Privacy Policy

h. Additional privacy notice on our Facebook fan page 

Within the context of our Facebook fan page (available at: https://www.facebook.com/quantilope/ and https://www.facebook.com/quantilopeUS/ you also have the possibility to inform yourself about our services or to contact and interact with us. Our Facebook fan page is provided on the basis of the agreement concluded with Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on the joint processing of personal data in accordance with Art. 26 GDPR ("Page Insights Controller Addendum "). According to this agreement, we ourselves cannot make and implement any decisions regarding the processing of Insights data. The primary responsibility pursuant to the GDPR for the processing of Insights data as well as the fulfilment of all obligations under the GDPR with regard to the processing of Insights data is held by Facebook.

We would like to point out that when you visit the Facebook fan page, your data as a user may be processed outside the EU. Facebook, Inc., which is involved in this process, has committed itself as a Privacy-Shield certified US provider to comply with the data protection standards of the EU: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active (Status: January 27, 2020).

Your data may be processed for market research and advertising purposes, for example by creating user profiles based on the interests arising from your usage behaviour and using them to place advertisements. For this purpose, cookies are usually stored on your computer.

The Page Insights feature allows us to access Facebook statistics from various categories related to the Facebook fan page usage, such as total number of page views, "Like" information, page activity, post interactions, video views, post reach, comments, shared content, responses, proportion of men and women, origin related to country and city, language, shop views and clicks, clicks on route planners, and clicks on phone numbers. We use this information to make our pages more attractive and more appropriate to your needs (e.g. by finding the right time to publish a content).

Within the context of the Facebook fan page, the processing of users' personal data is carried out in order to safeguard our legitimate interests in tailoring our information offerings and communications with users to meet their needs and target groups (legal basis: Art. 6 (1) (f) GDPR). If you are asked by Facebook (as the provider of the platform) to give your consent to  specific data processing, the processing will be carried out in this respect on the legal basis of Art. 6 (1) (a) GDPR.

With regard to the exercise of data subjects' rights and requests for information, we would like to point out that the most effective way to assert these rights is directly at Facebook (see https://www.facebook.com/legal/terms/information_about_page_insights_data). 

Further information on the processing and use of data, as well as on the rights and settings options for protecting your privacy, including the option to object (opt-out), can be found in Facebook's data policy at https://www.facebook.com/about/privacy/ and in the "Information about Page Insights Data" at https://www.facebook.com/legal/terms/information_about_page_insights_data 

Opt-Out: https://www.facebook.com/settings?tab=ads or http://www.youronlinechoices.com 

5. Privacy notice for applicants

You can find the privacy notice for applicants here https://quantilope-gmbh.jobs.personio.de/privacy-policy?language=en

6. Privacy notice for customers and other contact persons

The following privacy notice is relevant for you if your company has a contractual or pre-contractual relationship with us and you are a contact person of this company or you are in any other form a contact person for quantilope (e.g. press representatives).

a. Data categories and processing purposes

Relevant categories of processed personal data in these cases may include:

• Personal identifiable information (form of address, title, full name and professional title)

• Contact data (employer’s address, business email address, business telephone number, business fax number and similar data)

• Project data (projects with quantilope in which you are involved and the position(s) you hold in these projects)

• Usage data (i.e. where you found out about us or whether we are providing you with further material)

• Payment data (business payment methods, invoicing details and similar data)

• Other data (i.e. statements or sound and video recordings) which you provide to us on a voluntary basis and with consent

• Survey data on customer satisfaction surveys that you voluntarily provide to us

In addition to the  data that we collect directly from you, we process personal data rightfully obtained from other companies or other third parties (e.g. credit agencies, directory publishers) insofar as it is necessary for us to carry out our services. We also process personal data that we have rightfully taken, obtained or acquired from publicly accessible sources (e.g. phone directories, trade and association registries, resident registries, lists of debtors, press, career networks, the Internet and other media).

The purpose of processing is to implement pre-contractual measures and to fulfill our contracts, including the services, measures and activities required for this purpose. The legal basis for this processing is Art. 6 (1) (b) GDPR

This data includes, in particular,

• pre-contractual and contractual communication with you, 

• access to our Help Center, 

• the traceability of transactions, orders and other agreements, as well as quality control through appropriate documentation, 

• goodwill procedures, 

• measures to control and optimize business processes, and for the fulfillment of general obligations of due diligence, 

• governance and control by affiliated companies (e.g. parent company); 

• statistical analysis for management control, cost accounting and controlling,

• reporting, 

• internal and external communication, 

• emergency management,

• invoicing and tax assessments relating to operational services, 

• risk management,

• the assertion of legal claims and defense in litigation;

• guarantee of IT security (including system and plausibility tests) and general safety, including building and plant safety, safeguarding and exercising the right to grant or deny access (e.g. via access controls);

• guaranteeing the integrity, authenticity and availability of data,

• prevention and solving of crimes;

• monitoring by supervisory committees or control bodies (e.g. audits).

