Privacy Policy
1. Introduction and Fundamental Principles
Welcome to kwizkid, a web-based platform developed and managed by rubberduck studio GmbH, based in Vienna, Austria.
At rubberduck studio GmbH, we recognize that privacy is a fundamental human right. This comprehensive Privacy Policy articulates our commitment to protecting personal data across all interactions with and within the kwizkid platform. Our approach to data management is founded on principles of transparency, security, and respect for individual privacy rights.
We are committed to maintaining the highest standards of data protection in full compliance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), Austrian Data Protection Act (Datenschutzgesetz - DSG), as well as other applicable international data protection laws. All data processing activities are conducted within the European Union, with our primary data center located in Frankfurt, Germany. This means that we only collect, process, and store personal data when it is lawful, necessary, and in alignment with user rights. Our processing activities are based on clear legal grounds, such as contractual necessity, legitimate interests, legal obligations, or user consent.
This Privacy Policy applies universally to all individuals interacting with our platform regardless if you are a Free User or a Paid User, including Content Creators, Quiz Hosts, Participants, Customers, and casual Visitors. By using our services, you enter into a relationship of mutual trust and transparency regarding your personal data.
For more details on the GDPR and your rights, you may refer to the official regulation text here: GDPR Full Text.
If you have any questions or concerns about how we handle your data, please don’t hesitate to contact us:
rubberduck studio GmbH Währinger Straße 94, Top 15/16 1180 Vienna Austria Email: privacy@kwizkid.live
2. Data We Collect
To provide the best experience and improve our platform, we need to collect certain types of data from you. This includes both personal information that you provide and technical data related to how you interact with kwizkid.
a. Personal Data
When you create an account or participate in a quiz event, we collect basic personal information to ensure we can provide you with the best experience:
- Account Information: We collect your name, email address, and payment details if you subscribe to our paid services or make purchases. For Business Users: we collect your company name, address and UID if you request an invoice.
- Quiz Content: We store quiz questions, participant responses, and quiz results generated during the events you participate in. This data helps us improve the quality of future events and ensures fair play.
- Communication Data: If you contact us through customer support or our contact forms, we collect the messages you send us. This helps us address your inquiries or resolve any issues you might face.
b. Technical Data
To optimize your experience, we gather technical information about the devices and systems you use to access kwizkid. This helps us monitor performance and identify areas for improvement:
- Device Information: This includes details about your device, such as the type of browser you use, your operating system, and your IP address.
- Usage Data: We track how you interact with the platform, including the pages you visit, how long you stay on each page, and which features you use the most.
- Cookies: Like many online platforms, we use cookies to enhance your experience and gather data on how our site is used. Cookies help us remember your preferences and provide tailored content. (For more details, see Section 10 on Cookies).
c. Data from Third-Party Services
To provide our Services securely and efficiently, we work with several trusted third-party providers:
- Infrastructure & Hosting: Your Quiz Content and Account data is stored on AWS (Amazon Web Services) servers located in the European Union (Frankfurt).
- Payment Processing: All payment transactions are handled by Mollie. While we receive confirmation of your payment status, we never store or process your payment details directly.
- Analytics & Performance: We use Google Analytics, Google Tag Manager, and FullStory to improve our platform performance and user experience. These services collect anonymized usage data and technical information.
- Marketing & Advertising: We use Google AdWords for targeted advertising and campaign tracking. This involves processing data about ad engagement and using cookies to optimize ad delivery. You can manage your advertising preferences through your Google Ad Settings.
- Email Communication: We use Mailjet, based in the EU, to send you important updates about your Account, Quiz-Events, and (with your consent) marketing communications.
- AI Services: When you use our AI features, quiz content generation is processed through OpenAI’s ChatGPT.
- Security: We implement Google reCAPTCHA to protect our platform from automated abuse.
