Introduction
We ("we", "us", "our") take the protection of data of users ("users" or "you") of our website and/or our mobile app (the "website" or the "mobile app") very seriously and commit ourselves to protecting the information that users provide us in connection with the use of our website and/or mobile app (together: "digital assets"). Furthermore, we commit ourselves to protect and use your data according to applicable law.
This privacy policy explains our practices regarding the collection, use, and disclosure of your data through the use of our digital assets (the "services"), when you access the services through your devices.
Please read the privacy policy carefully and make sure you fully understand our practices regarding your data before using our services. If you have read this policy, fully understand it and do not agree with our approach, you must stop using our digital assets and services. By using our services, you acknowledge the terms of this privacy policy. Continued use of the services constitutes your consent to this privacy policy and any changes to it.
In this privacy policy, you will learn:
-
How we collect data
-
What data we collect
-
Why we collect this data
-
To whom we disclose the data
-
Where the data is stored
-
How long the data is retained
-
How we protect the data
-
How we handle minors
-
Updates or changes to the privacy policy
What Data Do We Collect?
Here is an overview of the data we may collect:
-
Non-identified and non-identifiable information you provide during the registration process or collected through the use of our services ("non-personal data"). Non-personal data does not allow any conclusions about who it was collected from. The non-personal data we collect mainly consists of technical and summarized usage information.
-
Individually identifiable information, i.e., all those through which you can be identified or could be reasonably identified ("personal data"). The personal data that we may collect through our services may include information requested from time to time, such as names, email addresses, addresses, telephone numbers, IP addresses, and more. If we combine personal data with non-personal data, as long as they are combined, we will treat them as personal data.
How Do We Collect Data?
Below are the main methods we use to collect data:
-
We collect data when using our services. So, when you visit our digital assets and use services, we may collect, record, and store usage, sessions, and related information.
-
We collect data that you provide to us, for example, when you contact us directly through a communication channel (e.g., an email with a comment or feedback).
-
We may collect data from third-party sources as described below.
-
We collect data that you provide to us when you sign up for our services through a third party like Facebook or Google.
Why Do We Collect This Data?
We may use your data for the following purposes:
-
To provide and operate our services;
-
To develop, customize, and improve our services;
-
To respond to your feedback, requests, and provide assistance;
-
To analyze request and usage patterns;
-
For other internal, statistical, and research purposes;
-
To improve our data security and fraud prevention capabilities;
-
To investigate violations and enforce our terms and policies and comply with applicable law, regulations, or government orders;
-
To send you updates, news, promotional materials, and other information related to our services. You can choose whether you want to continue receiving promotional emails. If not, simply click on the unsubscribe link in these emails.
To Whom Do We Disclose Your Data?
We may share your data with our service providers to operate our services (e.g., storing data via third-party hosting services, providing technical support, etc.).
We may also disclose your data under the following circumstances: (i) to investigate, detect, prevent, or take action against illegal activities or other misconduct; (ii) to establish or exercise our rights of defense; (iii) to protect our rights, property, or personal safety, as well as the safety of our users or the public; (iv) in the event of a change in control of our company or one of our affiliated companies (through a merger, acquisition, or purchase of (substantially) all assets, etc.); (v) to collect, maintain, and/or manage your data using authorized third-party service providers (e.g., cloud service providers), as appropriate for business purposes; (vi) to work with third parties to improve your user experience. To avoid misunderstandings, we would like to point out that we can transfer or share non-personal data with third parties at our discretion or use it otherwise.
Please note that our services enable social interactions (e.g., publicly posting content, information, and comments, and chatting with other users). Be aware that any content or data you provide in these areas can be read, collected, and used by others. We advise against posting or sharing information that you do not want to make public. When you upload content to our digital assets or otherwise provide it as part of using a service, you do so at your own risk. We cannot control the actions of other users or members of the public who have access to your data or content. You acknowledge and confirm that copies of your data may still be viewable on cached and archived pages or if copies/records of your content have been made by third parties even after your data has been deleted.
Cookies and Similar Technologies
When you visit or access our services, we authorize third parties to use web beacons, cookies, pixel tags, scripts, and other technologies and analytics services ("Tracking Technologies"). These Tracking Technologies may enable third parties to automatically collect your data to improve the navigation experience on our digital assets, optimize their performance, and ensure a customized user experience, as well as for security and fraud prevention purposes.
To learn more, please read our Cookie Policy.
We may provide advertising through our services and our digital assets (including websites and applications that use our services) that may be tailored to you, e.g., ads based on your recent browsing behavior on websites, devices, or browsers.
To provide these ads for you, we may use cookies and/or JavaScript and/or web beacons (including clear GIFs) and/or HTML5 Local Storage and/or other technologies. We may also employ third parties, such as network advertisers (i.e., third parties that display ads based on your website visits), to display targeted ads. External providers of advertising networks, advertisers, sponsors, and/or traffic measurement services may also use cookies and/or JavaScript and/or web beacons (including clear GIFs) and/or Flash cookies and/or other technologies to measure the effectiveness of their ads and customize advertising content for you. These third-party cookies and other technologies are governed by each third party's specific privacy policy, not this one.
Where Do We Store the Data?
Please note that our companies, as well as our trusted partners and service providers, are located around the world. For the purposes outlined in this Privacy Policy, we store and process all non-personal data we collect in various jurisdictions.
Personal Data Personal data may be maintained, processed, and stored in the United States, Ireland, South Korea, Taiwan, Israel, and as necessary for the proper provision of our services and/or as required by law (as further explained below) in other jurisdictions.