Furthermore, like everyone involved in economic activity, quantilope too is subject to a number of legal obligations. For this reason, it may be necessary to process personal data in accordance with Art. 6 (1) (c) GDPR (to fulfill statutory requirements) or Art. 6 (1) (e) GDPR (on grounds of public interest). Primarily, these are statutory requirements (e.g. commercial and tax law), but there may also be obligations imposed by supervisory and other public authorities. 

The purposes of processing may include, in certain cases, identity and age verification, fraud and money-laundering prevention, the prevention, fighting and clearing up of terrorism financing and crimes endangering property, comparisons of European and international anti-terror lists, fulfilling tax law control and reporting obligations and the archiving of data for the purpose of data protection and data security, and for the purpose of auditing by tax and other public authorities. It may also be necessary to disclose personal data for purposes of collecting evidence, prosecuting or enforcing civil claims in the event of any official or judicial measures.

In addition to the actual fulfillment of the contract or pre-contract, we may process your data as necessary to safeguard our legitimate interests or the legitimate interests of third parties based on Art. 6 (1) (f) GDPR, especially in regards to:

• Advertising,market research, or opinion polling in connection to the services used by you (product update newsletter, etc.);

• Obtaining information and for the exchange of data with credit agencies insofar as this exceeds our economic risk;

• Reviewing and optimizing procedures for assessing needs;

• Improving services and products as well as existing systems and processes;

• Disclosing personal data as part of a due diligence review in corporate sales negotiations;

• Enriching our data, including through the use or searches of publicly accessible data;

• Statistical analyses or market analyses;

• Benchmarking;

• Asserting legal claims and defending against litigation that is not directly attributable to the contractual relationship

• Limiting the storage of data if the erasure of data is not possible or possible only with disproportionate effort due to the unique kind of data storage;

• Developing scoring systems or automated decision-making processes;

• Preventing and solving crimes, provided this is not exclusively to fulfill statutory requirements;

• Building and facility safety (e.g. access controls and video monitoring) insofar as it exceeds the general duties of care;

• Internal and external inspections, security checks;

• After consent is given, possibly listening in on or recording telephone conversations for quality control and training purposes;

• Receiving and maintaining certifications of a private or official nature;

• Publishing information on our website or our social media channels after consent is given or after prior notification.

Finally, processing is also possible on the basis of your consent pursuant to Art. 6 (1) (a) GDPR. The purposes of processing are, for example, the performance of customer satisfaction surveys or advertising with statements or images. You will be informed about the specific purposes at the time you give your consent.

b. Use and disclosure of personal data

Inside our company, your data is disclosed only to those internal offices or organizational units that require this data to fulfill our (pre-)contractual or statutory obligations or as part of the processing and enforcement of our legitimate interest. Your data will be disclosed to external parties only:

• in relation to the contract performance;

• for the purposes of complying with statutory requirements according to which we are obliged to provide information, ensure registration or disclose data;

• Insofar as external service providers process data on our behalf as data processors or they have been commissioned with a function (e.g. CRM provider, Help Center, external computer centers, support/maintenance of EDP/IT applications, archiving, invoice processing, call center services, compliance services, controlling, data screening for anti-money-laundering purposes, data validation or plausibility tests, data destruction, purchasing/procurement, customer care, letter shops, marketing, media technology, research, risk controlling, invoicing, telephone services, website management, audit services, banking institutions, print shops or companies providing data disposal, courier services, logistics);

• due to our legitimate interest or the legitimate interest of the third party for the specified purposes (e.g. to authorities, credit agencies, collection agencies, lawyers, courts, surveyors, affiliated companies and committees and supervisory bodies);

• if you have given your consent to disclose  to third parties.

Who receives what data is largely dependent on the respective role defined in the contractual relationship and the purpose of the processing. 

The data will be stored and deleted after reaching the above-mentioned purposes. The erasure time limits are based on the principle of necessity.

c. Additional information on conducting conference calls, online meetings, video conferences and/or webinars

(i) Services used to conduct conference calls, online meetings, video conferences and/or webinars

The following services are used to conduct conference calls, online meetings, video conferences and/or webinars.