Each third-party provider is carefully selected and bound by data protection agreements. For detailed information about data processing by these providers, you can find their respective privacy policies here:
AWS (Amazon Web Services): https://aws.amazon.com/privacy/ Mollie: https://www.mollie.com/en/privacy/ Google Analytics: https://policies.google.com/privacy/ FullStory: https://www.fullstory.com/legal/privacy/ Mailjet: https://www.mailjet.com/privacy-policy/ OpenAI: https://openai.com/privacy/ Google reCAPTCHA: https://policies.google.com/privacy/
3. How We Use Your Data
Your data is used in various ways to enhance your experience with kwizkid and to ensure that the platform runs smoothly. Here's how we use the information we collect:
- To Operate Our Services: We use your data to provide access to kwizkid's Quiz-Events, manage your Account, enable Content Creation, facilitate Quiz-Event hosting, and allow Participant interaction during events.
- To Personalize Your Experience: We use data to ensure relevant quiz suggestions, remember your preferences, and provide a smoother experience each time you visit. This includes saving your preferred Quiz-Event settings and team configurations.
- To Process Payments and Licenses: We securely process any payments you make for Licenses through our Payment Provider. Your payment details are handled through encrypted and secure methods.
- To Improve Our Platform: We analyze user data to identify trends, improve performance, and add new features to kwizkid.
- To Meet Legal Obligations: In some cases, we may need to use your data to comply with legal obligations or resolve disputes. This ensures that we are operating in accordance with laws and regulations.
- To Communicate with You: If you register for Quiz-Events, we may use your contact information to send you reminders, updates about upcoming events, or promotional content. You can opt out of promotional emails at any time.
With your explicit consent, we may send you marketing emails about our services, special offers, and updates. The legal basis for such communications is your consent according to Art. 6(1)(a) GDPR and in compliance with § 174 Abs 4 TKG 2021. You can withdraw this consent at any time:
- By clicking the unsubscribe link included in every marketing email
- By emailing privacy@kwizkid.live with the subject "Unsubscribe"
We will process your unsubscribe request promptly, and in any case within 10 working days. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
4. Legal Bases for Processing
As per the General Data Protection Regulation (GDPR) and other relevant laws, we process your data on the following legal bases:
Consent: When you sign up for newsletters, participate in marketing campaigns, or agree to share your data for specific purposes.
Contractual Necessity: When processing your data is essential for fulfilling a contract with you, such as providing you with quiz services or processing payments.
Legal Obligations: We may be required to process your data to comply with legal requirements such as tax and fraud prevention laws.
Legitimate Interests: To improve the quality of our services, ensure the security of the platform, and enhance your user experience. We also use your data to send communications related to our services unless you have opted out.
4.1 Consent (Art. 6(1)(a) GDPR)
We only process your personal data based on consent when it is legally required. This includes:
- Sending marketing emails or newsletters.
- Using non-essential cookies, such as analytics and advertising cookies (see Section 10).
- Storing quiz participation history for personalized recommendations.
How to Withdraw Consent:
You have the right to withdraw your consent at any time. This can be done through your account settings, cookie preferences, or by contacting us at privacy@kwizkid.live. Withdrawal does not affect the lawfulness of processing that occurred before consent was revoked.
4.2 Contractual Necessity (Art. 6(1)(b) GDPR)
Certain data processing activities are necessary to fulfill our contract with you. This applies when:
- You create an account and we process your name, email, and payment details to provide access to kwizkid.
- You participate in a quiz event, and we process quiz responses and results to enable gameplay.
- You activate Auto-Renew or purchase a service, and we process payment details via our third-party provider (Mollie).
If you do not provide this data, we cannot fulfill our contractual obligations and may be unable to provide you with access to our services.
4.3 Legal Obligations (Art. 6(1)(c) GDPR)
We must process certain data to comply with legal obligations, including:
- Tax and accounting laws, requiring us to retain payment records for a legally mandated period.
- Fraud prevention and cybersecurity measures, such as logging access attempts and suspicious activity.
- Regulatory reporting requirements, including data requests from law enforcement authorities, where applicable.
We only disclose personal data to authorities when legally required and after careful legal review.
4.4 Legitimate Interests (Art. 6(1)(f) GDPR)
We may process your data when we have a legitimate business interest, provided that this does not override your rights and freedoms. Examples include:
- Security monitoring to detect and prevent unauthorized access or cyber threats.
