consent on which the processing of your data was based and there is no other legal basis for the processing.
Your data has been processed unlawfully.
The right to erasure does not apply if your personal data is required to assert, exercise or defend our legal claims.
2.4 Right to restriction of processing
You have the right to demand that we restrict the processing of your personal data if
you contest the accuracy of the data and we therefore verify its accuracy
the processing is unlawful and you oppose the erasure of the data and request the restriction of its use instead
we no longer need the data, but you need it for the establishment, exercise or defense of legal claims
you have objected to the processing of your data and it is not yet certain whether our legitimate reasons outweigh your reasons.
2.5 Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from us, where the processing is based on consent or on a contract and the processing is carried out by automated means.
2.6 Right of revocation and right to object
If the processing of your personal data is based on consent (Art. 6 S. 1 a GDPR), you have the right to revoke this consent at any time. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.
Insofar as the processing of your personal data is based on Art. 6 S. 1 e GDPR or Art. 6 S. 1 f GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of personal data concerning you at any time for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
2.7 General information and right of appeal
The exercise of your above rights is generally free of charge for you. In the event of complaints, you have the right to contact the supervisory authority responsible for us, the state data protection officer.
- Data security
3.1 Data security
All data in our app and on our website is protected against loss, destruction, access, modification and dissemination by technical and organizational measures. However, we accept no liability for the destruction of or damage to data.
3.2 Sessions and cookies on the website
To operate the website, we use cookies or server-side sessions in which data can be stored. We only use cookies or server-side sessions that are technically necessary for the operation of this website (e.g. spam protection for the contact form, shopping cart function) and for which the consideration shows that there are no overriding interests on your part (Art. 6 I p. 1 f GDPR).
- Presence on social media platforms
We use the following social media platforms for company presentation and communication (explicit reference is made to the data protection declarations and opt-out options linked below).
(Meta Platforms Ireland Ltd, Merrion Road, Dublin 4, D04 X2K5, Irland)
Data protection declaration: https://www.facebook.com/about/privacy/
Opt-Out: https://www.youronlinechoices.com
X
(Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2,
D02 AX07, Ireland)
Data protection declaration: https://twitter.com/de/privacy
Opt-Out: https://twitter.com/personalization
(Meta Platforms Ireland Ltd, Merrion Road, Dublin 4, D04 X2K5, Irland)
Privacy policy and opt-out: https://instagram.com/about/legal/privacy/
(LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
Data protection declaration https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
(New Work SE, Am Strandkai 1, 20457 Hamburg, Germany)
Privacy policy and opt-out: https://privacy.xing.com/de/datenschutzerklaerung
YouTube
(Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
Data protection declaration: https://www.youtube.com/t/privacy/
These social media platforms may process personal data outside the EU; in this respect, we refer to the above data protection declarations of the social media platforms.
The respective social media platforms may be able to create user profiles from your usage behavior and the resulting interests and actions on your part and store cookies on your computer in which your usage behavior is stored. If you have an account on the respective social media platform and are logged in, your usage behavior can even be stored independently of the device. Your usage profile can be used, for example, to place advertisements that presumably correspond to your interests.
We process the personal data exclusively for communication with you via the social media platform you have selected and to optimize our online presence and ensure that no interests on your part are affected that outweigh this legitimate interest on our part (Art. 6 I p. 1 f GDPR). If you have already given the respective operator of the social media platform effective consent to the corresponding data processing, your personal data will also be processed on the basis of this consent (Art. 6 I p. 1 a GDPR).
- Third-party services within the framework of the website
5.1 External hosting
Our website is hosted by the external service provider IONOS SE, Elgendorfer Straße 57, 56410 Montabaur (“IONOS”).
The (personal) data that is collected when you visit the website is transmitted to the IONOS servers and stored there, including
- IP addresses,
- contact data,
- contract data,
- date and time of the request.
- Time zone difference to Greenwich Mean Time.
- Content of the request,
- HTTP status code,
- amount of data transferred,
- Website from which the request originates,
- information about the browser and operating system
and other data generated via a website. The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 I p. 1 b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 I p. 1 f GDPR). IONOS will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions with regard to this data.
You can view the IONOS privacy policy here: https://www.ionos.de/terms-gtc/datenschutzerklaerung/
5.2 Social media links
We have our own social media pages for the third-party providers that can be reached via links from our website. Using the links will take you to the respective websites of the third-party providers (e.g. YouTube). To avoid unnecessary data transfer, we recommend that you log out of the respective third-party provider before using a corresponding link, so that usage profiles cannot be created by the third-party provider simply by using the link.
5.3 Real Cookie Banner
We use the “Real Cookie Banner” consent tool from devowl.io GmbH, Tannet 12, 94539 Grafling, Germany, on our website to manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents. Details on how “Real Cookie Banner” works can be found at https://devowl.io/de/rcb/datenverarbeitung/
The legal basis for the processing of personal data in this context is Art. 6 para. 1 lit. 1 c GDPR and Art. 6 para. 1 lit. 1 f GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.
The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consent.
You can view the privacy policy of devowl.io GmbH here: https://devowl.io/de/datenschutzerklaerung/
5.4. Polylang
We use the Polylang program to enable multilingualism on our website. Polylang is a product of WP SYNTEX, 28, rue Jean Sebastien Bach, 38090 Villefontaine, France. Polylang cookies are set exclusively to recognize and record the language used or selected by the user. Polylang stores the language selected by the user or preset by the browser. A cookie is set on the visitor’s device, which stores this information for the duration of the session or until the cookie is deleted.
Personal data is not collected or processed by Polylang itself.
The legal basis for the use of Polylang is Art. 6 (1) lit. f GDPR. Our legitimate interest lies in a user-friendly and linguistically adapted presentation of our online offering.
The cookie is used exclusively to store the selected language and does not contain any further information. The provision of this data is neither legally nor contractually required. However, without this cookie, the language functionality is limited.
Further information on data protection compliance can be found here:
https://polylang.pro/documentation/support/faq/
https://polylang.pro/doc/is-polylang-compatible-with-the-eu-cookie-law/
- Contacting us
To contact us regarding data protection, you are welcome to use the following contact options. Controller within the meaning of the GDPR:
Novufactum GmbH
Werneckstr. 27
80802 Munich, Germany
E-mail: mail@quizandrun.de
Phone: +49176 52139982