GENERAL INFORMATION

Privacy Policy

The operator of the quantlayer.ai platform (hereinafter referred to as the “Data Controller”) establishes the following Privacy Policy (hereinafter referred to as the “Policy”) to define the terms and conditions governing the processing of personal data within the operations of the Data Controller and during the use of the website https://quantlayer.ai (hereinafter referred to as the “Website”). The provisions set forth in this Policy shall apply to all instances of Website access, irrespective of the device employed (including, but not limited to, computers, mobile phones, tablets, and televisions).

All users of the Website are hereby advised to read this Policy carefully. By accessing or using the Website, users acknowledge their agreement to the terms and conditions contained herein.

By providing personal data, whether directly or indirectly, through the use of the Website or its associated services, the individual (hereinafter referred to as the “Data Subject”) explicitly consents to the collection, management, and processing of such data by the Data Controller in accordance with the purposes, procedures, and conditions set forth in this Policy, the Data Subject's consent, and applicable legal provisions.

Individuals under the age of 18 are expressly prohibited from submitting personal data via the Website. If an individual under the age of 18 wishes to submit personal information, prior consent must be obtained from their parent or lawful guardian.

Personal data – means any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of such natural person.

Data Subject – used herein, shall include, but is not limited to, representatives, members of the Quant Layer community, visitors to the Website, job applicants, business partners, service providers, individuals contacting the Data Controller via telephone, or any other natural persons whose personal data is processed by the Data Controller.

Representative – An individual authorized to represent any Data Subject or legal entity.

Site Visitor – An individual expressing interest in the content or services available on the quantlayer.ai Website, as administered by the Data Controller, or seeking to contact the Data Controller for other purposes.

Data Subject’s Consent – A freely given, specific, informed, and unambiguous expression of the Data Subject’s will, signified through a statement or clear affirmative action, indicating their agreement to the processing of personal data related to them.

Client – A natural or legal person entering into an agreement (including online agreements) with the Data Controller to utilize services offered on the Website, enabling Website visitors to access relevant information.

Visitor – An individual accessing the Website to view information about Quant Layer products and services.

Partner – A natural or legal person engaging in collaboration with the Data Controller, including but not limited to entering into cooperation agreements with the Data Controller for activities such as IT tool development.

Service Provider – A natural or legal person offering or supplying goods, services, or works to the Data Controller, whether through cooperation or under a formal agreement concerning the sale or provision of such goods, services, or works.

Direct Marketing – Activities intended to promote goods or services to individuals through postal correspondence, telephone communication, or direct engagement, and/or to solicit feedback on the goods or services offered.

Personal Data Processing – Any operation or series of operations performed on personal data or sets of personal data, whether by automated means or otherwise, including but not limited to collection, recording, organization, structuring, storage, modification, retrieval, consultation, use, dissemination, disclosure by transmission, alignment, restriction, erasure, or destruction.

Data Collection and Compliance

The Data Controller collects personal data in strict compliance with the applicable legal requirements of the European Union and the Republic of Estonia, as well as the directives of relevant supervisory authorities. All appropriate technical and administrative measures are implemented to safeguard the personal data of Data Subjects against unauthorized access, misuse, loss, or alteration.

This Privacy Policy has been formulated in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (dated 27 April 2016) on the protection of natural persons concerning the processing of personal data and the free movement of such data, which repeals Directive 95/46/EC (hereinafter referred to as the “General Data Protection Regulation” or “GDPR”), alongside other applicable legal provisions. The definitions and terms used in this Privacy Policy shall have the meanings ascribed to them under the GDPR.

Categories of Information Collected

Information Provided Directly by You

Personal data that you submit voluntarily when accessing or using the services available on the Website.

Information Regarding Website Usage

When you visit the Website, the Data Controller collects data related to your usage patterns, which may include details of the services accessed and automatically generated statistical data concerning your visits. Further details on data collected via cookies and similar technologies are available in the accompanying ‘Cookies Policy.’

Information from Third-Party Sources

The Data Controller may obtain information about you from publicly accessible and commercial sources, as permitted by applicable legal regulations, and combine it with other data collected directly from or about you. Additionally, data may be collected from third-party social networking platforms when you engage with or connect to our services through such platforms, such as via your account on X or similar networks.

Other Data Collected

The Data Controller may collect additional information about you, your device, or your use of the Website’s content, provided you have granted consent for such data collection.

Voluntary Nature of Data Submission

While you may choose not to provide certain personal data requested by the Data Controller, such a decision may limit your ability to access or utilize specific services offered on the Website.

Processing of Personal Data for Consultation or Query Fulfillment

The Data Controller processes the personal data of Site Visitors and potential Clients for the purposes of providing consultations, addressing queries, or fulfilling other related purposes. The following categories of personal data may be processed as provided by the respective Data Subject:

Forename;
Surname;
Phone number;
Email address;
Position;
Workplace.

