This privacy notice explains how we process personal data in our business as per the General Data Protection Regulation (GDPR). If you have any questions about the content here, please contact us at:
Company name: Quizrr AB
Business address: Heliosgatan 13, 120 78 Stockholm, SWEDEN
Contact email address: email@example.com
We take your privacy seriously and we have taken several steps to ensure that we provide you with clear and transparent information on how we process your data, and also inform you about your rights. If you feel that any information is unclear, or missing, please do not hesitate to reach out.
Your data protection rights
- Your rights of access and rectification: You may request access to or a copy of the information we process about you and ask us to rectify any incorrect data.
- Your right to erasure or restriction: In some circumstances, you may ask us to delete and/or restrict our processing of your data, but we cannot delete any data we are required to process.
- Your right to object to processing: In some circumstances, you may ask us to stop processing your data.
- Your right to data portability: In some circumstances, you may ask us to transfer your data to you or to another organisation.
- Also, if you’re unhappy about how we process your data, you have a right to complain to a national data protection authority. In Sweden this is the Swedish Authority for Privacy Protection (IMY). We hope, however, that you will contact us first so that we can try to resolve the matter for you in a satisfactory way.
Please contact us if you have any questions about or want to exercise one of your rights. You are entitled to a reply within 30 days.
How we get your personal data
We typically process personal data about:
- App users (Players)
- Customers, including Dashboard users
- Potential clients
- Website visitors
- Job applicants
- Collaboration Partners
We process personal data when you:
- Buy and use our products or services, including the Quizrr App
- Subscribe to our newsletter
- Sign up for our events
- Respond to one of our surveys
- Provide us with your contact details, e.g. give us your business card
- Contact us via phone, text, email, social media or our website
It is voluntary to provide us with personal data, but if you choose not to, we may not be able to provide you with our services. We do not rent, buy or sell personal data from or to others, use automated decisions or profiling in the processing of your personal data. We only process special category personal data when strictly needed, for example related to employees’ sick leaves.
Purpose, lawful basis and retention periods
We only process your personal data when we have a purpose and a lawful basis for doing so. Under the GDPR Article 6(1), the lawful bases we usually rely on, are:
a) Your consent
b) We have a contractual obligation (contract)
c) We have a legal obligation
f) We have a legitimate interest
As a rule, personal data should not be processed and kept for longer than necessary to fulfil the purpose for processing.
Your personal data is only retained for as long as we have a purpose and a lawful basis:
- Until you withdraw your consent (e.g. for email marketing)
- For as long as we have a contractual obligation, and, if applicable, in accordance with accounting and bookkeeping rules and regulations (e.g. for sales)
- For as long as we have a legal obligation; in accordance with accounting and bookkeeping rules and/or other legal requirements and regulations (e.g. for employment)
- For as long as we have a legitimate interest or until you ask us not to process your data in such a way (e.g. marketing to existing customers)
You can always withdraw your consent for any data processing based on consent, and you can also reach out to us at any time if you’d like us to stop processing and/or ask us to delete any of your data.
We have routines in place to ensure that personal data is deleted from all relevant systems when we no longer have a purpose and/or legal basis to continue to process them.
Details on the processing of your personal data
In this section we describe in detail when and how we process your data, for what purposes and our legal grounds to do so (lawful bases). We also specify the retention periods for the processing.
We process personal data when:
You communicate with us
When you contact us through our website (contact form, blog comments, chat), email, phone (call, text message), social media and/or give us your business card, we process personal data. Depending on where and how you contact us, this may include your name, contact details, IP address and other information you choose to send to us. We use a CRM (Customer Relationship Management) and a customer support system to process personal data on potential and existing customers.
The purpose is to be able to respond to your inquiries and, on some occasions, to keep records in case of complaints or legal claims. The lawful basis is f), where the legitimate interests are to be able to respond to your inquiries and, on some occasions, to keep records in case of complaints or legal claims. We review this data at our annual (internal) GDPR audit day and delete personal data as appropriate. Due to the nature of our business, we can keep this type of personal data up to 3 years, or 7 years if we have a legal obligation in accordance with accounting and bookkeeping rules.
You purchase our products and services
When you purchase products and services from us, we process personal data such as your name, contact details, order, and payment details as well as purchase history. If your purchase includes digital delivery, for example over video (recorded or not), either one to one between us and you, or one to many between us and a group of people, we also process personal data such as profile picture, video (picture and sound), messages (chat) and IP address.
We may use personal data to deliver physical products needed to use our products and services, deliver may happen via delivery services.
The purpose is to be able to fulfil our obligation to deliver products and services you have purchased and to manage the customer relationship. The lawful bases are b) contract and c) legal obligation related to accounting, tax and other business rules and regulations we are required to abide by.
