contact us

Privacy Policy

Privacy Policy

Version date: 15 June 2026

1. Scope

This Privacy Policy informs you about how QuoIntelligence GmbH processes personal data when you visit our website https://quointelligence.eu/ or use the features offered there.

Personal data refers to any information relating to an identified or identifiable natural person, such as name, contact details, IP address, communication content, usage data, or technical identifiers.

This Privacy Policy applies to our website. For external websites to which we merely provide links, the privacy policies of the respective providers apply as soon as you access those sites. Simply visiting our website via external links does not result in data being transferred to the linked providers. If external content or services are technically integrated, we will provide information about this in the following sections.

2. Data Controller

The entity responsible for the processing of personal data is:

QuoIntelligence GmbH

Sebastian-Kneipp-Str. 41

60439 Frankfurt am Main

Germany

Phone: +49 69 33997938

Email: [email protected]

Website: https://quointelligence.eu/

3. Data Protection Officer

You can contact our Data Protection Officer at:

[email protected]

4. Legal Bases

We process personal data only if there is a legal basis for doing so. Depending on the processing operation, the following legal bases may apply in particular:

  • 6(1)(a) GDPR, if you have given us your consent;
  • 6(1)(b) GDPR, if processing is necessary for the performance of a contract or for the implementation of pre-contractual measures;
  • 6(1)(c) GDPR, if we are legally obligated to process the data;
  • 6(1)(f) GDPR, if the processing is necessary to protect our legitimate interests or those of third parties and your interests or fundamental rights do not override them.

To the extent that we store or read information on your device, for example through cookies, local storage, session storage, pixels, tags, or comparable technologies, we also comply with § 25 TDDDG. We use technologies that are not technically necessary only with your consent.

5. Hosting, Technical Provision, and Server Log Files

Our website is provided via external hosting, website, and IT infrastructure service providers. These service providers process personal data that is technically generated when you visit our website, in particular server log files and connection data.

When you visit our website, the following data in particular may be processed:

  • IP address;
  • Date and time of access;
  • Page or file accessed;
  • Referrer URL;
  • Browser type and browser version;
  • Operating system;
  • Device type used;
  • Amount of data transferred;
  • Access status;
  • Requesting provider.

This processing is carried out to technically provide the website, ensure stability and security, analyze errors, and detect misuse or attacks.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure, stable, and functional provision of our website.

To the extent that service providers process personal data on our behalf, we enter into data processing agreements in accordance with Art. 28 GDPR. Server log files are stored only for as long as necessary for the aforementioned purposes and are subsequently deleted or anonymized, unless longer storage is required to investigate security-related incidents.

6. Cookies, Similar Technologies, and Consent Management

Our website uses cookies and similar technologies. These may include, in particular, cookies, local storage, session storage, pixels, tags, scripts, and device or browser information.

We use technically necessary technologies to the extent they are required to provide our website or to enable functions you have requested. The legal basis for storing or accessing information on your device is Section 25(2) of the TDDDG. The subsequent processing of personal data is based, depending on the purpose, on Article 6(1)(f) of the GDPR or Article 6(1)(b) of the GDPR.

We use non-technically necessary technologies—in particular for analytics, marketing, retargeting, external media, or convenience features—only with your consent. The legal basis for storing or accessing information on your device is Section 25(1) of the TDDDG. The legal basis for the subsequent processing of personal data is Article 6(1)(a) of the GDPR.

We use the consent management tool Hu-manity to obtain, manage, and document consents. In doing so, we may process, in particular, your consent decisions, the date and time of the decision, browser and device information, your IP address, a pseudonymous user ID, and the consent interface accessed.

The legal basis for the management and documentation of your consents is Article 6(1)(c) of the GDPR. Additionally, Article 6(1)(f) of the GDPR serves as a legal basis; our legitimate interest lies in the legally compliant management of consents. To the extent that the consent tool stores or reads information on your device, this is done on the basis of Section 25(2) of the TDDDG.

For more information on data processing at Hu-Manity, please visit https://hu-manity.co/privacy-policy/.

You can change or withdraw your consents at any time with future effect via the cookie settings icon on our website. There you will also find a current overview of the cookies and comparable technologies used.