The personal data collected for these purposes will not be shared with third parties. The legal basis for processing personal data for consultations or query submissions is the Data Subject's consent, as granted upon submission of their personal data, in accordance with Article 6(1)(a) of the General Data Protection Regulation (GDPR).

Processing of Personal Data for Quant Layer Community Members

The Data Controller processes the personal data of Quant Layer community members, which may include:

Forename;
Surname;
Personal identification number;
Residence address;
Phone number;
Email address;
Any additional information required by applicable law.

Such data is obtained directly from Quant Layer community members and, where necessary, through identification services provided by third parties, such as telecommunications providers.

The Data Controller commits to maintaining the confidentiality of personal data and undertakes not to transfer such data to unrelated third parties, except in the following circumstances:

With the Data Subject’s Consent: Personal data may be disclosed with the explicit consent of the Data Subject.
For Service Provision Obligations: Personal data may be shared with third parties providing services such as postal delivery, archiving, auditing, legal or financial services, or parties associated with national and cryptocurrency exchange systems.
For Legitimate Interests: Personal data may be disclosed in pursuit of the legitimate interests of the Data Controller, such as in cases of debt recovery or legal violations.
In Compliance with Legal Obligations: Data may be disclosed to authorized bodies as required by applicable laws.

The Data Controller may also transfer personal data to Data Processors not specifically identified in this Policy. Such Data Processors perform services or carry out tasks on behalf of the Data Controller (e.g., accounting services). These Data Processors may process personal data solely in accordance with the instructions provided by the Data Controller and only to the extent necessary for the fulfillment of their contractual obligations.

The Data Controller shall take all reasonable measures to ensure that engaged Data Processors implement adequate organizational and technical safeguards to protect the confidentiality and security of personal data.

Personal data is processed on the basis of:

The Data Subject's consent provided at the time of data submission, pursuant to Article 6(1)(a) of the GDPR; and/or
The performance of a contract concluded with the Data Subject, pursuant to Article 6(1)(b) of the GDPR.

Processing of Personal Data for the Purpose of Performing Agreements with Partners and Service Providers

In the course of cooperation with Partners and Service Providers, the Data Controller processes the following personal data of natural persons or their Representatives:

Forename;
Surname;
Personal identification number;
Address;
Details of documents substantiating activities (e.g., individual activity certificate number, date of issue);
In cases of e-commerce – payment order details;
Power of attorney;
Term of authorization;
Represented person (connection to the represented person);
Position;
Workplace;
Phone number;
Email address;
Any additional information provided during the cooperation or performance of contractual obligations.

These data are obtained directly from natural persons, Representatives, and/or the represented persons.

The Data Controller ensures that personal data will not be transferred to unrelated third parties, except in the following circumstances:

With the Consent of the Data Subject: Personal data may be disclosed with the explicit consent of the Data Subject.
For the Fulfillment of the Data Controller’s Obligations: Personal data may be transferred to relevant third parties, including courier or logistics companies, postal service providers, archiving, audit, legal, and financial service providers, as well as entities related to national, European, or international payment systems (e.g., SWIFT).
For Legitimate Interests: Personal data may be disclosed to protect the legitimate interests of the Data Controller, such as for debt collection purposes.
In Compliance with Legal Obligations: Data may be disclosed to authorized bodies in accordance with the procedures established by applicable legal acts.

The Data Controller may also transfer personal data of natural persons or their Representatives to Data Processors not specifically named in this Policy. These Data Processors provide services or perform tasks on behalf of the Data Controller (e.g., accounting services). Such Data Processors process personal data only in accordance with the Data Controller’s instructions and solely to the extent necessary for fulfilling their contractual obligations.

The Data Controller takes all necessary measures to ensure that engaged Data Processors implement appropriate organizational and technical safeguards to maintain the confidentiality and security of personal data.

Personal data processing in the context of performing agreements with Partners and Service Providers is carried out on the following legal bases:

Performance of the agreement, pursuant to Article 6(1)(b) of the GDPR; and/or
Legitimate interests of the Data Controller, pursuant to Article 6(1)(f) of the GDPR.

Processing of Personal Data for Direct Marketing Purposes

The Data Controller endeavors to provide newsletter recipients with content that is relevant and valuable, in full compliance with this Privacy Policy.

The following personal data of Clients and other Data Subjects may be processed for direct marketing purposes:

Forename (if provided);
Surname (if provided);
Email address.

Upon sending newsletters, the Data Controller may collect and analyze statistical data related to the recipient’s interaction with the newsletter, such as whether the newsletter was opened and which links were accessed by the Data Subject.

The Data Subject's email address may also be used to display targeted advertisements on platforms such as Facebook, Google, and other advertising networks, tailoring the content to the intended audience.

Personal data used for direct marketing is obtained directly from the Data Subjects. The Data Controller may share personal data with third parties that provide specialized services, such as sending electronic messages or customizing advertisements through advertising platforms.

