PRIVACY POLICY

At Quadcode we are committed to protecting and respecting your privacy. This Privacy Policy provides information on how we may collect, process and share your personal data via our website www.quadcode.com (Website), downloadable software, mobile applications, desktop applications, content, features, function and/or via any other services provided by us and on which a link to this Privacy Policy is displayed, and/or all other communication with you through written or oral means, such as email, chat or phone (collectively the "Services") when you use our Services and the choices you have associated with that personal data. We will only collect and use personal data in ways that are described here and in a way that is consistent with our obligations and your rights under the applicable local legislation, the Data Protection Legislation, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and the EU Regulation No. 2016/679 the General Data Protection Regulation (collectively "GDPR"). Please note that this Privacy Policy is addressed to our prospective, current and former clients. If you are, were or may be a potential, QuadCode employee your personal information will be used in connection with your employment in accordance with our separate policy which are available at jobs.quadcode.com.

We use your personal data to provide and improve our Services. Your acceptance of this Privacy Policy is deemed to occur upon your first use of our website and any of the Service.

1. WHO WE ARE

QCL QUAD CODE CY LIMITED is a limited liability company part of the QUAD CODE Entities, incorporated and registered in the Republic of Cyprus under company number HE391725 and having its registered address at the 82nd street, no. 4 Kato Polemidia, 4153, Limassol, Cyprus (hereinafter "Quadcode"). Quadcode is the Controller and responsible for the data disclosed to us by you for the use of our Services.

This Privacy Policy is issued on behalf of the Quadcode Group. The Quadcode Group is active across the world. We have offices and entities located in Cyprus, Gibraltar, Australia, Bahamas and United Arab Emirates together with their respective affiliated companies, (collectively referred to as the "Quadcode Group") so when we mention "Quadcode", "Company", "we" or "us" in this Privacy Policy we are referring to the relevant company within the Quadcode Group responsible for collecting and/or processing your personal data when you use the Services. Quadcode respects your privacy and therefore all the companies within the Quadcode Group are committed to protect your data, which it collects and/or has access to.

2. DATA COLLECTED, REASONS AND USAGE

We may collect, use, store and transfer different kinds of data about you which we have grouped together as follows:

  • Identity Data includes first name, last name, and patronymic (if available), date of birth gender, passport, ID, Driver's number, and copy of photo.
  • Contact Data includes billing address, email address and telephone numbers.
  • Financial Data includes bank account and payment card details
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in type and versions, operating system and platform, and other technologies on the devices you use to access the Website and use of cookies stored on your device.
  • Usage Data includes information about how you use Website, products and Services and IP history.
  • Data in KYC (Know your customer) includes identity document information, including copies of recent dated Utility Bills, Identity Card, Passport, and/or Driver's License, Tax Identification Numbers (TIN).
  • Location Data includes details on your actual location when interacting with our Website (for example, a set of parameters that determine regional settings of your interface, namely residency country, time zone, and the interface language)
  • Audio Data includes full voice recordings of calls that you receive from us or make to us.
  • Aggregated Data includes statistical or demographic data for any purpose. Such data can be derived from your data but may not be considered personal data in law as it will not directly or indirectly reveal your identity. An example of such Aggregated Data could be that we aggregate your Usage Data to calculate the percentage of users accessing a specific website feature and/or services/product preference. Notwithstanding the above, if Quadcode combines Aggregate Data with data in a way that the end result can in any way identify the data subject, Quadcode shall treat such combined data as data which will be treated as per the provisions herein contained. (the above collectively referred to as "personal data")

Processing of your data is carried out by Quadcode following the principles of lawfulness, fairness, transparency, and always adhering to the intended purpose of data processing, the principle of data minimization, accuracy, limited data storage, data integrity, confidentiality and accountability.

You are responsible for updating any data provided to us in case of any change. Although we will strive to keep your data up to date and review and inspect any information provided by you, we may not be able to always do so without your help. You acknowledge that Quadcode holds neither commitment nor responsibility to you due to any aforesaid review or inspection of information.

