Privacy Policy
Last updated: 17.06.2026
1. Who we are
Questerdam is the trade name under which sole proprietor Natalia Kostikova operates, registered with the Netherlands Chamber of Commerce (KVK).
Trade name: Questerdam
Legal form: eenmanszaak
KVK number: 42068792
BTW-id / VAT ID: NL005470438B33
Registered address / postal address: Afroditekade 178B, 1076 DZ Amsterdam
Email: hello@questerdam.com
Data controller: Natalia Kostikova, registered sole proprietor operating under the trade name Questerdam
Jurisdiction: the Netherlands
2. What data we collect
We collect only the data needed to process your purchase and provide access to the quest, as well as, with your consent, data for analytics and marketing communications.
2.1. Data you enter on the website:
2.2. Payment data
Payments on the website are processed through the payment provider Mollie. Depending on the payment method you choose, the payment may be made by bank card, iDEAL, PayPal or another available payment method.
We do not receive your full bank card details, CVV/CVC code or full bank account details. These data are processed by payment providers and/or banks.
For the purposes of confirming payment, providing access to the quest, accounting and processing possible refunds, we may receive and store limited payment information, for example:
2.3. Correspondence and support
If you contact us by email, we process:
2.4. Technical data and analytics
With your consent, we use Google Analytics to analyse website visits. Depending on the Google Analytics settings, the following may be collected:
2.5. Consent to marketing communications
When placing an order, you may separately consent to receive marketing and promotional information about Questerdam quests, special offers, new routes and related project news.
If you tick the relevant checkbox, we process:
3. How we use the data
We use the data for the following purposes:
Order processing and provision of the service:
Communication and support:
Website analytics, only with your consent:
Marketing emails, only with separate consent:
4. Legal bases for processing (GDPR/AVG)
We process data on the following legal bases:
5. Cookies and Google Analytics
We use cookies and similar technologies to ensure the proper functioning of the website and, depending on your choice, for analytics and marketing. When you first visit the website, a cookie management window is displayed, where you can:
Categories of cookies:
6. Who we share data with: recipients
We share data only with services that are necessary to provide the service or maintain the website:
We do not sell personal data or share it with third parties for their own marketing purposes.
7. International data transfers
Some of our providers and payment infrastructure participants, such as Google, PayPal, Zoho, Tilda and Mollie, may process data on servers outside the European Economic Area or use service providers located outside it. In such cases, we rely on protection mechanisms provided by law, such as standard contractual clauses and/or other applicable safeguards provided by the service provider.
8. Retention periods
We keep data no longer than necessary for the purposes of processing, unless the law requires otherwise.
Order data and payment confirmation data, including correspondence, payment records and transaction notifications, may be kept for up to 7 years if this is necessary for accounting or tax purposes and for protection against claims.
Technical analytics data in Google Analytics is retained according to the retention settings in Google Analytics and/or until consent is withdrawn, in relation to cookies.
Marketing subscription data is retained until you unsubscribe or withdraw your consent.
9. Marketing emails and unsubscribing
We send marketing emails only with your explicit consent, given through a separate checkbox or subscription. This consent is voluntary and does not affect your ability to purchase a quest.
You can withdraw your consent and unsubscribe at any time by emailing hello@questerdam.com or by clicking “Unsubscribe” in an email.
After you unsubscribe, we will stop sending marketing emails. We may keep a minimal record of the fact that you unsubscribed, in order to avoid sending emails to you again.
10. Data security
We apply reasonable technical and organisational measures to protect data against leaks and unauthorised access, including:
11. Your rights
Under the GDPR/AVG, you have the following rights:
We may ask you to confirm your identity in order to protect your data from being disclosed to third parties.
12. Complaints to the supervisory authority
If you believe that we are violating data protection rules, you may lodge a complaint with the Dutch supervisory authority: Autoriteit Persoonsgegevens (AP).
13. Children
Our service is not intended for children under the age of 16, and we do not knowingly collect children’s data. If you believe that a child has provided us with data, please contact us and we will delete it where applicable.
14. Changes to this policy
We may update this Policy. The current version is always available on this page. In the event of significant changes, we will update the “Last updated” date.
Questerdam is the trade name under which sole proprietor Natalia Kostikova operates, registered with the Netherlands Chamber of Commerce (KVK).
Trade name: Questerdam
Legal form: eenmanszaak
KVK number: 42068792
BTW-id / VAT ID: NL005470438B33
Registered address / postal address: Afroditekade 178B, 1076 DZ Amsterdam
Email: hello@questerdam.com
Data controller: Natalia Kostikova, registered sole proprietor operating under the trade name Questerdam
Jurisdiction: the Netherlands
2. What data we collect
We collect only the data needed to process your purchase and provide access to the quest, as well as, with your consent, data for analytics and marketing communications.
2.1. Data you enter on the website:
- Team name
- Email address, used to send the activation code and instructions
2.2. Payment data
Payments on the website are processed through the payment provider Mollie. Depending on the payment method you choose, the payment may be made by bank card, iDEAL, PayPal or another available payment method.
We do not receive your full bank card details, CVV/CVC code or full bank account details. These data are processed by payment providers and/or banks.
For the purposes of confirming payment, providing access to the quest, accounting and processing possible refunds, we may receive and store limited payment information, for example:
- the payment amount and currency;
- the date and time of payment;
- the payment status;
- the selected payment method;
- the transaction identifier / transaction reference;
- the payer’s first and last name, if provided by the payment provider;
- the payer’s email address, if provided by the payment provider, for example when paying via PayPal.
