Website: worldwidequiz.com, owned by the Service Provider.
Application: The application ”World Wide Quiz” for iOS and Android.
User: Individuals who use the Application.
User Account: Identity in the Application that identifies a User and gives the User access to the Application’ features.
Customer: User who makes in-app purchases and enters into a purchase agreement with the Service Provider.
Third-party: Legal or natural person, other than the User or the Service Provider.
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
All references to ”personal data”, ”processing” (of personal data), ”data subject”, ”personal data controller”, ”personal data processor”, ”personal data breach”, ”supervisory authority” shall have the same meaning as set forth in Article 4 of the GDPR.
SCC: Commission implementing decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
Personal Data Controller
be genoius AB is the personal data controller regarding all processing of personal data performed by us or on our behalf, and we are responsible for ensuring that the processing takes place in accordance with the GDPR (according to the principle of accountability).
Categories of processed personal data
In accordance with the principle of data minimization, we only process personal data that is relevant, necessary and adequate to fulfill the purpose for which it was collected. We mainly process the following categories of personal data that we get access from you when you contact us or enter into an agreement with us:
- Identification information: name.
- Contact information: telephone number, e-mail.
- Other personal data: any other personal information that is provided to us, such as those that are included in a message sent to us or registered in connection with the creation of your User Account.
The purpose of the processing of personal data
All processing of personal data is made carefully, and we do not share the data with unauthorized persons. Each processing is legally based and thus legal in accordance with the provisions of the GDPR. Furthermore, we only process personal data for specific, explicitly stated and legitimate purposes (in accordance with the principle of purpose limitation).
Below you can read more about the legal basis and purpose of the processing of personal data.
When you visit our Website:
When you create a User Account:
When you make in-app purchases:
When we enter into a purchase agreement with you, regarding your purchase of extra features made available through in-app purchases within the Application, we may process your personal data in order to fulfill the purchase agreement, such as: User-ID, e-mail. We may also process some payment information, such as, order-number/ID, payment-date etc., in order to track the Customers payments to us and link them to the Customers User Account, to enable us to fulfill our contractual obligations. Legal basis for the processing: Contract.
We also store receipts and other accounting documents that we are obliged to process in accordance with, among other things, the Swedish Tax Agency’s requirements and the Accounting Act (1999: 1078). Such documentation is stored for at least seven (7) years or as long as required by law. Legal basis for the processing: Legal obligation.
When you contact us:
We process your personal data that we get access to when you contact us through e-mail or in any other way, such as your name, e-mail and the message content. The purpose of the processing is to enable us to know who we are talking to and to be able to help you in the matter. Legal basis for the processing: Legitimate interest.
Customer matters: In order to be able to handle matters relating to our Customers and purchase agreements, we may process the following information belonging to the Customer: name, User-ID, telephone number, e-mail and order history. Legal basis for the processing: Contract.
When we have a legal obligation to process personal data:
If we are obliged by law, court or authority decision to process personal data, we will do so. In such cases, the processing takes place only to the extent that it is necessary to fulfill our legal obligations, as long as the law requires it (in accordance with the principle of storage limitation). Legal basis for the processing: Legal obligation.
When we have a legitimate interest for the processing:
Based on our legitimate interest, we may process personal data in order to:
- protect our rights and property,
- carry out direct marketing of the Application,
- ensure the technical functionality of the Application,
- collect statistics etc. regarding the use of the Application.
We never process sensitive personal data with legitimate interest as a legal basis.
When a processing of personal data takes place on the basis of a legitimate interest as a legal basis, our assessment is that the processing does not constitute an infringement of your right to privacy. We have come to this conclusion, after having made a balancing between, on the one hand, what the processing in question means for your interests and the right to privacy, and, on the other hand, our legitimate interest in the processing in question.
Storage location and duration
We strive to store all personal data that we process within the EU / EEA (in accordance with the principle of integrity and confidentiality). In the event that personal data is stored in a country outside the EU / EEA, we shall ensure that such storage site ensures an adequate level of protection in accordance with the provisions of the GDPR (and the SCC where applicable).
