Privacy Policy

Privacy Policy

Privacy notice of the quantilope group

Valid as of May 14th 2020

In this privacy notice you'll be informed about the processing of personal data by the quantilope Group (quantilope GmbH, quantilope Inc. as well as UAB quantilope) according to GDPR and other applicable data protection regulations.

  1. Introduction
  2. Contact details
  3. Privacy notice for website users
  4. Privacy notice for survey participants
  5. Privacy notice for for applicants
  6. Privacy notice for customers and other contact persons
  7. Further processing activities and further erasure periods
  8. Processing of your data outside of the EU/EAA
  9. Automated decision-making in individual cases
  10. Rights as data subjects

1. Introduction

Like any active company, we, quantilope GmbH and its subsidiaries quantilope Inc. and UAB quantilope, also process personal data. We handle your personal data according to the legal data protection regulations. In the following entries  we have summarized all of the data privacy information which is relevant for the processing of your personal data.

We reserve the right to update this privacy notice at any time as necessary, for example to reflect changes in our use of cookies, or for other operational, legal or regulatory purposes. We therefore recommend that you check this privacy notice regularly. The date shown above indicates the date of the last update.

2. Contact Details

Within the meaning of the GDPR, the controller of the website (www.quantilope.com including any subdomains) is quantilope GmbH.

Generally, the company who conducts a survey is the data controller of said survey. If the survey is conducted directly by quantilope, the responsible body is the company of the quantilope Group that conducts the survey. If you take part in a survey through a panel provider, please contact the respective panel provider directly if you have any questions or want to exercise your rights.  

If you are an applicant, a representative of a customer or an other contact person, the controller responsible for your data is the company of the quantilope Group with which you are in direct contact with.

Please address all inquiries regarding data privacy at quantilope Group to:

quantilope GmbH

Charlottenstraße 26 

D-20257 Hamburg

E-Mail: privacy (at) quantilope.com

Internet: www.quantilope.com

You can also contact our data protection officer:

Harald Eul

HEC Harald Eul Consulting GmbH

Datenschutzbeauftragter quantilope GmbH

Auf der Höhe 34

D-50321 Brühl

E-Mail: Datenschutz-Quantilope (at) he-c.de

3. Privacy notice for website users

For the use of our website it is generally not necessary to provide personal data (e.g. name, address, e-mail etc.).

a. Information transmitted by your browser

When you visit our website, your browser automatically sends information to our server and temporarily stores it in a so-called log file. 

In this context we collect and process the following information and personal data in particular:

  • Date and time of access to the website
  • Time zone difference to Greenwich Mean Time (GMT)
  • Browser type and browser settings
  • Language and version of the browser software
  • Operating system 
  • Content of the request (concrete page)
  • the last page  visited by the user (referral) 
  • the amount of data transferred
  • Access status/HTTPS status code
  • IP address 
  • Device

The legal basis of the processing is Art. 6 (1) (f) GDPR, our legitimate interest. The information and personal data collected is required for the purpose of correctly delivering and optimizing the contents of the website, optimizing advertising for the website, as well as ensuring network and information security and protecting the website from attacks, disruptions and damage. In addition, the data is statistically evaluated for the purpose of increasing data protection and data security and to ensure a level of protection for the personal data that is being processed by quantilope. 



In general, your IP address will no longer  be processed once the respective session (the visit to our website) has ended. Your visit will only be recorded if your IP address is assigned to a previous interaction with our website, i.e. if you have previously filled in a form with your data.

Furthermore, we use cookies and analysis services within the website. You will find information about these below.

b. Registration for our newsletter

If you have expressly consented in accordance with Art. 6 (1) (a) GDPR, we will use your data (in particular the e-mail address) to send you our newsletter on a regular basis. To receive the newsletter, it is usually sufficient to provide an e-mail address. You can unsubscribe at any time via a link at the end of each newsletter.

c. Contact forms

We offer you the possibility to contact us via forms made available on the website. To do so, it is necessary to provide a valid business e-mail address and in some cases, a telephone number so we know who the enquiry comes from and can answer it.