2.3. Correspondence and support
If you contact us by email, we process:
- your email address;
- the content of your message and the technical metadata of the email.
2.4. Technical data and analytics
With your consent, we use Google Analytics to analyse website visits. Depending on the Google Analytics settings, the following may be collected:
- information about your interaction with the website, such as pages viewed, clicks and time spent on the page;
- technical parameters, such as device, browser and screen resolution;
- anonymised or aggregated identifiers related to cookies or similar technologies.
2.5. Consent to marketing communications
When placing an order, you may separately consent to receive marketing and promotional information about Questerdam quests, special offers, new routes and related project news.
If you tick the relevant checkbox, we process:
- your email address;
- the fact that you gave consent;
- the date and time of consent;
- information about the source of consent, namely the order form on the website.
3. How we use the data
We use the data for the following purposes:
Order processing and provision of the service:
- to receive your order request, including team name and email address;
- to confirm payment;
- to send the activation code and the link to the Telegram bot.
Communication and support:
- to answer questions and help with access to the quest.
Website analytics, only with your consent:
- to understand what works and what does not work on the website, and to improve pages and conversion.
Marketing emails, only with separate consent:
- to send emails about new quests, discounts, marketing programmes and our news, if you have expressly subscribed to the mailing list. You can unsubscribe at any time, see section 9.
4. Legal bases for processing (GDPR/AVG)
We process data on the following legal bases:
- Consent, Article 6(1)(a) GDPR: for analytical cookies / Google Analytics and for marketing and promotional messages, if you have separately consented to receive them.
- Contract / performance of a contract, Article 6(1)(b) GDPR: to accept your order, confirm payment and provide access to the quest.
- Legal obligation, Article 6(1)(c) GDPR: to comply with accounting, tax and administrative obligations.
- Legitimate interests, Article 6(1)(f) GDPR: to provide support, prevent misuse, keep basic records of enquiries and protect our rights in the event of disputes.
5. Cookies and Google Analytics
We use cookies and similar technologies to ensure the proper functioning of the website and, depending on your choice, for analytics and marketing. When you first visit the website, a cookie management window is displayed, where you can:
- accept essential cookies, which are required for the website to work;
- give consent to analytics and/or marketing cookies.
Categories of cookies:
- Essential cookies — ensure the basic operation of the website and its functions.
- Analytics cookies — help us understand how users interact with the website, for example through Google Analytics, so that we can improve the website.
- Marketing cookies — are used to assess the effectiveness of marketing activities, improve conversion and support marketing communication.
6. Who we share data with: recipients
We share data only with services that are necessary to provide the service or maintain the website:
- Tilda — website and forms, including team name and email, and possible system notifications.
- Zoho Mail — email correspondence and sending the activation code.
- Google Analytics — website analytics, only with consent.
- Mollie — payment processing on the website, including payments by bank card, iDEAL, PayPal and other available payment methods. We receive limited payment information, see section 2.2.
- PayPal, banks, card schemes and other participants in the payment infrastructure may process data if you choose the relevant payment method.
We do not sell personal data or share it with third parties for their own marketing purposes.
7. International data transfers
Some of our providers and payment infrastructure participants, such as Google, PayPal, Zoho, Tilda and Mollie, may process data on servers outside the European Economic Area or use service providers located outside it. In such cases, we rely on protection mechanisms provided by law, such as standard contractual clauses and/or other applicable safeguards provided by the service provider.
8. Retention periods
We keep data no longer than necessary for the purposes of processing, unless the law requires otherwise.
Order data and payment confirmation data, including correspondence, payment records and transaction notifications, may be kept for up to 7 years if this is necessary for accounting or tax purposes and for protection against claims.
Technical analytics data in Google Analytics is retained according to the retention settings in Google Analytics and/or until consent is withdrawn, in relation to cookies.
Marketing subscription data is retained until you unsubscribe or withdraw your consent.
9. Marketing emails and unsubscribing
We send marketing emails only with your explicit consent, given through a separate checkbox or subscription. This consent is voluntary and does not affect your ability to purchase a quest.
You can withdraw your consent and unsubscribe at any time by emailing hello@questerdam.com or by clicking “Unsubscribe” in an email.
After you unsubscribe, we will stop sending marketing emails. We may keep a minimal record of the fact that you unsubscribed, in order to avoid sending emails to you again.
10. Data security
We apply reasonable technical and organisational measures to protect data against leaks and unauthorised access, including:
- restricting access to accounts and data;
- using secure connections, such as HTTPS / encryption in transit;
- measures to protect email and accounts, such as strong passwords and, where possible, two-factor authentication.
11. Your rights
Under the GDPR/AVG, you have the following rights:
- the right of access to your data;
- the right to rectification;
- the right to erasure, within the limits permitted by law;
- the right to restriction of processing;
- the right to data portability, where applicable;
- the right to object to processing based on legitimate interests;
- the right to withdraw consent, for processing based on consent.
We may ask you to confirm your identity in order to protect your data from being disclosed to third parties.
12. Complaints to the supervisory authority
If you believe that we are violating data protection rules, you may lodge a complaint with the Dutch supervisory authority: Autoriteit Persoonsgegevens (AP).
13. Children
Our service is not intended for children under the age of 16, and we do not knowingly collect children’s data. If you believe that a child has provided us with data, please contact us and we will delete it where applicable.
14. Changes to this policy
We may update this Policy. The current version is always available on this page. In the event of significant changes, we will update the “Last updated” date.