QUEST Privacy policy


    1. Software – Quest software comprising of the mobile application and administrator portal. For end users it is a mobile application through which the users interact with other users to create project teams.

    2. GLS – company Green Light Solutions s.r.o., corporate ID No. 24662828 , with its registered office at BB C - Delta, Vyskočilova 1561/4A, 140 00 Prague 4 ,registered in the Commercial Register of the Municipal Court in Prague, File No. C 164322, registered in the Czech Republic.

    3. Entity– Entity, which is the contractual partner of GLS and which has primary access to the Software and which provides access to the Software for Users.

    4. Controller - Green Light Solutions s.r.o. corporate ID No. 24662828, with its registered office at BB C - Delta, Vyskočilova 1561/4A, 140 00 Prague 4, registered in the Commercial Register of the Municipal Court in Prague, File No. C 164322, registered in the Czech Republic. Also abbreviated as “we” or “us”.

    5. PP – This Privacy Policy.

    6. User – natural person of age of 18 years or more as an end user using the Software. Also abbreviated as “you”.

    7. GDPR – The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU.

  2. Contact information of the Controller

    1. For some of your personal data the Entity is the controller and GLS acts only as a processor.

    2. For other personal data, the Controller is the company Green Light Solutions s.r.o. corporate ID No. 24662828, with its registered office at BB C - Delta, Vyskočilova 1561/4A, 140 00 Prague 4, Czech Republic, registered in the Commercial Register of the Municipal Court in Prague, File No. C 164322, registered in the Czech Republic.

    3. Contact e-mail address for all matters related to the GDPR is, also you can send a letter to us on our contact address Green Light Solutions s.r.o., Vyskočilova 1561/4A, 140 00 Praha 4, Czech Republic. If you choose to use the letter, please visibly mark it with big capital letters GDPR on the envelope to ensure that it will be dealt with appropriate care and speed.

  3. List of processed data and ways of obtaining of such personal data

Data Processing

    1. The Provider collects and receive some information in order to operate, provide, improve, understand, customize, support and market the Software. The types of information the Provider receives and collects depend on how you use the Services.

Information you provide

    1. You provide your e-mail address during registration into the Software.

    2. You may be asked to provide your name and surname.

    3. You may be asked to provide your phone number and location.

    4. You may be asked to fill professional skills in your profile.

Automatically collected information

    1. Our backend monitors and collects your interaction with the Software.

How do we use the personal data?

    1. We use the personal data in order to operate and provide our Services, including providing customer support, and improving, fixing, and customizing our Services. We understand how people use our Services and analyze and use the information we have to evaluate and improve our Services, research, develop, and test new services and features, and conduct troubleshooting activities. We also use your information to respond to you when you contact us.

    2. We verify accounts and activity and promote safety and security on and off our Services, such as by investigating suspicious activity or violations of our T&C, and to ensure our Services are being used legally.

For how long we store your personal data

    1. We will store the personal data for the time that your user account will exist and for additional 6 months.

  1. Purposes of the processing for which the personal data are intended as well as the legal basis for the processing and definition of the legitimate interest of the Controller

    1. Under European law, companies must have a legal basis to process data. You have particular rights available to you depending on which legal basis we process your personal data. You should know that no matter what legal basis applies, you always have the right to request access to, rectification of, repair and erasure of your data under the GDPR, the extent your rights are available depend on the purpose for which we process such personal data.

Legal basis for processing

    1. We collect, use, share and process the information we have as described above:

      1. as necessary to provide the Software;

      2. as necessary to comply with the T&C;

      3. consistent with your consent, which you can revoke at any time;

      4. as necessary to comply with our legal obligations;

      5. occasionally to protect your vital interests, or those of others;

      6. as necessary in the public interest;

      7. as necessary for our (or others') legitimate interests, including our interests in providing an innovative, relevant, safe, and profitable service to our users, unless those interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data; and

      8. to secure the Software, to fight spam, threats, abuse, copyright violations, or infringement activities and promote safety and security.

    2. We process your Personal Data based on:

Legal Obligation / Performance of the Software

    1. We process personal data as necessary to perform our contracts with you and the Software to you according to the T&C.

    2. The purposes for which we process your personal data is:

      1. To provide, improve, customize, and support our Software as described;

      2. To match you with created quest to provide the Entity with teams to fulfill created quests (profiling without legal or similarly significantly affecting effects);

      3. To provide the Entity feedback from your interactions with other users;

      4. To contact you with request for feedback from time to time;

      5. To provide the capability to reset your password.

    3. For this purpose, we process your e-mail address, name, surname, phone number, your location, photo, professional skills, your history.

    4. We have to process the above-mentioned data in order to provide you with the Software; if you choose not to provide this data, the Software cannot be provided.

    5. When we process your personal data in order to perform out contracts or to provide our Software to you, you have the right to port the personal data and to request the repair of such personal data under the GDPR.

Law and Protection

    1. We collect, use, preserve, share and process your personal data if we have a good-faith belief that it is reasonably necessary to: (a) respond pursuant to applicable law or regulations, to legal process, or to government requests; (b) enforce our T&C and any other applicable terms and policies, including for investigations of potential violations; (c) detect, investigate, prevent, and address fraud and other illegal activity, security, or technical issues; or (d) protect the rights, property, and safety of our users, the Provider, or others, including to prevent death or imminent bodily harm.

