POLÍTICA DE PRIVACIDADE DA FAMÍLIA QUSTODIO

 

Última atualização: [2025 10 22]

A Qustodio Technologies SL (“Qustodio”, a “Empresa” ou “nós”) está comprometida em respeitar e proteger a sua privacidade e a dos seus Usuários. Esta Política de Privacidade explica nossas práticas em relação ao uso de dados pessoais coletados e processados ​​por meio dos nossos Serviços Qustodio Family (os “Serviços” ou “Serviços Qustodio”). Esta Política de Privacidade integra nossas condições de uso dos nossos Serviços.

A Qustodio Technologies SL (“Qustodio”, a “Empresa” ou “nós”) está comprometida em respeitar e proteger a sua privacidade e a dos seus Usuários. Esta Política de Privacidade explica nossas práticas em relação ao uso de dados pessoais coletados e processados ​​por meio de nossos Serviços Qustodio Family (os “Serviços” ou “Serviços Qustodio”). Esta Política de Privacidade integra nossas condições de uso de nossos Serviços.

Esta Política de Privacidade faz parte dos Termos de Serviço da Família Qustodio.

Resumo

O Qustodio processa dois tipos de dados pessoais em relação aos Serviços Qustodio:
• (1) seus dados de conta e contato. Esses dados são usados ​​para gerenciar nosso relacionamento com você, incluindo ativação, suporte, faturamento e upselling. Isso é descrito na Seção B da política.
• (2) seus Dados do Dispositivo do Usuário, coletados dos dispositivos monitorados associados às suas Contas de Usuário (“Dispositivos Monitorados”). Esses dados são processados ​​como controlador de dados em seu nome, para fornecer os serviços de controle e monitoramento parental por meio do painel de controle. Isso é descrito na Seção C da política.

Os Assinantes são os únicos responsáveis ​​pela configuração e utilização do painel de controle parental e pelo processamento dos dados pessoais associados à sua conta (o que inclui, entre outros, a coleta, o armazenamento e a análise de dados pessoais dos Dispositivos Monitorados pelos Usuários). Os Serviços Qustodio implementam automaticamente a configuração e as instruções fornecidas por você, e você é o único responsável pela configuração deste painel de controle. Você pode alterar essas configurações e fornecer instruções para limitar e/ou apagar quaisquer dados coletados no painel de controle.

Se você utilizar o Serviço Qustodio para visualizar dados sobre o uso de dispositivos escolares por seus Usuários, coletados pela Linewize Inc. por meio do serviço School Manager, leia a seção D desta Política de Privacidade.
Os Serviços Qustodio foram projetados para uso em ambiente doméstico por pais e não por crianças, e não coletamos intencionalmente informações pessoais diretamente de crianças menores de 13 anos. Você garante que (a) informou a quaisquer Usuários com 14 anos ou mais que os Dispositivos Monitorados por eles utilizados incluem um software de controle e monitoramento e obteve autorização de tais Usuários para esse tipo de atividade ou (b) existem regras em seu país que o isentam da obrigação de informação e consentimento mencionada acima, ou que preveem um limite de idade diferente, caso em que esse limite de idade será aplicável. Tanto o Qustodio quanto você concordam em cumprir integralmente esta Política de Privacidade.

Para usuários dos EUA

Cumprimos a Lei de Proteção à Privacidade Online de Crianças de 1998 (COPPA)
A COPPA e suas regras exigem que informemos os pais e responsáveis ​​legais (“pais”) sobre nossas práticas de coleta, uso e divulgação de informações pessoais de crianças menores de 13 anos (“crianças”). Também exige que obtenhamos o consentimento verificável dos pais da criança, ou confirmemos que o professor da criança obteve o consentimento verificável dos pais da criança, para determinadas ações de coleta, uso e divulgação de informações pessoais da criança.

Saiba mais sobre a COPPA na página da FTC sobre a COPPA. Esta regulamentação visa proteger a privacidade dos seus filhos. Para que uma criança menor de 13 anos, residente nos Estados Unidos, possa utilizar os Serviços Qustodio, o registro deve ser aprovado pelos pais ou professores.

