Quiz Eat Drink - Pub Quiz

Last updated: 14 June 2026

1 Who we are

QED Imperium Ltd. ("QED Imperium", "we", "us", "our") is a private limited company registered in England & Wales (Company No. 15499238), with its registered office at 8 Wey House, 15 Church Street, Weybridge, Surrey, KT13 8NA, United Kingdom. We operate the Quiz Eat Drink (English-language), Tardeo de Trivia (Spanish-language) and Eureka quiz entertainment brands. Our Spanish-language operations are run through our affiliated entity Tardeo De Trivia SL (currently being registered in Spain); QED Imperium Ltd. remains the data controller responsible for your personal data under this Policy.

This Policy explains how we collect, use, disclose and safeguard your information when you:

use any of our mobile applications (the "App", available on the Apple App Store and Google Play Store), and
browse or interact with quizeatdrink.com, tardeodetrivia.com, or any other website, landing page, or hosted form that we control (together, the "Services").

2 Scope

App Store & Play Store compliance – aligned with Apple's Privacy Nutrition Label and Google Play's Data-Safety section & account-deletion rules. We do not use any in-app data for advertising or ad-targeting, and the App does not collect payment information.
Website compliance – covers first-party cookies, pixels, server-side events and tags implemented via RudderStack, Amplitude, TikTok Events API (CAPI), Google Ads Conversion API, Meta Pixel / Conversions API, Brevo, Tally, and Stripe Checkout, with consent managed via CookieYes.
Regulatory compliance – implements the UK GDPR, EU GDPR, ePrivacy Directive, Spanish LOPDGDD (Ley Orgánica 3/2018) and Ley 34/2002 (LSSI-CE), and relevant US/Canadian privacy laws.

3 Personal data we collect

3.1 Data collected in the mobile App

Data category	Specific data elements	Linked to user?	Shared with third parties?	Purpose(s)	Legal basis	Retention
Account info	Name, username, email, phone	✔︎	✖︎	Account creation, support	Contract	While account active + 1 yr
Device identifiers	IDFV (iOS), Android ID, IP, device model, OS version	✔︎	✖︎	App functionality, analytics, personalisation	Legitimate interest; Consent (EEA)	24 months
Usage data	In-app actions, screens viewed, search terms, crash logs	➖ (aggregated)	✖︎	Analytics, improve App	Legitimate interest	24 months
Approximate location	Derived from IP (< 5 km)	✔︎	✖︎	Personalisation	Consent (EEA)	12 months
Precise location	GPS / BLE (only if user enables)	✔︎	✖︎	Venue discovery	Consent	24 hrs

Note: The App does not share personal data with advertising networks and does not process payments.

3.2 Data collected on the website

Data category	Specific data elements	Linked to user?	Shared / "tracking"	Purpose(s)	Legal basis	Retention
Account info	Name, username, email, phone	✔︎	✖︎	Account creation, support	Contract	While account active + 1 yr
Contact address	Billing / shipping address	✔︎	✖︎	Order fulfilment, invoicing	Contract; Legal obligation	7 yrs (tax)
Payment info	Tokenised card / payment intent ID (Stripe Checkout – no raw card stored)	✔︎	✖︎	Purchases	Contract	7 yrs (tax)
Device identifiers	IP, device type, OS, browser User-Agent	✔︎	✖︎	Site functionality, analytics, personalisation	Legitimate interest; Consent (EEA)	24 months
Usage data	Page views, clicks, scroll depth, form submissions	➖ (aggregated/pseudonymised)	✖︎	Analytics, improve website	Legitimate interest	24 months
Approximate location	Derived from IP (< 5 km)	✔︎	✔︎ (ad platforms)	Personalisation, marketing (if cookies accepted)	Consent (EEA)	12 months
Marketing identifiers	Ad ID, hashed email / device info (Meta, TikTok, Google)	✔︎	✔︎	Advertising, retargeting	Consent (EEA)	12 months

Website tracking: We share website events with Meta, Google Ads and TikTok for measurement and behavioural advertising only if you consent via the cookie banner. These events are collected and routed first-party (server-side) via RudderStack.

3.3 Conduct and sanctions data (banlist)

If you breach our House Rules, we process the limited data necessary to apply and enforce the resulting sanction across our brands. This is summarised below and explained further in our Terms of Service and House Rules.