- Service optimization, such as analyzing usage trends to improve kwizkid’s performance and user experience.
- Customer support, including handling inquiries and troubleshooting issues.
- Business analytics, such as understanding quiz engagement rates to refine our services.
You have the right to object to processing based on legitimate interests (see Section 9: User Rights). If you object, we will evaluate whether we have compelling legal grounds to continue processing your data.
5. Sharing and Disclosing Data
At kwizkid, we take your privacy seriously and do not sell your personal data. However, we do share certain data with trusted third-party service providers who help us operate, improve, and secure our platform:
Third-Party Service Providers: We rely on trusted service providers for essential operational functions. AWS hosts our platform infrastructure in Frankfurt, Germany. Mollie processes all payment transactions. Google Analytics helps us understand platform usage, while Mailjet manages our email communications. These providers are contractually obligated to protect your data and use it only as necessary to perform their services.
Legal Requirements: If we are required by law to disclose your data (for example, to comply with a court order or respond to a legal claim), we will do so only after careful review and in accordance with applicable law.
Business Partners: In cases where organizations use kwizkid for hosting Quiz-Events, we may share necessary Participant data with the hosting organization. This sharing is limited to data required for Quiz-Event management and scoring.
We carefully select our partners and ensure that they comply with GDPR or equivalent data protection standards.
Below is an overview of key third-party services used by kwizkid:
-
Infrastructure & Hosting
- Amazon Web Services (AWS): Hosts our platform in Frankfurt, Germany
- Purpose: Secure storage and delivery of kwizkid services
- Data accessed: Quiz content, account data, usage data
- https://aws.amazon.com/privacy
-
Payment Processing
- Mollie: Handles all payment transactions
- Purpose: Secure processing of subscription and license payments
- Data accessed: Transaction information only (no full payment details are stored by kwizkid)
- https://www.mollie.com/privacy
-
Analytics & Performance
- Google Analytics: Analyzes platform usage and performance
- Purpose: Improving user experience and platform functionality
- Data accessed: Anonymized usage statistics, device information
- https://policies.google.com
-
FullStory: Provides session recordings and usage analytics
- Purpose: Understanding user experience issues and platform optimization
- Data accessed: Anonymized user interactions, technical data
-
https://www.fullstory.com/privacy-resources
-
Email Communication
- Mailjet: Manages email delivery
- Purpose: Sending account notifications, quiz reminders, and marketing communications
- Data accessed: Email address, name, communication preferences
-
https://www.mailjet.com/legal/privacy-policy
-
AI Services
- OpenAI: Powers quiz content generation
- Purpose: Creating AI-generated quiz questions and content
- Data accessed: Only quiz content data specifically entered for AI generation
-
https://openai.com/policies/row-privacy-policy
-
Security
- Google reCAPTCHA: Prevents automated abuse
- Purpose: Platform security and bot prevention
- Data accessed: Device information, interaction data
-
https://cloud.google.com/security/products/recaptcha
6. International Data Transfers
kwizkid operates in a global digital landscape, which occasionally necessitates the transfer of personal data beyond the European Union and European Economic Area. We recognize the sensitive nature of such transfers and have implemented comprehensive measures to ensure your data remains protected, regardless of its location.
Our approach to international data transfers is grounded in a commitment to transparency, security, and strict adherence to data protection principles. While our primary infrastructure is located within the European Union, specific services may require data processing in other jurisdictions. These transfers primarily involve cloud infrastructure, AI services, analytics platforms, payment processing, and communication tools.
AI Services and OpenAI: When you use our optional AI features for quiz content generation, the specific content prompts you enter are processed by OpenAI. Importantly, we do not share any personal data or user account information with OpenAI - only the quiz content you specifically input when using the AI feature. OpenAI's processing is governed by Standard Contractual Clauses to ensure GDPR compliance. The AI-generated content is then returned to our EU-based servers, and no personal identifiers are retained by OpenAI. You can find more details about this specific processing in Section 13 of our Terms and Conditions.
