Qustodio Technologies SLU. (the “Company” or “We/us”, with domicile at Passeig de Gracia 18 Planta 2 08007 Barcelona, Spain; and corporate VAT NB: ESB65825523) provide its Services for you to be able to monitor and control the use of your and your family’s computer devices, with a parental control panel platform which allows you to set the level and degree of monitoring of the devices associated with your User Account (as defined below). The Services also include optional services for safe navigation and search. The purpose is to enable you to control the use of these devices by their Users (as defined below), when and to the extent that such activity is permitted by applicable law and without infringing the rights of others (including the fundamental rights of Users) or other applicable regulations.
1. Data collection by the Company through the Services
The personal data about you or the Users (hereinafter the "Data") that can be collected by us through the use of the Services are as follows:
Registration. On registering for Qustodio Services, we will collect the following personal data: name, surname, company/institution, email address and telephone/fax (“Registration Data”). This data is obligatory and if they are not provided, an account cannot be created.
Web-forms. If you submit any webform to us (Contacts, comments), we collect the data indicated in the forms indicated in and submitted through these forms by you, including name and email address. Required data in order to send the webform is indicated. This data is used for processing your request and contacting you for further communication.
Information about your computer. Due to the communications standards on the internet, when you visit our Platform we automatically receive the URL of the site from which you came and the site to which you are going when you leave the site. We also receive the internet protocol (“IP”) address of your computer and the type of web browser you are using. We use this information to analyse overall trends and to help improve the service. This information is not shared with third parties without your permission.
Qustodio Browser Guard and Secure Search. These add-on applications to the Qustodio software, installed at your option, collect certain additional user data, such as search queries or page addresses, performance and other usage information (search term, IP address, browser type, language setting) and install one or more cookies for managing the service. In addition, they periodically contact our servers to request automatic updates to the latest version, and as part of this request sends the unique application numbers along with optional Toolbar usage and configuration statistics. These unique application numbers are not associated with any other personally identifying information. Certain optional Toolbar features may send the URL address of the site you visit. We will let you know when you are enabling a feature that automatically sends page addresses to us, and you can turn these features off at any time. These URL addresses are not associated with any other personally identifying information.
Your User Data. On your behalf, as a principal function of the service, we collect and process personal data relating to your Users (as defined in the Terms) in accordance with the provisions set out in section 3 below.
2. Use of Registration Data collected by the Company
General. We are responsible for processing your Registration Data, which is solely used for the development of our contract and communications with you and for the provision and management of your Qustodio Account and our Services provided to you (as described in the Terms). It is also used to measure and improve the services and functionality and to provide customer service, send email notifications and (unless no longer in the distribution list) newsletters, or communications, in general, about the Services, products and novelties, and offers or promotions offered by Us. We will use the Registration Data in order for these purposes and to comply with the Terms and other legal notices.
Registered users are also sent notification emails about activities of the Service. We may process such information on an aggregated non-identifiable basis for establishing user general attributes and profiles and share such anonymous information with third parties to help improve or promote our service or offer joint services. We also use your data in a non-identifying and aggregated manner (i.e. dissociated data) to better design our web site, software and services
Disclosure. We treat your Registration Data with strict confidentiality in accordance with applicable law. However, we shall disclose any information about you or your use of our Services (i) in compliance with a legal obligation, (ii) in order to correctly deliver our Services or perform other obligations in accordance to the applicable regulations and rules set forth in the Terms, or (iii) in the event of a sale of change of control of the Company for the purpose of appropriate due diligence.
Commercial Communications. By filling in and sending your data to us, you expressly consent to receive electronic commercial communications regarding the subject matter of the Services, other services and applicable economic sector (mainly the area of electronic commerce, the content control tools of navigation Internet and cybersecurity) in accordance to applicable law, including alerts, notices, newsletters, offers and promotions. If you do not wish to receive information from this Platform you can expressly opt out by sending a notification to email@example.com.
3. Data processing on your behalf: the Company as data processor
User Data. In registering for a Qustodio Account, the Services start collecting data from the Devices associated to the Account, which may include personal data relating to you, to the Users of the Devices or to third parties (“User Data”, including information about your Devices, websites and apps that your Users use, contacts, connections, payments, messages and other communications, posted and received content, etc.). In accordance with applicable privacy law, to the extent that it applies to the Services, you are the Data Controller of this User Data and you appoint us as a Data Processor of such data for the purpose of providing the Qustodio Services.
Data Processor Obligations. To the extent that we are Data Processor on your behalf, we shall (a) implement appropriate technical and organizational measures to safeguard any User Data against any unauthorized or unlawful access, loss, destruction, theft, use or disclosure; (b) limit access to User Data only to those employees who need to know it to enable the Processor to perform the Services; (c) only process the User data as specified by this Policy and in accordance with your instructions, and (d) will not use the User Data for any purposes other than those related to the performance of the Services or pursuant to your written instructions. Upon the expiry or termination of this Agreement by way of de-registration, or upon your request, we will cease any and all use of the third party Data and will destroy or return it to you except as provided above with respect to backed-up data and termination. We will not disclose User Data to any third party without your prior written consent or pursuant to court or administrative order.
