Qustodio Privacy Policy

Qustodio Technologies SLU. (the “Company” or “We/us”, with domicile at Passeig de Gracia 18 Planta 2 08007 Barcelona, Spain; and corporate VAT NB: ESB65825523) provide its Services for you to be able to monitor and control the use of your and your family’s computer devices, with a parental control panel platform which allows you to set the level and degree of monitoring of the devices associated with your User Account (as defined below). The Services also include optional services for safe navigation and search. The purpose is to enable you to control the use of these devices by their Users (as defined below), when and to the extent that such activity is permitted by applicable law and without infringing the rights of others (including the fundamental rights of Users) or other applicable regulations.

You are solely responsible for use of the control panel and the processing of personal data associated with your account which includes, among others, collecting, storing and analysing personal data from device Users. The Qustodio Platform (as defined below) automatically deploys the configuration and the instructions given by you and you are solely responsible for the configuration of this control panel.

You warrant that (a) you have informed any Users that are 14 years old or more that the Devices used by them include a control and monitoring software and have obtained authorisation from such Users for this kind of activity, as provided in our Privacy Policy or (b) there are mandatory rules in your country would exempt you from the aforementioned obligations. You agree to fully comply with this Privacy Policy.

The Company is committed to respecting and protecting your privacy and that of your Users (as defined in the Qustodio Terms and Conditions). This Privacy Policy explains our practices regarding the use of personal data collected and processed through our Services (as defined in the Qustodio Terms and Conditions of which this Privacy Policy is a part).

By using our Platform and Services, and in particular by providing your personal information on registration or contacting us for any reason, you explicitly accept this Privacy Policy and you provide us with full consent to the collection, storage and processing of personal data for which you are responsible in accordance with the terms set out in this policy, including the sending of electronic communications.

We may amend this Privacy Policy as required to adapt it to future legislative or case law developments. We will notify you by posting a clear notice of these changes on our Platform and in this Privacy Policy.

Unless a specific local regulation of mandatory application provides otherwise, the Privacy Policy is governed by the laws of Spain

1. Data collection by the Company through the Services

The personal data about you or the Users (hereinafter the "Data") that can be collected by us through the use of the Services are as follows:

Browsing. We do not collect any personal data if you are merely browsing the Platform, except as indicated in our Cookie Policy.

Registration. On registering for Qustodio Services, we will collect the following personal data: name, surname, company/institution, email address and telephone/fax (“Registration Data”). This data is obligatory and if they are not provided, an account cannot be created.

Payments. Our payment provider (Braintree) collects certain payment data which is processed according to their terms and privacy policy which is provided to you during the payment process. See https://www.paypal.com/uk/webapps/mpp/ua/privacy-full. We may contract further payment gateways, and their conditions will be provided to you during the payment process.

Web-forms. If you submit any webform to us (Contacts, comments), we collect the data indicated in the forms indicated in and submitted through these forms by you, including name and email address. Required data in order to send the webform is indicated. This data is used for processing your request and contacting you for further communication.

Information about your computer. Due to the communications standards on the internet, when you visit our Platform we automatically receive the URL of the site from which you came and the site to which you are going when you leave the site. We also receive the internet protocol (“IP”) address of your computer and the type of web browser you are using. We use this information to analyse overall trends and to help improve the service. This information is not shared with third parties without your permission.

Qustodio Browser Guard and Secure Search. These add-on applications to the Qustodio software, installed at your option, collect certain additional user data, such as search queries or page addresses, performance and other usage information (search term, IP address, browser type, language setting) and install one or more cookies for managing the service. In addition, they periodically contact our servers to request automatic updates to the latest version, and as part of this request sends the unique application numbers along with optional Toolbar usage and configuration statistics. These unique application numbers are not associated with any other personally identifying information. Certain optional Toolbar features may send the URL address of the site you visit. We will let you know when you are enabling a feature that automatically sends page addresses to us, and you can turn these features off at any time. These URL addresses are not associated with any other personally identifying information.

Your User Data. On your behalf, as a principal function of the service, we collect and process personal data relating to your Users (as defined in the Terms) in accordance with the provisions set out in section 3 below.

2. Use of Registration Data collected by the Company

General. We are responsible for processing your Registration Data, which is solely used for the development of our contract and communications with you and for the provision and management of your Qustodio Account and our Services provided to you (as described in the Terms). It is also used to measure and improve the services and functionality and to provide customer service, send email notifications and (unless no longer in the distribution list) newsletters, or communications, in general, about the Services, products and novelties, and offers or promotions offered by Us. We will use the Registration Data in order for these purposes and to comply with the Terms and other legal notices.

