Data Protection Policy

1. Scope of this Privacy Policy

   This Data Protection Policy applies to this particular website. It does not apply for other websites which are merely referenced via hyperlink. We cannot assume responsibility for the confidential handling of your personal data on these third-party websites, since we do not have any influence in the data protection compliance by these companies. Please inform yourself on the handling of personal data by these companies directly on their websites.

   In this Data Protection Policy you will find information on the data processing regarding Swiss Federal Act on Data Protection (FADP), General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

2. Our privacy policy (data protection policy) under FADP and the GDPR

1. General information and principles of data processing

We are pleased that you are visiting our website. The protection of your privacy and the protection of your personal data is an important concern to us.

In accordance with Article 5 (a) FADP and Article 4 (1) GDPR, personal data means any information relating to an identified or identifiable natural person. This includes, for example, information such as first and last name, address, telephone number, email address, but also an IP address.

Data that cannot be linked to your person, for example through anonymisation, is not personal data. Under Article 6 (1) FADP personal data must be processed lawfully and the processing of sensitive personal data according to Article 6 (6) and (7) FADP requires a consent. Under the GDPR, processing of personal data (e.g. collection, storage, readout, retrieval, use, transmission, deletion or destruction) according to Article 4 (2) GDPR always requires a legal basis or a consent. Processed personal data must be deleted as soon as the purpose of their processing has been achieved, and there are no longer any legally prescribed retention obligations.

Here you will find information on the handling of your personal data upon visiting our website. In order to provide the functions and services of our website, it is necessary for us to collect your personal data.

In the following, we explain the type and scope, purpose, legal basis and storage period of the respective data processing.

2. Controller

Responsible for the processing of personal data on this website (see imprint) is:

Terra Quantum AG
St. Gallerstrasse 16A
9400 Rorschach
Switzerland

Phone: +41 71 444 0000
Email: info@terraquantum.swiss

3. Representative of Controller according to Article 27 GDPR

QMware GmbH
Barthstraße 18
80339 Munich
Germany

Phone: +49 89 065-780
Email: info@qm-ware.com

4. Data Protection Officer

If you have any further questions regarding data protection, please feel free to contact us under

Alexander Martens (Datenschutzbeauftragter) c/o
Terra Quantum AG
St. Gallerstrasse 16A
9400 Rorschach
Switzerland
Email: privacy@terraquantum.swiss

5. Provision and use of the website / server log files

When you access our website (i.e. when you merely view it without registering and without otherwise providing us with information), we process the following personal data, which your browser automatically transmits to our server:

• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (visited page)
• Access status/HTTP status code
• Amount of transferred data
• Web address from which the page or file was accessed or the requested function was initiated (referrer URL)
• IP-address
• Browser
• Language and version of the browser software
• Operating system

This data described above is technically necessary to enable you to use our website. In addition, the data is technically necessary to ensure the stability of the website and IT security, in particular to protect our IT systems from misuse and to defend against attacks.

Under the GDPR, the legal basis for the collection and processing of the data is Article 6 (1) (f) GDPR.

The aforementioned data will be recorded for the duration of the communication process.
To guarantee IT security, the IP-address will be saved for an additional short period of time of no more than seven calendar days.

Under the GDPR, if your personal data is processed in accordance with Article 6 (1) (f) GDPR you have a right of objection in accordance with Article 21 GDPR. However, in the case of the specific data processing operation, we have compelling legitimate grounds for processing the data that is necessary for the protection of these data, because without the processing of these data we cannot provide and operate our website.

6. Use of cookies

We use cookies. Cookies are small files that are placed on your computer and stored by your browser. Some functions of our website cannot be offered without the use of technically necessary cookies, whereas other cookies allow us to perform various analyses. For example, some cookies can recognize the browser you are using when returning to our website and transmit various information to us. We use cookies in order to facilitate and improve the use of our website. For instance, through cookies we can create a more user-friendly and effective web offer for you, for example by retracing your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, this information will be directly collected via your browser. Cookies do not cause any damage to your terminal device. They can neither run programs nor contain viruses. Various types of cookies are used on our website, their type and function are explained in the following.