The data processing is carried out for the purpose of contacting us and is based on your voluntarily given consent in accordance with Art. 6 (1) (a) GDPR.

i. Use and disclosure of personal data

Your personal data (which we collect in the processes described above) will not be transferred to third parties for purposes other than those listed below.

We transfer your data, if:

  • You gave us your consent according to Art. 6 (1) (a) GDPR;
  • the disclosure pursuant to Art. 6 (1) (f) GDPR is necessary for the enforcement, execution or defense of legal claims and there is no reason to assume that you have an overriding interest requiring nondisclosure;
  • there is a legal obligation to disclose your data under Art. 6 (1) (c) GDPR; 
  • the disclosure is permitted by law and is required for the fulfilment of contractual relationships in accordance with Art. 6 (1) (b) GDPR

d. Cookies

We use cookies on our website. Cookies  are small files automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end  device, do not contain viruses, Trojans or other malware.

The cookie stores information that is related to the specific end  device used. This does not mean, however, that we necessarily obtain direct knowledge of your identity.

On one hand, cookies are used  to improve your experience on our website.. We use so-called session cookies to recognize that you have already visited individual pages of our website. These cookies are automatically deleted after leaving our website

In addition, we also use temporary cookies which are stored on your end  device for a defined period of time. Temporary cookies are used to automatically recognize that you have already visited our site  and which entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record and evaluate how users engage with our  website  for the purpose of optimizing it for you. These cookies enable us to automatically recognize that you have already been with us when you visit our site again. These cookies are automatically deleted after a defined time.

The data processed by cookies is required for the purposes mentioned above to safeguard our legitimate interests and those of third parties in accordance with Art. 6 (1) (f) GDPR. Most browsers automatically accept cookies. However, you can configure your browser in a way that no cookies are stored on your device or that a message always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you will not be able to use all the functions of our website.

f. Analysis and tracking tools

The tracking measures used by us are carried out on the basis of Art. 6 (1) (f) GDPR. With the tracking measures used, we want to ensure that our website is designed to meet the needs of our customers and is continuously optimized. Furthermore, we use the tracking measures to record the use of our website statistically and evaluate it for the purpose of optimizing the experience for you. These interests are to be considered legitimate in the sense of the above-mentioned regulation. The respective data processing purposes and data categories can be taken from the following information on the respective tracking tools.

g. Information on the individual services

 

 

h. Additional privacy notice on our Facebook fan page 

Within the context of our Facebook fan page (available at: https://www.facebook.com/quantilope/ and https://www.facebook.com/quantilopeUS/ you also have the possibility to inform yourself about our services or to contact and interact with us. Our Facebook fan page is provided on the basis of the agreement concluded with Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on the joint processing of personal data in accordance with Art. 26 GDPR ("Page Insights Controller Addendum "). According to this agreement, we ourselves cannot make and implement any decisions regarding the processing of Insights data. The primary responsibility pursuant to the GDPR for the processing of Insights data as well as the fulfilment of all obligations under the GDPR with regard to the processing of Insights data is held by Facebook.

We would like to point out that when you visit the Facebook fan page, your data as a user may be processed outside the EU. Facebook, Inc., which is involved in this process, has committed itself as a Privacy-Shield certified US provider to comply with the data protection standards of the EU: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active (Status: January 27, 2020).

Your data may be processed for market research and advertising purposes, for example by creating user profiles based on the interests arising from your usage behaviour and using them to place advertisements. For this purpose, cookies are usually stored on your computer.

The Page Insights feature allows us to access Facebook statistics from various categories related to the Facebook fan page usage, such as total number of page views, "Like" information, page activity, post interactions, video views, post reach, comments, shared content, responses, proportion of men and women, origin related to country and city, language, shop views and clicks, clicks on route planners, and clicks on phone numbers. We use this information to make our pages more attractive and more appropriate to your needs (e.g. by finding the right time to publish a content).

