Effective Date: August 25, 2021
QuantPi GmbH, Halbergstraße 4, 66121 Saarbrücken (hereinafter referred to as QuantPi), attach great importance to the protection of the personal data of the users of the website www.quantpi.com. In the following, we would like to inform you in detail about which data we collect from you when you visit our website and use our offers there and how these are processed or used by us and what rights you are entitled to in this respect.
Your personal data will only be processed by us based on statutory data protection law, i.e., the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG-new) and the Telemedia Act (TMG).
The scope of the data collected and processed by us differs depending on whether you only visit our website to access information or whether you also use the services we offer on our website.
Controller within the meaning of the Data Protection Regulation and other data protection regulations is:
QuantPi GmbH, Halbergstraße 4, 66121 Saarbrücken, represented by the management, ibid.
Contact person for data protection questions:
Our data protection uses the terms of the EU Data Protection Regulation (GDPR), which we would like to briefly explain for you to make it easier to understand. You can find these and other definitions in Art. 4 GDPR.
1. Personal data
“Personal data” is all information that relates to an identified or identifiable natural person (hereinafter “data subject”); A natural person is regarded as identifiable who can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical , physiological, genetic, psychological, economic, cultural or social identity of this natural person.
2. Data subject
“data subject” is any identified or identifiable natural person whose personal data is processed by the controller for processing.
"Processing" means any process carried out with or without the help of automated processes or any such series of processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation, or change, reading, the Inquiry, use, disclosure by transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.
4. Restriction of processing
"Restriction of processing" means the marking of stored personal data with the aim of restricting their future processing.
"Pseudonymization" is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data are not assigned to an identified or identifiable natural person.
“controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
"Recipient" is a natural or legal person, authority, institution, or other body to which personal data is disclosed, regardless of whether it is a third party or not. Authorities that may receive personal data as part of a specific investigation according to Union law or the law of the member states are not considered recipients; The processing of this data by the named authorities takes place in accordance with the applicable data protection regulations in accordance with the purposes of the processing.
9. Third party
"Third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data
"Consent" of the data subject is any voluntary, informed, and unambiguous declaration of will in the form of a declaration or other unequivocal affirmative act with which the data subject indicates that they are processing the I agree to the personal data concerning her.
General information on data processing
1. Categories of personal data
We process the following categories of personal data:
• Inventory data (e.g., names, addresses, functions, organizational affiliation, etc.);
• Contact details (e.g., e-mail, telephone / fax numbers, etc.);
• Content data (e.g., text input, image files, videos, etc.);
• usage data (e.g., access data);
• Meta / communication data (e.g. IP addresses).
2. Recipients or categories of recipients of personal data
If we disclose data to other persons and companies such as web hosts, contract processors or third parties during our processing, transmit them to them or otherwise grant them access to the data, this is done based on legal permission (e.g., if a transfer of the data to third parties according to Art. 6 Para. 1 lit. b GDPR is necessary for the fulfillment of the contract) if the data subjects have given their consent or if a legal obligation provides for this.
3. Duration of storage of personal data
The criterion for the duration of storage of personal data is the respective statutory retention period. After the period has expired, the relevant data will be deleted, if they are no longer required to achieve the purpose, fulfill the contract, or initiate a contract.
4. Transfers to third countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of the use of third-party services or disclosure or transmission of data to third parties, this only takes place if it is done to fulfill our (pre-) contractual obligations, based on your consent, based on a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 ff. GDPR are met, i.e., processing takes place, for example, based on special guarantees, such as the officially recognized determination of one of the EU Data protection level or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
Data processing visiting our platform
1. Log files
Every time a person concerned accesses our website, general data and information are stored in the log files of our system:
• Date and time of the call (time stamp);
• Request details and target address (protocol version, HTTP method, referrer, User Agent string);
• Name of the file called up and amount of data transferred (requested URL including query string, size in bytes);
• Notification of whether the request was successful (HTTP status code).
When using this general data and information, we do not draw any conclusions about the person concerned. There is no personal evaluation or an evaluation of the data for marketing purposes or a profile formation. The IP address is not saved in this context.