A. ASPECTOS GERAIS DO TRATAMENTO DE DADOS PELA QUSTODIO

Esta seção informa assinantes e usuários sobre informações gerais sobre o processamento de dados pela Qustodio Technologies, SL.

• Controlador de Dados / Negócios

O Controlador de Dados é Qustodio Technologies SL, Roger de Flor 193, bajos, 08013, Barcelona, ​​Espanha. Você pode entrar em contato com nosso Diretor de Proteção de Dados para enviar sugestões, dúvidas, perguntas ou reclamações sobre dados pessoais, ou para acessar seus dados pessoais escrevendo para: dpo@qustodio.com. Qustodio Technologies SL também é a empresa responsável pelo processamento de dados, conforme definido pela Lei de Privacidade do Consumidor da Califórnia (CCPA).

• Confidencialidade e Divulgação

Tratamos seus dados pessoais com estrita confidencialidade, de acordo com a legislação aplicável. No entanto, divulgamos qualquer informação sobre você ou seu uso de nossos Serviços: (i) para cumprir com as obrigações legais às quais estamos sujeitos; (ii) para entregar corretamente nossos Serviços ou executar outras obrigações de acordo com os Termos; (iii) em caso de venda ou mudança de controle da Empresa para fins de ações de due diligence apropriadas; ou (iv) aos nossos prestadores de serviços que nos prestam um serviço relacionado aos dados. Exigimos que todos os terceiros respeitem a segurança dos seus dados pessoais e os processem de acordo com a lei. Não permitimos que nossos prestadores de serviços terceirizados usem seus dados pessoais para seus próprios fins e apenas permitimos que eles processem esses dados para fins específicos e de acordo com nossas instruções..

• Retenção de dados

Nós apenas reteremos seus dados pessoais pelo tempo necessário para cumprir os propósitos para os quais os coletamos, incluindo (a) a execução do contrato com usuários registrados, (b) para fins de satisfazer quaisquer requisitos legais, contábeis ou de relatórios e (c) para seguir suas instruções sobre os dados coletados dos dispositivos. Para determinar o período de retenção apropriado para dados pessoais, consideramos a quantidade, a natureza e a sensibilidade dos dados pessoais, o risco potencial de danos pelo uso não autorizado ou divulgação de seus dados pessoais, os propósitos para os quais processamos seus dados pessoais e se podemos atingir esses propósitos por outros meios, e os requisitos legais aplicáveis. De modo geral, reteremos seus dados pessoais pelo período de sua assinatura (no formato ativo) e 5 anos depois (bloqueados), para propósitos legais e/ou administrativos.

• Otimização de Serviços 

Podemos processar dados de forma agregada e não identificável para estabelecer atributos e perfis gerais do usuário, e compartilhar essas informações anônimas com provedores de serviços terceirizados para aprimorar ou promover nossos Serviços. Também usamos seus dados de forma agregada e não identificável (ou seja, dados dissociados) para aprimorar o design do nosso site, software e serviços.

• Dados anonimizados para fins estatísticos

Com o objetivo de aprimorar nossos Serviços e fornecer relatórios setoriais/segmentados, podemos anonimizar seus Dados de Cadastro e determinados Dados de Usuário, além de armazenar e processar esses dados anonimamente, mesmo após o encerramento da sua Conta, por tempo indeterminado. O principal objetivo é analisar, de forma agregada e não identificável, como nossos Serviços são utilizados, medindo sua eficácia e prestando atendimento geral ao cliente. Também podemos fornecer esses dados (ou partes deles) de forma totalmente anônima e agregada a parceiros comerciais terceirizados, inclusive para a realização de pesquisas e levantamentos acadêmicos ou análises comerciais, e para publicar informações e relatórios periódicos setoriais ou segmentados sobre padrões e tendências de comportamento.