Registered users are also sent notification emails about activities of the Service. We may process such information on an aggregated non-identifiable basis for establishing user general attributes and profiles and share such anonymous information with third parties to help improve or promote our service or offer joint services. We also use your data in a non-identifying and aggregated manner (i.e. dissociated data) to better design our web site, software and services

Disclosure. We treat your Registration Data with strict confidentiality in accordance with applicable law. However, we shall disclose any information about you or your use of our Services (i) in compliance with a legal obligation, (ii) in order to correctly deliver our Services or perform other obligations in accordance to the applicable regulations and rules set forth in the Terms, or (iii) in the event of a sale of change of control of the Company for the purpose of appropriate due diligence.

Commercial Communications. By filling in and sending your data to us, you expressly consent to receive electronic commercial communications regarding the subject matter of the Services, other services and applicable economic sector (mainly the area of electronic commerce, the content control tools of navigation Internet and cybersecurity) in accordance to applicable law, including alerts, notices, newsletters, offers and promotions. If you do not wish to receive information from this Platform you can expressly opt out by sending a notification to support@qustodio.com.

3. Data processing on your behalf: the Company as data processor

User Data. In registering for a Qustodio Account, the Services start collecting data from the Devices associated to the Account, which may include personal data relating to you, to the Users of the Devices or to third parties (“User Data”, including information about your Devices, websites and apps that your Users use, contacts, connections, payments, messages and other communications, posted and received content, etc.). In accordance with applicable privacy law, to the extent that it applies to the Services, you are the Data Controller of this User Data and you appoint us as a Data Processor of such data for the purpose of providing the Qustodio Services.

Your use of User Data. As Data Controller, you warrant that you have the appropriate authority to collect and process the User Data and you agree to (i) process and use the User Data in accordance with this Privacy Policy, the Terms and applicable law, and only for the explicit purposes of the Services. You will not submit to the Services any personal data relating to any individual that has not authorized such processing. Through the Services, you may also access a copy of the User Data collected by us on your behalf. You will protect the confidentiality of any accessible User Data and prevent access by or disclosure to any unauthorized third person. You will inform us within 24 hours about any problem arising in relation with management of your Qustodio Account and/or User Data. You and your Users will be responsible for any illegal use of other person’s data (personal or not) through the Services, including any use contrary to applicable data protection laws and/or in violation this Privacy Policy.

Service Configuration. The Services and Qustodio Platform and Device Software (as defined in the Terms) provide device monitoring and controlling services, as described in the Terms. As part of the same, significant amounts of User Data may be collected and transmitted by the Qustodio Device Software to the Qustodio Platform, including data relating to Users and use of the Devices, URLs that are visited and communications sent by the Users. You are responsible for setting your control panel configurations on the Qustodio Platform that (i) controls Services, supervision and monitoring of activities and (ii) determines the personal data to be covered. The installation of the Qustodio Device Software and your configuration of the control panel constitute instructions for us to process User Data on your behalf, to provide you the Services. The level and degree of such surveillance and monitoring is entirely under your control and we will not be liable for any such configuration and control carried out by you. All such User Data will be under your responsibility, with the Company as data processor in accordance with this Privacy Policy.

Data Processor Obligations. To the extent that we are Data Processor on your behalf, we shall (a) implement appropriate technical and organizational measures to safeguard any User Data against any unauthorized or unlawful access, loss, destruction, theft, use or disclosure; (b) limit access to User Data only to those employees who need to know it to enable the Processor to perform the Services; (c) only process the User data as specified by this Policy and in accordance with your instructions, and (d) will not use the User Data for any purposes other than those related to the performance of the Services or pursuant to your written instructions. Upon the expiry or termination of this Agreement by way of de-registration, or upon your request, we will cease any and all use of the third party Data and will destroy or return it to you except as provided above with respect to backed-up data and termination. We will not disclose User Data to any third party without your prior written consent or pursuant to court or administrative order.

Subcontracting. As Data Processor we may provide access to any User Data to a subcontractor processor if we reasonably consider such access and processing necessary to the performance of the Services. In the event of such access and before the access takes place, we shall ensure that an agreement with the third party is in place which is sufficient to require it to treat personal data in accordance with the applicable provisions of this Agreement and applicable, signing for an on your behalf. In particular, you authorise us to subcontract to the third parties mentioned in the following section on international transfers.

