Privacy Policy

Introduction

This Privacy Policy refers to the processing of personal data performed by the Swedish company be genoius AB with company registration number: 559200–1944 (hereinafter referred to as ”the Service Provider” and referred to as ”we” or ”us”). The person whose personal data we process is referred to below as ”you”. The information below is a summary of how we store and process your data in accordance with the EU Data Protection Regulation (GDPR).

We process your personal data that we get access to when you contact us, enter into an agreement with us or when you create a User Account for the application: World Wide Quiz (hereinafter referred to as the ”Application”). This Privacy Policy applies to all types of personal data, both in structured and unstructured data.

We review the contents of this Privacy Policy annually to ensure that the information is accurate, and we may update the contents if necessary, without prior notice. The latest version is always published on  the Application and our Website, which are available to the public. You are responsible for reading the contents of this Privacy Policy and keeping up to date on changes.

Definitions

The following definitions have the following meanings in this Privacy Policy:

Website: worldwidequiz.com, owned by the Service Provider.

Application: The application ”World Wide Quiz” for iOS and Android.

User: Individuals who use the Application.

User Account: Identity in the Application that identifies a User and gives the User access to the Application’ features.

Customer: User who makes in-app purchases and enters into a purchase agreement with the Service Provider.

Third-party: Legal or natural person, other than the User or the Service Provider.

GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

All references to ”personal data”, ”processing” (of personal data), ”data subject”, ”personal data controller”, ”personal data processor”, ”personal data breach”, ”supervisory authority” shall have the same meaning as set forth in Article 4 of the GDPR.

SCC: Commission implementing decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.

Personal Data Controller

be genoius AB is the personal data controller regarding all processing of personal data performed by us or on our behalf, and we are responsible for ensuring that the processing takes place in accordance with the GDPR (according to the principle of accountability).

Categories of processed personal data

In accordance with the principle of data minimization, we only process personal data that is relevant, necessary and adequate to fulfill the purpose for which it was collected. We mainly process the following categories of personal data that we get access from you when you contact us or enter into an agreement with us:

  • Identification information: name.
  • Contact information: telephone number, e-mail.
  • Other personal data: any other personal information that is provided to us, such as those that are included in a message sent to us or registered in connection with the creation of your User Account.

The purpose of the processing of personal data

All processing of personal data is made carefully, and we do not share the data with unauthorized persons. Each processing is legally based and thus legal in accordance with the provisions of the GDPR. Furthermore, we only process personal data for specific, explicitly stated and legitimate purposes (in accordance with the principle of purpose limitation).

Below you can read more about the legal basis and purpose of the processing of personal data.

When you visit our Website:

We use cookies on the Website and through these, we can obtain information about, among other things, visitors’ use of the website, location information and other user information provided through web analysis measurement providers. Necessary cookies are always stored, as they are necessary for the website to function properly. The use of analytical cookies and advertising cookies, on the other hand, only takes place if you give your consent to it. You can revoke a given consent at any time and manage the storage of cookies yourself through your browser’s settings. More information about how we use cookies can be read in our cookie policy: LINK.

Through the use of cookies, we get anonymized information regarding access data and device information, such as: device identification, operating system, operating version, device ID, access time, configuration settings, time zone, country. Legal basis for the processing: Consent.

When you create a User Account:

You need to create a User Account in order to use the Application and you have to register your e-mail when you create your User Account, and also accept the Terms of Use that apply for the Application. Your e-mail address is the only personal data that we process belonging to you when you register a User Account in the Application, unless you register more personal data, such as a profile picture or your name as the username, or if you provide us with other personal data when you are in contact with us. Legal basis for the processing: Contract.

When you make in-app purchases:

When we enter into a purchase agreement with you, regarding your purchase of extra features made available through in-app purchases within the Application, we may process your personal data in order to fulfill the purchase agreement, such as: User-ID, e-mail. We may also process some payment information, such as, order-number/ID, payment-date etc., in order to track the Customers payments to us and link them to the Customers User Account, to enable us to fulfill our contractual obligations. Legal basis for the processing: Contract.

We also store receipts and other accounting documents that we are obliged to process in accordance with, among other things, the Swedish Tax Agency’s requirements and the Accounting Act (1999: 1078). Such documentation is stored for at least seven (7) years or as long as required by law. Legal basis for the processing: Legal obligation.

When you contact us:

We process your personal data that we get access to when you contact us through e-mail or in any other way, such as your name, e-mail and the message content. The purpose of the processing is to enable us to know who we are talking to and to be able to help you in the matter. Legal basis for the processing: Legitimate interest.

Customer matters: In order to be able to handle matters relating to our Customers and purchase agreements, we may process the following information belonging to the Customer: name, User-ID, telephone number, e-mail and order history. Legal basis for the processing: Contract.

When we have a legal obligation to process personal data:

If we are obliged by law, court or authority decision to process personal data, we will do so. In such cases, the processing takes place only to the extent that it is necessary to fulfill our legal obligations, as long as the law requires it (in accordance with the principle of storage limitation). Legal basis for the processing: Legal obligation.