Data category	Specific data elements	Purpose(s)	Legal basis	Retention
Sanctions / banlist	Name and account identifiers, the event and venue concerned, a description of the breach, and the sanction tier and duration	Enforce the House Rules; protect the safety of our staff, partner venues and guests; ensure fair play; establish, exercise or defend legal claims	Legitimate interest (Art. 6(1)(f) GDPR); where applicable, compliance with a legal obligation and the establishment/defence of legal claims	For the duration of the sanction plus a limited period to handle appeals and recurrence, after which it is deleted

A sanction applies across Quiz Eat Drink, Tardeo de Trivia and Eureka and at all venues where we organise events. We retain only what is necessary to enforce the sanction. You keep your data-subject rights, including the right to object; we will balance any objection against our legitimate interest in protecting safety and fair play.

4 How we use your data

Service delivery – authenticate you, save preferences, deliver content, process website purchases.
Communications – respond to enquiries, send service messages, newsletters (with consent), push notifications.
Analytics & product improvement – understand usage, debug, test new features, optimise funnels.
Marketing & retargeting (website only) – surface relevant offers if you allow marketing cookies.
Legal, safety & security – fraud prevention; enforcing our Terms of Service and House Rules; protecting the safety of staff, partners and guests; complying with audits; establishing or defending legal claims.

5 Third-party SDKs, cookies & service providers

Partner	Channel	Purpose	Shared data
Cloudflare (Cloudflare, Inc.)	App & Website	Content delivery, security & bot management	IP, request metadata, security signals
CookieYes	Website	Cookie consent management	Consent records, IP, identifiers
RudderStack (RudderStack, Inc.)	App & Website	First-party event collection & server-side routing (CDP)	Usage / behavioural events, device & app identifiers, IP, hashed identifiers
Amplitude (Amplitude, Inc.)	App & Website	Product & usage analytics	Pseudonymous usage events, device identifiers
Meta Pixel / Conversions API (Meta Platforms, Inc.)	Website	Advertising, retargeting, conversion measurement	Ad ID, hashed identifiers, IP, event data
TikTok Events API (CAPI)	Website	Conversion tracking	Hashed email, IP, device / event info
Google Ads Conversion API (Google LLC)	Website	Conversion measurement	Hashed email, ad ID, event data
Brevo (formerly Sendinblue)	App & Website	Transactional email, marketing email & messaging automation	Name, email, usage events
Tally	Website	Forms & survey collection	Form responses, name, email (as submitted)
Stripe Checkout (Stripe, Inc.)	Website	Payments	Payment token / intent ID, email
Supabase (Supabase, Inc.)	App & Website	Hosting, database & application backend (incl. post-event surveys)	Account data, form / survey responses, usage data

All providers operate under data-processing agreements and, where required, Standard Contractual Clauses (SCCs).

6 User controls

App-specific

Push notifications / emails – toggles in Settings › Notifications.
Analytics opt-out – disable usage analytics in Settings › Privacy.
No ATT prompt & no payments – the App neither tracks you across other companies' services nor processes payments, so iOS App Tracking Transparency permission and payment details are not requested.

Website-specific

Cookie banner (CookieYes) – Accept / Reject / Customise non-essential cookies & pixels (RudderStack, Amplitude, Meta, TikTok, Google Ads).
Brevo email preferences – unsubscribe link in every marketing email.
Stripe Checkout – choose alternative payment options or abandon checkout at any stage.

7 Account & data deletion

In-app: Settings › Privacy › Delete Account lets you export and erase your data within 14 days (unless retention is required by law). Website-only users can email privacy@quizeatdrink.com or submit the deletion form linked in the cookie banner. This applies to data collected under the Quiz Eat Drink, Tardeo de Trivia and Eureka brands.

Where you are subject to an active sanction under the House Rules, we may retain the limited banlist data described in §3.3 in order to enforce that sanction even after you close your account; the remainder of your data is deleted as set out above.

8 Your rights (EEA/UK)

You may access, rectify, erase, restrict or object, and request data portability. You may withdraw consent at any time through the controls above or by emailing privacy@quizeatdrink.com.

9 Children's privacy

The Services are not directed to children under 18 years, and you must be at least 18 to create an account, make a booking, or attend an event. If you believe a child has provided personal data, contact us and we will delete it.

10 International transfers

QED Imperium Ltd. is established in the United Kingdom, and our Services are operated for users in the UK, EEA and beyond. Data may be processed outside the UK/EEA (e.g., in the US by certain providers listed in §5). We rely on adequacy decisions or Standard Contractual Clauses with supplemental safeguards for such transfers.

11 Security

We apply TLS 1.3, AES-256 encryption at rest, least-privilege access, regular penetration tests, and vet all SDKs / cookies via privacy manifests or tag-manager approval workflows.