Within the context of the Facebook fan page, the processing of users' personal data is carried out in order to safeguard our legitimate interests in tailoring our information offerings and communications with users to meet their needs and target groups (legal basis: Art. 6 (1) (f) GDPR). If you are asked by Facebook (as the provider of the platform) to give your consent to  specific data processing, the processing will be carried out in this respect on the legal basis of Art. 6 (1) (a) GDPR.

With regard to the exercise of data subjects' rights and requests for information, we would like to point out that the most effective way to assert these rights is directly at Facebook (see https://www.facebook.com/legal/terms/information_about_page_insights_data). 

Further information on the processing and use of data, as well as on the rights and settings options for protecting your privacy, including the option to object (opt-out), can be found in Facebook's data policy at https://www.facebook.com/about/privacy/ and in the "Information about Page Insights Data" at https://www.facebook.com/legal/terms/information_about_page_insights_data 

Opt-Out: https://www.facebook.com/settings?tab=ads or http://www.youronlinechoices.com 

4. Privacy notice for survey participants

A survey participant is someone who  visits one of our subdomains (https://survey.quantilope.com/*) and takes part in a study or survey.

a. Information transmitted by your browser

When you visit our website, your browser automatically sends information to our server and temporarily stores it in a so-called log file. 

In this context, we collect and process the following information and personal data in particular:

  • Date and time of access to the website
  • Browser type and browser settings
  • Language and version of the browser software
  • Operating system 
  • Content of the request (concrete page)
  • the last page  visited by the user (referral) 
  • the amount of data transferred
  • Access status/HTTPS status code
  • IP address 
  • Device

The legal basis of the processing is Art. 6 (1) (f) GDPR, our legitimate interest. The information and personal data collected are required for the purpose of correctly delivering and optimizing the contents of the website, ensuring network and information security and protecting the website from attacks, disruptions and damage. In addition, the data is statistically evaluated for the purpose of increasing data protection and data security in order to ensure a level of protection for the personal data processed by us that is adequate to the risk.

Information about  the date and time of the website retrieval, browser type, version of the browser software as well as the operating system and device is stored together with the response data and used for the evaluation of the survey. The remaining log data (especially the IP) is processed separately from the response data. Therefore, retracing to your identity is not possible.

Beyond that, we do not use cookies and analysis services in surveys.

b. Local Storage

quantilope uses the so-called local storage. In this technique, data is stored locally in the cache of your browser. This data remains available and is accessible after closing the browser window (as long as you do not delete the local storage).

The local storage ensures that if you interrupt the survey, you will continue at the point where you interrupted it when you access it again. In addition, multiple participation can be prevented.

In addition, in cases where multiple participation in a survey is desired, we use the so-called session storage. The session storage  function corresponds to the described local storage, except that the corresponding data is automatically removed immediately after closing the browser.

The legal basis for the use of the local storage is the legitimate interest of us and our customers, Art. 6 (1) (f) GDPR. It allows us to make a fully functional offer.

If you do not want data to be stored in your local storage, you can prevent this in the settings of your browser. We would like to point out that this may lead to certain malfunctions.

c. Studies conducted by quantilope

If we conduct a study we may ask for various characteristics in the survey, such as your age or gender. Together with your answers to the study topic, a raw data set is formed. We will always carry out the surveys in such a way that no conclusions about your identity should be possible. However, depending on the combination of the characteristics being surveyed, traceability can never be completely excluded.

We process data you provide to us in surveys only on the basis of your consent in accordance with Art. 6 (1) (a) GDPR, for the purpose of market and opinion research.

The data will be stored and deleted after reaching the above-mentioned purposes. In some cases we may remove possible personal references by aggregating the data The erasure time limits are based on the principle of necessity.

d. Studies conducted by our customers

In most cases, studies are not conducted by ourselves, but by companies that are our customers.