• Segurança de Dados

Adotamos medidas técnicas e organizacionais para preservar e proteger suas informações pessoais contra uso ou acesso não autorizado e contra alterações, perdas ou uso indevido, levando em consideração o estado da arte tecnológica, as características das informações armazenadas e os riscos aos quais as informações estão expostas. Em caso de violação de segurança, tomaremos as medidas cabíveis e o notificaremos eletronicamente em tempo hábil.

• Transferências Internacionais de Dados

Utilizamos serviços tecnológicos de terceiros para a prestação dos nossos Serviços Qustodio, cujos provedores podem tratar os seus dados pessoais como subcontratantes. Essas entidades podem estar localizadas em jurisdições que geralmente não oferecem salvaguardas adequadas em relação ao tratamento de dados pessoais. Para todas as entidades fora do Espaço Econômico Europeu, celebramos contratos com essas entidades que incluem tais salvaguardas, incluindo as cláusulas-modelo da CE, e implementamos salvaguardas adicionais de acordo com a legislação aplicável, listadas no Anexo 1.

Para obter mais informações sobre nossos provedores de serviços que realizam transferências internacionais de dados, entre em contato com dpo@qustodio.com.

• Direitos do Titular dos Dados

de acordo com a lei de proteção de dados aplicável, você tem o direito de:

• Solicitar acesso 

aos seus dados pessoais (comumente conhecido como “solicitação de acesso do titular dos dados”). Isso permite que você receba uma cópia dos dados pessoais que mantemos sobre você e verifique se os estamos processando legalmente..

• Solicitar correção 

dos dados pessoais que mantemos sobre você. Isso permite que você corrija quaisquer dados incompletos ou imprecisos que mantemos sobre você, embora possamos precisar verificar a exatidão dos novos dados que você nos fornecer.

• Solicitar apagamento 

dos seus dados pessoais. Isso permite que você nos peça para excluir ou remover dados pessoais quando não houver um bom motivo para continuarmos processando-os. Você também tem o direito de nos pedir para excluir ou remover seus dados pessoais quando tiver exercido com sucesso seu direito de se opor ao processamento (veja abaixo), quando tivermos processado suas informações ilegalmente ou quando formos obrigados a apagar seus dados pessoais para cumprir a legislação local. Observe, no entanto, que nem sempre poderemos atender à sua solicitação de exclusão por motivos legais específicos que serão notificados a você, se aplicável, no momento da sua solicitação.

• Objeção ao processamento

dos seus dados pessoais quando nos basearmos em um interesse legítimo (ou de terceiros) e houver algo em sua situação específica que o leve a se opor ao processamento com base nesse fundamento, pois considera que isso afeta seus direitos e liberdades fundamentais. Você também tem o direito de se opor quando processamos seus dados pessoais para fins de marketing. Em alguns casos, podemos demonstrar que temos motivos legítimos convincentes para processar suas informações que se sobrepõem aos seus direitos.

• Solicitar restrição de processamento dos seus dados pessoais. Isso permite que você nos peça para suspender o processamento dos seus dados pessoais nos seguintes cenários: (a) se você quiser que estabeleçamos a precisão dos dados; (b) quando nosso uso dos dados for ilegal, mas você não quiser que os apaguemos; (c) quando você precisar que mantenhamos os dados mesmo que não precisemos mais deles, pois você precisa deles para estabelecer, exercer ou defender reivindicações legais; ou (d) você se opôs ao nosso uso dos seus dados, mas precisamos verificar se temos motivos legítimos para usá-los.

• Request the transfer  

of your personal data to you or to a third party (known as “data portability”). We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

• Withdraw consent

at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will notify you if this is the case.

• File a complaint to the supervisory authority

You have the right to file a complaint to the Agencia Española de Protección de Datos (AEPD), in Calle Jorge Juan,6, 28001 Madrid (www.aepd.es) if you consider that we are violating the data protection and privacy applicable laws. Before contacting with the AEPD, please do not hesitate to contact with us at dpo@qustodio.com, we will be happy to discuss our data protection practices with you and clarify any doubts you may have.

To exercise your rights, please contact us at dpo@qustodio.com or sending a letter at Qustodio Technologies SL, Roger de Flor 193, bajos, 08013, Barcelona, Spain.