7. Contact and Forms

When you contact us via a form, email, phone, or other means, we process the data you provide. This may include, in particular:

  • Name;
  • contact details;
  • company and position, if provided;
  • content of your inquiry;
  • date and time of contact;
  • technical metadata, if necessary.

Processing is carried out to handle your inquiry and to communicate with you.

The legal basis is Art. 6(1)(b) GDPR if your inquiry relates to a contract or concerns pre-contractual measures. In other cases, the legal basis is Article 6(1)(f) of the GDPR. Our legitimate interest lies in the proper handling of inquiries. To the extent that we obtain consent for specific contacts, Article 6(1)(a) of the GDPR serves as the legal basis.

We may use HubSpot for forms and the subsequent processing of inquiries. You can find more details on this in the following section.

8. HubSpot for Forms, CRM, and Marketing Automation

We use HubSpot for website forms, CRM functions, contact management, marketing automation, lead management, and related analytics or tracking functions.

The provider is HubSpot Ireland Limited, 1 Sir John Rogerson’s Quay, Dublin 2, Ireland. Depending on the processing, affiliated companies of the HubSpot Group may also be involved.

In addition, we may connect HubSpot with AI-supported assistance and integration systems, in particular Claude MCP provided by Anthropic. Claude MCP may support authorised users in searching, summarising, drafting, analysing and organising CRM-related and business communication data. Depending on the configuration, connected interfaces and user permissions, Claude MCP may process data stored in or accessible through HubSpot, including CRM records, lead and contact information, communication history, notes, tasks, interaction data, metadata, prompts, outputs and technical usage data.

In particular, the following data may be processed:

  • IP address;
  • browser and device information;
  • pages visited and interactions;
  • referrer URL;
  • time of access;
  • cookie or user identifiers;
  • form content and contact information, if you fill out a form;
  • company, role and business contact information;
  • CRM records, lead status, notes, tasks and interaction history;
  • information regarding the processing of your inquiry or business relationship;
  • prompts, outputs and technical usage data generated when authorised users use AI-supported systems connected to HubSpot.

The legal basis depends on the specific processing activity:

Where we process personal data to respond to an enquiry made by you, to take steps at your request before entering into a contract, to prepare offers, manage customer relationships, provide services or fulfil contractual obligations, the legal basis is Art. 6(1)(b) GDPR, where applicable. Where the data relates to business contacts acting on behalf of a company or other organisation, the legal basis is generally our legitimate interest pursuant to Art. 6(1)(f) GDPR in managing business relationships, responding to business enquiries and organising B2B communication.

Where we use HubSpot and AI-supported systems, including Claude MCP, to support internal business operations, CRM administration, sales and customer relationship management, communication handling, internal knowledge management, documentation, retrieval, summarisation, drafting or structuring of CRM and communication data, the legal basis is Art. 6(1)(f) GDPR. Our legitimate interests consist in the efficient organisation of business operations, effective management of customer and prospect relationships, optimisation of internal workflows, and the secure and compliant use of modern IT and AI-supported systems.

Where processing is necessary to ensure IT security, system integrity, access control, misuse detection, fraud prevention, logging, troubleshooting or technical performance monitoring of HubSpot, Claude MCP or related systems, the legal basis is Art. 6(1)(f) GDPR.

Where we process personal data to comply with legal obligations, including statutory retention obligations or responding to lawful requests by authorities, the legal basis is Art. 6(1)(c) GDPR.

Where HubSpot or connected systems are used for non-essential analytics, tracking, marketing automation, behavioural analysis, enrichment of contact profiles, lead capture or similar purposes requiring consent, the legal basis is your consent pursuant to Art. 6(1)(a) GDPR. Where such processing involves storing information on your terminal equipment or accessing information stored on your terminal equipment, we also rely on your consent pursuant to Section 25(1) TDDDG, unless the access or storage is strictly necessary to provide a digital service expressly requested by you.

AI-supported systems connected to HubSpot are used to support our internal business, sales, marketing and customer communication processes. They are not used to make decisions based solely on automated processing that produce legal effects or similarly significantly affect individuals. Personal data processed through such systems is not used to train generally available AI models.

For more information on HubSpot’s data processing, please visit https://legal.hubspot.com/privacy-policy. For more information on Anthropic’s data processing, please visit https://www.anthropic.com/privacy.

