Privacy statement
Below you can read which personal data De Bie Digital processes when you use Kwis Het Wel!, why we do so, which parties we work with, and what rights you have. This is an English translation of our Dutch privacy statement, provided for convenience; in case of any discrepancy, the Dutch version prevails.
Last updated: June 24, 2026
1. Who are we?
The controller responsible for the processing of your personal data via kwishetwel.com is:
De Bie Digital
Represented by: Roy de Bie and Thomas van der Pas
Address: Burgemeester van de Venstraat 20, Haaren
Netherlands Chamber of Commerce (KvK) number: 95114459
Email: [email protected]
Website: www.kwishetwel.com
We process personal data in accordance with the General Data Protection Regulation (GDPR) and the Dutch GDPR Implementation Act (UAVG).
2. Which personal data do we process?
2.1 Data of subscribers (customers)
If you take out a subscription to Kwis Het Wel!, we process:
- First and last name
- Email address
- Payment details (via our payment provider Stripe; we do not store full payment details ourselves)
- Billing address (where applicable)
- Subscription and transaction history
2.2 Data of players (end users in the quiz app)
Players who join a Kwis Het Wel! session can provide the following data:
- First name or nickname (required to participate)
- Profile photo (voluntary, taken or uploaded by the player)
We expressly ask players not to upload sensitive personal data as a profile photo. Uploaded images are used solely for display during the quiz session.
2.3 Technical and usage data
When you use our website and app, some technical data is processed automatically, such as:
- IP address (briefly, for security and abuse prevention)
- Browser type and version
- Device type and operating system
- Time of the request
- A temporary session and reconnection ID (see section 5)
We only process pages visited and click behavior via Google Analytics, and only after you have given your consent (see section 5.2).
2.4 Personal data in content created by the customer
Customers with a subscription that allows it can create their own quiz rounds and questions and share them privately with their own group (see article 10 of our terms and conditions). To the extent that a customer processes personal data of others in that self-created content (for example, questions about people within their own group), the customer is the controller for that processing. De Bie Digital only stores this content and displays it as part of the service, does not moderate it, and is not the controller for it. The customer is responsible for having a valid legal basis and for informing the data subjects where the law requires this.
3. For which purposes do we process your data?
We only process personal data for specified, explicitly described, and legitimate purposes:
- Performance of the agreement (subscription, billing, customer service). Legal basis: performance of a contract (Article 6(1)(b) GDPR).
- Display of name and profile photo during a quiz session. Legal basis: performance of a contract or legitimate interest (Article 6(1)(b)/(f) GDPR).
- Improvement of our services based on anonymized usage data. Legal basis: legitimate interest (Article 6(1)(f) GDPR).
- Website analytics via Google Analytics. Legal basis: consent (Article 6(1)(a) GDPR).
- Compliance with legal obligations (for example, tax records). Legal basis: legal obligation (Article 6(1)(c) GDPR).
4. How long do we keep your data?
We do not keep personal data longer than necessary for the purposes for which it was collected:
- Player data (name/nickname, profile photo): finished and abandoned quiz sessions are cleaned up automatically (by default about 30 days after the session has ended); the associated profile photos are then also deleted from our storage.
- Subscriber account data: for as long as the subscription is active, plus a maximum of 12 months afterwards to comply with legal obligations and handle any remaining questions.
- Financial data (invoices, transactions): 7 years, in accordance with the Dutch tax retention obligation (Article 52 of the Dutch General Tax Act (AWR)).
- Website analytics data (Google Analytics): a maximum of 14 months.
- Server and access logs: a maximum of 90 days, solely for security and troubleshooting.
5. Cookies and sessions
5.1 Functional storage
We use functional storage that is strictly necessary for the operation of the website and app, such as remembering your login status, your quiz session and reconnection, and your theme preference. No consent is required for this.
5.2 Analytics cookies (Google Analytics)
With your consent, we use Google Analytics 4 (GA4) to gain insight into how our website is used. We have taken the following measures:
- IP anonymization is enabled.