3. HOW IS YOUR PERSONAL DATA COLLECTED

We use different methods to collect data from and about you including through:

Direct Interactions. You will provide to us your Identity, Contact and Financial Data online through the Website and/or by filling in online forms and/or by corresponding with us by emails or otherwise.

We require to collect the above data in order to that we are able to (i) provide our services efficiently, (ii) to comply with our ongoing legal and regulatory obligations, including, inter alia, (a) to prevent fraud and money laundering acts and/or (b) conduct the assessment of suitability and appropriateness test.

If you fail to provide the data when requested we may not be able to perform the contract we have or trying to enter into with you (for example, to provide you with our Services). In this case, we may have to cancel a Service you have with us but we will notify you if this is the case at the time.

It is important that the data we hold about you is accurate and current. Please keep us informed if your data changes during your relationship with us.

Automated Technologies or Interactions. When using our services, your device automatically transmits to us its technical characteristics. Locale (a set of parameters that determine regional settings of your interface, namely, residence country, time zone and the interface language) is used for the purpose of providing you with the best possible service within our platform.

Using the information about IP address, cookies files, information about browser and operating system used, the date and time of access to the site, and the requested pages addresses allows us to provide you with the optimal operation on our web application, mobile and/or desktop versions of our application and monitor your behaviour for the purpose of improving the efficiency and usability of our Services.

We use web analytics tools to track performance of our website and marketing source of user by cookies in order to optimize our marketing costs and provide users with better experience.

You may at any time request that we refrain from any such transmissions (to the degree this is possible and subject to any of our legal obligations) by sending your request to the DPO using our details in the OUR CONTACT DETAILS below using the registered email address you disclosed and registered with us. We will address your request within 30 business days.

About Cookies:

A cookie is a small amount of data that often includes a unique identifier that is sent to your computer or device browser from a website's computer and is stored on your device's hard drive for tracking site usage. A website may send its own cookie to your browser if your browser's preferences allow it, but, to protect your privacy, your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other websites. First-party cookies are those placed directly by us and are used only by us. We use cookies to facilitate and improve your experience of our Website and to provide and improve our products and Services. We have carefully chosen these Cookies and have taken steps to ensure that your privacy and personal data is always protected and respected.

By using our Website, you may also receive certain third-party cookies on your computer or device. Third-party cookies are those placed by websites, services, and/or parties other than us. For more details, please refer to the table below. All Cookies used by and on our Website are used in accordance with applicable legislation on the use of cookies

Our Website uses analytics services, which are a set of tools used to collect and analyse anonymous usage information, enabling us to better understand how our Website is used. This, in turn, enables us to improve our Website and the Services offered through it. You do not have to allow us to use these cookies, however whilst our use of them does not pose any risk to your privacy or your safe use of our Website, it does enable us to continually improve our Website, making it a better and more useful experience for you.

You will be required to provide cookie consent by acknowledging the privacy and cookie policies during registration of your account. By giving your consent to the placing of Cookies you are enabling us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of our Site may not function fully or as intended.

You can choose to delete cookies on your computer or device at any time, however you may lose any information that enables you to access our Website more quickly and efficiently including, but not limited to, login and personalisation settings. It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.

You can instruct your browser to enable or disable cookies, refuse all cookies or to indicate when a cookie is being sent. Please note that by doing so you may not be able to use all the provided functions of our Website and/or Services in full.

Please see our cookies policy for further details.

