PRIVACY POLICY

QuanteliX Technology Solutions FZ-LLC ("QuanteliX", "we") is generally responsible for
operating this website.
For inquiries and pre-contractual communication in the German and European market,
the following German group entity may additionally be involved as a local contact:
RRCG Reißmann & Reißmann Consulting GmbH
Wendelsteinstrasse 25
85345 Erding bei München
Germany
Where a different or additional data protection role applies, we will specify this in the
relevant communication or contractual context.

• EU Representative (Art. 27 GDPR): We have currently not appointed an EU representative.
• Data Protection Officer: We have not appointed a data protection officer.

We process personal data specifically on the basis of:

• Consent (Art. 6 para. 1 lit. a GDPR), e.g., for analytics/marketing cookies
• Contract / pre-contractual measures (Art. 6 para. 1 lit. b GDPR), e.g., for appointment bookings/inquiries
• Legal obligation (Art. 6 para. 1 lit. c GDPR)
• Legitimate interests (Art. 6 para. 1 lit. f GDPR), e.g., IT security, abuse prevention, efficient communication

4.1 Hosting and website delivery via Cloudflare Pages

Our website is delivered via Cloudflare Pages, a hosting and deployment service provided by Cloudflare, Inc. (“Cloudflare”). Cloudflare delivers the website through a globally distributed network and supports, in particular, the technical delivery of the website, performance, stability and security.

Whenever our website is accessed, technically required access data may be processed, in particular:

• IP address
• date and time of access
• page or file accessed
• referrer URL
• browser type and browser version
• operating system used
• status codes
• amount of data transferred

The processing is carried out for the purpose of delivering the website, ensuring technical stability, analyzing errors and protecting against attacks and misuse.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure, stable and high-performance operation of our website.

4.2 CDN, security functions and protection against attacks

Cloudflare is also used as a content delivery network (CDN) and to protect the website. For this purpose, requests to our website may be routed through Cloudflare servers and technically analyzed there in order to deliver content more quickly, detect attacks, filter abusive traffic and ensure the availability of the website.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in IT security, performance optimization and the protection of our website against attacks.

Cloudflare processes personal data in this context also as a technical service provider or processor. A Data Processing Addendum is in place with Cloudflare. Where personal data is transferred to third countries, this is carried out on the basis of appropriate safeguards in accordance with the requirements of the GDPR.

We use Cookiebot CMP (Consent Management Platform) to obtain, manage and document consents for cookies/technologies.

Provider/Processor: Cookiebot (Usercentrics) provides a Data Processing Agreement (DPA).

We use Google Analytics 4 (GA4) for reach measurement and analysis of website usage – only after your consent via Cookiebot.

Google explains that GA4 does not log or store IP addresses and IP addresses of EU users are discarded before logging.

Legal basis: Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG
Withdrawal: Possible at any time via cookie settings.

We use HubSpot for:

• Forms (Contact)
• Appointment booking (Meeting Booking)
• CRM (Management of leads/contacts)
• Chat (Website-Chat)

In doing so, we process in particular the data entered by you (e.g., name, e-mail, telephone, message, company) as well as – provided you have consented – cookie-/tracking-based identifiers.

Mandatory fields: Name, E-mail, Telephone, Message
Attachments: none
Purposes: Processing of inquiries, appointment organization, sales/customer communication, documentation.

Legal bases:

• Art. 6 para. 1 lit. b GDPR (pre-contractual/contractual communication)
• Art. 6 para. 1 lit. f GDPR (efficient processing)
• For HubSpot tracking cookies: Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG

HubSpot provides a Data Processing Agreement; there, among other things, transfer mechanisms (e.g., Standard Contractual Clauses) are regulated.

We use Google reCAPTCHA to protect our forms from abuse.

Google points out that reCAPTCHA sets a necessary cookie (_GRECAPTCHA) and other cookies may be affected via the domain theme.

Legal basis: Art. 6 para. 1 lit. f GDPR (security/abuse protection); insofar as cookie/terminal device access requires consent, this is done via Cookiebot (Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG).

When you contact us (e.g., via e-mail, telephone, Teams), we process the communication data (name, contact details, content, metadata) to process your request.

• Mailprovider: Microsoft 365
• Meetings/Calls: Microsoft Teams
• WhatsApp Business: optional channel; data can be processed by WhatsApp/Meta (Alternative: E-mail).

Legal basis: Art. 6 para. 1 lit. b and/or lit. f GDPR.

Within the framework of customer projects, we process personal data insofar as this is necessary for the performance of services. Typical data categories:

• Contact data (contact person)
• Roles/permissions in customer systems
• Communication content (tickets, e-mails, project documentation)

10.1 Roles (Controller/Processor)

Depending on the project and contractual context, we act:

• as a processor (Art. 28 GDPR) when we process data in customer systems on behalf of the customer, as a controller for our own communication, CRM and pre-contractual contact data, and, where applicable, in an aligned role allocation with the group entity responsible for the market-facing relationship.

10.2 Support & Tools

• Ticketing/PSA: SyncroMSP
• Remote access: Access to customer systems (e.g., customer accounts, VPN/jump hosts), typically in Azure data centers in Europe (depending on the customer)

10.3 Subcontractors

We use subcontractors/freelancers if necessary (EU and non-EU), insofar as this is required for project implementation. Access is on a need-to-know basis and subject to contractual obligation.

• Hosting/CDN/Security: Cloudflare
• Analysis/CRM/Communication: Google, HubSpot, Microsoft
• Anti-Abuse: Google (reCAPTCHA)
• Support/PSA: SyncroMSP
• Subcontractors/Service providers (if necessary)
• Authorities/Courts (if legally required)

As we are based in the UAE and may also use service providers, processing may take place in countries outside the EEA. Where necessary, appropriate guarantees (e.g., standard contractual clauses) are used.

We store personal data only as long as it is necessary for the purposes or as long as legal obligations exist.

• Contact/Lead data: based on standard market criteria (e.g., in case of prolonged inactivity)
• Contract/Project documents: during the contract term and subsequently in accordance with applicable retention/documentation requirements

You have – as far as the legal requirements are met – in particular:

• Access, rectification, erasure
• Restriction of processing
• Data portability
• Objection (Art. 21 GDPR)
• Withdrawal of given consent with effect for the future

Please send inquiries to: legal@quantelix.io
We generally respond within one month.

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or the place of the alleged infringement.

We employ appropriate technical and organizational measures (including MFA, encryption, access restrictions, backups, patch management, authorization concepts). Details can be found in our Security & Trust section.

We may adapt this privacy policy if the legal situation, services or processing change