 

 

9. Business Contact Data from Third-Party Sources; Lead Research and Enrichment

For business development, sales, and marketing purposes, we may process professional contact data of potential business contacts that we have not, or not exclusively, obtained directly from the persons concerned.

We may collect such data from publicly available sources, in particular company websites, commercial registers, professional networks, trade press, publicly available event or speaker information, and from B2B data and enrichment services.

We use Clay for lead research, data enrichment, and the consolidation of business contact information. The provider is Clay Labs, Inc., 119 N 11th Street, 3C, Brooklyn, NY 11249, USA.

In particular, the following data may be processed:

  • name;
  • business contact details, such as business email address or business phone number;
  • employer, company, position, role, department, and professional responsibilities;
  • professional profile links, such as LinkedIn profile URLs;
  • company information, such as industry, size, location, and business area;
  • information on professional interests or responsibilities relevant to our services;
  • source information and enrichment metadata;
  • communication history and interaction data, where applicable.

We do not intentionally process special categories of personal data within the meaning of Art. 9 GDPR for these purposes.

Processing is carried out to identify companies and professional contacts for whom our services may be relevant, to prepare and conduct business-to-business communication, to maintain and update our CRM records, and to support our sales and marketing activities.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in identifying relevant business contacts, conducting business-to-business marketing and sales communication, maintaining accurate and up-to-date business contact data, and presenting our services to companies and professional contacts for whom they may be relevant. We limit this processing to professional contact information and information relevant in a business context.

Electronic marketing communications are sent only in accordance with the legal requirements applicable to the respective communication channel, including consent requirements where they apply.

For more information on data processing by Clay, please visit https://www.clay.com/privacy.

10. Partner Relationship Management

We use Introw to manage our partner relationships, in particular for partner onboarding, partner portals, deal registration, shared content, referral management, and communication with our partners.

The provider is Introw BV, Dok-Noord 4E 102, 9000 Ghent, Belgium.

Introw may be connected to our CRM and other business systems. In particular, the following data of contact persons at partner companies and, where relevant to a joint business opportunity, of prospective customers may be processed:

  • name;
  • business contact details;
  • company, position, role, and department;
  • communication content and interaction history;
  • partner portal account and usage data;
  • deal, referral, opportunity, and collaboration information;
  • shared documents, notes, tasks, and project-related information;
  • technical metadata, such as timestamps, user identifiers, and log data.

Processing is carried out to establish, manage, and document partner relationships, to enable partner onboarding, to coordinate joint business development activities, to manage referrals and business opportunities, and to communicate with our partners.

The legal basis is Art. 6(1)(b) GDPR where the processing is necessary for the performance of a contract with the person concerned or for pre-contractual measures at their request. In other cases, the legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the efficient organization and management of our partner relationships, partner communications, referrals, and joint business opportunities.

Where we collaborate with a partner company on a specific business opportunity, relevant contact, referral, and opportunity information may be made available to the respective partner company. Such sharing is limited to what is necessary for the respective collaboration, referral, or business opportunity.

For more information on data processing by Introw, please visit https://app.introw.io/privacy-statement.

 

10. Google Services for Tag Management, Analytics, and Marketing

We use Google services for tag management, analytics, and marketing, specifically Google Tag Manager, Google Analytics, and Google Ads or DoubleClick features.

The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company is Google LLC, USA.

These services may be used to manage website tags, analyze the use of our website, measure the effectiveness of advertising campaigns, track conversion events, or target users based on their interests.

In particular, the following data may be processed:

  • IP address;
  • browser and device information;
  • pages visited;
  • referrer URL;
  • usage and interaction data;
  • time of access;
  • cookie or user identifiers;
  • approximate location data;
  • conversion and campaign data.

The use of analytics and marketing services is subject to your consent. The legal basis for storing or accessing information on your device is § 25(1) TDDDG. The legal basis for the subsequent processing of personal data is Art. 6(1)(a) GDPR.

Google Tag Manager may be technically necessary to manage consents and tags. To the extent that it is used exclusively for technically necessary purposes, the legal basis is Article 6(1)(f) of the GDPR. Services requiring consent are loaded via Google Tag Manager only after you have given your consent.

For more information on data processing, please visit https://policies.google.com/privacy.