12 Supervisory authority

If you feel we haven't resolved a concern, you can lodge a complaint with:

UK Information Commissioner's Office (ICO) – ico.org.uk
Agencia Española de Protección de Datos (AEPD) – aepd.es

13 Changes to this Policy

We'll notify you of material changes by in-app message, website banner, or email. Check the "Last updated" date.

14 Contact us

QED Imperium Ltd. (data controller) 8 Wey House, 15 Church Street, Weybridge, Surrey, KT13 8NA, United Kingdom

Spanish operating entity: Tardeo De Trivia SL — [registered office to be confirmed on completion of registration; CIF pending]

Email: privacy@quizeatdrink.com

Last updated: 14 June 2026

1 Who we are

This Policy explains how we collect, use, disclose and safeguard your information when you:

use any of our mobile applications (the "App", available on the Apple App Store and Google Play Store), and
browse or interact with quizeatdrink.com, tardeodetrivia.com, or any other website, landing page, or hosted form that we control (together, the "Services").

2 Scope

App Store & Play Store compliance – aligned with Apple's Privacy Nutrition Label and Google Play's Data-Safety section & account-deletion rules. We do not use any in-app data for advertising or ad-targeting, and the App does not collect payment information.
Website compliance – covers first-party cookies, pixels, server-side events and tags implemented via RudderStack, Amplitude, TikTok Events API (CAPI), Google Ads Conversion API, Meta Pixel / Conversions API, Brevo, Tally, and Stripe Checkout, with consent managed via CookieYes.
Regulatory compliance – implements the UK GDPR, EU GDPR, ePrivacy Directive, Spanish LOPDGDD (Ley Orgánica 3/2018) and Ley 34/2002 (LSSI-CE), and relevant US/Canadian privacy laws.

3 Personal data we collect

3.1 Data collected in the mobile App

Data category	Specific data elements	Linked to user?	Shared with third parties?	Purpose(s)	Legal basis	Retention
Account info	Name, username, email, phone	✔︎	✖︎	Account creation, support	Contract	While account active + 1 yr
Device identifiers	IDFV (iOS), Android ID, IP, device model, OS version	✔︎	✖︎	App functionality, analytics, personalisation	Legitimate interest; Consent (EEA)	24 months
Usage data	In-app actions, screens viewed, search terms, crash logs	➖ (aggregated)	✖︎	Analytics, improve App	Legitimate interest	24 months
Approximate location	Derived from IP (< 5 km)	✔︎	✖︎	Personalisation	Consent (EEA)	12 months
Precise location	GPS / BLE (only if user enables)	✔︎	✖︎	Venue discovery	Consent	24 hrs

Note: The App does not share personal data with advertising networks and does not process payments.

3.2 Data collected on the website

Data category	Specific data elements	Linked to user?	Shared / "tracking"	Purpose(s)	Legal basis	Retention
Account info	Name, username, email, phone	✔︎	✖︎	Account creation, support	Contract	While account active + 1 yr
Contact address	Billing / shipping address	✔︎	✖︎	Order fulfilment, invoicing	Contract; Legal obligation	7 yrs (tax)
Payment info	Tokenised card / payment intent ID (Stripe Checkout – no raw card stored)	✔︎	✖︎	Purchases	Contract	7 yrs (tax)
Device identifiers	IP, device type, OS, browser User-Agent	✔︎	✖︎	Site functionality, analytics, personalisation	Legitimate interest; Consent (EEA)	24 months
Usage data	Page views, clicks, scroll depth, form submissions	➖ (aggregated/pseudonymised)	✖︎	Analytics, improve website	Legitimate interest	24 months
Approximate location	Derived from IP (< 5 km)	✔︎	✔︎ (ad platforms)	Personalisation, marketing (if cookies accepted)	Consent (EEA)	12 months
Marketing identifiers	Ad ID, hashed email / device info (Meta, TikTok, Google)	✔︎	✔︎	Advertising, retargeting	Consent (EEA)	12 months

3.3 Conduct and sanctions data (banlist)

Data category	Specific data elements	Purpose(s)	Legal basis	Retention
Sanctions / banlist	Name and account identifiers, the event and venue concerned, a description of the breach, and the sanction tier and duration	Enforce the House Rules; protect the safety of our staff, partner venues and guests; ensure fair play; establish, exercise or defend legal claims	Legitimate interest (Art. 6(1)(f) GDPR); where applicable, compliance with a legal obligation and the establishment/defence of legal claims	For the duration of the sanction plus a limited period to handle appeals and recurrence, after which it is deleted

4 How we use your data

Service delivery – authenticate you, save preferences, deliver content, process website purchases.
Communications – respond to enquiries, send service messages, newsletters (with consent), push notifications.
Analytics & product improvement – understand usage, debug, test new features, optimise funnels.
Marketing & retargeting (website only) – surface relevant offers if you allow marketing cookies.
Legal, safety & security – fraud prevention; enforcing our Terms of Service and House Rules; protecting the safety of staff, partners and guests; complying with audits; establishing or defending legal claims.

