QPQ Portal Data Privacy Policy

We, QPQ AG are the developers of the 1DLT software.

QPQ AG, a company incorporated and registered in Switzerland with registration number CHE-340.809.860, whose registered office is at Zählerweg, 5, 6300 Zug, Switzerland,  hereinafter referred to as QPQ, “we”, that provides a novel system for the rapid deployment of EVM-based blockchains, through a software platform that is available as a service through its portal www.qpq.io and through an application programming interface (the “1DLT”). 

Please visit this section regularly as the policy may be subject to changes or updates. Any significant changes to this policy will be notified.

Terms

“1DLT Service ” – service for the rapid deployment of EVM-based blockchains, through the software platform 1 DLT;

“API” – Application Programming Interface is a connection between computers/ computer programs.

“DLT” – distributed ledger technology;

FADP” – Swiss Federal Act on Data Protection of June 19, 1992

GDPR” – EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council

Personal Data/Information” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Portal” means the web application located at www.qpq.io

The other specialist terms used in this Privacy Policy are to be understood as legally defined in article 4 GDPR.

Who are we?

QPQ AG, a company incorporated and registered in Switzerland with registration number CHE-340.809.860, whose registered office is at Zählerweg, 5, 6300 Zug.

If you want to communicate with us about personal data protection issues, please use the following e-mail address: [email protected]

Use of the 1DLT

By using 1DLT you agree to the collection, processing and transfer of your data as described in this Privacy policy, you agree to accept and comply with the terms, conditions and policies mentioned and/or available through the hyperlink and that you are of legal age and in accordance with applicable national law. If you do not accept the terms, conditions and policies set forth in this documentation, then you should not continue to use our services.

How we collect data about you

Through 1DLT, QPQ collects personally identifiable information of representatives of business partners and data of their clients. This data is collected when contracts are concluded or when 1DLT service is used.

When you do provide us with personal information, we usually use it to provide the services, to process and respond to your inquiry or provide you access to specific information.

Children

No information may be submitted to QPQ by persons under the age of 18 without the consent of the parent or legal guardian, nor may person under the age of 18 make legal acts without such consent.

Within the identification service, QPQ may find that data has been submitted by persons who are under the minimum legal age to use the service or to benefit from the services for which the identification procedure is carried out. In this case, the information will be transmitted to the applicant (the business partner using the service) and subsequently deleted from our records.

QPQ will not use any personal data collected from children for any purpose whatsoever, including disclosures to third parties.

Sensitive data

We do not process sensitive personal information (e.g., information about racial or ethnic origin, political opinions, religion, or other beliefs, health, criminal history, or trade union membership) through 1DLT software.

How do we use the personal data

General conditions:

We process and use the data for the following purposes: to provide the 1DLT service, to improve our software, to prevent and identify errors/malfunctions or the abuse of the software. The processing enables us to pursue legitimate interests in ensuring the functionality of 1DLT and its error-free, secure option as well as in adapting the software to suit user’s needs.

QPQ takes precautions to ensure the security of your personal data and stives to keep it accurate. We carefully protect your personal data from destruction, loss, falsification, manipulation and/or unauthorized disclosure.

Special and detailed conditions:

Please find below the purposes for which we process your personal data, the people who have access to your personal data and how we store it.

 
Personal data
First name; middle name; last name; Email ID and country of residence / establishment;
Purposes of processingThe purpose for which we collect your personal data are specified, explicit and legitimate and your personal data will not be further processed in a manner that may be incompatible with those purposes.
We shall collect your personal data in an appropriate manner; personal data collected shall be relevant and limited to the information required for the purpose of the processing, accurate and, where necessary, updated.
We are committed to take all necessary steps to ensure that incorrect data is erased or corrected.
 
