Last revised: 29th May 2021

This Privacy Policy (“Policy”) applies to the products and services (collectively, the “Service”) provided by Quantum Capital Partners SAS (“Quantum”, “we”, “us” or “our”), a simplified joint-stock company with his headquarter at 11 rue Adolphe Fischer, 1520 Luxembourg, Grand Duchy of Luxembourg, and registered at the Luxembourg Business Register (www.lbr.lu) under the serial number B242823. As used in this Policy, the Service includes, without limitation, all websites, products, services and platforms that display this Policy (collectively, the “Site”).

By registering to use the Service, accessing the Service or providing access to the Service, you agree and acknowledge that you have read all of the terms and conditions of these Terms, you understand all of the terms and conditions of these Terms, and you agree to be legally bounded by all of the terms and conditions of these Terms, including this Privacy Policy.

This Policy applies to individuals and legal entities that use the Service “Graviton”. Unless otherwise specified in this Policy, “you”, “user” or “users” refers to all the users of the Service.

Quantum reserves the right to change or modify any policy or guideline at any time and in its sole discretion. If Quantum makes any changes to this Policy, Quantum will provide notice of such changes by revising the “Last Updated” date above and, in some cases, may provide additional notice (such as by sending an email or other notification or by posting a notice on the Service). Any changes or modifications will be effective 7 days after Quantum provides notice that this Policy has been modified (the “Notice Period”). Your continued use of the Service following the Notice Period will constitute your acceptance of such changes or modifications. You are advised to review this Policy whenever you access the Service and at least every 30 days to make sure that you understand the Privacy Policy that applies to your use of the Service.

This Policy is applicable for all Quantum’s legal entities.

This Policy defines how Quantum, acting as data controller, may process, in accordance with the applicable laws, including, the General Data Protection Regulation (the “GDPR“) and for the purposes defined below, information relating to identified or identifiable natural persons (called “data subjects”) collected from time to time (directly or indirectly, on a compulsory or voluntary manner, manually or otherwise) from the data subjects themselves as well as from its clients, you, third parties (such as potential clients, subcontractors, providers or any stakeholders involved in an engagement with Quantum) and/or from publicly available sources where applicable.

Why does Quantum process personal data?

Quantum processes personal data in accordance with applicable laws and solely for the following purposes (together the “Purpose(s)”):

  • To provide services including: Analysis, Design, Development, Consultancy, Sales, Delivery, Installation, Services and Support activities related to the provision of IT solutions, the Service.
  • To maintain its administrative and clients/suppliers relationships management systems, including:
    • Bid issuance and contract drafting;
    • Clients/suppliers/alumni follow up and management;
    • Invoicing and payments of invoices;
    • Advertising, communication and public relations;
    • Event organization;
    • Quality reviews;
    • Client or user experience improvement and personalisation of services delivery (for example via authentification, monitoring of the performance and use of Quantum applications where applicable).
  • To apply acceptance and continuance procedures (including anti-money laundering, anti-bribery and counter-terrorist financing);
  • To facilitate compliance with its legal, regulatory, professional and/or contractual obligations (including independence and archiving requirements, etc.);
  • To maintain and protect its buildings, equipment, IT infrastructure and data (including access management and authentication, security and performance monitoring…);
  • To ensure its business continuity;
  • To manage risks and litigations;
  • To process the data subjects’ requests; and/or
  • To manage its websites.

The Purposes above are based on at least one of the following legal basis:

  • The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • The processing is necessary for compliance with a legal obligation to which Quantum is subject;
  • The processing is necessary for the purposes of the legitimate interests pursued by Quantum or by a third party (such as the protection of Quantum’s asset, the understanding of its clients’ needs and expectations or the fulfillment of the Quantum’s purpose or social interest); and/or
  • The data subject has given consent to the processing for one or more specific purposes.

What personal data does Quantum process?

Depending on, and when necessary for, the Purpose(s) above, Quantum may process the following categories of personal data:

  • Identification data (e.g.: name, surname, alias, etc.);
  • Professional data (e.g.: position, company, etc.);
  • Administrative data (e.g.: proof of identity documents, birthdate, gender, language, etc.);
  • Relation data (e.g.: relation history, attendance sheets, etc.);
  • Environment data (e.g.: characteristics, habits, social media information, etc.);
  • Financial data (e.g.: tax data, transactional data, etc.);
  • Numeric data (e.g.: logs, IP address, etc.); and
  • Biometric data (e.g.: picture and/or sound, video, etc.).

Does Quantum share personal data with third parties?

Depending on the Purpose(s) above, and besides the data subjects themselves, Quantum may share the personal data with the following categories of recipients:

  • Processors and sub-processors such as IT suppliers (including systems administrators, cloud services providers, hosting providers, etc.);
  • Between Quantum’s entities;
  • Quantum’s external counsels, agents or auditors;
  • Entities or individuals in relation with the data subjects (employers, relatives, counsels, business or potential business partners, etc.); and/or
  • Oversight bodies or public authorities.

Does Quantum transfer personal data outside the European Union?

Quantum shall not transfer any personal data outside the European Union otherwise than:

  • To countries which provide an adequate level of protection for personal data as decided by the European Commission or:
  • To recipients under a suitable agreement which contains the legal requirements for such transfer. Copy of the applicable safeguards may be requested to Quantum by mail or email at info@graviton.lu.

How long does Quantum keep the personal data?

The personal data will be kept in a form which permits identification of the data subjects for no longer than it is necessary for each Purpose for which they have been collected, without prejudice to automatic back-ups and Quantum’s legal and regulatory archiving obligations.

What are your rights as data subject?

To the extent permitted by the laws, you may have the right, to:

  • Request access to and rectification or the erasure of your personal data or restriction of processing concerning them;
  • Object the processing of your personal data; as well as
  • data portability.

Should the processing be exclusively based on your consent, you shall have the right to withdraw it at any time, without affecting the lawfulness of the processing based on your consent before such withdrawal.

To exercise the rights listed above, you are invited to send an email demonstrating your identity and specifying the right you want to exercise to info@graviton.lu or mail Quantum at the headquarter.

Please note that you shall also have the right to lodge a complaint with the competent supervisory authority, the lead supervisory authority competent for personal data processed by Quantum being the Commission Nationale de Protection des Données (www.cnpd.lu).

Updates to our Privacy Policy

We may need to update our Privacy Policy from time to time. The latest version of the Privacy Policy is always available on our website. We will communicate any material changes of the Privacy Policy.

Questions

If you have any questions regarding the use of the Privacy Policy, please email us at info@graviton.lu.