Privacy Policy

A. GENERAL

Following the model of Art. 4 GDPR, the following definitions underlie this privacy notice:

  • “Personal Data” (Art. 4 No. 1 GDPR) refers to any information relating to an identified or identifiable natural person (“data subject”). A person is identifiable if they can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, an online identifier, location data or with one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Identifiability can also be given by linking such information or other additional knowledge. The emergence, the form or the embodiment of the information does not matter (also photos, video or sound recordings can contain personal data).
  • “Processing” (Art. 4 No. 2 GDPR) refers to any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated (i.e., technologically supported) means. This includes in particular the collection (i.e., procurement), recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, linking, restriction, erasure or destruction of personal data as well as the modification of a purpose or objective originally underlying the data processing.
  • “Controller” (Art. 4 No. 7 GDPR) refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • “Third Party” (Art. 4 No. 10 GDPR) refers to a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data; this also includes other affiliated legal entities.
  • “Processor” (Art. 4 No. 8 GDPR) refers to a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, particularly in accordance with its instructions (e.g., IT service providers). In the legal sense of data protection, a processor is particularly not a third party.
  • “Consent” (Art. 4 No. 11 GDPR) of the data subject refers to any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

The entity responsible for the processing of your personal data in the sense of Art. 4 No. 7 GDPR is us:

QWANTUM TBE Europe
Tuchlauben 7a
1010 Vienna (Austria)
contact@qwantum.eu

Board of Directors:
Daniel Daum
++49 177 3337523

For more information about our company, please refer to the imprint details on our website.

By law, in principle, every processing of personal data is prohibited and is only permitted if the data processing falls under one of the following justification scenarios:

  • 6 Para. 1 S. 1 lit. a GDPR (“Consent”): When the data subject has given consent to the processing of his or her personal data for one or more specific purposes, voluntarily, in an informed manner, and unambiguously, by a statement or by a clear affirmative action;
  • 6 Para. 1 S. 1 lit. b GDPR: When processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract;
  • 6 Para. 1 S. 1 lit. c GDPR: When processing is necessary for compliance with a legal obligation to which the controller is subject (e.g., a statutory retention obligation); • Art. 6 Para. 1 S. 1 lit. d GDPR: When processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • 6 Para. 1 S. 1 lit. e GDPR: When processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or
  • 6 Para. 1 S. 1 lit. f GDPR (“Legitimate Interests”): When processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, in particular when the data subject is a child.
  • For each processing operation we carry out, we indicate the applicable legal basis below. Processing may also be based on several legal bases.

For each processing operation, we outline below the duration of data storage with us and the criteria for data deletion or blocking. Unless a specific storage duration is explicitly mentioned herein, your personal data will be deleted or blocked as soon as the purpose or legal basis for its storage no longer applies. Generally, your data will be stored on our servers located within the European Union, adhering to any transfers as stipulated in this privacy notice.

However, data storage may be extended beyond the stated duration in cases of a (pending) legal dispute with you or related legal proceedings, or when storage is mandated by legal requirements to which we, as the data controller, are subject (e.g., according to Austrian Commercial Code (Unternehmensgesetzbuch – UGB) and Federal Fiscal Code (Bundesabgabenordnung – BAO)). Upon expiration of the storage period mandated by legal requirements, personal data will be blocked or deleted, unless its continued storage is necessary for us and is supported by an existing legal basis.

We employ appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or against unauthorized access by third parties (e.g., TSL encryption for our website) taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing as well as the existing risks of a data breach (including its likelihood and impact) for the data subject.

Our security measures are continuously improved in line with technological developments. Prerequisites for the transfer of personal data to third countries in the context of our business relationships, your personal data may be passed on or disclosed to third-party companies. These may also be located outside the European Economic Area (EEA), i.e., in third countries. Such processing is carried out exclusively for the fulfillment of contractual and business obligations and to maintain your business relationship with us. We will inform you about the respective details of the transfer below at the relevant points. Some third countries have been certified by the European Commission through so-called adequacy decisions to have data protection comparable to EEA standards (a list of these countries and a copy of the adequacy decisions can be obtained here: ec.europa.eu). In other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to the absence of legal provisions. In such cases, we ensure that data protection is sufficiently guaranteed.

This can be achieved through binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data, certificates, recognized codes of conduct, or self-certification through the EU-US Privacy Shield (information can be obtained here: www.privacyshield.gov).

We do not intend to use the personal data collected from you for automated decision-making (including profiling).

We do not make the conclusion of contracts with us dependent on you providing us with personal data beforehand. As a customer, there is generally no legal or contractual obligation to provide us with your personal data; however, it may be the case that we can only provide certain offers to a limited extent or not at all if you do not provide the necessary data. If this should exceptionally be the case in the context of the products offered by us as presented below, you will be separately informed of this.

We may be subject to a special legal or judicial obligation to provide lawfully processed personal data to third parties, in particular public authorities (Art. 6 Para. 1 S. 1 lit. c GDPR).

