Privacy Policy of QED Imperium Ltd.
Last updated: 5 July 2025
1 Who we are
QED Imperium Ltd. ("QED Imperium", "we", "us", "our") is a private limited company registered in England & Wales (Company Nº 12345678) with an operating branch in Valencia, Spain. This Policy explains how we collect, use, disclose and safeguard your information when you:
-
use any of our mobile applications (the "App" available on Apple App Store and Google Play Store), and
-
browse or interact with quizeatdrink.com or any other website, landing page, or hosted form that we control (together, the "Services").
2 Scope
-
App Store & Play Store compliance – aligned with Apple’s Privacy Nutrition Label and Google Play’s Data‑Safety section & account‑deletion rules. We do not use any in‑app data for advertising or ad‑targeting, and the App does not collect payment information.
-
Website compliance – covers first‑party cookies, pixels, server‑side events and tags implemented via Google Analytics 4 (GA4), Microsoft Clarity, TikTok Events API (CAPI), Google Ads Conversion API, Customer.io, Firebase, Meta Pixel/CAPI, and Stripe Checkout.
-
Regulatory compliance – implements the UK GDPR, EU GDPR, ePrivacy Directive, Spanish LOPDGDD, and relevant US/CAN privacy laws.
3 Personal data we collect
3.1 Data collected in the mobile App
| Data category | Specific data elements | Linked to user? | Shared with third parties? | Purpose(s) | Legal basis | Retention |
|---|---|---|---|---|---|---|
| Account info | Name, username, email, phone | ✔︎ | ✖︎ | Account creation, support | Contract | While account active + 1 yr |
| Device identifiers | IDFV (iOS), Android ID, IP, device model, OS version | ✔︎ | ✖︎ | App functionality, analytics, personalisation | Legitimate interest; Consent (EEA) | 24 months |
| Usage data | In‑app actions, screens viewed, search terms, crash logs | ➖ (aggregated) | ✖︎ | Analytics, improve App | Legitimate interest | 24 months |
| Approximate location | Derived from IP (< 5 km) | ✔︎ | ✖︎ | Personalisation | Consent (EEA) | 12 months |
| Precise location | GPS / BLE (only if user enables) | ✔︎ | ✖︎ | Venue discovery | Consent | 24 hrs |
Note: The App does not share personal data with advertising networks and does not process payments.
3.2 Data collected on the website
| Data category | Specific data elements | Linked to user? | Shared / “tracking” | Purpose(s) | Legal basis | Retention |
|---|---|---|---|---|---|---|
| Account info | Name, username, email, phone | ✔︎ | ✖︎ | Account creation, support | Contract | While account active + 1 yr |
| Contact address | Billing / shipping address | ✔︎ | ✖︎ | Order fulfilment, invoicing | Contract; Legal obligation | 7 yrs (tax) |
| Payment info | Tokenised card / payment intent ID (Stripe Checkout – no raw card stored) | ✔︎ | ✖︎ | Purchases | Contract | 7 yrs (tax) |
| Device identifiers | IP, device type, OS, browser User‑Agent | ✔︎ | ✖︎ | Site functionality, analytics, personalisation | Legitimate interest; Consent (EEA) | 24 months |
| Usage data | Page views, clicks, scroll depth, form submissions | ➖ (aggregated/pseudonymised) | ✖︎ | Analytics, improve website | Legitimate interest | 24 months |
| Behavioural analytics & session replay | Mouse movement, heat‑maps, session recordings (GA4, Clarity) | ➖ (pseudonymised) | ✖︎ | UX diagnostics, conversion optimisation | Legitimate interest; Consent (EEA) | 30 days – 12 months |
| Approximate location | Derived from IP (< 5 km) | ✔︎ | ✔︎ (ad platforms) | Personalisation, marketing (if cookies accepted) | Consent (EEA) | 12 months |
| Marketing identifiers | Ad ID, hashed email/device info (Meta, TikTok, Google) | ✔︎ | ✔︎ | Advertising, retargeting | Consent (EEA) | 12 months |
Website tracking: We share website‑only events with Meta, Google Ads and TikTok for behavioural advertising only if you consent via the cookie banner.