The Personal Data provided by customers will be available via API or transferred via HTTP or SFTP files and used by 1DLT for the purposes of processing for any one or more of the following purposes:
–        to provide 1DLT Service;
–        to respond to your queries, claims or disputes;
–        to detect, investigate, prevent or remediate violations of your agreements with us.
–        to comply with legal and regulatory requirements.
 
 We use user’s personal data for marketing purposes but only with the user’s prior consent. For example, we allow users to add their email address to subscribe to our newsletter.
Lawfulness of processingThe processing of your personal data will be done in a legal, correct, and transparent manner.
 
·       In order to provide the services, we need certain personal information; we cannot provide them without this information – article 6/1/b) of Regulation (EU) 2016/679: “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”;
 
·       In some cases, we have a legal responsibility to collect and store your personal information in order to comply with legal provisions or legal request from governmental or executive authorities and as may be necessary to meet certain national security or enforcement requirements law or to prevent certain illegal activities > “legal obligations”- article 6/1/c) of Regulation (EU) 2016/679: “processing is necessary for compliance with a legal obligation to which the controller is subject”;
 
·       We sometimes collect and use your personal information because we have a legitimate reason to have it and this is reasonable when balanced against your right to privacy: obtain information related to and available on publicly available government lists covering sanctions, the prevention and detection of unlawful acts and other protective functions > “legitimate interests”- article 6/1/f) of Regulation (EU) 2016/679: ”processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child”;
 
·       any processing of data for purposes other than providing the 1DLT service will be done on an ongoing basis:
– prior information to the client regarding his data, third party recipients and secondary purposes of the processing;
– the express consent obtained by the business partner for the processing of data for a specific purpose: “consent” – article 6/1/a) of Regulation (EU) 2016/679: ”the data subject has given consent to the processing of his  or her personal data for one or more specific purposes”.
Disclosure of your personal dataPersonal data will be shared with third parties only if it is required for the purpose of providing services under agreements.
 
We have taken all necessary measures to ensure that external service providers who have access to your data have implemented physical, electronic and managerial security measures to protect your data.
Third-party categories:
1.     Subcontractors: companies that offer us products or services or to whom we outsource certain technical support services; suppliers of customer relationship management systems. Prior to working with any sub-processor, QPQ ensures that they comply with the GDPR, FADP or any other relevant data protection legislation that may be applicable.
 
1.1.         Microsoft Azure (Azure) – Cloud computing service operated by Microsoft for application management via Microsoft-managed data centers.
More info available on:
https://azure.microsoft.com/en-us/privacy-data-management/
 
1.2.         Amazon Web Services (“AWS”)- Cloud computing service for virtual machines and database hosting. More info available on : https://aws.amazon.com/
 
 
1.3.         HubSpot – developer and marketer of software products for inbound marketing, sales, and customer service.
More info available on:
https://legal.hubspot.com/privacy-policy
 
1.4.         Stripe – payment processing software and application programming interfaces (APIs) for e-commerce websites and mobile applications.
More info available on:
https://stripe.com/en-ch/privacy
 
1.5.         Other providers of services if needed for proper functioning of 1DLT Service.
 
 
2.     Public authorities and institutions, accountants, auditors, lawyers and other external professional counselors, if their activity requires their knowledge or where the law requires us to divulge them.
International transfers of personal dataSome of our external third parties are based outside the European Economic Area (“EEA”) or Switzerland so the processing of your personal data may involve a transfer of data outside the EEA or Switzerland. QPQ continues to have appropriate safeguards and compliance measures to ensure an adequate level of protection of personal data transferred outside the EEA and Switzerland. QPQ’s measures include the updated EU Commission’s SCCs to accommodate international data transfers.
How long will we store the dataAfter the receiving the personal data are stored on could servers.
Personal data will be retained for a period no longer than the one in which personal data is processed, except for the circumstances imposed by law where retention may be necessary and subsequently.
We keep data during whole period of our client servicing (when servicing agreement is active). After the data retention period ends, user’s data will be deleted.
Where data is storedPersonal data will be stored securely on cloud servers of our Subcontractors.
 