Subcontracting. As Data Processor we may provide access to any User Data to a subcontractor processor if we reasonably consider such access and processing necessary to the performance of the Services. In the event of such access and before the access takes place, we shall ensure that an agreement with the third party is in place which is sufficient to require it to treat personal data in accordance with the applicable provisions of this Agreement and applicable, signing for an on your behalf. In particular, you authorise us to subcontract to the third parties mentioned in the following section on international transfers.
Data removal. We generally retain your User Data on an identifiable basis for 12 month periods, for providing our annual behaviour report. It is then diassociated. In addition, through the Platform control panel, you may delete all historical data saved at any time. This data will no longer be accessible and will be fully removed from our systems on the next back-up, except as indicated below. If you wish to remove all the User Data in your Qustodio Account, please, uninstall Qustodio of your devices, and send an email (as set out below), with a digital copy of your ID or other identification document to prove your identity. Once your identity confirmed, we will immediately remove all Data from our active systems and back-ups within fifteen (15) days from confirmation of identity (except as indicated below).
Warranties. You, as the one responsible for User Data that we process on your behalf as Data Processor for the provision of the Services, represent and warrant to us that
- a) You comply with all applicable legislation with respect to the monitoring and control of equipment and devices used by Users within your organisation.
- b) You are not in any situation described in the section on “Prohibitions” in the Terms (see clause 1.3 of the Terms)
- c) You have all the appropriate informed consents from each and every data subjects whose personal data are submitted to us in the course of the provision of the Services or collected and transmitted to us by the Qustodio Software.
Indemnity. You agree to indemnify and keep us harmless from all claims, damages and losses we may suffer relating to or arising out of the processing of User Data and other third party personal data submitted to our systems during the course of use and provision of the Services.
4. International transfers of data
We use third party technological services for the provision of Services, whose providers may process Registration Data and User Data collected in the course of providing us their services indicated below, as sub-processors. You authorize us to subcontract the following services and the corresponding transfer of User Data to the entities and countries listed below:
- Data hosting and information systems: Amazon Inc., USA
- Support and user support / help desk: Desk.com Inc., USA
- Electronic communications: Google Inc., USA
- Hosting and backup data: Google, Inc., Digital Ocean Inc., Dropbox Inc., USA
- Sending of commercial emails: Rocket Science Group Llc (Mail Chimp), USA These companies are all within the EU-US Privacy Shield.
5. Data Security
We have adopted technical and organizational measures to preserve and protect your personal information from unauthorized use or access and from being altered, lost or misused, taking into account the technological state of art, the features of the information stored and the risks to which information is exposed.
However, due to the nature of the information and related technology, we cannot ensure or guarantee the security of your personal information and expressly disclaims any such obligation. If we learn of a security breach, then we will attempt to notify You electronically so that You can take appropriate steps.
6. Analytics and other anonymous data use
For the purpose of improving our services and providing sector/segment reports, we anonymise your Registration Data and User Data and store and process this data on an anonymous basis, even if your Account has been closed. The principal purpose is to analyze on an aggregated non-identifiable basis how our Services are used, measuring their effectiveness, and providing general customer service. We may also provide this data (or parts of it) on a fully anonymous aggregate basis to third party business partners, including for conducting academic research and surveys or commercial analytics, and to publish periodic sector or segmented information and reports about behaviour patterns and tendencies.
7. User Rights
You have the right to access, rectify, erase, block and oppose any processing of your personal data that we may have. Moreover, you may at any time withdraw your consent to the processing of your personal data and information. This withdrawal will not have retroactive effects but may prevent providing the Services. The above is without prejudice to provisions of Spanish applicable law enabling conservation of data for the purpose of defending our responsibility and complying with mandatory legal obligations. The aforementioned rights may be effective by contacting us at firstname.lastname@example.org or at Passeig de Gracia 18 Planta 2, 08007 Barcelona, Spain.
We will assist you in accordance with the functionalities of the Platform and the Term of this agreement to attend any User request with regard to the processing of their personal data.
By completing the forms of the Qustodio Platform and registering for an Account, you declare to have read and accepted the terms of this Policy. Without prejudice to the generality of the foregoing, you expressly and unequivocally consent to:
- the collection and processing of your personal data by us in accordance with the indicated purposes and this Policy;
- the collection and processing of User Data on your behalf, as indicated herein; and
Your consent to personal data collection and processing may be revoked, without retroactive effects, in accordance to Sections 6 and 11 of Spanish Data Protection Law 15/1999.