4 How we use your data How we use your data
-
Service delivery – authenticate you, save preferences, deliver content, process website purchases.
-
Communications – respond to enquiries, send service messages, newsletters (with consent), push notifications.
-
Analytics & product improvement – understand usage, debug, test new features, optimise funnels.
-
Marketing & retargeting (website only) – surface relevant offers if you allow marketing cookies.
-
Legal & security – fraud prevention, enforce Terms, comply with audits, defend legal claims.
5 Third‑party SDKs, cookies & service providers
| Partner | Channel | Purpose | Shared data |
|---|---|---|---|
| Firebase Analytics & Crashlytics (Google LLC) | App | Usage analytics, crash reports | Device ID, usage, diagnostics |
| GA4 (Google LLC) | Website | Web analytics | IP (last octet truncated), page events |
| Microsoft Clarity | Website | Heat‑maps, session replay | Clicks, scroll, anonymised IDs |
| TikTok Events API (CAPI) | Website | Conversion tracking | Hashed email, IP, device info |
| Meta Pixel / Conversions API | Website | Advertising, retargeting | Ad ID, hashed identifiers |
| Google Ads Conversion API | Website | Conversion measurement | Hashed email, ad ID |
| Customer.io | Both | Email & in‑app messaging automation | Name, email, usage events |
| Stripe Checkout | Website | Payments | Payment token, email |
| SendGrid | Both | Transactional email | Name, email |
All providers operate under data‑processing agreements and, where required, Standard Contractual Clauses (SCCs).
6 User controls
App‑specific
-
Push notifications / emails – toggles in Settings › Notifications.
-
Analytics opt‑out – disable Firebase analytics in Settings › Privacy.
-
No ATT prompt & no payments – the App neither tracks you across other companies’ services nor processes payments, so iOS App Tracking Transparency permission and payment details are not requested.
Website‑specific
-
Cookie banner – Accept / Reject / Customise non‑essential cookies & pixels (GA4, Clarity, ads, TikTok, Meta).
-
Customer.io email preferences – unsubscribe link in every marketing email.
-
Stripe Checkout – choose alternative payment options or abandon checkout at any stage.
7 Account & data deletion
In‑app: Settings › Privacy › Delete Account lets you export and erase your data within 14 days (unless retention required by law). Website‑only users can email privacy@quizeatdrink.com or submit the deletion form linked in the cookie banner.
8 Your rights (EEA/UK)
You may access, rectify, erase, restrict or object, and request data portability. Withdraw consent at any time through the controls above or by emailing privacy@quizeatdrink.com.
9 Children’s privacy
The Services are not directed to children under 16 years. If you believe a child has provided personal data, contact us and we will delete it.
10 International transfers
Data may be processed outside the UK/EEA (e.g., US). We rely on adequacy decisions or SCCs with supplemental safeguards.
11 Security
We apply TLS 1.3, AES‑256 encryption at rest, least‑privilege access, regular penetration tests, and vet all SDKs/cookies via privacy manifests or tag‑manager approval workflows.
12 Supervisory authority
If you feel we haven’t resolved a concern, you can lodge a complaint with:
-
UK Information Commissioner’s Office (ICO) – ico.org.uk
-
Agencia Española de Protección de Datos (AEPD) – aepd.es
13 Changes to this Policy
We’ll notify you of material changes by in‑app message, website banner, or email. Check the “Last updated” date.
14 Contact us
QED Imperium Ltd.
71‑75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
Branch: Carrer de l’Enginyer Fausto Elio 9, 46013 València, Spain
Email: privacy@quizeatdrink.com
© 2025 QED Imperium Ltd. All rights reserved.