Data Protection and Privacy

1. Controller

S. C. Beauty Ventures GmbH
Thomas-Mann-Str. 19
53111 Bonn, Germany
Email: info@kwiz.tools
Phone: +49 (0)228 504 647 55
Represented by: Marion Hillebrecht, Managing Director

2. Hosting & Server Location

Our servers are located exclusively in Germany and operated by a German hosting provider. Data processing is based on a data processing agreement pursuant to Art. 28 GDPR. No data is transferred to third countries through hosting.

3. Registration, Login & Customer Data

To use our service, registration is required. The following data is collected and processed:

• First and last name
• Company name
• Email address
• Password (stored only as a secure hash, not in plain text or encrypted form)
• Billing details (e.g., address, VAT ID, payment data)
• Content required to create and configure quizzes (e.g., company details, products/services, questions, text entries)

This data is used to provide our services, manage contracts and billing, and structure the quiz platform. Legal basis: Art. 6(1)(b) GDPR (contract performance).

4. Payment Processing (Stripe, PayPal)

We use PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg) and Stripe (Stripe Payments Europe Ltd., Ireland) for payment processing. Personal data such as name, email, payment details, and IP address may be transmitted to the respective payment provider. Legal basis: Art. 6(1)(b) and Art. 6(1)(f) GDPR.

Privacy policies of providers:
PayPal
Stripe

5. Newsletter

If you subscribe to our newsletter, we use your email address to send you information about our products and services. Subscription follows a double opt-in process. You may unsubscribe at any time via the link in the newsletter. Legal basis: Art. 6(1)(a) GDPR (consent).

6. Use of OpenAI

Our application uses OpenAI's API (provided by OpenAI, L.L.C., USA) to analyze or generate text inputs. User inputs are transmitted to OpenAI's servers. We explicitly advise users not to enter personal or sensitive information, as we cannot fully exclude the possibility of such data being processed.

Processing is based on Art. 6(1)(f) GDPR (legitimate interest). OpenAI may process data outside the EU and is certified under the EU-U.S. Data Privacy Framework. More information: https://openai.com/privacy

7. Participation in a Quiz / Third-party Data

When individuals participate in a quiz created via our platform, we process their data on behalf of our customers. This may include first and last names, email addresses, phone numbers, answers, results, IP addresses, and timestamps.

We act as a data processor pursuant to Art. 28 GDPR. Our customers remain responsible for lawful data collection and usage. No data is shared with third parties. Data retention is governed by customer account settings. Data will be deleted upon request unless legal retention obligations apply.

8. Cookies & Tracking

Our website does not use consent-requiring cookies or tracking technologies. Only technically necessary session cookies are used and are deleted when the browser is closed.

9. Data Retention

We store personal data only as long as necessary for the specified purposes or as required by legal retention periods. Billing data is retained for up to 10 years in accordance with commercial and tax law (Art. 6(1)(c) GDPR). Quiz content and configurations are stored as long as the customer account is active.

After account cancellation or upon request, data is deleted unless legal obligations or legitimate interests require otherwise.

10. Rights of Data Subjects

You have the right to access, rectify, erase, restrict processing, object to processing, and data portability (Art. 15 et seq. GDPR). Please contact: info@kwiz.tools
You also have the right to lodge a complaint with a data protection authority.

12. Data Security & Encrypted Transmission

Our website and application use TLS encryption (commonly known as "SSL") to protect your data during transmission. You can recognize an encrypted connection by the "https://" in the browser address bar and the lock icon.

We also implement technical and organizational measures to protect your data from unauthorized access, loss, or misuse (Art. 32 GDPR).

13. Dispute Resolution

We are neither obligated nor willing to participate in dispute resolution proceedings before a consumer arbitration board.

14. Changes to this Privacy Policy

We reserve the right to update this privacy policy in the event of legal or technical changes.
Last updated: May 2025