In these cases, the respective customer is the controller of the processing of personal data. The privacy notice of that company applies to the processing of the data collected in the study.

e. Surveys in which you participate via a panel provider

If you take part in a survey conducted with the quantilope platform via a panel provider, we will collect the User-ID assigned to you by the panel provider at the beginning of the survey. At the end of the survey the User-ID is reported back to the panel provider. The purpose of this collection and feedback is to inform the panel provider whether you participated in the survey or whether you were excluded from participation, e.g. because the quota to which you belong has already been fulfilled. This feedback is necessary so that the panel provider can subsequently credit you with your incentive. The legal basis for the processing is the fulfilment of a contract, Art. 6 (1) (b) GDPR.

5. Privacy notice for applicants

You can find the privacy notice for applicants here https://quantilope-gmbh-jobs.personio.de/privacy-policy?language=en

6. Privacy notice for customers and other contact persons

The following privacy notice is relevant for you if your company has a contractual or pre-contractual relationship with us and you are a contact person of this company or you are in any other form a contact person for quantilope (e.g. press representatives).

a. Data categories and processing purposes

Relevant categories of processed personal data in these cases may include:

  • Personal identifiable information (form of address, title, full name and professional title)
  • Contact data (employer’s address, business email address, business telephone number, business fax number and similar data)
  • Project data (projects with quantilope in which you are involved and the position(s) you hold in these projects)
  • Usage data (i.e. where you found out about us or whether we are providing you with further material)
  • Payment data (business payment methods, invoicing details and similar data)
  • Other data (i.e. statements or sound and video recordings) which you provide to us on a voluntary basis and with consent
  • Survey data on customer satisfaction surveys that you voluntarily provide to us

In addition to the  data that we collect directly from you, we process personal data rightfully obtained from other companies or other third parties (e.g. credit agencies, directory publishers) insofar as it is necessary for us to carry out our services. We also process personal data that we have rightfully taken, obtained or acquired from publicly accessible sources (e.g. phone directories, trade and association registries, resident registries, lists of debtors, press, career networks, the Internet and other media).

The purpose of processing is to implement pre-contractual measures and to fulfill our contracts, including the services, measures and activities required for this purpose. The legal basis for this processing is Art. 6 (1) (b) GDPR

This data includes, in particular,

  • pre-contractual and contractual communication with you, 
  • access to our Help Center, 
  • the traceability of transactions, orders and other agreements, as well as quality control through appropriate documentation, 
  • goodwill procedures, 
  • measures to control and optimize business processes, and for the fulfillment of general obligations of due diligence, 
  • governance and control by affiliated companies (e.g. parent company); 
  • statistical analysis for management control, cost accounting and controlling,
  • reporting, 
  • internal and external communication, 
  • emergency management,
  • invoicing and tax assessments relating to operational services, 
  • risk management,
  • the assertion of legal claims and defense in litigation;
  • guarantee of IT security (including system and plausibility tests) and general safety, including building and plant safety, safeguarding and exercising the right to grant or deny access (e.g. via access controls);
  • guaranteeing the integrity, authenticity and availability of data,
  • prevention and solving of crimes;
  • monitoring by supervisory committees or control bodies (e.g. audits).

Furthermore, like everyone involved in economic activity, quantilope too is subject to a number of legal obligations. For this reason, it may be necessary to process personal data in accordance with Art. 6 (1) (c) GDPR (to fulfill statutory requirements) or Art. 6 (1) (e) GDPR (on grounds of public interest). Primarily, these are statutory requirements (e.g. commercial and tax law), but there may also be obligations imposed by supervisory and other public authorities. 

The purposes of processing may include, in certain cases, identity and age verification, fraud and money-laundering prevention, the prevention, fighting and clearing up of terrorism financing and crimes endangering property, comparisons of European and international anti-terror lists, fulfilling tax law control and reporting obligations and the archiving of data for the purpose of data protection and data security, and for the purpose of auditing by tax and other public authorities. It may also be necessary to disclose personal data for purposes of collecting evidence, prosecuting or enforcing civil claims in the event of any official or judicial measures.