To safeguard your personal information during these transfers, we employ multiple layers of protection. We utilize Standard Contractual Clauses (SCCs) approved by the European Commission, which legally bind our international partners to rigorous data protection standards. Additionally, we prioritize transfers to countries with robust data protection frameworks recognized by European regulators.
Our technical safeguards are equally comprehensive. We implement end-to-end encryption for data both in transit and at rest, ensuring that your personal information remains secure throughout its journey. Wherever possible, we practice data minimization and pseudonymization, reducing the risk of individual identification. Our technical team conducts regular security audits to maintain the highest standards of data protection.
Take our infrastructure and hosting as an example. While we leverage global cloud services, our primary data center remains in Frankfurt, Germany. Any cloud services we use must comply explicitly with GDPR transfer requirements and undergo extensive vetting. Similarly, when we use AI services like OpenAI, we ensure strict contractual guarantees that prevent the misuse of personal data and prohibit the use of identifiable information for model training.
For analytics and performance monitoring, we configure services like Google Analytics to anonymize IP addresses and minimize personal data sharing. Users always have the option to opt-out of non-essential tracking, maintaining control over their digital footprint.
We understand that international data transfers can be a source of concern. Therefore, we commit to complete transparency. If you have questions about how your data might be transferred, we welcome your inquiries. You have the right to request detailed information about our transfer mechanisms, and we will provide clear, comprehensible explanations.
Our compliance is not static. We continuously monitor changes in international data protection regulations, regularly reviewing and updating our data transfer mechanisms. This ongoing commitment ensures that your data protection remains at the forefront of our operations.
For any specific concerns or questions about our international data transfer practices, we encourage you to reach out to us directly at privacy@kwizkid.live.
Your privacy is our priority, and we are always prepared to provide clarity and reassurance about how we handle your personal information.
7. Data Retention
Our data retention approach is guided by a principle of minimal and purposeful data storage. We retain personal information only for as long as necessary to fulfill the specific purposes for which it was collected, balancing our operational needs with your right to privacy.
Each category of data we collect has a carefully considered retention period:
- Account Data: We maintain your account information while you actively use the kwizkid platform. Upon account deletion or when no longer required, we will remove or anonymize your personal data. Accounts inactive for more than 24 months may be classified as dormant, after which personal data will be anonymized. Upon account deletion or when no longer required, we will remove or anonymize your personal data within 30 days.
- Quiz Content: Data generated during quiz participation remains accessible for operational purposes. Users can request deletion of their specific content at any time.
- Participant-Uploaded Content: Images or other content uploaded by Participants during Quiz Events are automatically deleted after 30 days.
- Payment Data: Transaction records are retained for 7 years to comply with tax and accounting requirements. Payment method details are not stored by us but by our payment processor Mollie.
- Technical Data: Usage logs and technical information that helps kwizkid to maintain Services and track errors are retained for up to 12 months. After this period, data is either deleted or converted to anonymized aggregate statistics. No identifiable user behavior is logged.
- Communication Data: Customer service inquiries and communication records are kept for 2 years to ensure continuity of service and reference for recurring issues.
Our retention periods comply with legal requirements, including tax regulations, potential dispute resolutions, and necessary audit trails. For financial transactions, we may need to retain certain payment-related information for accounting and tax purposes, in line with local legal mandates.
Our team regularly reviews our data storage practices, ensuring that we do not keep personal information longer than necessary. When data reaches the end of its useful lifecycle, we employ secure deletion methods that permanently remove the information from our systems.
In the event of a legal hold or ongoing investigation, we may need to extend the retention of specific data sets. However, such extensions are rare and occur only when legally required, with minimal impact on your overall data privacy.
You can request information about how long we retain specific types of data, and you have the right to request deletion of your personal information. Our customer support team is always ready to assist you in understanding and managing your data retention preferences.
8. Security Measures
We understand that the security of your personal data is important. To protect your data, we employ a variety of technical and organizational measures:
Encryption: We use industry-standard encryption methods (TLS/SSL) to protect your data both during transmission and when it is stored. This includes encryption for sensitive information and secure protocols for data protection.