Data removal. We generally retain your User Data on an identifiable basis for 12 month periods, for providing our annual behaviour report. It is then diassociated. In addition, through the Platform control panel, you may delete all historical data saved at any time. This data will no longer be accessible and will be fully removed from our systems on the next back-up, except as indicated below. If you wish to remove all the User Data in your Qustodio Account, please, uninstall Qustodio of your devices, and send an email (as set out below), with a digital copy of your ID or other identification document to prove your identity. Once your identity confirmed, we will immediately remove all Data from our active systems and back-ups within fifteen (15) days from confirmation of identity (except as indicated below).

Warranties. You, as the one responsible for User Data that we process on your behalf as Data Processor for the provision of the Services, represent and warrant to us that

  • a) You comply with all applicable legislation with respect to the monitoring and control of equipment and devices used by Users within your organisation.
  • b) You are not in any situation described in the section on “Prohibitions” in the Terms (see clause 1.3 of the Terms)
  • c) You have all the appropriate informed consents from each and every data subjects whose personal data are submitted to us in the course of the provision of the Services or collected and transmitted to us by the Qustodio Software.

Indemnity. You agree to indemnify and keep us harmless from all claims, damages and losses we may suffer relating to or arising out of the processing of User Data and other third party personal data submitted to our systems during the course of use and provision of the Services.

4. International transfers of data

We use third party technological services for the provision of Services, whose providers may process Registration Data and User Data collected in the course of providing us their services indicated below, as sub-processors. You authorize us to subcontract the following services and the corresponding transfer of User Data to the entities and countries listed below:

  • Data hosting and information systems: Amazon Inc., USA
  • Support and user support / help desk: Desk.com Inc., USA
  • Electronic communications: Google Inc., USA
  • Hosting and backup data: Google, Inc., Digital Ocean Inc., Dropbox Inc., USA
  • Sending of commercial emails: Rocket Science Group Llc (Mail Chimp), USA These companies are all within the EU-US Privacy Shield.

5. Data Security

We have adopted technical and organizational measures to preserve and protect your personal information from unauthorized use or access and from being altered, lost or misused, taking into account the technological state of art, the features of the information stored and the risks to which information is exposed.

However, due to the nature of the information and related technology, we cannot ensure or guarantee the security of your personal information and expressly disclaims any such obligation. If we learn of a security breach, then we will attempt to notify You electronically so that You can take appropriate steps.

6. Analytics and other anonymous data use

For the purpose of improving our services and providing sector/segment reports, we anonymise your Registration Data and User Data and store and process this data on an anonymous basis, even if your Account has been closed. The principal purpose is to analyze on an aggregated non-identifiable basis how our Services are used, measuring their effectiveness, and providing general customer service. We may also provide this data (or parts of it) on a fully anonymous aggregate basis to third party business partners, including for conducting academic research and surveys or commercial analytics, and to publish periodic sector or segmented information and reports about behaviour patterns and tendencies.

7. User Rights

You have the right to access, rectify, erase, block and oppose any processing of your personal data that we may have. Moreover, you may at any time withdraw your consent to the processing of your personal data and information. This withdrawal will not have retroactive effects but may prevent providing the Services. The above is without prejudice to provisions of Spanish applicable law enabling conservation of data for the purpose of defending our responsibility and complying with mandatory legal obligations. The aforementioned rights may be effective by contacting us at info@qustodio.com or at Passeig de Gracia 18 Planta 2, 08007 Barcelona, Spain.

We will assist you in accordance with the functionalities of the Platform and the Term of this agreement to attend any User request with regard to the processing of their personal data.

8. Consent

By completing the forms of the Qustodio Platform and registering for an Account, you declare to have read and accepted the terms of this Policy. Without prejudice to the generality of the foregoing, you expressly and unequivocally consent to:

  • the collection and processing of your personal data by us in accordance with the indicated purposes and this Policy;
  • the collection and processing of User Data on your behalf, as indicated herein; and
  • the processing of all personal data stated in this Privacy Policy outside the European Economic Area (particularly in the United States of America) by the following subcontractors: Amazon Inc., Desk.com, Google Inc, Digital Ocean Inc., Dropbox Inc. and Rocket Science Group Llc for the purposes indicated above.

Your consent to personal data collection and processing may be revoked, without retroactive effects, in accordance to Sections 6 and 11 of Spanish Data Protection Law 15/1999.