In addition to the actual fulfillment of the contract or pre-contract, we may process your data as necessary to safeguard our legitimate interests or the legitimate interests of third parties based on Art. 6 (1) (f) GDPR, especially in regards to:

  • Advertising,market research, or opinion polling in connection to the services used by you (product update newsletter, etc.);
  • Obtaining information and for the exchange of data with credit agencies insofar as this exceeds our economic risk;
  • Reviewing and optimizing procedures for assessing needs;
  • Improving services and products as well as existing systems and processes;
  • Disclosing personal data as part of a due diligence review in corporate sales negotiations;
  • Enriching our data, including through the use or searches of publicly accessible data;
  • Statistical analyses or market analyses;
  • Benchmarking;
  • Asserting legal claims and defending against litigation that is not directly attributable to the contractual relationship
  • Limiting the storage of data if the erasure of data is not possible or possible only with disproportionate effort due to the unique kind of data storage;
  • Developing scoring systems or automated decision-making processes;
  • Preventing and solving crimes, provided this is not exclusively to fulfill statutory requirements;
  • Building and facility safety (e.g. access controls and video monitoring) insofar as it exceeds the general duties of care;
  • Internal and external inspections, security checks;
  • After consent is given, possibly listening in on or recording telephone conversations for quality control and training purposes;
  • Receiving and maintaining certifications of a private or official nature;
  • Publishing information on our website or our social media channels after consent is given or after prior notification.

Finally, processing is also possible on the basis of your consent pursuant to Art. 6 (1) (a) GDPR. The purposes of processing are, for example, the performance of customer satisfaction surveys or advertising with statements or images. You will be informed about the specific purposes at the time you give your consent.

b. Use and disclosure of personal data

Inside our company, your data is disclosed only to those internal offices or organizational units that require this data to fulfill our (pre-)contractual or statutory obligations or as part of the processing and enforcement of our legitimate interest. Your data will be disclosed to external parties only:

  • in relation to the contract performance;
  • for the purposes of complying with statutory requirements according to which we are obliged to provide information, ensure registration or disclose data;
  • Insofar as external service providers process data on our behalf as data processors or they have been commissioned with a function (e.g. CRM provider, Help Center, external computer centers, support/maintenance of EDP/IT applications, archiving, invoice processing, call center services, compliance services, controlling, data screening for anti-money-laundering purposes, data validation or plausibility tests, data destruction, purchasing/procurement, customer care, letter shops, marketing, media technology, research, risk controlling, invoicing, telephone services, website management, audit services, banking institutions, print shops or companies providing data disposal, courier services, logistics);
  • due to our legitimate interest or the legitimate interest of the third party for the specified purposes (e.g. to authorities, credit agencies, collection agencies, lawyers, courts, surveyors, affiliated companies and committees and supervisory bodies);
  • if you have given your consent to disclose  to third parties.

Who receives what data is largely dependent on the respective role defined in the contractual relationship and the purpose of the processing. 

The data will be stored and deleted after reaching the above-mentioned purposes. The erasure time limits are based on the principle of necessity.

c. Additional information on Zoom

Zoom is used to conduct telephone conferences, online meetings, video conferences and/or webinars.


Zoom is a product of Zoom Video Communications, Inc. (https://zoom.us/docs/de-de/privacy-and-legal.html) which has its headquarters in the USA. Zoom is Privacy Shield certified (https://www.privacyshield.gov/list).


An adequate level of data protection is ensured by the conclusion of an agreement for order processing which complies with the requirements of Art. 28 GDPR.


In the context of a contractual relationship, the legal basis for data processing when conducting "online meetings" is  Art. 6 (1) (b) GDPR


The following personal data are processed, if specified:


  • Information on the user
  • Meeting metadata
  • For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
  • When dialing in by phone: information on incoming and outgoing phone number, country name, start and end time. If necessary, further connection data, such as the IP address of the device, can be saved.
  • Text, audio and video data: The microphone and video camera can be deactivated at any time.