We process the data for as long as we have a legal obligation as per any applicable rules and regulations we are bound by. E.g., we are required by law to store business records, which could include personal data, for 7 years for accounting, tax, and other business purposes. Please contact us if you would like to know what is applicable in your case.
You use our training tool (app)
When you use the Quizrr training tool, we process personal data such as your email, name, employment information, demographic information (gender, date of birth, home country, region, preferred language), device information, IP address and geolocation (city, country). This can vary depending on the training you are taking.
The purpose is to facilitate training, deliver and improve our services, and create and share aggregated statistics with customers and partners. Please note that your individual results are not disclosed to anyone outside of Quizrr and the processors we use. The lawful basis is f), where the legitimate interests are to be able to create and share aggregated statistics with customers and partners. We review this data at our annual (internal) GDPR audit day and anonymize personal data as appropriate. Due to the nature of our business, we can keep this type of personal data up to 3 years after the customer relationship has terminated.
You use the Quizrr dashboard
When you use our dashboard, we process personal data such as your email, name, company name, device information, IP address and geolocation (city, country). This can vary depending on the training we’re conducting and our agreement.
The purpose is to be able to provide our services and share aggregated statistics with our customers and partners. The lawful basis is b), contract. We review this data at our annual (internal) GDPR audit day and delete personal data as appropriate. Due to the nature of our business, we can keep this type of personal data up to 2 years after the customer relationship has terminated.
You receive marketing as an existing customer
If we have an existing customer relationship with you as per the Swedish Marketing Act §19, we can send you marketing via email and text messages. Depending on the medium used to submit such marketing, the personal data we process include your name, email address, IP address and/or phone number. The purpose is to provide you with good customer service and the lawful basis is f), where the legitimate interest is to offer our relevant products and services to provide excellent service to our customers. The lawful basis may also be a), where you have given us your consent to such marketing.
You can easily opt out of the marketing at any time by unsubscribing in any marketing email or text message you receive. We process the data for as long as we have a customer relationship with you, or, if the processing is based on your consent, until you withdraw it. The data will then be deleted at our next GDPR audit day. Please note that it is only personal data related to marketing efforts that will be deleted. We are still required to process data for accountancy, tax and other business purposes if you are our customer.
You apply for a job or work at our company
Handle external job applications
You subscribe to our email newsletter
We regularly send out email newsletters which sometimes contain information about our products and services. When you become a subscriber, we process personal data such as your email address and IP address. The purpose is to share the latest Quizrr updates. The lawful basis is a) consent and you can easily unsubscribe at any time by clicking the "unsubscribe" link in any such newsletter.
Our email service provider has integrated analytics showing email opens and clicks. If you do not want your data to be analysed in this way, please do not subscribe to our newsletter. We use this data to analyse the performance of our newsletters and to tailor our content to you. The lawful basis is f), where the legitimate interest is to be able to offer you electronic newsletters and to continuously improve our products and services.
We process the data for as long as you subscribe, after which it will be deleted at our next GDPR audit day.
You attend our events
When you attend our events that are free of charge, we process personal data such as your name, contact details and, sometimes, dietary and/or access requirements. The purpose is to be able to process your registration and attendance. The lawful basis is a) consent. If we collect any information about dietary and/or access requirements, we also need your consent under GDPR Article 9 (2) (a).
We may also use your data to send you an evaluation of the event you attended, or to invite you to other relevant events we think you might be interested in. The lawful basis is f), where our legitimate interest is to analyse and run our business effectively and to provide you with good customer service. If you do not wish to receive such messages, you will have an easy way to opt out, e.g. through an unsubscribe link in our emails.
We review this data at our annual GDPR audit day and delete personal data as appropriate, however no later than two years following the event.
You respond to our evaluations or surveys
Responding to our evaluations and surveys are voluntary. We process personal data such as your name, contact details and other information you choose to share with us. Some evaluations or surveys may be anonymous, and in such cases, we do not process any personal data
The purpose is to gather your feedback so that we can continuously improve our products and services, as well as provide you with better customer service in the future. The lawful basis is a) consent. We review this data at our annual GDPR audit day and delete personal data as appropriate, however no later than year after you responded to the survey.
You supply services to or collaborate with us
When you enter into an agreement with us either as a vendor, partner or data processor, we process personal data such as your name, contact details and correspondence. The purpose is to be able to enter into this agreement and to respond to your inquiries and the lawful basis is b) contract. We review this data at our annual GDPR audit day and delete personal data as appropriate, however no later than 1 year after the contract has been terminated. We process other communication data as per the first paragraph in this chapter, please see above.
