Privacy Notice (GDPR)
Below we inform you about how we process your personal data and about the rights you have under data protection laws, in particular the EU General Data Protection Regulation (GDPR).
This Privacy Notice explains the nature, scope and purposes of the processing of personal data within our website(s) (hereinafter “Website”). This Privacy Notice applies regardless of the domains, platforms and devices used (e.g. desktop, mobile, etc.).
“Personal data” within the meaning of the GDPR means all information relating to an identified or identifiable natural person, e.g. name, address, email address, phone number, and usage behavior. Which data is processed in detail and how it is used depends largely on the services you use.
We use various terms within the meaning of the GDPR (e.g. processing, restriction of processing, profiling, pseudonymisation, controller, processor, recipient, third party, consent, supervisory authority). You can find the definitions in Article 4 GDPR.
1. Who is responsible for data processing and data protection, and who can I contact?
The controller (data controller) is:
Iuliia Shchegolkova (private trader) Business ID (Y-tunnus): 3493626-1 Henttaan Puistokatu 6 B 38 02250 Espoo Finland
Tel: +358 44 9111374
E-mail: helsinki@quiz-please.com
2. Which data do we process? For what purpose and on what legal basis?
We process personal data that we receive from you in connection with the use of our Website and, where applicable, in the context of our customer relationship.
2.1 Informational use of the Website (access data / server logs)
If you use the Website for informational purposes only (i.e. you do not register and do not otherwise submit information), we collect only the personal data that your browser transmits to our server. When you visit our Website, we may process the following access data (server log data) which is technically necessary to display the Website and to ensure stability and security:

• IP address of the device used,
• date and time of the request,
• name of the requested file/page,
• retrieval status (successful / unsuccessful),
• time zone difference to Greenwich Mean Time (GMT),
• content of the request (i.e. which page was accessed),
• access status / HTTP status code,
• amount of data transferred,
• referrer URL (previously visited page),
• operating system and its interface,
• language and version and type of browser software,
• device type and version (incl. mobile),
• message about successful retrieval.

Legal basis:

• For the operation of technically necessary functions and the security of the Website: our legitimate interests (Article 6(1)(f) GDPR).

Our legitimate interests include in particular:

• ensuring IT security, in particular the security of the Website;
• asserting legal claims and defending against legal disputes;
• investigating potential legal violations in case of unlawful use of the Website.

Regarding cookies and similar technologies:

• We store or access information on your device that is strictly necessary to provide the Website/service. For all non-essential cookies/technologies (e.g. analytics, marketing), we request your consent via our cookie banner, in accordance with applicable EU ePrivacy rules and their Finnish implementation.

2.2 Contact and sign-up for a game / event
We receive your personal data if you contact us (e.g. by email) or register/sign up for a game or an event via forms on our Website.
For sign-up/registration we try to collect as little personal data as possible from the booking person (captain). Depending on the form and the specific event, this may include in particular:

• team name,
• captain’s name,
• number of players,
• email address, phone number (for sending confirmation documents and notifications, including SMS where used),
• optional information such as promo code, “how did you hear about us”, and a free-text message,
• date and time of the request, time zone difference to GMT, IP address (automatically recorded at sign-up) for security purposes (e.g. troubleshooting, investigating misuse or fraud).

If you contact us, we may process:

• name, phone number or email address,
• the content of your request,
• date and time of the request.

Legal basis:

• performance of a contract or steps prior to entering into a contract at your request (Article 6(1)(b) GDPR);
• logging for proof, security and fraud prevention: our legitimate interests (Article 6(1)(f) GDPR).

Please note that data transmissions over the internet are not always secure. Email communication is not always fully secure.
2.3 Photo, audio and video recordings during games/events
During games/events we may take photos, audio recordings and videos of teams and individuals, including portrait and close-up recordings. Photos and short videos may later be published and distributed online via our social media channels (e.g. Facebook, Instagram, Telegram) and/or on our Website to promote our games and to communicate with players.
We obtain your consent at the event location before a photo/video is taken (team photo or individual). Your consent to the creation and publication of the recordings is given expressly and without entitlement to remuneration.
Legal basis:

• your consent (Article 6(1)(a) GDPR).