7. Further processing activities and further erasure periods

Due to the legal obligations to which quantilope is also subject, it may become necessary to process personal data in accordance with Art. 6 (1) (c) GDPR (to fulfill statutory requirements) or Art. 6 (1) (e) GDPR (on grounds of public interest). Primarily, these are statutory requirements (e.g. commercial and tax law), but there may also be obligations imposed by supervisory and other public authorities. The purposes of processing may include, in certain cases, identity and age verification, fraud and money-laundering prevention, the prevention, fighting and clearing up of terrorism financing and crimes endangering property, comparisons of European and international anti-terror lists, fulfilling tax law control and reporting obligations and the archiving of data for the purpose of data protection and data security, and for the purpose of auditing by tax and other public authorities. It may also be necessary to disclose personal data for purposes of collecting evidence, prosecuting or enforcing civil claims in the event of any official or judicial measures.

Unless otherwise specified for the individual processing activities, personal data is generally erasured based on the principle of necessity.

Like everyone involved in economic activity, we too are subject to a number of different legal obligations concerning storage and documentation. The deadlines specified in the applicable laws stipulate storage and documentation for up to ten years after the business relationship or the pre-contractual legal relationship has terminated.

In addition, special statutory provisions may require a longer storage period, such as the preservation of evidence in connection with statutes of limitations. 

Data is regularly erased once it is no longer required for contractual or legal obligations and rights unless said data is – for a limited period – required for processing to fulfill the respective purposes specified due to an overriding legitimate interest. An overriding legitimate interest also exists, for example, if the erasure of data is not possible or possible only with disproportionate effort due to the special kind of data storage, and processing of this data for other purposes is prevented by appropriate technical and organizational measures.

8. Processing of your data outside of EU/EAA

Data is transmitted to parties in countries outside the European Union (EU) or European Economic Area (EEA), otherwise known as third countries, whenever such is necessary to meet an order/contractual obligation towards or with you, such is required by law (e.g. reporting obligations under tax law), or where such is in our legitimate interest or the legitimate interest of a third party, or if you have issued us with consent.

Your data may be simultaneously processed in a third country, including the involvement of service providers for the processing of an order. If no decision has been issued by the EU Commission regarding the presence of an appropriate level of data protection for the respective country, we warrant that your rights and freedoms will be reasonably protected and guaranteed in accordance with EU data protection requirements through contractual agreements to this effect. Upon request, we can provide you with relevant detailed information.

9. Automated decision-making in individual cases

We do not make use of a purely automated decision-making process as referred to in Art. 22 GDPR. If we should in the future use such a process in individual cases, we will inform you separately, provided that it is required by law.

10. Rights as  data subject

You may assert data protection rights against us in certain circumstances:

  • You have the right to obtain information from us about your stored data in accordance with the provisions set forth in Art. 15 GDPR (possibly subject to restrictions in accordance with Section 34 BDSG or other applicable laws).
  • At your request, we will rectify your stored data in accordance with Art. 16 GDPR if it is inaccurate or incorrect.
  • At your request, we will erase your data in accordance with Art. 17 GDPR if doing so does not conflict with other statutory regulations (e.g. statutory storage obligations or restrictions in accordance with Section 35 BDSG) or an overriding interest on our part (e.g. to defend our rights and claims).
  • Based on the requirements set forth in Art. 18 GDPR, you can request that we restrict the processing of your data.
  • In addition, you may object to the processing of your data according to Art. 21 GDPR, on the basis of which we must end the processing of your data. However, this right to object applies only if special circumstances exist with regard to your personal situation, whereby rights of our company may outweigh your right of objection.
  • You also have the right to receive your data in a structured, common and machine-readable format under the provisions stipulated in Art. 20 GDPR, or to transmit them to a third party.
  • Furthermore, you have the right to withdraw the consent you have given to the processing of personal data at any time with effect for the future. Should you object, we shall no longer process your personal data unless we can establish compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or unless the processing is for the purposes of asserting, exercising or defending legal claims.
  • In addition, you have the right to file a complaint with the data protection supervisory authority (Art. 77 GDPR). However, we recommend that any complaint be directed to our data protection officer first.

If possible, your requests to exercise your rights should always be addressed directly in writing to privacy (at) quantilope.com, at the above-stated address or to our data protection officer.