- Data is not shared with other Google services for advertising purposes.
- The retention period in Analytics is set to a maximum of 14 months.
Google Analytics only loads after you have given consent via our cookie banner. You can change your choice at any time: .
5.3 Marketing and tracking cookies
We currently do not use any marketing or advertising cookies. Should we use them in the future, this will only happen after your explicit consent via the cookie banner.
6. Payments via Stripe
We use Stripe (Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland), a PCI DSS-certified payment service provider, to process payments.
Your payment details (such as card number, expiration date, and CVC) are never stored on our servers but are processed directly by Stripe, in accordance with their privacy policy at stripe.com/nl/privacy. From Stripe, we only receive a payment confirmation and a transaction ID, together with the data we need for our records (name, amount, date).
7. Sharing data with third parties
We never sell your personal data. We only share data in the following cases:
With processors that provide services on our behalf and with whom we conclude data processing agreements:
- Stripe - payments.
- Resend - sending transactional emails (such as a verification code).
- DigitalOcean - hosting and storage of any profile photos.
- Sentry - detecting technical errors.
- Google - Google Analytics, only after your consent.
In addition, we share data with competent authorities if we are legally required to do so.
We do not transfer personal data to countries outside the European Economic Area (EEA) unless appropriate safeguards are in place (such as the European Commission's standard contractual clauses). Stripe, Sentry, and Google may process data outside the EEA; these parties use approved transfer mechanisms.
8. Security of your data
We take appropriate technical and organizational measures to protect your personal data against loss, theft, or unauthorized access, including:
- Encrypted connections (HTTPS/TLS) for all data communication.
- Encrypted storage of passwords (bcrypt) and email verification at registration.
- Restricted access to personal data on a need-to-know basis.
- Regular backups and security checks.
In the event of a data breach that is likely to pose a risk to your rights and freedoms, we will report it within 72 hours to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) and, if the breach poses a high risk, also to you personally.
9. Your rights
Under the GDPR, you have the following rights with regard to your personal data:
- Right of access (Article 15 GDPR): you can request which data we process about you.
- Right to rectification (Article 16 GDPR): you can have incorrect data corrected.
- Right to erasure (Article 17 GDPR): you can request that your data be deleted (the 'right to be forgotten').
- Right to restriction of processing (Article 18 GDPR).
- Right to data portability (Article 20 GDPR): you can request your data in a machine-readable format.
- Right to object (Article 21 GDPR) to processing based on legitimate interest.
- Right to withdraw consent (Article 7(3) GDPR), without affecting the lawfulness of the processing carried out before the withdrawal.
Subscribers can also download their data themselves and delete their account (with the associated data) via the account settings. For other requests, or if you are a player, email [email protected]. We respond within 30 days. We may ask you to verify your identity before we handle your request.
10. Complaints
Do you have a complaint about the way we handle your personal data? Please contact us first via [email protected]. We aim to resolve your complaint within 30 days.
You also have the right to lodge a complaint with the supervisory authority:
Autoriteit Persoonsgegevens (the Dutch Data Protection Authority)
Postbus 93374, 2509 AJ Den Haag
Telephone: 088 1805 250
Website: www.autoriteitpersoonsgegevens.nl
11. Changes to this privacy statement
We reserve the right to amend this privacy statement. Changes will be published on kwishetwel.com, stating the date of the most recent update. In the case of substantial changes that directly affect your rights, we will inform you proactively if we know your email address.
12. Contact
For questions, requests, or comments about this privacy statement or about the processing of your personal data, you can contact us via:
De Bie Digital
Roy de Bie and Thomas van der Pas
Burgemeester van de Venstraat 20, Haaren
Netherlands Chamber of Commerce (KvK) number: 95114459
Email: [email protected]
Website: www.kwishetwel.com
Our terms and conditions also apply to the use of Kwis Het Wel!.