We may additionally access and analyse Google Analytics reporting and configuration data through AI-supported assistance and integration systems, in particular Claude via the Model Context Protocol (MCP) or comparable interfaces.

Such access is used to support authorised users in retrieving, summarising, analysing and interpreting website analytics reports, campaign performance, traffic sources, usage trends and similar aggregated reporting information. The integration accesses data that has already been collected through Google Analytics as described in this section.

In our standard configuration, we use this integration only for aggregated or statistical reporting data and do not intentionally use it to identify individual website visitors. We do not use custom dimensions or analytics reports for this integration that contain directly identifying information such as names, email addresses or similar identifiers.

Depending on the query and configuration, the following data may be processed:

  • aggregated website usage statistics;
  • page, event, traffic source, campaign and conversion data;
  • Google Analytics account, property and configuration data;
  • prompts, queries, outputs and technical usage data generated when authorised users use the AI-supported analytics integration.

The subsequent internal access to and analysis of Google Analytics reporting data through AI-supported systems is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in the efficient internal analysis of website usage, the improvement of our website, the evaluation of marketing measures and the optimisation of our online communication.

AI-supported analytics integrations are used only to support internal analysis and reporting. They are not used to make decisions based solely on automated processing that produce legal effects or similarly significantly affect individuals. Personal data processed through such systems is not used to train generally available AI models.

Access to Google Analytics reporting data through AI-supported systems is restricted to authorised users. To the extent that providers of AI-supported systems process personal data on our behalf, we enter into data processing agreements in accordance with Art. 28 GDPR. Where personal data is transferred outside the European Union or the European Economic Area, such transfer takes place only under the conditions described in the section on transfers to third countries.

11. LinkedIn Marketing and Integration Services

We use LinkedIn services, in particular the LinkedIn Insight Tag, LinkedIn Ads, or integrated LinkedIn features, to measure the success of advertising campaigns, create target groups, or provide embedded LinkedIn content.

The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The parent company is LinkedIn Corporation, USA.

In particular, the following data may be processed:

  • IP address;
  • browser and device information;
  • page accessed;
  • referrer URL;
  • time of access;
  • interactions with our website;
  • cookie or user identifiers;
  • where applicable, information from your LinkedIn account if you are logged in there.

This is done only with your consent. The legal basis for storing or accessing information on your device is Section 25(1) of the TDDDG. The legal basis for the subsequent processing of personal data is Article 6(1)(a) of the GDPR.

For more information on data processing, please visit https://de.linkedin.com/legal/privacy-policy.

12. External Media and Embedded Content

We embed external media or content on individual pages, in particular videos, audio content, data visualizations, or external image and media content. Providers of the embedded content include, in particular:

  • YouTube: The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Further information on data processing can be found at https://policies.google.com/privacy
  • Vimeo: The provider is Vimeo.com, Inc., 330 West 34th Street, 10th Floor, New York, NY 10001, USA. For more information on data processing, please visit https://vimeo.com/legal/privacy/policy
  • Spotify: The provider is Spotify AB, Regeringsgatan 19, 111 53 Stockholm, Sweden. For more information on data processing, please visit https://www.spotify.com/de/legal/privacy-policy/
  • Our World in Data: The provider is Global Change Data Lab, Urbanoid Workspace, 1&3 Kings Meadow, Oxford, England OX2 0DP, United Kingdom. For more information on data processing, please visit https://ourworldindata.org/privacy-policy
  • Medium / miro.medium.com: The provider is A Medium Corporation, USA. For more information on data processing, please visit https://help.medium.com/hc/en-us/articles/213481328-Medium-Privacy-Policy

When you activate embedded content or when the content is loaded after you have given your consent, personal data may be transmitted to the respective provider. This may include, in particular:

  • IP address;
  • browser and device information;
  • page accessed;
  • referrer URL;
  • usage interactions;
  • cookie or user identifiers;
  • for logged-in users, where applicable, an association with the respective provider account.

External media and non-essential embedded content are generally only loaded once you activate them or have previously consented. The legal basis for storing or accessing information on your device is Section 25(1) of the TDDDG. The legal basis for the subsequent processing of personal data is Art. 6(1)(a) GDPR.

To the extent that individual external content is technically necessary without technologies requiring consent and solely for the display of a page you have accessed, Art. 6(1)(f) GDPR may serve as the legal basis. Our legitimate interest lies in the appealing and informative presentation of our website.