The legal basis for the temporary storage of the data is Art. 6 Para. 1 lit. f GDPR. The collection of data for the provision of the website and the storage of the data in log files is essential for the secure operation of our website. There is consequently no possibility of objection on the part of the data subject.
2. Malware detection and log data analysis
We collect log data that arise during the operation of our company's communication technology and evaluate it automatically, insofar as this is necessary to identify, limit or eliminate malfunctions or errors in communication technology or to defend against attacks on our information technology the detection and defense of malware is required.
The legal basis for the temporary storage and evaluation of the data is Art. 6 Para. 1 lit. f GDPR. The storage and evaluation of the data is essential for the provision of the website and its secure operation. There is consequently no possibility of objection on the part of the data subject.
The legal basis for the processing of personal data using cookies is Article 6 (1) (f) GDPR.
The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use to operate our website.
We or our processor process inventory data, contact data, content data, contract data, usage data, meta and communication data from users of our website based on our legitimate interests in an efficient and secure provision of this online offer in accordance with Art. 6 Para. 1 lit.f GDPR in conjunction with Art. 28 GDPR (conclusion of an order processing contract).
5. Use of social media
We do not use social media plugins on our website, but so-called social bookmarks (these are integrated as links to the corresponding services. If the integrated graphic is clicked on by the user, the user is forwarded to the page of the respective provider). We would like to point out that we, as the provider of our website, have no knowledge of the data transmitted to and used by the respective social media channel.
Data processing in the context of establishing contact
1. Contacting us by email
You can contact our company by email using the email addresses published on our website.
If you use this contact method, the data you transmit (e.g., surname, first name, address), but at least the e-mail address and the information contained in the email together with any personal data you have transmitted, are used for the purpose of the contact and processing of your request. In addition, the following data can be collected by our system:
• IP address of the calling computer;
• The date and time of the email.
The legal basis for the processing of personal data in the context of emails sent to us is Article 6 Paragraph 1 lit. b or lit. f GDPR.
2. Establishing contact via the “Request Demo” contact form
If you use the contact form provided on our website for requesting a demo, you must provide your name and first name, the company you work for, your job title and your email address. Without this data, your request via the contact form cannot be processed.
In addition, the following data is collected by our system:
• IP address of the calling computer;
• Date and time of registration;
• URL where you was located at the time of the request.
The legal basis for the processing of personal data in the context of emails sent to us is Article 6 Paragraph 1 lit. b or lit. f GDPR.
3. Contacting by letter
As soon as you send us a letter, the information provided by the data transmitted to you (e.g., surname, first name, address) and the information contained in the letter, along with any personal data you have transmitted, are stored for the purpose of contacting you and processing your request.
The legal basis for the processing of personal data in the context of letters and faxes sent to us is Article 6 Paragraph 1 lit. b and lit. f GDPR.
As a data subject, you have the following rights in connection with the processing of your personal data: Right to data
(1) The Subject has the right to request confirmation from the controller as to whether personal data concerning them are being processed; if this is the case, she has a right to information about this personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data that are processed;
c) the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organizations;
d) if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
e) the existence of a right to correction or deletion of personal data concerning you or to restriction of processing by the controller or a right to object to this processing;
f) the right to lodge a complaint with a supervisory authority;
g) if the personal data are not collected from the data subject, all available information on the origin of the data;
h) the existence of automated decision-making including profiling in accordance with Art. 22 Paragraph 1 and Paragraph 4 GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
(2) If personal data are transmitted to a third country or to an international organization, the data subject has the right to be informed about the appropriate guarantees in connection with the transmission in accordance with Article 46 GDPR.
2. Right to correction
The data subject has the right to demand that the controller immediately correct any incorrect personal data concerning them. Considering the purposes of the processing, the data subject has the right to request the completion of incomplete personal data - including by means of a supplementary declaration.