If you contact us to exercise your rights, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

• Exercising Your Rights to Know or Delete

To exercise your rights to know or delete described above, please submit a request by either:
• Emailing us at dpo@qustodio.com; or
• Submitting a support request within the Qustodio Services.

Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information. To designate an authorized agent, please submit a request by emailing us at dpo@qustodio.com.

You may also make a request to know or delete on behalf of your child by emailing us at dpo@qustodio.com.

You may only submit a request to know twice within a 12-month period. Your request to know or delete must:
• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include, but is not limited to:
• (a) contact information associated with the account;
• (b) the user profile name;
• (c) the name of one or more Monitored Devices;
• (d) technical information (e.g., model ID, serial number, IMEI code, operating system, etc.); o
• (e) any other piece of personal information we determine in our sole discretion to be sufficient for verifying your identity to a reasonable degree of certainty.

• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

You do not need to create an account with us to submit a request to know or delete. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.

We will only use personal information provided in the request to verify the requestor’s identity or authority to make it.

• Response Timing and Format

For US users, We endeavor to substantively respond to a verifiable request within 30 days of receipt. If more time is needed (up to an additional 60 days), we inform the requester in writing of the reason for the extension.

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

• Non-Discrimination

We will not discriminate against you for exercising any of the rights described above, and we will not:
• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

• General

We may amend this Privacy Policy as required to adapt it to future legislative or case law developments. We will notify you by posting a clear notice of these changes on our website, platform and in this Privacy Policy. Your continued use of the Qustodio Services following the posting of changes constitutes your acceptance of such changes.

Unless a specific local regulation of mandatory application provides otherwise, the Privacy Policy is governed by the laws of Spain.

B. QUSTODIO PROCESSING SUBSCRIPTION DATA

1. Data collection by the Company through the Services

Qustodio will collect and process as data controller or business entity the following personal data through the Services:
• Registration Data. On registering for Services, we will collect the following personal data about subscribers: name, surname, email address and telephone. This data is mandatory and if it is not provided, your account cannot be created.

• Payments

Our payment providers (PayPal, Braintree, Cleverbridge, Chargebee and Stripe) collect certain payment data which is processed according to their terms and privacy policy which is provided to you during the payment process. You can visit https://www.braintreepayments.com/en-es/legal,  https://www.cleverbridge.com/corporate/privacy-policy/, https://www.chargebee.com/privacy/ and https://stripe.com/it/privacy-center/legal for further information.  We may contract additional payment gateways, and their conditions will be provided to you during the payment process.

• Information about your computer

Due to the communications standards on the internet, when you visit our platform we automatically receive the URL of the site from which you came and the site to which you are going when you leave the site. We also receive the internet protocol (“IP”) address of your computer and the type of web browser you are using. We use this information to analyse overall trends and to help improve the Services. This information is not shared with third parties without your permission.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

2. Information We Collect

To comply with the CCPA, a business must describe the categories of personal information it has collected about consumers during the past twelve (12) months. Accordingly, this section applies to visitors, users, and others accessing the Qustodio Services who reside in the State of California. We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:
Publicly available information from government records.
Deidentified or aggregated consumer information.
Please refer to Appendix I for more detail on the categories of personal information we have collected from consumers within the last twelve (12) months.

We obtain the categories of personal information listed in the previous section from the following categories of sources:
Directly from you. For example, from forms you complete or features of the Qustodio Services you interact with.
Indirectly from you. For example, from observing your actions within the Qustodio Services.

3. Purposes for Processing 

The personal data we collect about you are used for performing our contract and communications with you, for managing your Qustodio Account, for providing our Services to you (as described in the Terms) and complying with legal requirements in relation to your subscription. The data we collect are also used to measure and improve the Services and its functionality and to provide customer service, send email notifications and (if you gave your consent) newsletters, or communications, in general, about the Services, products and novelties, and product offers or promotions offered by us. We will use your data also to ensure compliance with the Terms, the applicable laws, and other legal obligation we are subject to.