If German law applies and cookies or cookie-like technologies are used in the context of data processing on this website, the use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of user is based on your consent pursuant to Section 25 (1) Telecommunications Telemedia Data Protection Act (TTDSG) in conjunction with the requirements of consent under data protection law pursuant to Art. 4 (11), 7 GDPR.

Our website uses so-called temporary cookies or session cookies, which are automatically deleted when you close your browser. Through this type of cookies, it is possible to record your session ID. This allows various requests from your browser to be assigned to a common session and makes it possible to recognize your terminal device during subsequent visits to the website. These session cookies expire at the end of the session.

Our website uses so-called persistent cookies. Persistent cookies are cookies that are stored in your browser over a longer period of time and can transmit information. The respective storage period varies depending on the cookie. Permanent cookies may be deleted independently via your browser settings.

c) Cookie Consent with the consent management platform cookiebot by Usercentrics

Our website uses consent management platform cookiebot by Usercentrics to obtain your consent in the storage of cookies in your browser and document these in compliance with data protection. Provider of cookiebot by Usercentrics is Usercentrics GmbH, Sendlingerstraße 7, 80331 Munich, Germany.

Upon entering the website, cookiebot by Usercentrics stores a cookie in your browser, in which your obtained consent or the revocation of consent are documented. However, this data will not be transmitted to the provider cookiebot by Usercentrics. This is a required cookie, which does not need a consent. Under the GDPR, the legal basis for the data processing is Article 6(1)(a) GDPR. We use HubSpot to ensure compliance with our legal obligations.    

The cookies are stored until you ask us to delete this data, you delete the cookie yourself or the storage is no longer necessary for the purpose of data processing. You can change your cookie settings at any time using the button to the lower left.  

We use the following categories of cookies:

Necessary cookies:

Necessary cookies ensure functions that are essential to use our website as intended. These absolutely necessary cookies are used, for example, to ensure that registered users remain logged in when accessing various subpages. These are so-called first party cookies are only used by us.

Under the GDPR, the legal basis for the data processing is Article 6(1)(f) GDPR – and if German law applies Section 25(2) TTDSG, as we have a legitimate interest in maintaining the functionality of our website. You have a right of objection pursuant to Article 21 GDPR. In the case of technically necessary cookies, however, we have compelling reasons worthy of protection for processing the data, because without processing this data we cannot properly provide our website or the respective functionality of the website.

As soon as the cookies are no longer required for the purposes described, they are deleted.

Preference cookies: 

Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

Under the GDPR, the legal basis for the processing of this personal data are our legitimate interests in accordance with Article 6(1)(f) GDPR and – if necessary – your consent in accordance with Article 6(1)(a) GDPR. As soon as the cookies are no longer required for the purposes described, the storage period ends or you withdraw your consent, these cookies are deleted.

Statistics cookies:

Statistics Cookies collect information about how a website is used in order to improve its attractiveness, content and functionality. For example, the following data is collected:

• number of visits to a website or sub-pages
• time spent on the website
• sequence of visited pages
• search terms
• country, region, city from which access is made
• analysis which areas of our website are of particular interest to you

An overview of the cookies used can be found at the the button to the lower left.

Under the GDPR, the legal basis for the processing of this personal data is your consent pursuant to Article 6(1)(a) GDPR – if German law applies in conjunction with Section 25(1) TTDSG. As soon as the cookies are no longer required for the purposes described, the storage period ends or you withdraw your consent, these cookies are deleted.

Marketing cookies:     

Marketing cookies are used to display interest-based advertisements to website visitors. Besides they are also used to limit the frequency of display and measure the effectiveness of advertisement campaigns. The information obtained with third parties such as advertisers. Cookies to improve targeting and advertising are often linked to third party site functionalities.