Your Rights as a Data Subject concerning your processed personal data can be asserted against us at any time using the contact details provided initially under A.(2). As a data subject, you have the right to:

  • pursuant to Art. 15 GDPR, request information about your data processed by us. In particular, you can request information on the processing purposes, the category of data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of complaint, the origin of your data, if not collected by us, as well as the existence of automated decision-making including profiling and possibly meaningful information about their details;
  • pursuant to Art. 16 GDPR, demand the correction of incorrect or completion of your data stored with us without delay;
  • pursuant to Art. 17 GDPR, request the deletion of your data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to assert, exercise or defend legal claims;
  • pursuant to Art. 18 GDPR, request the restriction of the processing of your data, insofar as you dispute the accuracy of the data or the processing is unlawful;
  • pursuant to Art. 20 GDPR, to receive your data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller (“data portability”);
  • Pursuant to Art. 7 Para. 3 GDPR, you have the right to revoke your consent given once (also before the application of the GDPR, i.e., before May 25, 2018) – i.e., your voluntary, informed, and unambiguous willingness, expressed by a statement or by another clear affirmative action, that you agree to the processing of the relevant personal data for one or more specific purposes – at any time towards us, if you have given such. This has the consequence that we may no longer continue the data processing based on this consent for the future.
  • Furthermore, pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data in our company. For example, as our company is now based in Austria, the relevant authority is the Austrian Data Protection Authority (Datenschutzbehörde), Barichgasse 40-42, 1030 Vienna, Austria, Tel: +43 1 52 152-0, Email: dsb@dsb.gv.at.

 

Changes to the Privacy Notice In the course of the development of data protection law as well as technological or organizational changes, our privacy notices are regularly reviewed for the need for adjustment or supplementation. These privacy notices are up to date as of June 2021.

B. VISIT OF WEBSITES

During the informational use of the websites, the following categories of personal data are collected, stored, and further processed by us:

“Log data”: When you visit our websites, a so-called log data record (so-called server log files) is temporarily and anonymized stored on our web server. This consists of:

  • the page from which the page was requested (so-called referrer URL) • name and URL of the requested page
  • the date and time of the call
  • the description of the type, language, and version of the web browser used
  • the IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established
  • the amount of data transmitted
  • the operating system
  • the message whether the call was successful (access status/HTTP status code)
  • the GMT time zone difference

 

“Contact form data”: When using contact forms, the data transmitted through them are processed (e.g., gender, name and surname, address, company, e-mail address, and the time of transmission).

We process the personal data specified above in accordance with the provisions of the GDPR, other relevant data protection regulations, and only to the necessary extent. Insofar as the processing of personal data is based on Art. 6 Para. 1 S. 1 lit. f GDPR, the purposes mentioned also represent our legitimate interests.

The processing of log data serves statistical purposes and the improvement of the quality of our website, in particular, the stability and security of the connection (the legal basis is Art. 6 Para. 1 S. 1 lit. f GDPR). The processing of contact form data is carried out to handle customer inquiries (the legal basis is Art. 6 Para. 1 S. 1 lit. b or lit. f GDPR).

Your data will only be processed for as long as is necessary to achieve the processing purposes mentioned above; the relevant provisions apply to the processing purposes corresponding legal bases as indicated. Regarding the use and storage duration of cookies and the Cookie Policy.

Third parties engaged by us will store your data on their systems for as long as necessary in connection with the provision of services for us, according to the respective order.

For more information on the storage duration, see the Cookie Policy.

The following categories of recipients, usually acting as data processors (see A.(7)), may have access to your personal data:

  • Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security). The legal basis for disclosure is then Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR, as long as they are not data processors;
  • Government bodies/authorities, insofar as this is necessary to fulfill a legal obligation. The legal basis for disclosure is then Art. 6 para. 1 sentence 1 lit. c GDPR;
  • Individuals involved in the conduct of our business operations (e.g., auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for disclosure is then Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR.
  • For guarantees of an adequate level of data protection when transferring data to third countries, see A.(8).
  • In addition, we only pass on your personal data to third parties if you have given explicit consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

a) Cookie

We use cookies on our websites. Cookies are small text files that are assigned and stored on your hard drive by the browser you use through a characteristic string, and through which certain information flows to the site that sets the cookie. Cookies cannot run programs or transmit viruses to your computer and therefore cannot cause any damage. They are used to make the overall internet offer more user-friendly and effective, thus making it more pleasant for you.

Cookies can contain data that makes it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that are not personally identifiable. However, cookies cannot directly identify a user.

A distinction is made between session cookies, which are deleted again as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, cookies are further distinguished between:

  • Technical Cookies: These are essential for moving around the website, using basic functions, and ensuring the security of the website; they do not collect information about you for marketing purposes nor do they store which websites you have visited;
  • Performance Cookies: These collect information about how you use our website, which pages you visit, and e.g., whether errors occur during website usage; they do not collect information that could identify you – all collected information is anonymous and is only used to improve our website and find out what interests our users; we only pass on personal data processed by cookies to third parties if you have given explicit consent to do so according to Art. 6 para. 1 sentence 1 lit. a GDPR. 

For more information on which cookies we use and how you can manage your cookie settings and deactivate certain types of tracking, please refer to our Cookie Policy.

b) Social Media Plugins

We do not use social media plugins on our websites. If our websites contain icons of social media providers (e.g., facebook, linkedin, instagram), we only use these for passive linking to the pages of the respective providers.

We're social,
so if you'd
like to talk
about your project,
get in touch.

Copyright © QWANTUM TBE Europe

Imprint | Privacy Policy