4. Legal Basis for processing

Below are the lawful bases that we rely on to process your data:
• Preparation and performance of Contract: processing your data is necessary for the performance of our contract with you, or to take steps at your request before entering into such a contract.
• Legitimate Interest:  we have a legitimate interest to process your Registration Data for our business, in conducting and managing our business to give you the best service/product and the best and most secure experience. We consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interest and we do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
• Comply with a legal or regulatory obligation: we may process your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

Generally, we do not rely on consent as a legal basis for processing your Account Data other than in relation to sending own marketing communications to you via email or text message. However, for transparency and clarity, we ask you to provide this consent, which is given by you on registering your account. You have the right to withdraw consent at any time by contacting us at info@qustodio.com. This will not affect the processing of your Registration Data for service provision until you cancel your account.

5. Data Retention

We will only retain your Subscription Data for as long as necessary to fulfil the purposes we collected it for, including (a) the performance of the contract with registered users and (b) for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Generally speaking, we will retain your Account Data for the period of your
subscription (in active format) and 5 years thereafter (blocked), for
legal and/or administrative purposes.

6. Data sharing: Sharing Consumption Information with Apple

We may share certain consumption-related data (such as your subscription activity, in app purchase, autorenewal) with Apple, which you consent to if you are making any purchase through the Apple App store. This sharing applies only to subscriptions managed through Apple (App Store in-app purchases, renewals) and is intended to support subscription management and help Apple provide more tailored assistance, in particular to improve the refund process by obtaining data that assists with reviewing the customer’s refund request. The data will be processed by Apple in accordance with the Apple privacy policy. Apple retains the data for the period necessary to fulfill the above purpose. You may withdraw your consent at any time but we will no longer be able renew or extend your subscription. You may request access to or deletion of your personal data related to consumption information, by submitting requests directly to Apple by visiting Legal – Apple Privacy Policy – Apple

7. Data sharing – Schools:

Where you register for Qustodio services through an invitation from a school, your basic identification data (such as sign-up name, and email address) may be disclosed to your child’s school for the purpose of verifying your family status as Qustodio users and so that the school may engage and support you in relation to your child’s usage of school and home devices.

8. Commercial Communications

As a user of Qustodio’s Services you will receive electronic commercial communications in accordance with applicable law, including alerts, notices, newsletters, offers and promotions, related to Qustodio’s Services. If you do not wish to receive such information you can expressly opt out by our commercial communications by clicking “unsubscribe” in one of our emails or by sending a notification to dpo@qustodio.com.

C. QUSTODIO PROCESSING DEVICE DATA
The purpose of this Section C is to regulate the processing of the Device Data indicated in Appendix 1, to enable us provide subscribers with the Qustodio Service. When registering and creating an Account, Qustodio starts collecting data from the Devices associated to the Account, which may include personal data relating to subscribers, to the users of the Devices or to third parties (“Device Data”, including information about the Devices, websites and apps that your Users use, contacts, connections, payments, messages and other communications, posted and received content, etc.).

We process Device Data under instruction from subscribers (our customers, the “Client”). This means that, even if we act as data controller, as Client you are in control of this data and you are responsible for the decision to install the Service on Monitored Devices and how the Services are used: you determine which data is collected and how it is used for your parental control purposes. Without prejudice to the issue that such data is in most cases processed within a domestic context, we are providing a commercial service to you and therefore our processing of the Device Data on your behalf is governed by the terms of this Section C.

1. Data collection by the Company through the Services. Qustodio will collect and process as data controller the following personal data through the Services:
• Device Data. We only collect the data that you instruct us to in the parental panel, limiting the data we process to what has been selected by you through the Services. Further details of the data that are processed are set out in Appendix 1.

2. Purposes for Processing. The personal data we collect is to provide the Services and to comply with the instructions established by subscribers within the Services and to ensure compliance with the monitoring of the devices as intended.

