This document is intended to explain the relevant elements related to the company's handling of your data, and in particular your personal data. The company is committed to complying with applicable privacy legislation, including the General Data Protection Regulation (GDPR). The company will sometimes act as a data controller, or as a processor within the meaning of the GDPR.
1. The company acts as a processor
For any personal data introduced in the Qwiid, created by both you and another user of the service, the company acts soley as the processor of the holder of the Qwiid creator account, who will act as the controller towards the company. The purpose of the processing is exclusively to store and display the personal data introduced.
Transparency means you need to be informed of the following about your personal data:
- The storage period of the data
- The means we use to prevent abuse or unauthorized access
1. How long is your data stored?
Your personal data, introduced in Qwiid created by both you and another user of the service, is stored until the actual deletion of the Qwiid concerned.
The creator can manage his Qwiid with the management features provided in the service. Deletion via these features is a logical deletion that does not necessarily involve a real deletion of the relevant data. For the deletion to be real, the creator must make an express request to the company in writing via firstname.lastname@example.org.
If a user deletes his or her account, all his/her entries will be deleted and cannot be recovered, but his Qwiid, proposals, options, arguments will be maintained and assigned to an anonymous account, which he or she will not be able to associate with his account if he or she creates another account.
Your other personal data used in the service (for example, actions taken on the site) are kept for a rolling period of 3 months.
2. What are the means used to prevent abuse or unauthorized access?
- A user account can be banned so to prevent it from participating in Qwiid
- A site administrator can password protect the entire site
- A site administrator can restrict access on an IP basis using blacklists/whitelists
- Account creation and use can be restricted to certain domains using blacklists/whitelists
- A Qwiid creator can protect its Qwiid by password
- A Qwiid creator can limit participation to participants with a Qwiid account
- Use of robust passwords for access to servers and databases
- Use of recent technologies and protection mechanisms provided by the framework
- Encryption of site – and Qwiid passwords with a high entropy level and near zero predictability
- Decryption of user passwords impossible (only encryption)
- Logs and alerts to manage suspect activity of the site
- Use of the HTTPS protocol for server requests (green padlock)
2. The company acts as data controller
The company will act as the data controller for all personal data provided to the company by the user for the creation and management of his or her Qwiid account as well as for all personal data exchanged directly between a user and the company via the platform.
In accordance with the Regulation (GDPR), your personal data must be handled transparently.
Transparency means you need to be informed of the following concerning your personal data:
- The purposes of the processing
- The lawful basis for the procession
- The categories of personal data involved
- The duration of the data storage
- The right to request access to and rectification of the personal data
- The right to lodge a complaint with a supervisory authority
- The identity and contact information of the person in charge of the processing
- The means we use to prevent abuse or unauthorized access
- The recipients of your personal data
1. What is your personal data used for?
Your personal data is used to:
- Create your account
- Get in touch with you (sending confirmation links, ...)
- Identifying yourself
- Linking you to the Qwiid you create
- Linking you to the Qwiid you participate in
- Generate purely internal statistics that allow us to improve the product. The company will never share your personal data with third parties without your permission.
Your personal data is not used for any purpose other than the purposes stated above.
2. On what lawful basis is this processing based?
The processing of your personal data is based on the consent you have given at the latest at the time of submission of this data (Art. 6, 1.a) of the GDPR).
3. What personal data do we deal with?
The personal data required for the above purposes are:
- Names and contact information (name, first name, nickname, phone number, email address)
- IP Addresses
- Language and geographic data (timezone)
- Browser and operating system
4. How long is your data stored?
Your personal account creation and management data is stored for up to one year after the account is deleted.
Personal data relating to exchanges that occurred directly between a user and the company via the platform are stored up to five years after the relevant communication.
5. What rights do you have?
You have the right to view your personal data to check the accuracy of the information stored and/or to correct or update it (rectification).
In some cases and within the limits determined by the regulation, you have the right to object to the processing or to request that certain personal data be deleted, transferred or that its processing be limited.
To do this, you can send an email to email@example.com
6. How do I lodge a complaint?
7. Contact information of the person in charge of the processing
The company is responsible for the processing to the aforementioned extent. Its contact information is as follows: firstname.lastname@example.org.
8. What are the means used to prevent abuse or unauthorized access?
9. Who can we share your personal data with?
Your personal data is treated as confidential by the company.
Your personal data will never be passed on to third parties without your permission.
Transmission to third parties may nevertheless occur in the following specific circumstances:
- Transmission to our subcontractors, with the sole aim of enabling them to carry out the task we entrust to them (e.g. hosting the platform, ...)
- Transmission to judicial or supervisory bodies if we were to be compelled to do so. In such a case, we would inform you in advance as far as we would be allowed to do so.
As a reminder, your use of the service may mean that you yourself transfer your data to third parties. For example, by inviting users to participate in your Qwiid.