13. Security, Error Analysis, and Performance

We use services to ensure and improve the security, stability, error-free operation, and performance of our website. These may include, in particular, security, bot protection, error diagnosis, monitoring, and performance services. Providers of such services may include, in particular:

  • Sentry: The provider is Sentry Software Netherlands B.V., Schiphol Boulevard 359, 1118 BJ Amsterdam Schiphol, Netherlands. Sentry Software is part of Functional Software, Inc. d/b/a Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA. For more information on data processing, please visit https://sentry.io/privacy/
  • Cloudflare: The provider is Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. For more information on data processing, please visit https://www.cloudflare.com/de-de/privacypolicy/

In particular, the following data may be processed:

  • IP address;
  • browser and device information;
  • URL accessed;
  • time of access;
  • technical performance data;
  • error messages and technical diagnostic data;
  • referrer URL;
  • pseudonymous usage or session data, where necessary.

Processing is carried out to detect and resolve technical errors, prevent attacks and misuse, ensure the stable operation of the website, and improve technical performance.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure, stable, and functional provision of our website. To the extent that a service stores or reads information on your device and this is not technically necessary, such use is permitted only with your consent in accordance with § 25(1) TDDDG and Art. 6(1)(a) GDPR.

14. Job Applications and Career Section

Separate privacy notices apply to job applications and the career section. These are available at:

If you simply follow a link to our careers section or to an external application platform, you will leave our website. The respective application privacy notices apply to the processing of personal data there.

15. Social Media Presence

We maintain publicly accessible accounts on social networks and platforms. We currently use the following providers: LinkedIn & X.

Through our social media profiles, we aim to provide information about our services, news, and content, communicate with interested individuals, and enhance our public image.

When you visit our social media profiles, interact with them, or contact us via the features offered there, personal data may be processed. This includes, in particular, your profile name, profile information, publicly visible interactions such as likes, comments, shared content, messages to us, communication content, as well as technical data and usage data processed by the respective platform operator.

We process personal data that you provide to us via social media, particularly when you contact us, comment on posts, share content, or otherwise interact with our accounts. This processing is carried out to communicate with you, to process your inquiry, for public relations purposes, and to maintain our business contacts and external communications.

The legal basis for our processing is Article 6(1)(f) of the GDPR. Our legitimate interest lies in the external presentation of our company, providing information about our services, and communicating with prospective customers, customers, business partners, and other users. If your contact is aimed at concluding or performing a contract, Art. 6(1)(b) GDPR also applies. To the extent that statutory retention obligations apply, processing is based on Article 6(1)(c) of the GDPR.

Please note that the respective platform operators may also process users’ personal data for their own purposes. This may include, in particular, the provision of the platform, analytical and statistical functions, personalized content, advertising, market research, security measures, and the creation of usage profiles. The platform operators may also use cookies and similar technologies and process data regardless of whether you are logged in to the respective platform or have a user account. We have only limited influence over the nature and scope of this processing.

Processing by the platform operators is governed by their own privacy policies, terms of use, and settings. Please review these in particular to determine which data is processed for which purposes, what legal bases the respective provider relies on, what settings are available, and how you can exercise your data subject rights with the provider.

Recipients and Visibility

When you interact with our social media profiles, your interactions may be publicly visible depending on the platform, your privacy settings, and the nature of the interaction. This applies in particular to comments, likes, shared content, mentions, and other public activities.

We receive only the information via the platforms that you actively provide to us or that is visible to us based on your interaction with our presence. To the extent that platforms provide us with statistical analyses regarding the use of our presence, we generally receive these in aggregated form. It is generally not possible for us to identify individual persons based on such aggregated statistics.

Retention Period

We store personal data processed by us from social media communication only for as long as necessary for the stated purposes. We delete inquiries and messages as soon as the respective inquiry has been fully processed and there are no legal retention obligations or legitimate interests in further storage. Publicly visible comments or interactions generally remain visible until you delete them yourself, the platform removes them, or we delete them as part of our moderation process.

We have no significant influence over the retention period of data that the respective platform operators process for their own purposes. For details, please refer to the privacy policy of the respective platform.