4. HOW WE WILL USE INFORMATION ABOUT YOU

  1. We process the aforementioned data in compliance with the provisions of the PRIVACY LAWS and the applicable local legislation from time to time in order to:
    • Be able to perform our contractual obligations with you,
    • Provide our Services efficiently
    • To comply with our legal and regulatory obligations, including inter alia, to prevent fraud and money laundering acts.
    • Protect our legitimate interests and your vital interests
    • Provide you with all information you require in order to perform the Services under the contract.
    • Carry out investigations, risk assessments and client due diligence.
    • Respond to requests for information from you and to follow up afterwards to see if any further assistance is required.
    • Maintain various reports, registers, relating to our legal obligations imposed by relevant laws to which we may be subject to, as well as specific statutory requirements (i.e. financial services law, corporation laws, privacy laws, tax laws etc.).
    • Prevent and detect to the extent possible, money-laundering, terrorism, fraud or other crimes and/or abuses of our services.
    • Comply with legal, regulatory or good practice requirements and to fulfill our obligations under any reporting agreement entered into with any tax authority or revenue services from time to time.
    • Investigate or settle enquiries or disputes or respond to complaints, in such cases, we may need your information as it is in our legitimate interests to ensure that disputes or issues are investigated and resolved quickly and in an efficient manner.
    • Comply with any applicable law in the countries we operate in, court order, other judicial process, or the requirements of any applicable regulatory authority, we do this not only to comply with our legal obligations but because it may also be in our legitimate interest to do so.
    • Notify you about updates to the Website, our services and/or relevant matters.
    • Conduct monitoring, directly by us or through a third party on our behalf, using various methods, such as the use of "intelligent" automated monitoring tools, or through random monitoring of systems, for example systematically via electronic communication recording tools, specific monitoring of systems for example in relation to investigations, regulatory requests, subject access requests, litigation, arbitration or mediation or, data tracking, aggregation and analysis tools that pull data from various disparate data sources to draw linkages and/or detect behavioral patterns, interactions or preferences for analysis (including predictive analysis), and/or using other similar monitoring technology that may become available from time to time.
    • We may use your data for sales and product/event enquiries to provide with information that you have requested from us, in relation to (without limitation) our online/offline events and publications, or other services we provide, as well as for general administration and organisation of our events- as a speaker, exhibitor, sponsor or attendee to our events we may use your details for planning and logistics, to invoice you, to provide you customer service in relation to the event, and general administration of your attendance at the event.
    • We may also use your personal data sometime for statistical and historical research purposes.
    • To maintain our accounts and records,
    • To manage our business needs, such as monitoring, analysing, and improving the Services and the Website's performance and functionality,
    • To comply with all applicable laws and regulations; and/or
    • For the purposes of safeguarding our legitimate interests and your interests and fundamental rights do not override those interests.
  2. Legal basis for processing
    • For compliance with our legal and regulatory obligations, as amended from time to time, including but not limited to the applicable legislation for the Prevention and Suppression of Money Laundering and Terrorist Financing (hereby referred to as Money-Laundering Law), and/or
    • For the performance of our contractual obligations towards the Client;
    • For the purposes of safeguarding our legitimate interests and your interests and fundamental rights do not override those interests; and/or
    • On the basis of your consent.
  3. Indicatively we set out below a description of all the ways we plan to use your data and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process the data for more than one lawful ground depending on the specific purpose for which we are using your data.
    4. ITEM PURPOSE ACTIVITY TYPE OF DATA LAWFUL BASIS FOR PROCESSING INCLUDING BASIS OF LEGITIMATE INTEREST
    a. 1. To administer and protect our business and Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) 1. Identity Data 2. Contact Data 3. Technical Data 1. Performance of our contract with you
    2. Necessary to comply with our legal obligations
    3. Necessary for our legitimate interests (take reasonable steps to confirm that you do not use any ways to manipulate our platform & for running our business, provision of administration and IT services, network security, to prevent fraud)
    b. 1. To deliver relevant Website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.
    2. To provide you with an optimal operation on our web application, mobile and/or desktop versions of our application and monitor your behavior for the purpose of improving the efficiency and usability of our services.    		 1. Identity Data
    2. Contact Data
    3. Profile Data
    4. Usage Data
    5. Technical Data
    6. Marketing and Communication Data Data    		 1. Necessary to perform a contract with you
    2. Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business)
    c. 1. To study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy;
    2. Statutory limitations    		 1. Transaction Data 1. Necessary for legitimate interests (including statutory limitations provisions by applicable laws)
    d. 1. To inform you about any of the following:
    — New services and/or products we may offer;
    — Any new development and/or features of the current products/services we offer    		 1. Identity Data
    2. Profile Data
    3. Contact Data
    4. Technical Data
    5. Usage Data
    6. Transactions
    7. Marketing and Communication Data
    		 1. Necessary to perform a contract with you
    2. Necessary for our legitimate interests (to study how customers use our products/services, to develop our products/services and grow our business)
    e. 1. To send direct marketing of our services to you always within the boundaries of our legitimate interests.
    2. To send to you newsletters, push-messages and calls to keep you in touch with our new feature and new development of the current products/services we offer, news and events and the efficient provision of the full scope of our services. Please note that we will never use your data to communicate to you and/or promote any third party marketing material.    		 1. Identity
    Data
    2. Profile Data
    3. Contact Data
    4. Data that may be provided by you during your activity at the Website. Marketing and Communication Data    		 1. Necessary to perform our contract with you
    2. Necessary for our legitimate interests (to provide effective and personalized customer services to you and to update you in relation to our services that are available to you.
    f. 1. To allow us to provide you with the optimal operation on our Website, mobile and desktop versions of our application and monitor your behavior for the purpose of improving the efficiency and usability of our Services.
    2. To use analytics tools to track performance of the Website and marketing source of our Clients in order to optimize our marketing costs and provide you with better experience.    		 1. Location Data
    2. Technical Data
    3. Usage Data
    4. Marketing and Communication Data    		 1. Necessary to perform our contract with you
    2. Necessary for our legitimate interests (to provide effective and personalized customer services to you and to update you in relation to our services that are available to you).
    g. 1. To allow us to monitor and train our employees for your benefit
    2. To safeguard your or our interests in case of a dispute
    3. To take steps for fraud prevention
    4. To improve the services provided to you
    		 1. Audio Data 1. Necessary to perform our contract with you
    2. Necessary to comply with our legal obligations
    3. Necessary for our legitimate interests
  4. If you are an existing Client of the Website where we have a legitimate interest in communicating with you, or if you have given us your consent we will collect and process your personal data to communicate with you in case of support and/or sending newsletters, push-messages and calls to keep you in touch with our new features, news and events and the efficient provision of the full scope of our services. We will also use your data to send you marketing information regarding our services that we believe may be of interest to you via email or otherwise.