3. Legal Basis for processing. Below are the lawful bases that we rely on to process Device Data:
• Performance of Contract: processing Device data is necessary for the performance of our parental control contract with subscribers and the basis of the Services.
• Comply with a legal or regulatory obligation: we may process Device Data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
•
4. Term

The term of processing is the term of your subscription with Qustodio and a further 4 years to comply with regulatory requirements (see below).
5. Warranty and Indemnity

You, as the person responsible for defining the Device Data that we process on your behalf for the provision of the Services, represent and warrant to us that you have all the appropriate informed consents or other legal basis, when necessary, for processing from each and every data subject whose personal data are submitted to us in the course of the provision of the Services or collected and transmitted to us by the Qustodio Software. You agree to indemnify and keep us harmless from all claims, damages and losses we may suffer relating to or arising out of the processing of Device Data and other third-party personal data submitted to our systems during the course of use and provision of the Services.

6. Your use of Device Data

You warrant that you have the appropriate authority to collect and process the Device Data and you will not submit to the Services any personal data relating to any individual over 13 who has not authorized such processing. Through the Services, you may also access a copy of the Device Data collected by us on your behalf. You will protect the confidentiality of any accessible Device Data and prevent access by or disclosure to any unauthorized third person.

7. Service Configuration and Data Processing Instructions

As a Client, you are responsible for setting the parent control panel configurations on the Qustodio Platform that (i) controls the Services, the supervision and monitoring of the activities and (ii) determines the personal data to be covered. The installation of the Qustodio Device Software and your configuration of the control panel constitute instructions for us to process Device Data on your behalf, to provide you the Services. The level and degree of such surveillance and monitoring is entirely under your control, and we will not be liable for any such configuration and control carried out by you. Furthermore, your support requests via email or phone also constitute instructions for us to process Device Data, as long as processing Device Data is necessary to help you with your request or take the action to ask us to. All such Device Data will be under your responsibility, even with the Company acting as data controller in accordance with this Privacy Policy.

8. Retention

We store the Device Data until you close your Account. After that period of time, we disassociate the personal data from the individual it refers to and use such disassociated data for internal research and analysis purposes.

9. Qustodio in case you are monitoring Monitored Devices running iOS

Upon installation of Qustodio Software for Monitored Devices with iOS operating system, due to the technical configuration of the system, all data transmitted to and from the Device is channeled through our servers, in such a way we are visible to a third party such as your Internet access provider and the owner of the IP address from which communications originate. Although we are NOT an Internet access provider, due to this configuration we may receive notifications (each a “Notification”) from third parties regarding the User’s online behavior, including but not limited to downloading and/or viewing online content, posting online content, opening online accounts, and/or using third party applications and programs. If we receive such a Notice stating your User engages in any activity that is or may be illegal or violate the rights of third parties, or if we believe (in our reasonable judgment) that any activity by your Users is or may be detrimental to the provision of the Services, we will notify you. We reserve the right to (and will, if we are obliged to by court or applicable law or to protect our interests and business, and in particular, but without limitation, if we receive a Notice from a third party or if user activity on a device is or may, in our opinion, be detrimental to the provision of the Services): (a) suspend or block access to your Device(s) to the Internet or to certain websites/internet services; and (b) provide any party providing the Notification to us or a Court or public authority with your name and contact details and/or (c) terminate your Account.
For iOS devices, after installing the MDM profile, Qustodio will have access to all the traffic of the device. This information (coming from the device) only goes to Qustodio servers and is not shared with any third party. The specific information collected through MDM is:
• Domain names, user agent and operating system version; in order to categorize websites and applications visited by the device, and thus make the filtering established by the parent. It is also used to report activity to the parent.
• the URL address in the web search engines; to report the search to the parents.

10. Data retention and removal

During your subscription, we generally retain the Device Data on an identifiable basis for 12-month periods, for providing our annual behaviour report. In addition, through the Platform control panel, you may delete all historical data saved at any time. This data will no longer be accessible and will be fully removed from our systems on the next back-up, except as indicated below. If you wish to remove all the User Data in your Qustodio Account, please, uninstall Qustodio of your devices, and send an email (as set out below) requiring the deletion of all the data we have about you and your Users. We will immediately remove all Data from our active systems and back-ups within 1 year after which they are securely deleted.