Personal data is processed for direct marketing purposes based on:

The Data Subject's consent, given at the time of submitting personal data and agreeing to its processing for direct marketing purposes, in accordance with Article 6(1)(a) of the GDPR; and/or
The Data Controller’s legitimate interest, in accordance with Article 6(1)(f) of the GDPR.

Right to Withdraw Consent

Data Subjects have the right to object to or withdraw their consent for the processing of personal data for direct marketing purposes at any time, without providing a reason. This can be done by clicking the “unsubscribe” link included in newsletters or by contacting the Data Controller directly.

Withdrawal of consent shall not affect the lawfulness of processing conducted prior to the withdrawal based on the consent originally provided.

Protection of Personal Data

The Data Controller implements organizational and technical measures to safeguard personal data against loss, unauthorized access, misuse, or alteration. These measures are designed to ensure the security of all information collected for the provision of services. However, Data Subjects are advised that no website, online transaction, computer system, or wireless communication can be guaranteed as completely secure.

Retention Periods for Personal Data

The Data Controller applies specific retention periods for personal data in compliance with applicable legal requirements and in accordance with the purposes of data processing.

Purpose of Personal Data Processing	Retention Period
Processing of personal data for consultation or query purposes	1 year from the date of the consultation or query resolution, unless the Data Subject applies for services, in which case a 10-year retention period applies.
Processing of personal data of Quant Layer community members	Duration of membership plus 10 years following its expiration.
Processing of personal data of natural persons and Representatives for agreements with Partners and Service Providers	Duration of the agreement plus 10 years following its expiration.
Processing of personal data for direct marketing purposes	5 years from the date consent is provided, unless the Data Subject requests an extension of the retention period.

Cessation of Direct Marketing Processing

If personal data is processed for direct marketing purposes based on consent or the Data Controller’s legitimate interest, the processing of such data will cease immediately upon the Data Subject’s objection. Personal data will be destroyed promptly to prevent further use.

Exceptions to Retention Periods

In certain cases, exceptions to the specified retention periods may apply, provided these exceptions do not infringe upon the rights of Data Subjects and remain compliant with legal requirements.

Destruction of Data

Upon expiration of the applicable retention periods, and unless extended in compliance with legal requirements, personal data shall be securely destroyed in a manner that prevents its recovery or reconstruction.

Rights of the Data Subject

Data Subjects whose personal data are processed by the Data Controller are entitled to the following rights:

Right to Information: The right to be informed about the processing of their personal data.
Right of Access: The right to access their personal data and to understand how such data are being processed.
Right to Rectification: The right to request correction of inaccurate personal data or to supplement incomplete data in consideration of the purposes of processing.
Right to Erasure (‘Right to be Forgotten’): The right to request the cessation of processing of their personal data (excluding storage) under certain circumstances.
Right to Restriction of Processing: The right to restrict the processing of their personal data for legitimate reasons.
Right to Data Portability: The right to receive personal data provided to the Data Controller in a structured, commonly used, and machine-readable format and to transmit those data to another controller.
Right to Object: The right to object to the processing of their personal data when such processing is carried out for direct marketing purposes, including profiling to the extent that it relates to such direct marketing activities.

Submitting Requests

Data Subjects may submit written requests or directives concerning the processing of their personal data to the Data Controller via email at: legal@quantlayer.ai.

Upon receipt of a request or directive, the Data Controller shall respond within one month from the date of receipt, either implementing the specified actions or providing reasons for refusal. If the request is particularly complex or involves multiple requests, this time frame may be extended by up to two additional months. In such cases, the Data Controller will notify the Data Subject within the initial one-month period, providing justification for the extension.

Limitations on Rights

The Data Controller reserves the right to deny the exercise of the aforementioned rights, except for objections to personal data processing for direct marketing purposes, in cases where:

It is necessary to prevent, investigate, or identify criminal activity;
It is essential to uphold business or professional ethics; or
It is required to protect the rights and freedoms of the Data Subject or other individuals, as mandated by applicable laws.

Third-Party Websites, Services, and Products

The Website operated by the Data Controller may include advertisements, banners, links to third-party websites, and services not under the control of the Data Controller (e.g., links to the Data Controller’s profile on platforms such as X). The Data Controller assumes no responsibility for the security or privacy practices of information collected by such third parties. Data Subjects are advised to review the privacy policies of any third-party websites or services they choose to use.

By submitting personal data via platforms such as X, the Data Subject consents to being contacted by the Data Controller via the provided contact information, including phone number or email address, for the purpose of receiving service offers.

Final Provisions

Amendments or supplements to this Privacy Policy shall take effect upon their publication on the Website. By continuing to use the Website or services provided by the Data Controller following the publication of such amendments or supplements, the Data Subject is deemed to have accepted the changes.

Contact Information

For any questions or concerns related to the information contained in this Privacy Policy, please contact us through the following channels:

Operator of quantlayer.ai
Email: legal@quantlayer.ai

This Privacy Policy was last updated on 15 December 2024.