5. DISCLOSURE OF DATA

We strive to maintain discretion with respect to client related matters and assessments of which we acquire knowledge. We may disclose data that concerns you only if (i) we are legally required to do so; (ii) if required when you expressly order us to process a transaction or any other service and (iii) it is required for the provision of our services under our contractual relationship and/or (iv) protection of our legitimate interests, in accordance with the provisions of the GDPR and applicable local legislation as amended from time to time.

We may share your personal data in the following circumstances, the following are examples of where and how your information may be transferred, but please note this is not an exhaustive list and that due to ongoing changes in our IT and operational infrastructure this may change at any time:

  • We may share your data between the Quadcode Group on a confidential basis in order to provide you with our Services.

  • We may have to share your personal data with third parties service providers, processing data on our behalf, who help us with our business operations. When your personal data is shared with a third party, we will take the necessary steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party's obligations under the law. We ensure that our contracts with those third parties contain the appropriate GDPR model clauses and that all our third parties are also compliant with the GDPR, this affords your data the same protection away from our organisation, as it does within it. Your personal data is shared with third party organisations/entities including but not limited to:

    1. Service Providers. We may share your personal data with our trusted third party service providers, who, on our behalf, operate, maintain, and/or support our IT systems and IT infrastructure, our websites, manage our payment solutions, perform statistical analysis, marketing and advertising purposes, sending newsletters, provide customer support and perform other important services for us. We will store and process your data following industry best practice and security. Some of that processing takes place at our offices and data centres in Amsterdam and Frankfurt.
    2. State Authorities. The Company will make such disclosure only if required to be disclosed by the Company by applicable law, regulation or court order and to the minimum required extent.

