Privacy Policy of Champions Quiz

Last update: October 2022
Version 1.0

Dear user ("you"),

Champions Quiz is a subscription organized by Convoo GmbH ("we" or "us").
We care about your privacy and, in this Privacy Policy, we would like to ensure that you will be provided with all necessary information about your privacy according to the General Data Protection Regulation ("GDPR"), including details about:

• The detail of the processing of your personal data, and
• Your rights.

If you have any questions in regards to your personal data or interest to exercise your rights, you can reach us at any time, either by post or by email directly to our data protection officer:

Convoo GmbH
Am Unysispark 1
65843 Sulzbach/Ts.
Germany

[email protected]
c/o DPO: [email protected]
Represented by managing director: Henning Munte

According to Art. 27 of the UK GDPR, we are obliged to have a representative established in the UK. You can reach the appointed representative via email: c/o UK Representative [email protected].

1. What information we collect:

Among others, we collect in three different manners: (1) information that you provide to us, (2) information that is collected automatically, and (3) information collected from other sources. You can find more details below:

1.1. Information that you provide to us:

• Profile information. When you create an account on our website, you provide us with your personal data (e.g., e-mail address, telephone number and password of your PayPal account).
• User performance. When you answer the questions of the quiz, you provide us with personal data (e.g., time, duration and results of your participation in the quiz).
• User support. When you contact our staff, we collect the information you supply us (e.g., content of the message sent, attachments, and proof of identity).

1.2. Information that is collected automatically:

• Technical information. We collect certain device and network information when you access our Services (e.g., data relating to the type of browser, Internet Service Provider (ISP), local time, and location).
• Usage information. We collect information about how you use our Services (e.g., the types of content you view or engage with, your search history on the Services, the actions you take, the people or accounts you interact with, and the time, frequency, and duration of your activities).

1.3. Information that is collected from other sources

• Data from Third-Party Platforms. When you sign up for our Services through a third-party platform (e.g., PayPal), the third-party platform will share information such as your name and any other data necessary to provide you with features.

2. How we use your information and what are the legal basis

We use the information made available to us for the following purposes:

2.1. Performance of the contract

• Provide and enable our services. We use your information to provide you our services.
• Enforce our legal documents. We may use your information to restrict your content or account if we determine that you are infringing our legal documents (e.g., Terms & Conditions).
• Offer support and respond to your queries. We may use your information to communicate with you about our services and to respond to your queries.

2.2. Legitimate interests

• Improve and customize our services. We may use your information to improve and customize our services to your needs and interests.
• Marketing communications. We may send you direct marketing messages (e.g., sending marketing promotions about features of our own Services) to develop and grow our business while keeping you informed of content that might be of your interest. We will obtain your consent to send you messages where required by law.

2.3. Consent

• Provide personalised advertising. We may use your information to inform you about our partner offers and opportunities.

2.4. Compliance with a legal obligation

We may use your information to meet legal obligations, including to ensure the safety of our users and comply with a valid legal request such as an order from law enforcement agencies or courts.

We reserve the right to engage in the further processing of personal data, which we have collected for any of the foregoing purposes, including any other purposes that are consistent with the original purpose or which are permitted or prescribed by law (e.g. reporting obligations).

3. How and when we share your information

We may share your information with other users or organizations, as detailed below.

3.1. Third-parties

• Service providers. We may share your information with our service providers that help us provide, support, and develop our services, including user authentication in the registration process with PayPal, cloud hosting, fraud detection, and technical support.

3.2. Others

• Legal obligations and rights. We may share your information if we believe that it is reasonably necessary to:
  (1) comply with a law, regulation, legal process, or governmental request;
  (2) protect the safety of any person or of our Services;
  (3) explain why we have restricted content or accounts;
  (4) address fraud, security, or technical issues; or
  (5) protect our rights or property, or of those who use our services.
  

4. How we secure your information

The personal data is stored by us within the European Economic Area. In the case of sharing with others as described above, the connections run via SSL/TLS are encrypted ("transport security").

Transfer to other countries outside the European Economic Area (EEA) is possible when relying on adequacy decisions (art. 45, GDPR) or approved standard contractual clauses (art. 46, GDPR), ensuring secure transmission within the framework of specifications on data protection and privacy. Please contact our DPO for further info on our security and processes.

We take the relevant precautions – administrative, organizational, technical, and physical – to protect your personal data against loss, theft, misuse, unauthorized access, unauthorized transmission, unauthorized amendment, and destruction. We regularly review our security measures to consider available new technology and methods.

We retain information for as long as necessary to fulfill the purposes already outlined above, particularly to comply with contractual and legal obligations, when we have a legitimate interest, and to exercise or defence legal claims.

The retention periods will be different depending on the type of information and the purposes for which we use the information. For example, when we process your information to provide you with the Services, we keep this information for as long as you have an account. If you violate our legal documents, we may remove your profile information and/or User Content from public view immediately but keep your information as is necessary to process the violation.

5. What are your data protection rights

According to the provisions of the UK GDPR, you have the following data protection rights:

• Right of access. You have the right to ask whether we are processing your personal data and copies of it, all for free of charge.
• Right to rectification. You have the right to ask us to rectify information you think is inaccurate or to complete information you think is incomplete.
• Right to erasure. You have the right to ask us to erase your personal data in certain circumstances.
• Right to restriction of processing. You have the right to ask us to restrict the processing of your information if you are concerned about the accuracy of the data or how it is being used.
• Right to data portability. This only applies to the information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
• Right to withdraw consent. You have the right to ask us to withdraw any declarations of consent previously made and relating to the processing of your personal data with future effect by sending an email to us (available in the introduction of this Privacy Policy) or by requesting it at the time you are contacted by email, phone, or SMS. However, such withdrawal of consent does not affect the legitimacy of any processing operations previously executed.
• Right to object to processing. You have the right to object to processing your personal data at any time. This effectively means that you can stop or prevent us from using your data. However, it only applies in certain circumstances, when we process your data for: (i) a task carried out in the public interest; (ii) the exercise of official authority; (iii) our legitimate interests; (iv) scientific or historical research or statistical purposes; or (v) direct marketing purposes.

You should preferably submit any requests here listed in writing with the Data Protection Officer, who is the point of contact for any other data protection matters.

Should you wish to assert any of the rights listed above in this section, please get in touch with us via email (mentioned in the introduction of this document).

Lastly, you are also entitled to lodge a complaint with the competent regulatory authority for us – the Data Protection Officers of the State of Hesse, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Post-box 31 63, 65021 Wiesbaden, Germany – or with any other regulatory authority including the data protection regulator in the United Kingdom whose details are: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

6. Younger users

You must be at least 16 (sixteen) years old to use the Services.