Withdrawal of consent: You can withdraw your consent at any time with effect for the future by contacting us at: helsinki@quiz-please.com / Tel: +358 44 9111374. We will delete photos/videos already posted on our own channels upon request. Please note that we cannot control the processing by third-party providers (e.g. social media platforms). Content published online may be accessed worldwide, stored, indexed by search engines, copied or reused by third parties; deletion by third parties cannot be guaranteed.
2.4 Newsletter
If you wish to receive information about upcoming “Quiz, please!” games, you can subscribe to our newsletter. We require your email address for sending the newsletter. Additional data (e.g. name, phone number) may be requested only for specific campaigns (e.g. prize draws).
At the time of subscription, we may store:

• the IP address recorded by your internet service provider (ISP),
• the date and time of subscription, to be able to verify the subscription and prevent misuse.

Legal basis:

• your consent (Article 6(1)(a) GDPR).

If we use a newsletter service provider (e.g. Rocket Science Group LLC / Mailchimp), we do so under a data processing agreement and, where required, EU Standard Contractual Clauses. You can unsubscribe at any time via the link at the end of each newsletter email; after unsubscribing, your email address will be deleted from the distribution list unless we have a lawful basis to retain it.
2.5 Prize draws / giveaways
We may run prize draws from time to time. In connection with a prize draw, we may process your personal data such as name, email and phone number to hand over a prize (e.g. sending an electronic ticket by email or contacting you by phone to agree on a pickup location). In such cases we may share your name and your contact data with a partner organiser who must provide the prize.
Legal basis:

• your consent (Article 6(1)(a) GDPR), unless the specific terms of the prize draw provide another lawful basis.

3. Who receives my data?
Within our organisation, only those persons and departments receive access to your data who require it to fulfil our contractual and legal obligations.
We may also use processors (Article 28 GDPR) who process data on our behalf, e.g.:

• hosting / cloud IT service providers (for operating virtual servers, networks and storage),
• email/SMS providers (for confirmation and notifications),
• newsletter providers,
• other technical service providers used to operate the Website and the sign-up process.

Processors receive access only to the personal data required to perform their tasks and are contractually prohibited from using the data for other purposes. We take appropriate legal, technical and organisational measures to protect personal data in line with applicable law. Our staff and partners are obliged to confidentiality.
We only disclose your personal data to third parties if we are legally required or permitted to do so and there is a valid legal basis. We may share data:

• to fulfil a contract (Article 6(1)(b) GDPR) (e.g. with an event venue partner where needed for your booking), and/or
• based on our legitimate interests (Article 6(1)(f) GDPR) in operating our business efficiently, and/or
• where you have given consent (Article 6(1)(a) GDPR).

In some cases, laws may require us to provide information to law enforcement authorities or courts.
4. How long do we store your data?
For security reasons (e.g. to investigate misuse or fraud), server log information (access data) is stored for up to seven (7) days and then deleted. Data that must be retained for evidentiary purposes will be kept until the relevant incident is finally clarified.
We are subject to various statutory retention and documentation obligations. As soon as your data is no longer required for contract performance and statutory retention periods have expired, your data will be deleted. Your statutory rights to erasure or restriction remain unaffected.
Where we process personal data on the basis of legitimate interests (Article 6(1)(f) GDPR), we store the data until you exercise your right to object under Article 21(1) GDPR, unless we demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
Where we process personal data based on your consent (Article 6(1)(a) GDPR), we store the data until you withdraw your consent.
Cookie retention periods and settings are described in our cookie banner.
5. Transfers to third countries (outside the EU/EEA)
Our servers are located in the EU/EEA.
Some service providers may be located outside the EU/EEA (e.g. providers of analytics, advertising and social media services). When personal data is transferred to a country without an adequacy decision (Article 45 GDPR), there is a risk that authorities (e.g. intelligence services) may access the data and that enforcement of your rights may be limited.
Where required, we use appropriate safeguards such as EU Standard Contractual Clauses (Article 46(2)(c) GDPR) and assess whether additional measures are necessary. If adequate protection cannot be ensured, transfers may take place only under the GDPR exceptions (e.g. explicit consent under Article 49 GDPR or necessity for contract performance).
6. What data protection rights do I have?
As a data subject, you have the following rights under the GDPR:

• right of access (Article 15 GDPR),
• right to rectification (Article 16 GDPR),
• right to erasure (Article 17 GDPR) and right to restriction of processing (Article 18 GDPR),
• right to data portability (Article 20 GDPR),
• right to withdraw consent at any time with effect for the future (Article 7(3) GDPR),
• right to lodge a complaint with a supervisory authority (Article 77 GDPR),
• right to object (Article 21 GDPR) where processing is based on Article 6(1)(e) or (f) GDPR.