    3. Other disclosures. In addition to where you have consented to a disclosure of the data or where disclosure is necessary to achieve the purpose(s) for which, it was collected, data may also be disclosed in special situations, where we have reason to believe that doing so is necessary to identify, contact or bring legal action against anyone damaging, injuring, or interfering (intentionally or unintentionally) with our rights or property, users, or anyone else who could be harmed by such activities, or otherwise where necessary for the establishment, exercise or defence of legal claims. Where reasonably possible, management shall ensure that third parties collecting, storing or processing personal information on behalf of the Company have:

      1. Signed agreements to protect personal information consistent with this Privacy Policy and information security practices or implemented measures as prescribed by GDPR;
      2. Signed non-disclosure agreements or confidentiality agreements which includes privacy clauses in the contract; and/or
      3. Established procedures to meet the terms of their agreement with third party to protect personal information.
    4. International Transfers. We process data within the EEA and countries deemed by the European Union as having adequate safeguards for protecting personal data. These countries are recognised by the EU as having suitable safeguards for the rights and freedoms of individuals and recourse processes by which data subjects can exercise their rights.

Should there be a business need to transfer or process your data to company(ies) and/or third parties might imply a transfer of your data to third countries, which may not fall within ambit of the GDPR (so called Third Countries) we will ensure that they are subject to appropriate security measures and safeguards as deemed appropriate under GDPR and other relevant national and international data protection laws. This may include entering into the appropriate contractual agreements to regulate any such transfers and safeguard any personal information transferred to them. A transfer to a company and/or third party based in a Third Country would only take place where one of the following applies:

  1. The individual has given consent to the transfer of information
  2. The transfer is necessary for the performance of a contract between the individual and the Company, or the implementation of pre-contractual measures taken in response to the individual's request.
  3. The transfer is necessary for the conclusion or performance of a contract concluded in the interest of the individual between the Quadcode group company and a third party.
  4. The transfer is necessary or legally required on important public interest grounds or for the establishment, exercise or defence of legal claims.
  5. The transfer is required by law.
  6. The transfer is necessary in order to protect the vital interests of the individual.
  7. The transfer is made under a data transfer agreement.
  8. The transfer is otherwise legitimised by applicable law.

Remedial action shall be taken in response to misuse or unauthorized disclosure of personal information by a third party collecting, storing or processing personal information on behalf of Quadcode.

If you want to obtain further information on any data transfers mentioned above please contact us using the registered email address you disclosed to us through the points of contact listed in the Section OUR CONTACT DETAILS.

6. DATA RETENTION

We store your data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for your personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting and other requirements.

To comply with the applicable legal, regulatory, tax, accounting requirements we keep your personal data for a minimum period of 7 (seven) years from the date our business relationship is terminated. We may need to retain your information for a longer period where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate business purposes, such as to respond to queries or complaints, fighting fraud and financial crime and responding to requests from regulators.

At the expiration of the personal data retention period the personal data is erased by irreversible destruction and we also inform all third parties, to whom the personal data was transferred, regarding such erasure and request implementation of similar actions on their part.

7. YOUR RIGHTS AND HOW TO WITHDRAW CONSENTS AND UNSUBSCRIBE

Under certain circumstances in accordance with GDPR and the applicable local legislation as amended from time to time you have rights, which we will always work to uphold. Some of the rights are rather complex and include exemptions, thus we strongly advise you to contact us (at the contact details listed in the section OUR CONTACT DETAILS below) and/or seek guidance from the regulatory authorities for a full explanation of these rights. You can find a summary of your rights below in this section:

A. The right to access. You have a right to obtain the confirmation as to whether or not your data is being processed by us. In addition, you have a right to obtain more detailed information about the data kept and the processing undertaken by us and under certain circumstances the right to receive a copy of this data.

