Privacy Policy

This notice explains how Quantara GmbH processes personal data when you visit our website, contact us, or engage our IT Marketing services. It is written in line with the General Data Protection Regulation (GDPR), the Austrian Data Protection Act (Datenschutzgesetz, DSG), and applicable ePrivacy rules.

1. Who is responsible for your data?

The data controller within the meaning of Article 4(7) GDPR is:

We provide IT Marketing services to technology and digital product companies. Where we process data on behalf of a client under a separate agreement, that client may act as controller and we as processor — in that case, the client’s privacy documentation applies to the relevant processing.

2. What categories of personal data do we collect?

Depending on how you interact with us, we may process:

• Identity and contact details — name, job title, company name, business address, email address, telephone number.
• Communication content — messages you send via our contact form, email, or during meetings, including project briefs and marketing requirements.
• Technical and usage data — IP address, browser type, device identifiers, referring URLs, pages viewed, session duration, and approximate location derived from IP (country/region level).
• Marketing and analytics signals — cookie identifiers, campaign attribution parameters, and aggregated interaction metrics where you have consented or where a lawful basis permits.
• Contract and billing data — purchase order references, invoicing details, and payment status when you become a client (we do not store full payment card numbers on our servers).

We do not intentionally collect special categories of data under Article 9 GDPR (such as health data or political opinions). Please avoid sending such information unless it is strictly necessary for our engagement and you have a lawful basis to share it.

3. Why we process your data and on what legal basis

We process personal data only where a legal ground under Article 6 GDPR applies:

Performance of a contract (Art. 6(1)(b))

To respond to inquiries, prepare proposals, deliver IT Marketing services, manage accounts, and fulfil our contractual obligations toward clients and prospects who request our services.

Legitimate interests (Art. 6(1)(f))

To operate and secure our website, prevent abuse, understand aggregate traffic patterns, maintain business records, and pursue proportionate B2B outreach to organisations that may benefit from IT Marketing — always balanced against your rights. You may object to processing based on legitimate interests as described in Section 9.

Consent (Art. 6(1)(a))

For non-essential cookies, certain analytics tools, and optional marketing communications where required by law. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Legal obligation (Art. 6(1)(c))

To comply with tax, accounting, anti-money-laundering, and regulatory retention duties applicable in Austria and the European Union.

4. Cookies and similar technologies

Our website may use strictly necessary cookies that enable core functionality (for example, remembering cookie preferences). Where we use analytics or marketing cookies that are not essential, we will request your consent in accordance with the ePrivacy Directive as implemented in Austria.

You can control cookies through your browser settings. Blocking all cookies may limit certain features. For more detail on specific tools in use at any given time, contact us at info@quantara-gmbh.com.

5. Where your data comes from

Most data is provided directly by you (forms, email, contracts). We may also receive business contact details from publicly available professional directories, event registrations, or referrals from existing clients — always in a B2B context and where permitted by law.

6. Who receives your data

We share personal data only when necessary:

• Processors — hosting providers, email infrastructure, CRM or project tools, analytics platforms, and professional advisers, each bound by Article 28 GDPR data processing agreements where required.
• Authorities — courts, regulators, or law enforcement when we are legally compelled to disclose information.
• Clients — where you are a supplier or partner and disclosure is needed to deliver a joint project, with appropriate confidentiality safeguards.

We do not sell personal data. We do not use automated decision-making that produces legal or similarly significant effects solely based on profiling within the meaning of Article 22 GDPR.

7. International transfers

We prefer to store and process data within the European Economic Area (EEA). If a subprocessors operates outside the EEA, we ensure appropriate safeguards — such as Standard Contractual Clauses approved by the European Commission, or an adequacy decision — before any transfer takes place, and we document the transfer in our records of processing.

8. How long we keep your data

Retention periods depend on the purpose:

• Website logs and security records: typically up to 12 months unless needed for incident investigation.
• Contact form and general inquiries: up to 24 months after the last meaningful interaction, unless a business relationship continues.
• Client project files and contracts: for the duration of the engagement plus statutory limitation periods under Austrian law (often up to 7 years for commercial records).
• Marketing consents: until you withdraw consent or object, plus a short suppression record to honour your choice.

When retention periods expire, we delete or anonymise data unless a longer period is required by law.

9. Your rights under the GDPR

If you are in the EEA, you have the following rights, subject to conditions and exceptions in the GDPR:

• Access (Art. 15) — obtain confirmation and a copy of your personal data.
• Rectification (Art. 16) — correct inaccurate or incomplete data.
• Erasure (Art. 17) — request deletion where grounds apply.
• Restriction (Art. 18) — limit processing in certain circumstances.
• Data portability (Art. 20) — receive data you provided in a structured, machine-readable format where processing is based on consent or contract and carried out by automated means.
• Objection (Art. 21) — object to processing based on legitimate interests or for direct marketing.
• Withdraw consent (Art. 7(3)) — where processing relies on consent.

To exercise any right, email info@quantara-gmbh.com with sufficient detail to identify you. We respond within one month, extendable by two further months for complex requests as permitted by Article 12(3) GDPR.

10. Right to lodge a complaint

You may lodge a complaint with a supervisory authority. In Austria, the competent authority is:

Österreichische Datenschutzbehörde (DSB)
Barichgasse 40–42, 1030 Vienna, Austria
Website: www.dsb.gv.at

You may also contact the supervisory authority in your country of habitual residence or workplace if you are located elsewhere in the EU.

11. Security measures

We implement technical and organisational measures appropriate to the risk, including access controls, encryption in transit (TLS), least-privilege accounts, and staff awareness on confidentiality. No method of transmission over the internet is completely secure; we encourage you to use strong passwords and protect your own devices.

12. Children

Our website and services are directed at business professionals. We do not knowingly collect data from individuals under 16 years of age. If you believe a minor has provided us personal data, contact us and we will delete it promptly.

13. Changes to this policy

We may update this Privacy Policy to reflect legal, technical, or business changes. The “Last updated” date at the top indicates the current version. Material changes will be highlighted on this page where appropriate.

14. Contact

For privacy-related questions, requests, or concerns about this notice:

Quantara GmbH — Data protection enquiries
info@quantara-gmbh.com
Hygna 38, 6235 Reith im Alpbachtal, Austria