We store personal data as long as we have a legal basis to process the data. Personal data that are no longer necessary to fulfill the purposes for which they were collected are erased (deleted) from our storage locations or anonymized (in accordance with the principle of storage limitation).
You may at any time choose to terminate your User Account through the Application or by sending such a request to us by written notice to the following e-mail: email@example.com. If a User deletes its User Account, the e-mail address connected to the User Account will be erased from our servers and all data connected to the Users use of the Application will be anonymized.
Any erased data may be retained in our back-up storages for up to three (3) months, before getting deleted permanently.
Sharing of personal data
We protect your privacy and we never sell or pass on your personal data to Third-parties without legal basis. However, we hire various service providers to fulfill our contractual and legal obligations, detect and prevent technical, operational or security problems, safeguard our legal interests and to provide, develop and maintain the Application. In some cases, we may need to share personal data with such service providers.
Before we share any personal data to a Third-party service provider, we enter into a Data Processing Agreement in accordance with the provisions of the GDPR (alternatively SCC if the personal data processor is located in a country outside the EU / EEA), to ensure a secure and correct processing of personal data.
If you want to know more about which service providers that we have hired, that process personal data on our behalf and in accordance with our instructions, you can contact us to request a current overview.
Technical and organizational security measures
We implement various technical and organizational security measures with a focus on the integrity of the data subjects. The measures are intended to protect against intrusion, abuse, loss, destruction and other changes that may pose a risk to privacy (according to the principle of privacy and confidentiality).
For example, we follow the seven data protection principles in all processing of personal data.
Also, all of our databases, internal registers and systems that contain personal data are password protected. Our databases undergo a daily backup. Furthermore, we have designated certain specific individuals with access to passwords to our systems that contain personal data, to restrict access.
We have written internal routines for deleting personal data, handling personal data breaches and how personal data is to be processed, which all our employees must follow. In addition, all our employees have undertaken an obligation to process all personal data with confidentiality, according to a confidentiality agreement.
Your rights under the GDPR
If we process your personal data, you have different rights according to the GDPR regarding the processing of personal data. According to the GDPR, as a data subject, you have the right to:
- access your personal data that we process.
- have your incorrect personal data corrected.
- have your personal data that we process erased.
- request a restriction on the processing of your personal data.
- transfer your personal data (data portability).
- receive information about personal data breaches concerning your personal data.
- object to the use of personal data for direct marketing and profiling.
We hereby inform you that some of the rights only apply in certain situations and only if it is legal and possible for us to implement your request. If you would like to invoke any of the above rights regarding your personal data that we process, you are welcome to contact us. We will try to fulfill your wishes as far as it is possible and legal for us to do so and respond to your message without undue delay.
Personal Data Breaches
A personal data breach means a security breach that occurs if we lose control of the personal data that we process. We document all personal data breaches that occur internally in logbooks and carry out a follow-up work, to minimize the risks of repeated breaches.
We follow the provisions of the GDPR regarding the handling, reporting and documentation of personal data breaches.
We will report personal data breaches to the Swedish Authority for Privacy Protection (IMY) within 72 hours and notify the data subjects affected by the personal data breaches, when it is required by the GDPR.
Questions or complaints
If you have any questions or if you are dissatisfied with our processing of your personal data, you are always welcomed to contact us. We will do our best to answer your questions and assist you in the matter.
Our company information
Company: be genoius AB.
Reg. no.: 559200-1944.
If you wish to get in touch with us, you can contact us through the information provided above or contact our contact person for personal data matters:
Name: Lenno Fredlund.
You also have the right to contact the Swedish supervisory authority to file a complaint.
Contact information for the Swedish Authority for Privacy Protection:
Name: Integritetsskyddsmyndigheten (IMY).
Phone: 08-657 61 00.
Postal address: Integritetskyddsmyndigheten, Box 8114, 104 20 Stockholm.