B. The right to rectification. You have the right to have inaccurate data about you rectified, and, taking into account the purpose of the processing, to have incomplete data completed.

C. The right to erasure. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Please note however that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. In case if you want to obtain complete erasure of your data (to apply the "right to be forgotten"), please note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

D. The right to restriction of processing. You have the right to request the restriction of processing of your personal data (a) if it is not accurate;(b) where processing may be unlawful but you do not want us to erase your data; (c) where you need us to hold the data even if we no longer require it; or (d) where you may have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

E. The right to data portability. To the extent the legal basis for the processing is your consent, and such processing is carried out by automated means, you have the right to receive your data in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others and/or in case it may be technically impossible to do so.

F. The right to object. Subject to the legal basis on which the processing activity is based, you may object to processing of your personal data. Please note that in some cases, we may have compelling legitimate grounds to process your information which we need to comply with.

G. The right to withdraw consent. To the extent that the legal basis for the processing is your consent, you have the right to withdraw from that consent at any time. This may apply to marketing purposes and/or with regards to the transfer of your data to third parties. In case you withdraw from a consent given, then we will cease to process your data, unless and to the extent the continued processing is permitted or required according to the applicable data regulation or other applicable laws and regulations. The withdrawal from your consent will in no event affect the lawfulness of processing based on consent before its withdrawal.

H. The right to complain to the data protection supervisory authority. We do our best to ensure that we protect your data, keep you informed about how we process your data and comply with the applicable data protection regulation. In case you are not satisfied with the processing and protection of your data or the information you have received from us, then we urge you to inform us in order for us to improve. Please also do not hesitate to contact us, if you want to make use of your rights.

If you want to exercise any of your rights mentioned above and/or obtain more information regarding your rights and/or our policies and procedures please contact us through the points of contact listed in the Section OUR CONTACT DETAILS below. Please also provide us with relevant information to take care of your request, including your full name and email address so that we can identify you. We will respond to your request without undue delay.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

We may charge you a reasonable administrative fee for any unreasonable or excessive requests we may receive, and for any additional copies of the data you may request.

8. DATA SECURITY

We protect your data by adhering to industry standard regulations on data protection by categorising them into data types (e.g. technical, personal data, cookie data, etc) while applying relevant protection processes and due diligence procedures. Therefore, we apply appropriate technical and organisational controls to protect your data, including secure computer systems adopting least privilege access in order to prevent unauthorised access, disclosure, modification, or destruction of personal data. Any hard copy documents are locked in a secure cabinet, and destroyed once no longer required.

Encryption of your data in transit. Encryption provides a high level of security and privacy for your personal data. When personal data in provided when using our Services, we use strong encryption technologies (such as Transport Layer Security) to protect the personal data during transmission from your devices to our servers.

For providing more trust and security we use digital EV (Extended Validation) Certificates issued by trusted Certificate Authorities. You can see the 'Green Bar' in the supported browser versions which confirms what all transmitted personal data is secure.

Protection of your data in our infrastructure. We make it a priority to develop Services that are secure "by default". The "default" security of our Services means that every new services and features are designed with strict security requirements in mind before we even begin development. This is the key to guaranteed protection and privacy of all personal data that our Services handle and store, once the service or new feature is released.

To secure personal data, we use the pseudonymisation which allows most of our Services to operate without using your actual data. Instead of that, our services use a system ID that can't be traced back to identify you.

Quadcode is always vigilant about the Security of the personal data stored in our infrastructure. Because of that we locate all our equipment used for your personal data processing in secure personal data centres. Network access to this equipment is isolated from the Internet. We use network segmentation for isolation of Services which need different level of security from each other. In addition, we restrict logical access to the personal data for our employees on "need to know" basis. So, only personnel, who really require access to the personal data for the purpose of providing you with our best Service, will have access to it.