Under the GDPR, the legal basis for the processing of this personal data is your consent pursuant to Article 6(1)(a) GDPR – if German law applies in conjunction with Section 25(1) TTDSG – and Article 4(11), 7 GDPR for the following processing of personal data. As soon as the cookies are no longer required for the purposes described, the storage period ends or you withdraw your consent, these cookies are deleted.

7. Services with required cookies   

Google reCAPTCHA

We use reCAPTCHA, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, ("Google").

IP addresses and user behavior (duration of the website visitor's visit or mouse movements made by the user) are processed and transmitted to Google.

FADP:
Google Ireland Limited transmits data to Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. We would like to point out that the Court of Justice of the European Union (CJEU) has doubts about the adequacy of the level of data protection in the USA. In particular, there is a risk that personal data may be processed by government authorities for control and monitoring purposes, possibly also without any legal remedy.

GDPR:
Google Ireland Limited transmits data to Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The USA is a so-called third country, because it is located outside the EU. However, the USA has an adequacy decision from the European Commission (EU-U.S. Data Privacy Framework (DPF)). The decision concludes that the United States ensures an adequate level of protection – comparable to that of the European Union – for personal data transferred from the EU to US companies under the new framework. Google LLC has certified itself according to the DPF: 

https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

The purpose of using Google reCAPTCHA is to ensure data security when transmitting forms.

This serves primarily to distinguish whether the input is made by a natural person or abusively by machine and automated processing (so-called bot).

Under the GDPR, the legal basis is Article 6(1)(f) GDPR Our legitimate interest lies in the data security of our website and in the prevention of unwanted, automated access and spam.

Your consent is also consent to data processing in the USA pursuant to Article 17 (1) (a) FADP.

The stored data will be deleted as soon as they are no longer needed to fulfill the purpose.

You have a right of objection pursuant to Article 21 GDPR. In the case of technically necessary cookies, however, we have compelling reasons worthy of protection for processing the data, because without processing this data we cannot properly provide our website or the respective functionality of the website.

Further information on data processing can be found in Google's privacy policy at Google's privacy policy: https://policies.google.com/privacy?hl=en.

8. Services with preference cookies (Preferences)

New Relic

On our website we use the Web analysis service of New Relic. A Service of New Relic Inc., 188 Spear St. Suite 1200, 94105 San Francisco, USA („New Relic“).

New Relic allows us to perform statistical analyses regarding speed and stability of our website. For this purpose New Relic stores the application and browser data by using cookies. It cannot be excluded that the IP address of the user is transmitted to and stored by New Relic during this process.

FADP:
We would like to point out that the European Court of Justice (ECJ) has doubts about the adequacy of the level of data protection in the USA. In particular, there is a risk that personal data may be processed by government authorities for control and monitoring purposes, possibly also without any legal remedy.

GDPR:
New Relic processes the data collected in the USA. The USA is a so-called third country, because it is located outside the EU. However, the USA has an adequacy decision from the European Commission (EU-U.S. Data Privacy Framework (DPF)). The decision concludes that the United States ensures an adequate level of protection – comparable to that of the European Union – for personal data transferred from the EU to US companies under the new framework. New Relic Inc. has certified itself according to the DPF: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TNPiAAO&status=Active

We use New Relic to analyse web browser informations, load times and possible server downtimes or speed losses during delivery.

As required under the GDPR, the legal basis for the use of New Relic is your consent pursuant to Article 6(1)(a) GDPR respectively Section 25(2) TTDSG.

Your consent is also consent to data processing in the USA pursuant to Article 17 (1) (a) FADP.

The specific storage period of the processed data cannot be influenced by us, but is determined by New Relic, Inc. Further information can be found in the data protection declaration for New Relic: https://newrelic.com/termsandconditions/privacy.

The stored data will be deleted as soon as you withdraw your consent by deselecting the selected cookie category "Preferences" under "Cookie settings".