11. Rights and Responsibilities of Qustodio

Qustodio shall:
• Process Device Data only on the basis of documented instructions from you, including transfers of Device Data to a third country or international organization, unless otherwise required to do so under Union law or applicable Member State law.
• Ensure that the persons authorised to process Device Data have undertaken to respect confidentiality or are subject to an obligation of confidentiality of a statutory nature.
• Take all appropriate technical and organisational measures to ensure a level of safety appropriate to the risk of processing.
• Respect the conditions for having recourse to a data processor, as established in the current legislation on protection of personal data.
• Communicate with subscribers prior to responding to requests for the exercise of the rights of the data subjects, in this case, the Users of Devices.
• At your choice, either destroy or return all personal data once the processing services have been completed and destroy any existing copies unless the retention of personal data is required under Union or applicable Member State law.
• Make available to you all information necessary to demonstrate compliance with the obligations established herein.
• Ensure that the DPO is involved in an adequate and timely manner in all matters relating to the protection of User Data.
• Adhere to a Code of Conduct that is approved by the European Commission or other competent authority, if applicable.
• Keep a record of processing activities in the case of processing personal data that may pose a risk to the rights and freedoms of the data subject and / or in a non-occasional manner, or which involves the processing of special categories of data and / or data relating to convictions and infractions.

12. Data Subjects’ Exercise of their Rights

If you or any Device user addresses a request or exercise any of the rights established in the General Data Protection Regulation, Qustodio shall provide the information requested and perform any required actions, without delay and, at the latest, within one month from receiving the request, which may be extended for a further two months if necessary, taking into account the complexity of the application and the number of applications. We shall consult with the subscriber prior to providing any Device Data to a device user. Similarly, in the event that Qustodio does not proceed with the request of the User, Qustodio shall inform the latter without delay, and no later than one month after receipt of the request, shall provide the User with the reasons why Qustodio has not acted and inform the User of his/her/their right to file a complaint before a competent authority and to file a judicial appeal. The response to the User’s request shall be made in the same format as that used by the person concerned, unless he/she/they requests that it be done otherwise.

13. Subcontracting

Qustodio may subcontract its obligations and/or give access to Device Data to third party service providers, if it is necessary for the proper provision of the Services. For this purpose, you hereby expressly authorises Qustodio to subcontract the entities indicated in this Policy. Qustodio ensures a contract exists with each third-party subcontractor, which is sufficient to require the subcontractor to process Device Data in accordance with the applicable data protection laws and the Client’s instructions.

14. Security Breach of the Personal Data

Insofar as there exists an instruction from a competent supervisory authority, a development of a national legislation or a delegated act, in the event of a security breach of the personal data, Qustodio shall notify you and the competent supervisory authority of such breach without undue delay, and if possible, no later than seventy-two (72) hours after it happened.

15.Termination, Resolution & Expiration

In the event of termination, resolution or expiration of the contractual relationship for the provision of services hereunder between you and Qustodio, the latter shall not keep the Device Data unless otherwise legally required or advisable to do so. Otherwise, upon termination, resolution or expiration, or when no longer legally required to keep the data, Qustodio shall destroy or return to the Client all personal data and any copies of it, as well as any support or other document containing any personal data. This is without prejudice to the right of Qustodio to continue process Device Data where such data is being processed by Qustodio or for the defense of its legal interests.