Supervisory authority in Finland (complaints)
You may lodge a complaint with the Finnish supervisory authority:
Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto)
P.O. Box 800, 00531 Helsinki, Finland
Website: https://tietosuoja.fi/en/
7. Automated decision-making / profiling
When you access our Website or contact us via a form or email, we generally do not use fully automated decision-making, including profiling, within the meaning of Article 22 GDPR. If we use such procedures in individual cases, we will inform you separately, where required by law. We do not process your data automatically with the aim of evaluating specific personal aspects (profiling).
8. Is there an obligation to provide data?
For the use of the Website, you must provide the personal data that is technically necessary for access and, where applicable, required for IT security. If you do not provide this data, you may not be able to use the Website.
The provision of information when contacting us and registering for a game/event is voluntary. However, if you do not provide the data required for processing your request or your registration, we may not be able to process it.
You can control which optional cookies are activated for you in the cookie banner. Using the Website is possible without marketing, preference and statistics cookies.
Our Website uses TLS encryption for security and to protect the transmission of confidential content. An encrypted connection can be recognised by “https://” and the lock symbol in your browser.
9. Cookies
Cookies are small text files used by websites to make the user experience more efficient.
Cookies that are strictly necessary for the operation of the Website may be stored on your device without your consent. For all other types of cookies (e.g. preference, statistics, marketing), we require your consent via our cookie banner.
Your consent may also cover transfers to third countries where required for the selected services (see section 5). You can change or withdraw your consent at any time via the cookie banner; existing cookies will then be deleted where applicable.
Your consent applies to the following domains/pages:

• https://helsinki.quizplease.com/
• https://local.quizplease.com/helsinki

9.1 Necessary cookies
Necessary cookies are required for core functions of the Website and for security. We process data based on our legitimate interests (Article 6(1)(f) GDPR) in providing a secure and functional Website.
9.2 Preference, statistics and marketing cookies
Preference cookies can remember information that changes the way the Website behaves or looks (e.g. preferred language or region).
Statistics cookies help us understand how visitors interact with the Website by collecting information in an (as far as possible) anonymised form.
Marketing cookies are used to track visitors across websites to display relevant ads.
Legal basis:

• your consent (Article 6(1)(a) GDPR).

Retention periods depend on the cookie and your settings in the cookie banner.
9.3 Browser settings
You can prevent or restrict the use of cookies by adjusting your browser settings (e.g. disabling cookies). Cookies already stored can be deleted in your browser settings. Your browser help pages provide details.
9.4 Third-party cookies, widgets and integrated services
If third-party content is embedded in our Website, those third parties may set their own cookies. We are not responsible for third-party content and technologies.
If we embed social media content (e.g. an Instagram post), your browser may connect directly to the provider’s servers (e.g. Meta) and transmit technical data (e.g. IP address, device information, referrer). The provider may set cookies or use similar technologies. Their processing is governed by the provider’s own privacy policies.
9.5 Examples of services we may use (depending on your cookie choices)Google Analytics
We may use Google Analytics (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to analyse and optimise our Website. Google Analytics uses cookies that enable an analysis of your use of the Website; information is generally transferred to servers outside the EU/EEA (e.g. the USA). We use IP anonymisation where available.
Legal basis:

• your consent (Article 6(1)(a) GDPR).

You can also prevent data collection by installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout
10. Company profiles on social media
We operate company profiles on social networks and platforms to communicate with customers, interested parties and users and to provide information about our services. Our Website may contain links to these platforms and we may occasionally embed social media posts.
Our social media pages include:

• Instagram: https://www.instagram.com/quizplease_fi/
• Facebook: https://www.facebook.com/quizpleasefi

When you click such a link, your IP address will be transmitted to the platform operator for technical reasons. If you are logged in with your account, your usage behavior may be associated with your profile by the platform operator. The respective platform’s terms and privacy policies apply.
11. External content and functions
Our Website may contain links to external third-party websites. We have no influence on the processing of data on those external websites.
Legal basis for linking and operating the Website:

• our legitimate interests in providing our online offering and improving user-friendliness (Article 6(1)(f) GDPR).

12. Changes to this Privacy Notice
If we decide to change this Privacy Notice, we will publish the changes on this page and/or update the publication date below. Earlier versions may be available upon request.
Last updated: 14 December 2025