Your Rights

You may generally exercise your rights to access, rectification, erasure, restriction of processing, data portability, and objection to certain processing activities both with us and with the respective platform operator. Insofar as data processing is carried out exclusively by the platform operator, we ask that you contact the respective provider directly, as only they have full access to the data processed there.

Regardless of this, you may contact us at any time. You also have the right to lodge a complaint with a competent data protection supervisory authority.

LinkedIn

We maintain a presence on LinkedIn. The provider for users in the EU, the EEA, and Switzerland is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

LinkedIn may process personal data when you visit our LinkedIn page, follow it, view posts, comment, share, “like,” or contact us via LinkedIn. In doing so, LinkedIn processes, among other things, profile and contact data, content data, communication data, interaction data, usage data, device and log data, as well as information from cookies and similar technologies.

To the extent that LinkedIn provides us with so-called Page Insights for a LinkedIn Page, LinkedIn and we share joint responsibility for the processing of personal data to generate these Page Insights within the meaning of Article 26 of the GDPR. LinkedIn generally provides us with Page Insights only in aggregated form. According to LinkedIn, LinkedIn is responsible for informing data subjects about the processing and for fulfilling the rights of data subjects with regard to Page Insights. We are obligated to forward requests from data subjects regarding Page Insights to LinkedIn and to cooperate with LinkedIn.

For more information on joint responsibility regarding LinkedIn Page Insights, please visit:

https://www.linkedin.com/legal/l/page-joint-controller-addendum

For more information on data processing by LinkedIn, please refer to LinkedIn’s Privacy Policy:

https://www.linkedin.com/legal/privacy-policy

Information on data transfers by LinkedIn to third countries, in particular to the U.S., can be found at:

https://www.linkedin.com/help/linkedin/answer/a1343190/eu-eea-and-swiss-data-transfers

You can manage your privacy settings on LinkedIn here:

https://www.linkedin.com/psettings/

X

We maintain a presence on X. According to X, the provider for users in the EU, the EFTA states, and the United Kingdom is X Internet Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

X may process personal data when you visit our X page, follow it, view posts, comment, repost, like, share, or contact us via X. In doing so, X processes, among other things, profile information, content and interactions, communication data, usage data, device and log data, location information, cookie data, and information from advertising and business partners.

X notes that content on X may generally be publicly visible. This may include, in particular, profile information, posts, replies, reposts, likes, and other interactions, unless restricted by your settings.

For more information on data processing by X, please refer to X’s Privacy Policy:

https://x.com/en/privacy

You can manage your privacy and security settings on X here:

https://x.com/settings/account/personalization

Information regarding data transfers to third countries can also be found in X’s Privacy Policy. X states that it uses standard contractual clauses for certain international data transfers and participates in the EU-US Data Privacy Framework, the Swiss-US Data Privacy Framework, and the UK Extension.

16. Recipients and Processors

Within our company, only those departments that require personal data to fulfill the respective purposes are granted access to it.

In addition, personal data may be transferred to external recipients to the extent that this is necessary for the purposes mentioned above or a legal obligation exists. This may include, in particular:

  • Hosting, website, and IT service providers;
  • Providers of consent management, analytics, marketing, form, CRM, communication, collaboration, project management, support, product development, partner management, and business process services;
  • Providers of external media or embedded content;
  • security, error diagnosis, and performance service providers;
  • affiliated companies, to the extent necessary for processing inquiries or business relationships;
  • legal advisors, tax advisors, and auditors;
  • government agencies, courts, or other public authorities.

To the extent that service providers process personal data on our behalf, we enter into data processing agreements pursuant to Art. 28 GDPR.

In addition, we use internal IT, communication, collaboration, CRM, project management, product development, support, partner management, and business process tools to organize our operations and to handle business relationships with customers, prospects, partners, suppliers, and other business contacts.

Depending on the specific context, personal data may be processed in such systems, including in particular business contact details, company affiliation, role or position, communication content, meeting notes, project and task information, support or product feedback, contractual and pre-contractual information, interaction history, technical metadata, and information required to document or manage the relevant business relationship.

The purposes of this processing are the efficient organization of our business operations, internal and external communication, customer and prospect management, project and task management, product development, support, partner and cooperation management, documentation of business processes, information security, and compliance with legal and contractual obligations.