D. DATA COLLECTED THROUGH SCHOOL MANAGER AND SHOWN VIA THE QUSTODIO SERVICE

For the specific services of Linewize provided in conjunction with Qustodio, in addition to the general terms outlined in this Privacy Policy, the following data will be collected and processed as data controller the following personal data through the Services:
If you child’s school subscribed to Linewize Inc’s service “School Manager”, you may be able to see data about your child’s usage of the school’s devices (“School Manager Data”) on the Qustodio Service.
The data controller of the School Manager Data is the school that subscribed to the service, please contact the school for more information on the school’s privacy practices.
Qustodio processes the School Manager Data as a data subprocessor for Linewize, solely for the purpose of presenting those data to you via our user interface, under the instructions of the school. We treat all data we process with utmost confidentiality under the same conditions as indicated above for our Qustodio Service. We inform you that in order to present the School Manager Data via our user interface, we use certain IT service suppliers indicated above who process the data for us (support, data management and analysis and user experience management).
We will store the School Manager Data until the school, as Data Controller, requests us to delete them. You and your child have the right to exercise your data subject rights as indicated in section A.5, should we receive any request on how Linewize or the school process personal data, we will forward such request to them.
Should you have any questions on how School Manager process your child’s data, please contact privacy@qoria.com.

Appendix 1

Details of Processing
For CCPA compliance purposes, Qustodio has collected the following types of personal data/information from the consumers described below within the past twelve months. Under the GDPR, the data indicated below are data that Qustodio processes as data controller under the instructions of the Client.
Categories of Data Subjects/consumers
Users of the devices which are monitored by Qustodio. Third parties who interact with the users of such devices.
Type of personal data/personal information
(a) Identifiers such as real name, alias or account name, unique personal identifier, online identifier, IP address, email address.

(b) Information about the Monitored Devices usage, depending on the functionalities configured by the Account Owner in the dashboard, such as the URL of the visited websites on the supported web browsers, each website usage time and number of visits, each application usage time, the Monitored Devices usage times, and the Monitored Device location information. All data collected by such devices, including identification and contact data, Internet browsing and content viewing data, behavioural data.

(c) technical information about the Monitored Device, such as the model ID.
For iOS devices, after installing the MDM profile, Qustodio will have access to all the traffic of the device. This information (coming from the device) only goes to Qustodio servers and is not shared with any third party. The specific information collected through MDM is:
• Domain names, user agent and operating system version; in order to categorize websites and applications visited by the device, and thus make the filtering established by the parent. It is also used to report activity to the parent.
• The URL address in the web search engines; to report the search to the parents.

List of third parties accessing the User Data
• Amazon Inc. provides Qustodio the service of data hosting outside the European Economic Area (USA).
• ZenDesk Inc. provides Qustodio with support services outside the European Economic Area (USA).
• The third parties for the provision of their services:

• Amazon Web Services (Amazon.com, Inc.) provides us with cloud hosting services outside the European Economic Area (USA). For more information, visit Amazon’s Privacy Policy at:  https://aws.amazon.com/privacy/
• Braze, Inc. allows us to improve the experience of our users. For more information, visit Braze’s Privacy Policy:  https://www.braze.com/privacy
• CHARGEBEE INC. provides us with billing and payment services. More information is available on Chargebee’s Privacy Policy at:   https://www.chargebee.com/privacy/
• Chart.io allows us to combine data from different systems and databases to perform data analysis to provide and improve the service. For more information, visit their Privacy Policy:  https://chartio.com/about/legal/privacy/
• Cleverbridge, Inc. provides us with billing services. For more information, visit Cleverbridge’s Privacy Policy at:  https://www.cleverbridge.com/corporate/privacy-policy/
• Mailchimp (The Rocket Science Group LLC d/b/a Mailchimp): is our mail marketing service provider. For more information, visit Malchimp’s Privacy Policy at:  https://mailchimp.com/es/help/about-the-general-data-protection-regulation/
• PayPal, Inc. provides us the billing service “Braintree”. You can find more information here  https://www.braintreepayments.com/en-es/legal
• Segment.io, Inc. (Twilo, Inc. d/b/a/ Segment.io, Inc.) provides us with a CDP (Customer Data Platform) to manage our customers’ data to provide the service. For more information, visit Segment’s Privacy Policy at:  https://segment.com/legal/privacy/
• Stripe, Inc. provides us with the payment services. You can find more information, visit Stripe’s Privacy Policy:  https://stripe.com/it/privacy-center/legal
• Zendesk Inc. provides Qustodio with support services outside the European Economic Area (USA). For more information, visit Zendesk’s Privacy Policy at: https://www.zendesk.com/company/agreements-and-terms/privacy-notice/