Access Control: Only authorized personnel can access your personal data. Access is granted based on the roles and responsibilities necessary to perform their duties. We implement role-based access control with multi-factor authentication to ensure minimal and purposeful data access.
Regular Security Audits: We conduct regular audits and monitoring of our platform to identify and resolve any security vulnerabilities. This includes comprehensive internal assessments, vulnerability scanning, and continuous system monitoring.
Third-Party Security: We maintain rigorous security evaluations for all service providers, ensuring they meet our strict data protection standards through contractual obligations and regular compliance reviews.
While we maintain robust security measures, no digital system is entirely impenetrable. Users are advised to use strong passwords, enable two-factor authentication, and promptly report any suspicious activities.
9. User Rights
As a user of kwizkid, you have certain rights regarding your personal data. These rights are outlined under the General Data Protection Regulation (GDPR) and other applicable data protection laws:
- Right to Be Informed: You have the right to know what data we collect, how we use it, and who we share it with.
- Right of Access: You can request a copy of the personal data we hold about you.
- Right to Rectification: If any of your data is inaccurate or incomplete, you can ask us to correct it.
- Right to Erasure: You can request that we delete your personal data (the "Right to Be Forgotten"), subject to certain legal exceptions.
- Right to Restrict Processing: You can request limitation on how we use your data in specific circumstances.
- Right to Data Portability: You have the right to request your data in a structured, machine-readable format for transfer to another service provider.
- Right to Object: You can object to the processing of your personal data, particularly when we process it for legitimate interests or marketing purposes.
- Right to Withdraw Consent: If we process your data based on consent, you can withdraw that consent at any time.
Exercising Your Rights: To exercise these rights, please contact us at privacy@kwizkid.live. We will respond to your request within 30 days, in accordance with GDPR regulations.
Withdrawal of Consent: You can withdraw consent at any time through your account settings or by contacting our support team. Withdrawal does not affect the lawfulness of processing that occurred before consent was revoked.
Exceptions & Limitations:
- We may retain certain data for legal, tax, or fraud prevention purposes.
- If deleting your data would prevent us from fulfilling a contractual obligation, we may not be able to proceed.
- Requests must not infringe on the rights and freedoms of other users.
If we cannot fully fulfill a request, we will provide a clear explanation of why.
Additional Provisions for California Residents: California users have additional rights under the California Consumer Privacy Act (CCPA), including:
- Right to Know: Detailed information about personal data collection
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: Option to prevent sale of personal information
- Right to Non-Discrimination: Receive equal service regardless of privacy rights exercise
For CCPA requests, please contact us at privacy@kwizkid.live. We will respond within 45 days as required by law.
10. Cookies and Tracking Technologies
kwizkid uses cookies and similar tracking technologies to enhance user experience, analyze platform performance, and enable personalized content. Cookies are small text files stored on your device that help us remember preferences and optimize functionality.
You have full control over your cookie preferences and can modify or withdraw consent at any time via our cookie settings.
Types of Cookies We Use:
Necessary Cookies (Essential for Functionality)
These cookies are required for the website to function properly. Without them, core functionalities such as security settings, language preferences, and account login cannot be provided. These cookies do not collect personal data and are not shared with third parties.
Analytics Cookies (Website Performance & Usage Data)
Analytics cookies allow us to measure website performance and understand how users interact with our platform. They help us improve user experience by tracking page visits, navigation patterns, and engagement levels.
Services Used:
- Google Analytics – Analyzes visitor behavior, such as session duration, most visited pages, and referral sources.
- Google Tag Manager – Helps manage and deploy marketing tags and scripts on the website efficiently.
- FullStory – Provides anonymized session recordings to help us optimize user experience and identify usability issues.
Opt-Out: You can disable Google Analytics tracking at any time via the following link: Google Analytics Opt-Out.
User Data and Advertising Cookies (Targeted Ads & Optimization)
These cookies collect anonymized user data to help us optimize advertising campaigns and deliver relevant ads. They track interactions with ads and measure campaign effectiveness.
Services Used:
- Google AdWords – Tracks ad interactions and conversion rates for our advertising campaigns.