The legal basis is Art. 6(1)(b) GDPR where the processing is necessary for the performance of a contract or for pre-contractual measures. For business contacts acting on behalf of a company or other organization, the legal basis is generally Art. 6(1)(f) GDPR. Our legitimate interests lie in the efficient, secure, and structured organization of our business operations, communication, customer and partner relationship management, and internal collaboration. Where processing is required to comply with legal obligations, the legal basis is Art. 6(1)(c) GDPR. Where we rely on consent in individual cases, the legal basis is Art. 6(1)(a) GDPR.

The specific service providers used may vary depending on the processing activity and business need. They may include providers of office and email services, CRM systems, project management and collaboration tools, knowledge management systems, design and product development tools, code repository and issue management systems, support tools, partner management tools, and comparable business applications. We provide further information on specific recipients or service providers upon request, where required and appropriate.

Where such providers process personal data on our behalf, we enter into data processing agreements pursuant to Art. 28 GDPR. Where providers or their affiliated companies process personal data outside the European Union or the European Economic Area, such transfers take place only in accordance with the requirements described in the section “Transfers to Third Countries”.

17. Transfers to Third Countries

Some of the providers mentioned in this Privacy Policy or their affiliated companies may process personal data in countries outside the European Union or the European Economic Area, in particular in the United States.

Transfers to third countries only take place if the requirements of Art. 44 et seq. GDPR are met. This may occur, in particular, on the basis of an adequacy decision by the European Commission, the EU-US Data Privacy Framework, EU Standard Contractual Clauses, or a statutory exception.

Where necessary, we implement additional safeguards and conclude the required data protection agreements.

18. Retention Period and Deletion

We store personal data only for as long as necessary for the respective purposes or as required by statutory retention obligations.

Unless a specific retention period is stated in this Privacy Policy, the following criteria apply:

  • Duration of processing your request;
  • Duration of the contractual or user relationship;
  • Statutory retention periods, in particular obligations under commercial and tax law;
  • Statutes of limitations for asserting, exercising, or defending legal claims;
  • Technical necessity for security, operation, and detection of misuse;
  • Duration of your consent or until its revocation.

Once the respective purpose no longer applies, the data will be deleted or anonymized, provided there are no legal grounds for further storage.

19. Your Rights

You have the following rights under the GDPR:

  • Right to access the personal data processed about you;
  • Right to rectification of inaccurate or incomplete data;
  • Right to erasure of personal data;
  • Right to restriction of processing;
  • Right to data portability;
  • Right to object to certain processing activities;
  • Right to withdraw consent with future effect;
  • Right to lodge a complaint with a data protection supervisory authority.

To exercise your rights, you may contact us at any time:

QuoIntelligence GmbH

Sebastian-Kneipp-Str. 41

60439 Frankfurt am Main

Germany

Email: [email protected]

20. Withdrawal of Consent

If we process personal data based on your consent, you may withdraw this consent at any time with effect for the future.

The lawfulness of the processing prior to withdrawal remains unaffected.

You can change or withdraw your consent to cookies, tracking, external media, or similar technologies at any time via the cookie settings icon on our website.

21. Right to Object under Art. 21 GDPR

If we process personal data based on Art. 6(1)(f) GDPR, you may object to this processing at any time for reasons arising from your particular situation.

We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

If we process personal data for direct marketing, you may object to this processing at any time.

Following your objection, we will no longer use your data for direct marketing.

22. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection law.

In particular, you may contact the supervisory authority responsible for us:

The Hessian Commissioner for Data Protection and Freedom of Information

Wilhelmstraße 7

65185 Wiesbaden

Germany

Phone: +49 611 1408-0

Email: [email protected]

Website: https://datenschutz.hessen.de/

You may also contact another competent data protection supervisory authority.

23. Obligation to Provide Personal Data

The provision of personal data is generally neither legally nor contractually required for simply visiting our website.

For certain functions, the provision of specific data may be necessary. This applies, for example, to contact forms or other communication functions.

If you do not provide the required data, we may not be able to offer the respective function or process your request.

24. Automated Decision-Making

Automated decision-making within the meaning of Art. 22 GDPR does not take place in connection with simply visiting our website.

25. Changes to This Privacy Policy

We may update this Privacy Policy if our website, our data processing activities, or legal requirements change.

The version published on our website at any given time applies.