Outsider

Privacy Policy

Effective: February 1, 2026

This is a translation of the Czech version. In case of any discrepancy, the Czech version prevails.

1. Introduction and Data Controller

1.1 Data Controller

The data controller is Ing. Martin Urban, with registered office at Voroněžská 2544/8, 616 00 Brno, Czech Republic, ID: 05861896, registered in the trade register of ŽÚ MMB (hereinafter "Controller" or "Operator").

Contact:

  • Email: zoou@outsider.app
  • Web: outsider.app

1.2 Subject of This Policy

This Privacy Policy (hereinafter "Policy") governs the processing of personal data of users of the Outsider mobile application (hereinafter "Application") and the outsider.app website.

1.3 Legal Basis

The processing of personal data is governed by:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation – GDPR)
  • Act No. 110/2019 Coll., on the processing of personal data, as amended.

1.4 Updates to This Policy

The Controller reserves the right to unilaterally amend and update this Policy. Users will be informed of significant changes through the Application or by email. The current version of the Policy is always available at outsider.app/zoou_cs.

2. What Personal Data We Process and Why

2.1 Scope of Processed Personal Data

In the course of providing services through the Application, the Controller processes the following personal data:

a) Registration data:

  • first and last name (or username)
  • email address
  • social network account ID (when registering via social networks)
  • profile photo.

b) Location data:

  • GPS device location (in real time during use of the Application)
  • history of visited checkpoints
  • movement route during gameplay.

c) Technical data:

  • IP address
  • device type and version
  • operating system
  • Application version
  • Application usage data (statistics, game progress).

d) Communication data:

  • content of customer support communications
  • inquiries and feedback.

2.2 Purposes of Personal Data Processing

We process personal data for the following purposes:

a) Providing services (legal basis: performance of a contract under Art. 6(1)(b) GDPR)

  • creating and managing user accounts
  • enabling gameplay and use of Application features
  • GPS navigation to game checkpoints
  • tracking game progress and statistics.

b) Technical operation and security (legal basis: legitimate interest of the controller under Art. 6(1)(f) GDPR)

  • ensuring the functionality and security of the Application
  • fraud and abuse prevention
  • resolving technical issues
  • improving Application performance.

c) Marketing and communication (legal basis: consent under Art. 6(1)(a) GDPR)

  • sending news, updates, and information about new games
  • sending promotional messages (only with user consent)
  • content personalization.

d) Fulfillment of legal obligations (legal basis: Art. 6(1)(c) GDPR)

  • fulfillment of the controller's legal obligations
  • maintaining accounting records.

2.3 Processing of Location Data

The Application requires access to the device's location for its core functionality (GPS navigation to game checkpoints). Location data is only processed during active use of the Application and is necessary for providing the service.

The User may withdraw consent to location sharing at any time in their device settings; however, this may prevent the use of core Application features.

3. Recipients and Processors of Personal Data

3.1 Data Processors

The Controller may entrust the processing of personal data to the following categories of processors:

a) Cloud service providers:

  • Amazon Web Services (AWS) – hosting and data storage in the Frankfurt, Germany data center
  • secure data storage and backup.

b) Analytics service providers:

  • services for analyzing Application usage and statistics
  • only anonymized or aggregated data.

c) Payment service providers:

  • Apple Inc. (App Store)
  • Google Ireland Limited (Google Play)
  • processing payments for premium content.

d) Communication service providers:

  • email services for sending information to users.

3.2 Disclosure to Third Parties

The Controller does not sell, rent, or otherwise provide users' personal data to third parties for their marketing purposes.

Personal data may be disclosed to:

  • law enforcement or administrative authorities based on legal provisions or final decisions
  • processors listed in Section 3.1, who are bound by a data processing agreement.

3.3 Transfer to Third Countries

Personal data is stored on AWS servers in the European Union (Frankfurt, Germany region). If services from providers outside the EU are used, the Controller ensures appropriate safeguards for personal data protection in accordance with Art. 44 et seq. of the GDPR.

4. Data Retention Period

4.1 General Retention Period

Personal data is retained for the period necessary for the purposes for which it is processed:

  • Active user data: for the duration of the user account
  • Data after account deletion: up to 30 days after account deletion (for technical reasons and account recovery)
  • Data for legal obligations: for the period stipulated by applicable legal regulations (e.g., accounting documents for 10 years)
  • Marketing consents: until consent is withdrawn or for 3 years from the last use of the Application.

4.2 Data Archiving and Deletion

After the retention period expires, personal data is securely and irreversibly deleted or anonymized in a manner that prevents its recovery.