How Long Do We Retain the Data?
Please note that we retain collected data for as long as necessary to provide our services, comply with our legal and contractual obligations to you, resolve disputes, and enforce our agreements.
We may correct, supplement, or delete inaccurate or incomplete data at any time at our discretion.
How Do We Protect the Data?
The hosting service for our digital assets provides us with the online platform that allows us to offer you our services. Your data may be stored through our hosting provider's data storage, databases, and general applications. They store your data on secure servers behind a firewall and provide secure HTTPS access to most areas of their services. All payment options offered by us and our hosting provider for our digital assets comply with the regulations of the PCI-DSS (Payment Card Industry Data Security Standard) set by the PCI Security Standards Council, a collaboration of brands like Visa, MasterCard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of credit card information (including physical, electronic, and procedural measures) by our store and service providers.
Despite the measures and efforts by us and our hosting provider, we cannot and do not guarantee absolute protection and absolute security of the data you upload, publish, or otherwise share with us or others. For this reason, we ask you to set secure passwords and, where possible, not to transmit confidential information to us or others that you believe could cause significant or lasting harm if disclosed. Since email and instant messaging are not considered secure forms of communication, we also ask you not to share confidential information through these channels.
How Do We Handle Minors?
The services are not intended for users who have not reached the legal age of majority. We will not knowingly collect data from children. If you are not of legal age, you should not download or use the services and should not provide us with any information. We reserve the right to request proof of age at any time so that we can verify whether minors are using our services. In the event that we become aware that a minor is using our services, we may deny these users access to our services and block them, and we may delete all data stored about this user. If you have reason to believe that a minor has provided data to us, please contact us as explained below.
Children may use our services. However, if they want access to certain features, they may need to provide certain information. The collection of some data (including data collected via cookies, web beacons, and other similar technologies) can be automatic. If we knowingly collect, use, or disclose data collected from a child, we will do so in compliance with applicable law and will obtain parental consent. We do not make a child's participation in an online activity contingent upon the child providing more contact information than is reasonably necessary for that activity. We use the data we collect only in connection with the services requested by the child. We may also use a parent's contact details to communicate about the child's activities in the services. Parents can view data we have collected from their child, prohibit us from collecting further data from their child, and request that we delete any data collected from our records. Please contact us to view, update, or delete your child's data. To protect your child, we may ask you for proof of your identity. We may deny you access to data if we believe your identity is in question. Please note that certain data may not be deleted due to other legal obligations.
We use your personal data only for the purposes set out in the Privacy Policy and only when we are convinced that:
-
the use of your personal data is necessary to fulfill or conclude a contract (e.g., to provide you with the services themselves or customer support or technical support);
-
the use of your personal data is necessary to comply with relevant legal or regulatory obligations, or
-
the use of your personal data is necessary to support our legitimate business interests (provided that this always occurs in a manner that is proportionate and respects your privacy rights).
As a resident of the EU, you can:
-
request confirmation as to whether or not personal data concerning you are being processed, and access to your stored personal data and certain additional information;
-
request receipt of personal data you have provided to us in a structured, common, and machine-readable format;
-
request the correction of your personal data stored with us;
-
request the deletion of your personal data;
-
object to the processing of your personal data by us;
-
request the restriction of processing of your personal data, or file a complaint with a supervisory authority.
Please note, however, that these rights are not unrestricted and may be subject to our own legitimate interests and regulatory requirements. If you have general questions about the personal data we collect and how we use it, please contact us as indicated below. In the course of providing the services, we may transfer data across borders to affiliated companies or other third parties from your country/jurisdiction to other countries/jurisdictions around the world. By using the services, you consent to the transfer of your data outside the EEA.
If you are resident in the EEA, your personal data will only be transferred to locations outside the EEA if we are convinced that there is an adequate or comparable level of protection for personal data. We will take appropriate steps to ensure that we have adequate contractual arrangements with our third parties to ensure that appropriate security measures are taken so that the risk of unlawful use, alteration, deletion, loss, or theft of your personal data is minimized and that these third parties always act in accordance with applicable laws.
Rights Under the California Consumer Privacy Act
If you use the services as a resident of California, you may be entitled under the California Consumer Privacy Act ("CCPA") to request access to and deletion of your data.
To exercise your right to access and delete your data, please read below how to contact us.
We do not sell the personal data of users for the intentions and purposes of the CCPA.
Users of the services residing in California who are under 18 years old can request the deletion of their published content via email at the address provided in the "Contact" section below. These requests must be labeled "California Removal Request." All requests must include a description of the content you want to be deleted and sufficient information to allow us to locate the material. We do not accept requests that are not labeled or properly submitted, and we may not be able to respond if you do not provide sufficient information. Please note that your request does not guarantee that the material will be completely or comprehensively deleted. For example, material you have posted may be republished or reposted by other users or third parties.
Updates or Changes to the Privacy Policy
We may revise this Privacy Policy at our discretion from time to time, the version published on the website is always current (see the "Effective" date). We ask you to regularly review this Privacy Policy for changes. In case of significant changes, we will post a notice on our website. If you continue to use the services after notification of changes on our website, this is considered your acknowledgment and consent to the changes in the Privacy Policy and your agreement to be bound by the terms of these changes.
Contact
If you have general questions about the services or the data we collect about you and how we use it, please contact us at:
Name: Corentin Gondrand
Address: c/o Max-Planck-Institute for medical research, Jahnstraße 29, 69120 Heidelberg
Email address: contact@quantilight.com