The cloud servers are located in Dublin and London.
 
Security of your personal dataWe use appropriate measures to maintain the confidentiality and security of your personal data and to prevent unauthorized access, use, disclosure, alteration, or destruction. For example, we use the following measures:
Multifactor authentication. 2FA across all applications storing or processing personal data
Password policy. Strong password policy at or beyond market practice. All software providers we are using are leading in their area of expertise and adhere to best security practices.
Access Control. Maintain inventory of user access list across key applications to keep oversight of user access helping manage new joiners, transfers or leavers. The inventory is being maintained centrally by IT who in turn executes on changes in access rights according to pre-approved access requests. The list of users across applications is reviewed periodically.
 
If you become aware of any unauthorized use of your data or any other breach of security regarding personal data you provided to us, you agree to notify QPQ immediately.
 

Your rights

As a data subject, you have specific legal rights with respect to your personal data that we collect and process.

QPQ through 1DLT respects your rights and ensures that properly takes into account your interests.

Withdrawal of consent: If the processing is carried out based on your consent, you can withdraw your consent for such processing at any time.

Rectification of data: If you notice that we have erroneous personal data, you can ask us at any time to rectify the personal data concerning you. We make reasonable efforts to keep personal data – which are used continuously and in our possession or control – accurate, complete, current and relevant, based on the latest available information to us.

Restriction of processing: If you are in one of the following situations, you can ask us to restrict the processing of your data:

  • You contest the correctness of personal data for the period in which we must verify the accuracy;
  • The processing is illegal and you request the restriction of processing rather than personal data deletion;
  • We no longer need your personal data, but you request it for the establishment, exercise or defense of a right; or
  • You object to the processing while we verify that our legitimate reasons take

precedence of your rights;

Access to your data: You can ask us for information about the personal data we hold about you, including information about what categories of data, what they are used for, where we collected them, if they are not collected directly from you and to whom they were disclosed (if any). You can obtain a copy from us, free of charge, containing the personal data we hold regarding you.

We reserve the right to charge a reasonable fee for abusive requests.

Right to portability: Upon request, we will transfer personal data to another operator, where technically possible, provided that processing is necessary for the performance of a contract. Rather than receiving a copy of your personal data, you may request that we transfer your data directly to another operator specified by you.

Right of deletion: You may obtain the deletion of personal data from us if:

  • the data are no longer needed concerning the purposes for which they were processed;
  • you object to the further processing of personal data (see Right of Opposition below);
  • personal data have been processed illegally;
  • you withdraw your consent based on which the processing takes place.

 Unless the processing is necessary:

  • to fulfill a legal obligation that requires the processing of those data by us;
  • in particular for the legal requirements regarding the deadlines for data retention;
  • for the establishment, exercise, or defense of a right in court.
  •  

Right of opposition: You can object at any time to the processing of personal data due to the special situation you are in. In this case, we will no longer process personal data if we cannot demonstrate well-founded, legitimate reasons, a major interest in the processing or the establishment, exercise, or defense of a right. When you object to the processing, please indicate whether you wish to delete personal data or restrict the processing of such data.

Right to file a complaint: In case of an alleged violation of the data protection legislation, you can file a complaint to your national supervisory authority for data protection.

Time period: We will try to resolve your request within 30 days. However, the period may be extended for reasons regarding the specific legal law or the request’s complexity.

Restricting access: In certain situations, we may not be able to grant you access to all or part of your personal data due to restrictions provided by law. If we refuse your request for access, we will notify you of the reason for the refusal.

Impossibility of identification: In some cases, we may not be able to identify personal data due to the lack of identification elements provided in the application you send us. In such cases, if you do not provide additional information to identify you, we will not be able to comply with your request to exercise your legal rights, as described in this section.

Exercising your legal rights:

To exercise your legal rights, please contact us, in writing, at [email protected].

Last updated on the 30 September 2022