Our Legitimate Interests:

    1. Our legitimate interests or the legitimate interests of a third party, where not outweighed by your interests or fundamental rights and freedoms ("legitimate interests") for processing of your personal data are:

      1. For providing measurement, analytics of performance and usage scenarios of the Software, in order to prevent abuse of the Software, to prevent and address fraud, to comply with any DMCA obligations, violations of our T&C, or other harmful or illegal activity; to protect ourselves (including our rights, property or Software), others, including as part of investigations or regulatory inquiries;

      2. For analytics of the Software in order to improve and to modify the Software for its users, to create sustainable business model for the Software;

      3. For provision of parts of the Software itself;

    2. For this purpose, we process the usage patterns of the Software. We do not process user created content, but we create statistical and analytical models for principal usage of the Software.

  1. The categories of RecipIents of the Personal Data

    1. The recipients of the personal data are the following third parties

      1. Monitoring and analytics services of users using the service, which we facilitate to provide us with the data about usage patterns and sessions of our user, in order to monitor the Software, analyze the functions of the Software and to modify the Software to be better for you – detailed list of such partners is provided on request.

      2. Hosting and infrastructure providers for the Services – detailed list of such partners is provided on request.

    2. All recipients of personal data are bound by the appropriate Data Processing Agreement as required by the GDPR.

  2. Intention to transfer of the Personal Data outside of the European Union

    1. All service providers store data primarily in the EU.

    2. Some providers are USA based, and can transfer personal data to the USA. All such providers are covered and are part of a Privacy Shield Frameworks designed by the U.S. Department of Commerce and the European Commission and you can find all remedies and tools available to you under such regime on website.

  3. How You Exercise Your Rights

    1. Under the General Data Protection Regulation or other applicable local laws, you have the right to access, rectify, port, request a restriction on further processing where applicable and erase your information, as well as the right to restrict and object to certain processing of your information.

    2. This includes the right to object to our processing of your information where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party.

    3. If we process your information based on our legitimate interests or those of a third party, or in the public interest, you can object to this processing, and we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons.

    4. You can also request a correction of your personal data we process.

    5. You can also object to our processing of your information and learn more about your options for restricting the way we use your information by contacting us on the e-mail address.

    6. You can also fill a formal complaint with the Supervisory Office – the Office for Personal Data Protection (Úřad na ochranu osobních údajů),

Managing and Deleting Your Information

    1. We store information until it is no longer necessary to provide our services, or until your account is deleted, whichever comes first. This is a case-by-case determination that depends on things like the nature of the information, why it is collected and processed, and relevant legal or operational retention needs.

    2. If you would like to manage, change, limit, or delete your information, we allow you to do that through the following means:

      1. The e-mail sent to the e-mail address from the e-mail address used for registration or which is a part of the conversation.

Right to erasure

    1. For personal data we process based on your consent you have right to ask us to immediately delete your personal data, we would delete your name, surname and location collected and processed by us.

    2. In due time your personal data will also be deleted from backups which are periodically replaced and rotated. The backups are normally not accessed and are used only in case of emergencies according to our internal directives.

  1. right to object to processing, restriction of processing

    1. We will consider several factors when assessing an objection including: our Users' reasonable expectations; the benefits and risks to you, us, other Users, or third parties; and other available means to achieve the same purpose that may be less invasive and do not require disproportional effort.

    2. If your objection is upheld, we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons.

    3. This also means that in cases where the complete deletion of your data would be impossible or would hinder the functionality of the Software for other users, we can as an alternative completely anonymize your data and replace it with randomly generated identifier in our databases that could not be used to identify you as a person under no circumstances.

  2. Further Processing

    1. If we will plan to use personal data for a new purpose, we will update this PP and communicate the changes to individuals before starting any new processing.

  3. final provisions

    1. All rights and obligations arising out of or in connection to this PP are construed, governed, interpreted and enforced according to the laws of the Czech Republic.

    2. Rights and obligations of the contracting parties, which are not regulated by these PP are regulated by the T&C or by the contract, implied or actual, or are governed by law.

    3. If any condition or provision of these PP is declared as invalid, illegal or unenforceable, the meaning of the given provision will be interpreted within the closest possible extent so that this provision may be considered as enforceable; in case this provision does not have any such possible interpretation, it will be separated from the rest of these PP, which will remain fully valid and effective. The interpretation of this provision will be replaced by a provision of the applicable legal norm which corresponds most closely to the purpose of an unenforceable provision.

    4. The Provider reserves the right to change this PP from time to time. User shall periodically check the revisions of these PP as he is bound by the changed wording of the PP from the first day of the next month following the month the revision has been enacted and made public. The continued use of the Software by the user is considered as consent to the changed PP except in case of the change of processing of the personal data on basis of the consent in which case the new consent will be required from the User.

    5. These PP are written in the English language, which shall prevail over other language versions of these PP.

    6. These T&C become valid and effective as of 25 May 2018.