Privacy Policy
This document informs you about privacy issues such as the collection, storage, use and disclosure of Personal Information received from users of this site and customers of Quarto Legal (hereinafter also: the Company).
Quarto Legal is a trade name of the company Quarto Legal and the controller of your personal data, which it collects from its website visitors and potentially, from customers. It may also serve as a third party for customer's data. This means that the Company:
-
Collects your data on a legal basis
-
Decides the means and purpose of this data
-
Or shall only process data as instructed and agreed in the contract
Contact
If you have questions or comments, you may always contact Quarto Legal, via mail, phone or email at:
Quarto Legal
c/o Steffi Besselink, founder | lawyer | DPO
Finnish Business ID: Y-3142564-2
00520 Helsinki, Finland
Collecting data
From our website visitors, the Company collects data such as:
-
Name
-
Business name
-
Email (work-related)
-
Phone number (if provided)
-
Address/ country
-
Purpose for contacting Quarto Legal
We collect this data based on your consent, Article 6 (1) (a) of the European General Data Protection Regulation 2016/679, because you have reached out to us for information or questions or like to be contacted by Quarto Legal.
Regarding customers, the Company collects data such as:
-
Business name, address and country
-
Names of business employees
-
Content of your business policy’s, such as (but not limited to):
-
What type of data do you collect from your data subjects
-
What type of data do you collect from your employees,
-
Who are your data subjects
-
Who are your processors
-
Names of people responsible for certain tasks
-
phone numbers of the data breach team
-
staff/ employee contract clauses related to data protection
-
-
Company's banking information
This data is collected based on the contractual obligation from Quarto Legal to provide you the products and services of GDPR documents, consultation and advice, which stems from Article 6 (1) (b) of the European General Data Protection Regulation 2016/679.
Third Parties and Storing data
Quarto Legal stores your data in secure locations, such as the protected database of the Company's AWS database in Ireland, and on the highly secured vault 'P-Cloud'. These act as processors for the Company. Please review the privacy policy of these companies for more information on how they handle your data. Cookie and other analytical data is being collected by the Company's domain host 'Wix'.
Retention
The Company will store your data, pursuant to the Finnish taxation laws, for no longer than five years after you have made your last purchase. This type of data includes the type of purchase, the buyer and location of the buyer.
Regarding marketing data, the Company will keep emails from individuals who have not purchased products or services, for no longer than two years. Every year the Company will review their database and request again consent, in the event the individual has been inactive for more than two years.
Transfer
The Company may internationally transfer data if the Company makes use of a tool that is necessary for the service which stores data outside the EEA. Such transfer shall be vetted and only done pursuant Chapter V of the GDPR. The Company shall refer to these transfers in this policy. At this very moment the company does not transfer data outside the EEA.
Automated individual decision-making
The Company does not make use of automated individual decision-making tools.
Marketing
The Company will ask for your consent to share your brand name on its website. The Company also may ask you for LinkedIn or Google reviews, which it may place as well on its website. If you have any objection to this, please let us know.
Your rights
You, a website visitor, customer or other party, have at all times the right to:
-
access your data and request copies of all processing activities around your data
-
rectify processing concerning any information you believe is inaccurate, to which the Company can comply under certain conditions, such as when it is following a legal obligation from a National Authority
-
request to be forgotten, to which the Company can comply under certain conditions, such as when it is following a legal obligation from a National Authority
-
request to restrict or object to processing, to which the Company can comply under certain conditions, such as when it is following a legal obligation from a National Authority
-
request a structured, commonly used and machine-readable format to transfer the data to another controller or directly to you (portability).
Changes to the Policy
The Company will keep this privacy policy under review and reserves the right to modify this document. This policy was last updated in October, 2022, and advises you to regularly review this document for the latest updates.
Complaint
Should you wish to report a complaint or you feel the European Startup Lawyer has not addressed your concerns in a satisfying manner, you may contact the Data Protection Authority Office in Finland, or in the country of your residence.