- Google Ad Data – Stores information related to ad cookies, ensuring proper ad targeting and performance measurement.
Opt-Out: You can manage your ad preferences via Google: Google Ad Settings.
Personalization Cookies (Customized Content & Recommendations)
These cookies enable the display of personalized content based on the user’s interests. This ensures that displayed content is best aligned with visitor preferences.
Services Used:
- Google AdWords – Personalizes ads and content based on user behavior and preferences.
Third-Party Service Cookies
kwizkid integrates external services that use cookies for their functionality:
- Mailjet – Used for sending emails related to quizzes, notifications, and platform updates. Mailjet Privacy Policy
- Mollie – Our payment provider, responsible for processing transactions securely. Mollie Privacy Policy
- OpenAI – Used for AI-powered interactions and features. OpenAI Privacy Policy
Managing Cookies & Consent
You can manage or withdraw your cookie preferences at any time using our cookie settings tool. Additionally, you can adjust your browser settings to block or delete cookies. However, blocking essential cookies may impact website functionality.
To adjust your cookie preferences:
- Modify settings in the website’s cookie consent banner.
- Use browser controls to delete or block cookies.
Opt-out of specific third-party services using the links provided above.
Do Not Track (DNT) Signals:
kwizkid currently does not respond to “Do Not Track” (DNT) signals from web browsers. However, you can still manage your privacy preferences through the following methods mentioned above.
For more information on cookies and how to manage them, visit www.allaboutcookies.org.
11. Children’s Privacy
kwizkid is designed for general audiences and is not intended for use by children under the age of 16 without parental or guardian consent. We do not knowingly collect personal data from children. If we discover that a child under 16 has provided us with personal data without proper consent, we will take steps to delete that data as soon as possible.
If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@kwizkid.live, and we will take the necessary steps to remove the data from our systems.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect legal requirements, changes in our services, or improvements in our data protection practices. When we make significant changes, we will notify you in one or more of the following ways:
- By posting an updated version on our website with a new Effective Date.
- By sending you an email notification if you have an account with us.
- By displaying a notice within the kwizkid platform.
We encourage you to review this Privacy Policy regularly to stay informed about how we are protecting your personal data.
13. Contact Us
Data Protection Representation
As rubberduck studio GmbH is headquartered in Vienna, Austria within the European Union, we are directly subject to and compliant with EU data protection regulations including the GDPR. We do not require a separate EU representative as mandated for non-EU companies. For any GDPR-related inquiries, you may contact us directly at privacy@kwizkid.live or reach out to your local data protection authority.
If you have any questions, concerns, or requests regarding your personal data or this Privacy Policy, please feel free to contact us. We are happy to address your inquiries and ensure that your data privacy is protected.
Privacy & data inquiries: privacy@kwizkid.live Billing inquiries: billing@kwizkid.live Legal matters: legal@kwizkid.live General support: support@kwizkid.live
For GDPR-related inquiries, you may also contact your local data protection authority.
14. Supplementary Provisions
Third-Party Links & Services: kwizkid may contain links to external websites or services not operated by us. We are not responsible for the privacy practices of third-party sites. We encourage you to review the privacy policies of any external sites you visit.
Third-Party Services May Include:
- Payment Processors
- Social Media Login Providers
- Analytics Providers
These services have their own privacy policies, which we recommend you read carefully.
Data Breach Handling: In the event of a data breach, we will:
- Investigate the breach to determine its scope and impact
- Notify affected users if their personal data has been compromised
- Report the breach to regulatory authorities if required by law
- Take corrective measures to prevent future incidents
If you suspect a data breach or unauthorized access to your account, please contact us immediately.
Governing Law: This Privacy Policy is governed by the laws of Austria. Any disputes arising from this policy will be handled in accordance with those laws.
15. Final Notes
We appreciate your trust in kwizkid and are committed to maintaining the highest standards of data privacy and security. If you have any feedback or suggestions regarding our privacy practices, we’d love to hear from you.
For any concerns, please reach out to privacy@kwizkid.live.
You can revoke your cookie consent by clicking here.
Last Update: March 25, 2025