1. Zoom

Zoom is a product of Zoom Video Communications, Inc. (https://zoom.us/docs/de-de/privacy-and-legal.html) which has its headquarters in the USA. Zoom is Privacy Shield certified (https://www.privacyshield.gov/list).

An adequate level of data protection is ensured by the conclusion of an agreement for order processing which complies with the requirements of Art. 28 GDPR.

In the context of a contractual relationship, the legal basis for data processing when conducting "online meetings" is Art. 6 (1) (b) GDPR

The following personal data are processed, if specified:

• Information on the user
• Meeting metadata
• For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
• When dialing in by phone: information on incoming and outgoing phone number, country name, start and end time. If necessary, further connection data, such as the IP address of the device, can be saved.
• Text, audio and video data: The microphone and video camera can be deactivated at any time
  
  

2. Microsoft Teams

Microsoft Teams is a product of the Microsoft Corporation (https://privacy.microsoft.com/en-us/privacystatement), which is based in the USA.

Data is transferred to Microsoft on the basis of a contract for the processing of personal data on behalf of Microsoft in accordance with Art. 28 para. 3 GDPR, including suitable guarantees in accordance with Art. 46 GDPR.

Microsoft is a participant in the EU-US Data Privacy Framework.

An adequate level of data protection is ensured by the conclusion of a contract for order processing that meets the requirements of Art. 28 GDPR.

In the context of a contractual relationship, the legal basis for data processing when conducting "online meetings" is Art. 6 para. 1 lit. b) GDPR.

The following personal data is processed, if specified

• Profile Data (e.g. e-mail address, profile picture and telephone number)
• Call History
• Content of the online meeting or similar (meetings, chats, voicemails, recordings, transcripts and shared data)
• Call Quality data
• Support/Feedback data
• Diagnostic and service data

(ii) Additional information on Gong

In connection with the above-mentioned services used to conduct conference calls, online meetings, video conferences and/or webinars, quantilope uses the service "Gong", a service of Gong.io Ltd, to evaluate conversations with customers or test subjects and thus improve service quality.

Gong.io Ltd.

Description of Service

Gong.io Ltd. offers a conversation analysis service. quantilope uses Gong in connection with the services set out in Sec. 6 lit. c. (i) to evaluate conversations with customers or test subjects and thus improve service quality.

Processing company

Gong.io Ltd.
EMEA Office
1 Grand Canal Street Upper, Dublin D04 Y7R5, Ireland

Data Protection Officer of Processing Company

Below you can find the email address of the data protection officer of the processing company.
privacy@gong.io

Data Purposes

This list represents the purposes of the data collection and processing. 

• Providing the service to our customers
• Personalization of the service
• Improvement of services
  

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

• Audio evaluation
• Video evaluation 

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

• Duration of the visit
• IP address
• Evaluation of language
• Video evaluation
• Date and time of visit
• Device Information
• Browser information 

Legal Basis

In the following the required legal basis for the processing of data is listed.

• 6 paragraph 1 lit. a GDPR

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

• European Union

Retention Period

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

The data will be deleted as soon as they are no longer required for the purposes of processing. 

Transfer to Third Countries

This service may forward the collected data to a different country. Below you can find a list of countries to which the data is being transferred. Insofar as there is no decision by the EU-Commission on an adequate level of data protection for the third country in question or for specific sectors in the third country, corresponding contracts (such as EU standard contracts) and additional measures can be used as a basis for the transfer.

• United States of America
  
  

Click here to read the privacy policy of the data processor

https://www.gong.io/privacy-policy/

WorkRamp is used to provide a learning platform for customers and interested persons of quantilope. This learning platform (the “quantilope Academy”) enables quantilope to offer a range of specific, quantilope-related courses, and tests for its customers.

The quantilope Academy is powered by WorkRamp (https://www.workramp.com/about/privacy-policy/) which has its headquarters in the USA.

An adequate level of data protection is ensured by the conclusion of an agreement on the processing of personal data which complies with the requirements of Art. 28 GDPR, as well as the conclusion of respective standard contractual clauses.

In the context of a contractual relationship, the legal basis for data processing when offering access to the “quantilope Academy” is Art. 6 (1) (b) GDPR.

