Privacy

1. General information

This Privacy Policy describes how personal data is processed in which is operated by Kwizie (later “we” or “Kwizie”). This Privacy Policy tells you what personal data Kwizie collects, how the data is used and to whom the data is disclosed, and how the data subject can control the processing. The Privacy Policy also informs about the obligations the controller follows when processing personal data.

What is Kwizie

Kwizie is a Software as a Service (SaaS) platform that allows users to create and share gamified quizzes using artificial intelligence.

This Privacy Policy applies to Kwizie. This Privacy Policy covers all persons whose personal data are processed (later “data subjects”, “you”) in connection with the Kwizie.

The controller is dedicated to protecting the privacy of the data subjects and commits to process their personal data in compliance with the applicable privacy laws and regulations and good data processing practice.

Personal data refers to information, which allows a person to be directly or indirectly identified as an individual person, as defined in the GDPR.

Kwizie is the data controller concerning the user identification data, behavioral data related to the use of the platform and generic information such as name, email, address, and phone number. In other words, Kwizie is controller regarding other data than user generated content in the platform.

Kwizie acts as a processor regarding the content you submit to the Kwizie platform. A user using the platform for educational purposes acts as a controller regarding the content submitted to the platform.

2. Controller and contact information

Controller

Kwizie Oy
Business ID: 3344169-7
Address: Satamasaarentie 2, F41, Helsinki 00980, FINLAND
Email us

3. Purpose and legal basis of the processing of personal data

We only process personal data that are relevant for the purpose it has been collected or obtained for, and we process the data in compliance with laws and regulations.

Personal data is processed for our Kwizie platform, including materials, customer relationship management, communications, quality assurance, service planning and development, analysis, generating statistics and administrative purposes such as consent and rights management. The legal basis of the processing is the performance of a contract, the consent and the legitimate interests of the controller. The legitimate interests include administration and development of the platform.

Marketing

You may subscribe to our newsletter. When Personal data is used for sending you our newsletter, such communications will be based on your consent (opt-in) which you can withdraw at any time. However, Kwizie can send direct marketing regarding similar products and services you have acquired from us and using the electronic contact information provided by you. You have the right to object to this kind of marketing too, and it is possible to do it also in advance (opt-out).

Tracking and automated decision-making including profiling

We track behavior on our Kwizie platform for service development and to offer you a better user experience. We also utilise the data for marketing and internal development. Please see our separate Cookie Policy.

Information security

Personal data is processed for preventing, detecting and remediating potentially prohibited or illegal activities. They are also processed for protecting data and property. Personal data can be used for investigating possible security incidents, crimes or damages. Processing related to security and safety is a legal obligation, but some of the security measures are done in the legitimate interests of Kwizie such as protection of our property.

Legal obligations

We also process personal data when required by applicable law and/or to comply with the laws and regulations (e.g. education specific legislation). The legal obligation is the basis for the processing.

Purposes that require a consent

Your consent is required for certain types of processing of your personal data such as profiling the personal data, newsletters and use of cookies. Kwizie platform is not intended to process sensitive personal data, such as data concerning health or religion or philosophical beliefs, and we request that sensitive data is not provided through the Platform. For the processing of personal data that you have given your consent, you can withdraw your consent at any time regarding further processing of your personal data. See instructions further down (9 Rights of the data subjects and the Supervisory authority). We will comply with such request unless there is another legitimate ground to process the data.

4. Personal data processed and sources of information

We collect and processes only personal data which is relevant and necessary for the purposes outlined in this Privacy Policy. We collect the following categories of data:

Categories of data and examples of personal data

• Email address
• User names
• Collected statistics
• Videos used
• Quiz questions and answers that are manually created
• Assessment of quiz learning results

Behavior data

Browsing data and cookie data, see separate Cookie Policy.

We collect the information from the following sources:

• Information you provide us when using the Kwizie platform
• Information you provide e.g. when contacting us, visiting us, utilizing our Services (including Kwizie platform, web services and social media), participating in our marketing activities and when entering into a contract with us / ordering our Services.
• Information provided by personnel
• Automatically gathered information when you use our Services e.g. when you use our online services or this platform.
• Information from service providers such as marketing service providers
• We may collect information from third parties such as public and private registers.

5. How we store and process your data

• We use collected data to improve quiz making for users as well as analyzing results at a global level
• We use artificial intelligence (“AI”) to analyze data and personalize learning for users
• We use AI to create quizzes and metadata (chapters, titles, key concepts, and summaries)

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. You can find more information about the right to object processing in chapter 9. Rights of the data subjects.

Kwizie's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

In order to generate quizzes and related metadata, Kwizie shares your selected videos with 3rd party AI models. By signing up to Kwizie, you provide your explicit consent to do so.