5. Data Subject Rights

5.1 Overview of User Rights

Each user has the following rights in relation to the processing of their personal data:

  • Right of access (Art. 15 GDPR) – the right to obtain information about whether and what personal data the Controller processes about them
  • Right to rectification (Art. 16 GDPR) – the right to request correction of inaccurate personal data
  • Right to erasure (Art. 17 GDPR) – the right to request deletion of personal data ("right to be forgotten")
  • Right to restriction of processing (Art. 18 GDPR) – the right to request restriction of personal data processing
  • Right to data portability (Art. 20 GDPR) – the right to obtain personal data in a structured, commonly used, and machine-readable format
  • Right to object (Art. 21 GDPR) – the right to object to the processing of personal data
  • Right to withdraw consent (Art. 7(3) GDPR) – the right to withdraw previously given consent to the processing of personal data at any time.

5.2 How to Exercise Your Rights

Users may exercise their rights in the following ways:

By email:

  • by sending a request to: zoou@outsider.app
  • in the email subject line, include: [ZOOU Request] or [ZOOU Deletion] or [ZOOU Change].

Through the Application:

  • in the Profile menu using the "Delete Account" function (complete deletion of account and personal data)
  • in account settings for editing personal data.

By mail:

  • to the address: Ing. Martin Urban, Voroněžská 2544/8, 616 00 Brno, Czech Republic.

5.3 Response Time

The Controller will process the user's request without undue delay, within 1 month of receipt at the latest. In justified cases, this period may be extended by an additional 2 months, of which the user will be informed.

5.4 Right to Lodge a Complaint

The user has the right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection:

  • Address: Pplk. Sochora 27, 170 00 Prague 7
  • Web: www.uoou.cz
  • Email: posta@uoou.cz
  • Phone: +420 234 665 111

6. Personal Data Security

6.1 Technical and Organizational Measures

The Controller has adopted appropriate technical and organizational measures to protect personal data against unauthorized access, misuse, loss, or destruction:

a) Data encryption:

  • data transfer via secure SSL/TLS protocol
  • encryption of stored data on AWS servers.

b) Access rights:

  • access to personal data limited to authorized persons only
  • regular review of access rights.

c) Security monitoring:

  • continuous system security monitoring
  • regular security audits.

d) Backup:

  • regular data backup
  • data recovery capability in case of data loss.

6.2 Backup and Disaster Recovery

Data is regularly backed up on secured AWS servers. In case of technical failure, data recovery from security backups is ensured.

7. Cookies and Analytics Tools

7.1 Use of Cookies

The outsider.app website uses cookies for functionality, traffic analysis, and improving user experience.

Users may configure their browser to reject cookies or to be informed about their storage. Rejecting cookies may limit the functionality of the website.

7.2 Analytics Tools

For analyzing the use of the website and Application, analytics tools (e.g., Google Analytics) may be used in anonymized mode. These tools collect only anonymized or aggregated data that does not allow identification of specific users.

8. Special Provisions for Children

The Application is intended for persons aged 13 and older. The Controller does not knowingly collect personal data from children under 13. If the Controller becomes aware that it is processing personal data of a child under 13, it will immediately delete such data.

Parents or legal guardians may contact the Controller if they suspect that a child under 13 has provided personal data without their consent.

9. Automated Decision-Making and Profiling

The Controller does not use automated decision-making or profiling that would have legal effects or similarly significant consequences for users.

10. Marketing and Consent Withdrawal

10.1 Marketing Communication

The User may consent to receiving marketing messages (news, updates, promotional offers) to their email address.

10.2 Withdrawal of Marketing Consent

The User may withdraw consent to receiving marketing messages at any time:

  • by clicking the unsubscribe link in the sent email
  • by sending an email to: zoou@outsider.app with the subject [Unsubscribe marketing]
  • in their account settings in the Application.

Withdrawal of consent does not affect the lawfulness of processing of personal data prior to the withdrawal of consent.

11. Final Provisions

11.1 Validity and Effectiveness

This Privacy Policy takes effect on February 1, 2026 and supersedes all previous versions.

11.2 Contact for Inquiries

For any questions regarding the processing of personal data, contact the Controller:

  • Email: zoou@outsider.app
  • Mailing address: Ing. Martin Urban, Voroněžská 2544/8, 616 00 Brno, Czech Republic

11.3 Related Documents

  • Terms and Conditions of the Outsider Application: outsider.app/obchodni-podminky
Facebook Messenger