Last revised: 29th May 2021
This Policy applies to individuals and legal entities that use the Service “Graviton”. Unless otherwise specified in this Policy, “you”, “user” or “users” refers to all the users of the Service.
This Policy is applicable for all Quantum’s legal entities.
This Policy defines how Quantum, acting as data controller, may process, in accordance with the applicable laws, including, the General Data Protection Regulation (the “GDPR“) and for the purposes defined below, information relating to identified or identifiable natural persons (called “data subjects”) collected from time to time (directly or indirectly, on a compulsory or voluntary manner, manually or otherwise) from the data subjects themselves as well as from its clients, you, third parties (such as potential clients, subcontractors, providers or any stakeholders involved in an engagement with Quantum) and/or from publicly available sources where applicable.
Why does Quantum process personal data?
Quantum processes personal data in accordance with applicable laws and solely for the following purposes (together the “Purpose(s)”):
- To provide services including: Analysis, Design, Development, Consultancy, Sales, Delivery, Installation, Services and Support activities related to the provision of IT solutions, the Service.
- To maintain its administrative and clients/suppliers relationships management systems, including:
- Bid issuance and contract drafting;
- Clients/suppliers/alumni follow up and management;
- Invoicing and payments of invoices;
- Advertising, communication and public relations;
- Event organization;
- Quality reviews;
- Client or user experience improvement and personalisation of services delivery (for example via authentification, monitoring of the performance and use of Quantum applications where applicable).
- To apply acceptance and continuance procedures (including anti-money laundering, anti-bribery and counter-terrorist financing);
- To facilitate compliance with its legal, regulatory, professional and/or contractual obligations (including independence and archiving requirements, etc.);
- To maintain and protect its buildings, equipment, IT infrastructure and data (including access management and authentication, security and performance monitoring…);
- To ensure its business continuity;
- To manage risks and litigations;
- To process the data subjects’ requests; and/or
- To manage its websites.
The Purposes above are based on at least one of the following legal basis:
- The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- The processing is necessary for compliance with a legal obligation to which Quantum is subject;
- The processing is necessary for the purposes of the legitimate interests pursued by Quantum or by a third party (such as the protection of Quantum’s asset, the understanding of its clients’ needs and expectations or the fulfillment of the Quantum’s purpose or social interest); and/or
- The data subject has given consent to the processing for one or more specific purposes.
What personal data does Quantum process?
Depending on, and when necessary for, the Purpose(s) above, Quantum may process the following categories of personal data:
- Identification data (e.g.: name, surname, alias, etc.);
- Professional data (e.g.: position, company, etc.);
- Administrative data (e.g.: proof of identity documents, birthdate, gender, language, etc.);
- Relation data (e.g.: relation history, attendance sheets, etc.);
- Environment data (e.g.: characteristics, habits, social media information, etc.);
- Financial data (e.g.: tax data, transactional data, etc.);
- Numeric data (e.g.: logs, IP address, etc.); and
- Biometric data (e.g.: picture and/or sound, video, etc.).
Does Quantum share personal data with third parties?
Depending on the Purpose(s) above, and besides the data subjects themselves, Quantum may share the personal data with the following categories of recipients:
- Processors and sub-processors such as IT suppliers (including systems administrators, cloud services providers, hosting providers, etc.);
- Between Quantum’s entities;
- Quantum’s external counsels, agents or auditors;
- Entities or individuals in relation with the data subjects (employers, relatives, counsels, business or potential business partners, etc.); and/or
- Oversight bodies or public authorities.
Does Quantum transfer personal data outside the European Union?
Quantum shall not transfer any personal data outside the European Union otherwise than:
- To countries which provide an adequate level of protection for personal data as decided by the European Commission or:
- To recipients under a suitable agreement which contains the legal requirements for such transfer. Copy of the applicable safeguards may be requested to Quantum by mail or email at email@example.com.
How long does Quantum keep the personal data?
The personal data will be kept in a form which permits identification of the data subjects for no longer than it is necessary for each Purpose for which they have been collected, without prejudice to automatic back-ups and Quantum’s legal and regulatory archiving obligations.
What are your rights as data subject?
To the extent permitted by the laws, you may have the right, to:
- Request access to and rectification or the erasure of your personal data or restriction of processing concerning them;
- Object the processing of your personal data; as well as
- data portability.
Should the processing be exclusively based on your consent, you shall have the right to withdraw it at any time, without affecting the lawfulness of the processing based on your consent before such withdrawal.
To exercise the rights listed above, you are invited to send an email demonstrating your identity and specifying the right you want to exercise to firstname.lastname@example.org or mail Quantum at the headquarter.
Please note that you shall also have the right to lodge a complaint with the competent supervisory authority, the lead supervisory authority competent for personal data processed by Quantum being the Commission Nationale de Protection des Données (www.cnpd.lu).