The following personal data are processed, if specified:

• Name
• E-mail address
• Survey data
• Test results

7. Further processing activities and further erasure periods

Due to the legal obligations to which quantilope is also subject, it may become necessary to process personal data in accordance with Art. 6 (1) (c) GDPR (to fulfill statutory requirements) or Art. 6 (1) (e) GDPR (on grounds of public interest). Primarily, these are statutory requirements (e.g. commercial and tax law), but there may also be obligations imposed by supervisory and other public authorities. The purposes of processing may include, in certain cases, identity and age verification, fraud and money-laundering prevention, the prevention, fighting and clearing up of terrorism financing and crimes endangering property, comparisons of European and international anti-terror lists, fulfilling tax law control and reporting obligations and the archiving of data for the purpose of data protection and data security, and for the purpose of auditing by tax and other public authorities. It may also be necessary to disclose personal data for purposes of collecting evidence, prosecuting or enforcing civil claims in the event of any official or judicial measures.

Unless otherwise specified for the individual processing activities, personal data is generally erasured based on the principle of necessity.

Like everyone involved in economic activity, we too are subject to a number of different legal obligations concerning storage and documentation. The deadlines specified in the applicable laws stipulate storage and documentation for up to ten years after the business relationship or the pre-contractual legal relationship has terminated.

In addition, special statutory provisions may require a longer storage period, such as the preservation of evidence in connection with statutes of limitations. 

Data is regularly erased once it is no longer required for contractual or legal obligations and rights unless said data is – for a limited period – required for processing to fulfill the respective purposes specified due to an overriding legitimate interest. An overriding legitimate interest also exists, for example, if the erasure of data is not possible or possible only with disproportionate effort due to the special kind of data storage, and processing of this data for other purposes is prevented by appropriate technical and organizational measures.

8. Processing of your data outside of EU/EAA

Data is transmitted to parties in countries outside the European Union (EU) or European Economic Area (EEA), otherwise known as third countries, whenever such is necessary to meet an order/contractual obligation towards or with you, such is required by law (e.g. reporting obligations under tax law), or where such is in our legitimate interest or the legitimate interest of a third party, or if you have issued us with consent.

Your data may be simultaneously processed in a third country, including the involvement of service providers for the processing of an order. If no decision has been issued by the EU Commission regarding the presence of an appropriate level of data protection for the respective country, we warrant that your rights and freedoms will be reasonably protected and guaranteed in accordance with EU data protection requirements through contractual agreements to this effect. Upon request, we can provide you with relevant detailed information.

9. Automated decision-making in individual cases

We do not make use of a purely automated decision-making process as referred to in Art. 22 GDPR. If we should in the future use such a process in individual cases, we will inform you separately, provided that it is required by law.

10. Rights as  data subject

You may assert data protection rights against us in certain circumstances:

• You have the right to obtain information from us about your stored data in accordance with the provisions set forth in Art. 15 GDPR (possibly subject to restrictions in accordance with Section 34 BDSG or other applicable laws).

• At your request, we will rectify your stored data in accordance with Art. 16 GDPR if it is inaccurate or incorrect.

• At your request, we will erase your data in accordance with Art. 17 GDPR if doing so does not conflict with other statutory regulations (e.g. statutory storage obligations or restrictions in accordance with Section 35 BDSG) or an overriding interest on our part (e.g. to defend our rights and claims).

• Based on the requirements set forth in Art. 18 GDPR, you can request that we restrict the processing of your data.

• In addition, you may object to the processing of your data according to Art. 21 GDPR, on the basis of which we must end the processing of your data. However, this right to object applies only if special circumstances exist with regard to your personal situation, whereby rights of our company may outweigh your right of objection.

• You also have the right to receive your data in a structured, common and machine-readable format under the provisions stipulated in Art. 20 GDPR, or to transmit them to a third party.

• Furthermore, you have the right to withdraw the consent you have given to the processing of personal data at any time with effect for the future. Should you object, we shall no longer process your personal data unless we can establish compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or unless the processing is for the purposes of asserting, exercising or defending legal claims.

• In addition, you have the right to file a complaint with the data protection supervisory authority (Art. 77 GDPR). However, we recommend that any complaint be directed to our data protection officer first.

Please address all inquiries regarding data protection at the quantilope Group to:

quantilope GmbH

Charlottenstraße 26 

D-20257 Hamburg

E-Mail: privacy (at) quantilope.com

quantilope Inc.

25 Broadway, 10th Floor

New York, NY 10004

E-Mail: privacy (at) quantilope.com

UAB quantilope

Užupio g. 30

01203 Vilnius

E-Mail: privacy (at) quantilope.com

quantilope Limited
Birchin Court, 5th Floor

19-25 Birchin Lane

London, United Kingdom

EC3V 9DU

E-Mail: privacy (at) quantilope.com