You use our website
When you use our website, we may process personal data such as IP address and other technical data collected via cookies and analytics tools. The purpose is to run our website and business effectively, promote our products and services and to respond to any inquiries from website visitors.
This section explains how we utilize cookies to enhance your browsing experience and better understand our services performance. Cookies are small text files that are placed on your device (computer, smartphone, or tablet) when you use our services. These cookies serve a specific purpose in improving your interaction with our website:
- Functional Cookies: We store your consent choice in a first-party cookie.
- Analytical Cookies: .We collect information about how visitors use our services, and some of this information might be stored in a cookie. The insights derived from this data help us analyse the performance and effectiveness of our service offering, identify areas for improvement, and tailor our content to better meet your needs.
Google Analytics 4
Google Analytics 4 is a web analytics service provided by Google Inc. It utilizes cookies to collect data about your interactions with our services. The data collected includes your browser type, location data, device information, and usage behavior. Importantly, this information is aggregated and anonymized, making it impossible to identify you personally.
We use Google Analytics 4 to gain insights into how visitors and users engage with our services, identify popular pages and features, and enhance the user experience.
Analytics usage tracking
PostHog is a product analytics platform. It utilizes cookies to collect data about your interactions with our services. The data collected includes browser information, location data, IP address, device information, user information and usage behaviour.
We use PostHog to help us understand how users engage with our content, identify areas for improvement, and enhance the user experience.
Whom we share your personal data with
To run our business efficiently and securely, we sometimes will have to share your personal data with other parties such as:
- Public authorities we are obliged to report to
- Our accountant, auditor, lawyer and others helping us in a professional capacity
- Data processors: providers of services that process your personal data on our behalf*
- IT support, if necessary
- Partners: If you use services that are provided by our partners and which are integrated with our services our partners gain access to your personal data. The personal data collected by our partners is covered by their own conditions and policies for processing of personal data.
- Scholars, researchers, and universities: working in the space of Impact, Quizrr wants to collaborate with different stakeholders to address and improve poor working conditions and industry challenges. Our aim is to not only improve the impact of our work as Quizrr, but to share the findings in the larger eco system where other stakeholders can benefit from the rich data sets and learnings shared.
We require that all such recipients secure data in accordance with good information security. We enter into a data processing agreement/addendum with anyone who processes data on our behalf, as per the requirements in the GDPR Article 28-3.
We use data processors for:
- Email, calendar and digital meetings
- Accounting/bookkeeping and invoicing
- Cloud storage
- This website, including online payments and online web portal (where you access digital products you purchase from us)
- User generated data from using our tools and services
- Business receipts
- Project management, timekeeping, digital notebook and scheduling
- Signing documents electronically
- Surveys and customer satisfaction feedback
To protect our business, we don't publish further details (like names) of our data processors. If you'd like to know more about our processing and whom we share your personal data with, please contact us.
Sale or transfer of business or assets: Your personal data may, to the extent allowed and in accordance with applicable data protection law, be transferred or disclosed to a purchaser or prospective purchaser in the event of a sale, assignment, or other transfer of all or a portion of our business or assets.
Transfer of personal data outside the EU/EEA
In some cases, your personal data will be transferred outside the EU/EEA, e.g. where we use data processors to manage for example cloud storage and email services.
We only use data processors we trust, that are well known and that we have a data processing agreement/addendum with. We check whether a country outside the EU/EEA offers an adequate level of data protection (has obtained an EU “adequacy decision”) or, if this is not the case, that other necessary safeguards are in place like the EU Standard Contractual Clauses (“SCC”, also called Model Clauses). If you would like to know where your particular data is processed, which safeguards we have for this and what other measures we have taken to protect your data, please contact us.
Here is an overview of the personal data we process for your online purchase (with HQ country/country of storage), as well as a link to the data processors’ privacy notices:
Transaction emails related to user accounts.
Atlanta, Georgia, USA
Error tracking / monitoring
We take information security seriously and we will always do our utmost to safeguard your personal data in the best possible way. For example, we use strong passwords, data encryption, access control and two-factor authentication to secure our data and prevent unauthorized persons from accessing, altering, deleting, or in any way affecting the data we store, including your personal data.
We only allow others to access and/or process your personal data in accordance with our instructions, and only when strictly necessary (e.g. when we require IT support).
We have implemented a policy for technical and organisational measures and a routine for managing data breaches. If we experience a personal data breach, i.e. a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, and it poses a medium to high risk for the people affected, we will notify the national data authority within 72 hours. If the risk is deemed high for the people affected, we will also notify them directly, if possible.
This privacy notice was last updated: 2023-12-04