3. Right to erasure
(1) The person concerned has the right to demand that the controller deletes personal data concerning them immediately, and the controller is obliged to delete personal data immediately if one of the following reasons applies:
a ) The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
b) The data subject revokes their consent on which the processing was based in accordance with Article 6 (1) (a) or Article 9 (2) (a) GDPR, and there is no other legal basis for the processing.
c) The person concerned objects to the processing in accordance with Art. 21 Paragraph 1 GDPR and there are no overriding legitimate reasons for the processing, or the person concerned objects to the processing in accordance with Art. 21 Paragraph 2 GDPR.
d) The personal data was processed unlawfully.
e) The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the controller is subject.
f) The personal data was collected in relation to the information society services offered in accordance with Art. 8 Para. 1 GDPR.
(2) If the controller has made the personal data public and is obliged to delete it in accordance with Paragraph 1, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to ensure that the controller is responsible for the personal data process, to inform that a data subject has requested the deletion of all links to this personal data or of copies or replications of this personal data.
(3) Paragraphs 1 and 2 do not apply if processing is necessary:
a) to exercise the right to freedom of expression and information;
b) to fulfill a legal obligation required by the law of the Union or of the member states to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been transferred to the controller ;
c) for reasons of public interest in the area of public health in accordance with Art. 9 Paragraph 2 lit. h) and i) and Art. 9 Paragraph 3 GDPR;
d) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Paragraph 1, insofar as the law mentioned in Paragraph 1 is likely to make the realization of the objectives of this processing impossible or seriously impaired, or
e) for assertion , Exercise or defense of legal claims.
4. Right to restriction of processing
(1) The person concerned has the right to request the controller to restrict processing if one of the following conditions is met:
a) the accuracy of the personal data is disputed by the person concerned, and for a period that enables the controller to check the accuracy of the personal data,
b) the processing is unlawful and the person concerned refuses to delete the personal data and instead requests that the use of the personal data be restricted;
c) the controller no longer needs the personal data for the purposes of processing, but the person concerned needs them to assert, exercise or defend legal claims, or
d) the person concerned objects to the processing in accordance with Art. 21 Para. 1 GDPR if it is not yet certain whether the legitimate reasons of the controller outweigh those of the person concerned.
(2) If the processing has been restricted in accordance with paragraph 1, these personal data - apart from their storage - may only be used with the consent of the data subject or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person or from Are processed for reasons of an important public interest of the Union or a Member State.
5. Right to data portability data
(1) The Subject has the right to receive the personal data concerning him or her, which he has provided to the controller, in a structured, common, and machine-readable format, and he has the right to transfer this data to another controller to transmit without hindrance by the controller to whom the personal data was provided, provided that:
a) the processing is based on consent pursuant to Art. 6 Para. 1 lit. a) or Art. 9 Para. 2 lit. a) GDPR or on a Contract in accordance with Art. 6 Para. 1 lit.b) GDPR and
b) The processing is carried out using automated procedures.
(2) When exercising their right to data portability in accordance with Paragraph 1, the person concerned has the right to have the personal data transmitted directly from one controller to another, insofar as this is technically feasible.
The right under paragraph 1 must not affect the rights and freedoms of other persons.
This right does not apply to processing that is necessary for the performance of a task that is in the public interest or is carried out in the exercise of official authority that has been transferred to the controller.
6. Right of objection
The data subject shall have the right to object at any time, on grounds relating to his or her situation, to processing of personal data concerning him or her which is carried out based on Art. 6 Paragraph 1 lit. e) or f) GDPR for reasons that arise from their particular situation to insert; this also applies to profiling based on these provisions. The controller no longer processes the personal data unless he can prove compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
In connection with the use of information society services, irrespective of Directive 2002/58 / EC, the person concerned can exercise their right of objection by means of automated procedures in which technical specifications are used.
The person concerned has the right to revoke their data protection declaration of consent at any time. Revoking your consent does not affect the legality of the processing carried out based on your consent up to the point of revocation.
8. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, every person concerned has the right to lodge a complaint with a supervisory authority, in the member state of their place of residence, their place of work or the place of the alleged violation, if the person concerned is of the opinion that the processing of your personal data violates this regulation.
Changes to this data protection declaration
We reserve the right to change these data protection provisions at any time with future effect. A current version is available on the website. Please visit the website regularly and inform yourself about the applicable data protection regulations.