Threats protection. Quadcode is highly knowledgeable about modern threats to personal data security and privacy, and we are well prepared to combat them. All events that occur in our infrastructure are continuously monitored, analysed and responded, which allows us to ensure proper protection of your personal data, keeping it safe from threats, vulnerabilities, and the effects of malware.

In the event of a failure that affects the accessibility of your personal data, we have personal data backup and recovery procedures in place that will help us to restore your personal data in a short time. For further guarantee the quick recovery we use high availability mode enabled for most critical databases which allows us to minimise downtime.

Employee awareness of data security. Our employees may handle your personal data in order to provide you with the first-class Service. To guarantee the security and confidentiality of your personal data, we monitor all employees' actions with access to your personal data in our systems and grant access strictly on a "need to know" basis: only employees who need access will receive it. We hold regular training sessions to make sure that each employee understands the principles that Quadcode follows to achieve robust data security and privacy.

If you choose not to give your personal information. In the context of our business relationship we may need to collect data by law, or under the terms of a contract we have with you. Without this data, we are, in principle, not in a position to close or execute a contract with you. If you choose not to give us this data, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform the Services.

To what extent we carry automated decision-making and profiling. In establishing and carrying out a business relationship, we generally do not use automated decision-making. If we use this procedure in individual cases, we will inform you of this separately. In some cases, we may proceed with profiling in order to evaluate certain personal aspects. We shall inform you accordingly in case we perform any profiling. In general, any data collection that is optional would be made clear at the point of collection.

9. OUR CONTACT DETAILS

Quadcode only processes your personal data in compliance with this Privacy Policy and in accordance with GDPR, while meeting highest possible data protection standards, and as such, we treat data protection complaints with all seriousness. So, should you have any reservations or complaints as to how we process(ed) your personal data, you can contact us through the following address:

Full Name of Legal Entity: QCL QUAD CODE CY LIMITED
Email Address: dpo@quadcode.com
Postal Address: 82nd road, 4 Kato Polemidia,
4153, Limassol, Cyprus

To enable us to process your request, please contact us using the registered email address you disclosed and registered with us. We may require that you provide us with proof of your identity, such as by providing us with a copy of a valid form of identification. This is to ensure that we appropriately protect the personal data we hold from unauthorised access requests and comply with our security obligations.

If you have any questions, or want more details about how we use your data, you may contact us at the above contact details and we will be happy to provide you with further details.

If following your request to us we are unable to provide you with a satisfactory answer then you may lodge a complaint with the local data protection supervisory authority. The data protection supervisory authority in Cyprus is: Commissioner for Data Protection P.O. Box 23378, 1682 Nicosia, Cyprus- www.dataprotection.gov.cy

We would however appreciate the chance to deal with your concerns before you approach the GRA, so please contact us in the first instance.

10. LINKS TO OTHER WEBSITES

We may provide links to third party websites in our Website. These linked websites are not under our control, and we therefore cannot accept responsibility or liability for the conduct of third parties linked to our websites, including without limitation to the collection or disclosure of your data. Before disclosing your data on any other website, we encourage you to examine the terms and conditions of using that website and its privacy policies.

11. CHANGES TO THIS PRIVACY POLICY

This Privacy Policy was last updated on 08th of September 2025. We reserve the right, at our discretion, to add, modify or remove parts of this Privacy Policy in the future to ensure that the information herein provides relevant and adequate information about our collecting and processing of your data.

In case of updates, we will post the revised Privacy Policy on our Website. Changes will take effect as soon as the revised version is made available on our website above. Thus, we recommend that you check the Website regularly to keep up-to-date. Your comments and feedback are always welcome. You may contact us at any time through the points of contact listed in the Section OUR CONTACT DETAILS.