6.  Retention of Personal data

The personal data we collect are retained for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required by law (e.g. education specific obligations), or we need it to protect our legal rights. Thereafter, the Personal data will be deleted within a reasonable timeframe (12 or 24 months) or rendered anonymous. The retention periods depend on the purpose of the processing and type of the information.

Categories of personal data

Educational data

We will keep the data as long as the user is using our platform and delete it after 12 months of inactivity or on users request.

Marketing data

We will keep the personal data for marketing purposes no longer than 24 months after collecting the personal data. If you use your right to opt-out from receiving marketing messages, we will delete your personal data from our marketing database without delay.

Cookies/analytics data

See separate Cookie Policy.

7. Recipients of Personal data

Personal data is shared with external service providers to provide technical solutions or services for processing stored information and for accessing the stored information by using a technical interface and will share your personal information with such third-party service providers to the extent that it is reasonably necessary to perform, improve or maintain the Services. We use third party service providers, such as e-mail service providers, credit card processors, information analyzers and business intelligence providers. We have the right to share personal information as necessary for the aforementioned service providers to provide their services to us. List of the processors and other recipients can be provided upon request.

Transfers outside EU/EEA

All the Content of the Platform is stored in Amazon Web Services cloud servers which are in the European Union. The data is not transferred to any other region.

Kwizie uses Stripe as a credit card processor and your personal data may be transferred to countries other than your own country, including to the United States. Stripe complies with applicable laws to provide an adequate level of data protection for the transfer of your personal data to the US. Where applicable law requires a data transfer legal mechanism, Stripe uses one or more of the following: EU Standard Contractual Clauses with a data recipient outside the EEA or the UK, verification that the recipient has implemented Binding Corporate Rules, or other legal method available to us under applicable law.

Other transfers

In addition, we may share your information in connection with any merger, sale of our assets, or a financing or acquisition of all or a portion of our business and in connection with other similar arrangements. Personal data are also disclosed to third parties if required under any applicable law or regulation or order by competent authorities, and to investigate possible infringing use of the Services as well as to guarantee the safety of the Services.

Communication data

The Kwizie Platform contains a communication feature. Communication specific regulation applies to communication data.

8. Protection of Personal data

We commit to follow to the security provisions of applicable data protection regulations, as well as to process Personal data in compliance with good processing practices. Personal data are protected with appropriate technical and organizational measures. We store the information with limited access rights and secure IT-environments. The IT-environments are protected with firewalls and other adequate security technics, and advanced monitoring is done 24/7. Our personnel and processors that process Personal data are obliged to keep Personal data strictly confidential. Access to Personal data is only granted to users, that need the information to perform their work tasks. All users and other processors have personal IDs and passwords. We inform the authorities and users/data subjects of data breaches according to applicable information security and data protection regulation(s).

9. Rights of the data subjects and the Supervisory authority

The data subjects have the rights set out in the applicable data protection legislation.

Right to access and verify

You have the right to have confirmed if we process your personal data. You have the right to verify and access your personal data and to request us to provide you the data in writing or electronically.

Right to correct and erase (right to be forgotten)

You have the right to have corrected any incorrect or incomplete personal data. You have also the right to request us to remove data. We also remove, correct and complete incorrect, unnecessary, incomplete or outdated data on our own initiative when we notice such data.

Right to data portability and to object and restrict processing

You have the right to transmit your data to another controller. You have the right to request us to restrict processing of your personal data in accordance with the conditions set out in the data protection legislation. We will also restrict the processing of your personal data if we cannot correct or remove incorrect data, or if there is any uncertainty related to request to erase your data. You have the right to object to processing of your personal data for certain purposes. You have the right to deny any processing or transferring of data for direct marketing.

Right to withdraw consent

If the processing of your personal data is based on consent, you have the right to withdraw consent at any time. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. You can deny any direct marketing and withdraw your consent regarding electronic direct marketing by following the instructions received in connection to the marketing communication (e.g., in the marketing email or SMS). You can always withdraw any consent including parental consent by contacting Kwizie using the contact information provided in the beginning of this document.

How to exercise the rights of the data subjects

After receiving all the required information of your request (including confirmation of identity), we will start the processing of your request. We will do our best effort to process your request within a period of one (1) month. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.

Right to lodge a complaint with the supervisory authority

In case you consider our processing activities of your Personal data to be inconsistent with the General Data Protection Regulation (GDPR) (EU) 2016/679, you have the right to complain with a data protection supervisory authority.

10. Changes to this Privacy Policy

We may change this Privacy Policy from time to time, whenever necessary. All changes here to will be made available on our website at Kwizie.ai. This Privacy Notice has been published on 31 May 2023.

Change history

First published 31^st May 2023.

Amended 6th March 2024 to include Google API Services and their User Data Policy.