5 Third-party SDKs, cookies & service providers

Partner	Channel	Purpose	Shared data
Cloudflare (Cloudflare, Inc.)	App & Website	Content delivery, security & bot management	IP, request metadata, security signals
CookieYes	Website	Cookie consent management	Consent records, IP, identifiers
RudderStack (RudderStack, Inc.)	App & Website	First-party event collection & server-side routing (CDP)	Usage / behavioural events, device & app identifiers, IP, hashed identifiers
Amplitude (Amplitude, Inc.)	App & Website	Product & usage analytics	Pseudonymous usage events, device identifiers
Meta Pixel / Conversions API (Meta Platforms, Inc.)	Website	Advertising, retargeting, conversion measurement	Ad ID, hashed identifiers, IP, event data
TikTok Events API (CAPI)	Website	Conversion tracking	Hashed email, IP, device / event info
Google Ads Conversion API (Google LLC)	Website	Conversion measurement	Hashed email, ad ID, event data
Brevo (formerly Sendinblue)	App & Website	Transactional email, marketing email & messaging automation	Name, email, usage events
Tally	Website	Forms & survey collection	Form responses, name, email (as submitted)
Stripe Checkout (Stripe, Inc.)	Website	Payments	Payment token / intent ID, email
Supabase (Supabase, Inc.)	App & Website	Hosting, database & application backend (incl. post-event surveys)	Account data, form / survey responses, usage data

All providers operate under data-processing agreements and, where required, Standard Contractual Clauses (SCCs).

6 User controls

App-specific

Push notifications / emails – toggles in Settings › Notifications.
Analytics opt-out – disable usage analytics in Settings › Privacy.
No ATT prompt & no payments – the App neither tracks you across other companies' services nor processes payments, so iOS App Tracking Transparency permission and payment details are not requested.

Website-specific

Cookie banner (CookieYes) – Accept / Reject / Customise non-essential cookies & pixels (RudderStack, Amplitude, Meta, TikTok, Google Ads).
Brevo email preferences – unsubscribe link in every marketing email.
Stripe Checkout – choose alternative payment options or abandon checkout at any stage.

7 Account & data deletion

8 Your rights (EEA/UK)

You may access, rectify, erase, restrict or object, and request data portability. You may withdraw consent at any time through the controls above or by emailing privacy@quizeatdrink.com.

9 Children's privacy

10 International transfers

11 Security

We apply TLS 1.3, AES-256 encryption at rest, least-privilege access, regular penetration tests, and vet all SDKs / cookies via privacy manifests or tag-manager approval workflows.

12 Supervisory authority

If you feel we haven't resolved a concern, you can lodge a complaint with:

UK Information Commissioner's Office (ICO) – ico.org.uk
Agencia Española de Protección de Datos (AEPD) – aepd.es

13 Changes to this Policy

We'll notify you of material changes by in-app message, website banner, or email. Check the "Last updated" date.

14 Contact us

QED Imperium Ltd. (data controller) 8 Wey House, 15 Church Street, Weybridge, Surrey, KT13 8NA, United Kingdom

Spanish operating entity: Tardeo De Trivia SL — [registered office to be confirmed on completion of registration; CIF pending]

Email: privacy@quizeatdrink.com

Privacy Policy of QED Imperium Ltd.

1 Who we are

2 Scope

3 Personal data we collect

3.1 Data collected in the mobile App

3.2 Data collected on the website

3.3 Conduct and sanctions data (banlist)

4 How we use your data

5 Third-party SDKs, cookies & service providers

6 User controls

7 Account & data deletion

8 Your rights (EEA/UK)

9 Children's privacy

10 International transfers

11 Security

12 Supervisory authority

13 Changes to this Policy

14 Contact us

Privacy Policy of QED Imperium Ltd.

1 Who we are

2 Scope

3 Personal data we collect

3.1 Data collected in the mobile App

3.2 Data collected on the website

3.3 Conduct and sanctions data (banlist)

4 How we use your data

5 Third-party SDKs, cookies & service providers

6 User controls

7 Account & data deletion

8 Your rights (EEA/UK)

9 Children's privacy

10 International transfers

11 Security

12 Supervisory authority

13 Changes to this Policy

14 Contact us