When we have a legitimate interest for the processing:

Based on our legitimate interest, we may process personal data in order to:

  • protect our rights and property,
  • carry out direct marketing of the Application,
  • ensure the technical functionality of the Application,
  • collect statistics etc. regarding the use of the Application.

We never process sensitive personal data with legitimate interest as a legal basis.

When a processing of personal data takes place on the basis of a legitimate interest as a legal basis, our assessment is that the processing does not constitute an infringement of your right to privacy. We have come to this conclusion, after having made a balancing between, on the one hand, what the processing in question means for your interests and the right to privacy, and, on the other hand, our legitimate interest in the processing in question.

Storage location and duration

We strive to store all personal data that we process within the EU / EEA (in accordance with the principle of integrity and confidentiality). In the event that personal data is stored in a country outside the EU / EEA, we shall ensure that such storage site ensures an adequate level of protection in accordance with the provisions of the GDPR (and the SCC where applicable).

We store personal data as long as we have a legal basis to process the data. Personal data that are no longer necessary to fulfill the purposes for which they were collected are erased (deleted) from our storage locations or anonymized (in accordance with the principle of storage limitation).

You may at any time choose to terminate your User Account through the Application or by sending such a request to us by written notice to the following e-mail: info@worldwidequiz.com. If a User deletes its User Account, the e-mail address connected to the User Account will be erased from our servers and all data connected to the Users use of the Application will be anonymized.

Any erased data may be retained in our back-up storages for up to three (3) months, before getting deleted permanently.

Sharing of personal data

We protect your privacy and we never sell or pass on your personal data to Third-parties without legal basis. However, we hire various service providers to fulfill our contractual and legal obligations, detect and prevent technical, operational or security problems, safeguard our legal interests and to provide, develop and maintain the Application. In some cases, we may need to share personal data with such service providers.

Before we share any personal data to a Third-party service provider, we enter into a Data Processing Agreement in accordance with the provisions of the GDPR (alternatively SCC if the personal data processor is located in a country outside the EU / EEA), to ensure a secure and correct processing of personal data.

If you want to know more about which service providers that we have hired, that process personal data on our behalf and in accordance with our instructions, you can contact us to request a current overview.

Technical and organizational security measures

We implement various technical and organizational security measures with a focus on the integrity of the data subjects. The measures are intended to protect against intrusion, abuse, loss, destruction and other changes that may pose a risk to privacy (according to the principle of privacy and confidentiality).

For example, we follow the seven data protection principles in all processing of personal data.

Also, all of our databases, internal registers and systems that contain personal data are password protected. Our databases undergo a daily backup. Furthermore, we have designated certain specific individuals with access to passwords to our systems that contain personal data, to restrict access.

We have written internal routines for deleting personal data, handling personal data breaches and how personal data is to be processed, which all our employees must follow. In addition, all our employees have undertaken an obligation to process all personal data with confidentiality, according to a confidentiality agreement.

Your rights under the GDPR

If we process your personal data, you have different rights according to the GDPR regarding the processing of personal data. According to the GDPR, as a data subject, you have the right to:

  • access your personal data that we process.
  • have your incorrect personal data corrected.
  • have your personal data that we process erased.
  • request a restriction on the processing of your personal data.
  • transfer your personal data (data portability).
  • receive information about personal data breaches concerning your personal data.
  • object to the use of personal data for direct marketing and profiling.

We hereby inform you that some of the rights only apply in certain situations and only if it is legal and possible for us to implement your request. If you would like to invoke any of the above rights regarding your personal data that we process, you are welcome to contact us. We will try to fulfill your wishes as far as it is possible and legal for us to do so and respond to your message without undue delay.

Personal Data Breaches

A personal data breach means a security breach that occurs if we lose control of the personal data that we process. We document all personal data breaches that occur internally in logbooks and carry out a follow-up work, to minimize the risks of repeated breaches.

We follow the provisions of the GDPR regarding the handling, reporting and documentation of personal data breaches.

We will report personal data breaches to the Swedish Authority for Privacy Protection (IMY) within 72 hours and notify the data subjects affected by the personal data breaches, when it is required by the GDPR.

Questions or complaints

If you have any questions or if you are dissatisfied with our processing of your personal data, you are always welcomed to contact us. We will do our best to answer your questions and assist you in the matter.

Our company information

Company: be genoius AB.

Reg. no.: 559200-1944.

E-mail: info@worldwidequiz.com

If you wish to get in touch with us, you can contact us through the information provided above or contact our contact person for personal data matters:

Name: Lenno Fredlund.

E-mail: info@worldwidequiz.com

You also have the right to contact the Swedish supervisory authority to file a complaint.

Contact information for the Swedish Authority for Privacy Protection:

Name: Integritetsskyddsmyndigheten (IMY).

Phone: 08-657 61 00.

Email: imy@imy.se

Postal address: Integritetskyddsmyndigheten, Box 8114, 104 20 Stockholm.