Further information and the valid data protection regulations of New Relic can be found here:

New Relic General Data Privacy Notice: https://newrelic.com/termsandconditions/privacy

9. Services with statistics cookies (Statistics)    

Google Analytics

On our website we use the tracking tool Google Analytics of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660 („Google“).

We have contracted a so-called data processing agreement (DPA) with Google.

We have concluded a so-called order processing agreement insofar as Google acts as a processor for us. The data sharing settings to Google has been deactivated, so that consequently there is no joint controllership with Google. Google Analytics uses cookies, which are text files placed on your computer, to help the website analyze how users use the site.

The information generated by cookies about your use of this website is usually transferred to a Google server in the USA and stored there. On behalf of the operator of this website, Google will use this information for the purpose of systematically evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. Google Analytics uses AI (artificial intelligence) and machine learning by applying algorithms to evaluate user behaviour. The algorithms automatically measure the usage behaviour of the individual website user on the basis of event data. The algorithm that analyses these events can also recognise specific usage behaviour on other devices, which enables cross-device behavioural analysis of website users. If you have different separate sessions on different devices, Google Analytics can automatically aggregate the sessions into a single cross-device user experience based on User ID, Google ID, or Device ID and create database models, including cross-device conversions. >We do not receive any personal data from Google, just statistics. If you would like to stop the cross-device analysis, you can deactivate the "personalised advertising" function in the settings of your Google account. To do so, follow the instructions on this page: https://support.google.com/analytics/answer/7532985?hl=en&sjid=10123006388383540876-EU#zippy=%2Cthemen-in-diesem-artikel%2Cin-this-article If individual pages of our website are called up, the following data is stored:

• three bytes of the IP-address of the calling system of the user (anonymized IP-address)
• accessed website
• website from which the user accessed the page of our website (referrer)
• sub-pages that are called from the caller page
• time spent on the website
• frequency of a call of the website
• scroll behavior and clicks
• achievement of "website objectives" (e.g. newsletter registrations)
• approximate location
• information about the used browser, internet provider and device information

Google informs that the IP addresses in Google Analytics no longer need to be anonymised, as they are neither logged nor stored. Nevertheless, the IP address in Google Analytics is automatically shortened by the service (IP anonymisation) . This means that the IP addresses are shortened by the last octet (e.g.: 192.168.79.***; so-called IP masking). It is no longer possible to assign the shortened IP address to the calling computer or end device of the user.

FADP:
Google Ireland Limited transmits data to Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. We would like to point out that the European Court of Justice (ECJ) has doubts about the adequacy of the level of data protection in the USA. In particular, there is a risk that personal data may be processed by government authorities for control and monitoring purposes, possibly also without any legal remedy.

GDPR:
Google Ireland Limited transmits data to Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The USA is a so-called third country, because it is located outside the EU. However, the USA has an adequacy decision from the European Commission (EU-U.S. Data Privacy Framework (DPF)). The decision concludes that the United States ensures an adequate level of protection – comparable to that of the European Union – for personal data transferred from the EU to US companies under the new framework. Google LLC has certified itself according to the DPF: 

https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

The service of Google Analytics is used to analyse the usage behaviour of our online presence.

As required under the GDPR, the legal basis for the use of Google Analytics is your consent pursuant to Article 6(1)(a) GDPR respectively Section 25(2) TTDSG.

Your consent is also consent to data processing in the USA pursuant to Article 17 (1) (a) FADP.

The stored data will be deleted as soon as the cookie expires, or you withdraw your consent.

Google Analytics stores cookies in your web browser for a period of 14 months    since your last visit. These cookies contain a randomly generated user ID that allows you to be recognized during future visits to the website.

The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months . Other data remains stored in aggregated form for an unlimited period.

The stored data will be deleted as soon as you withdraw your consent by deselecting the selected cookie category "Statistics" under "cookie settings".

f) Further information

Further information on Google Analytics data protection:

https://support.google.com/analytics/answer/6004245?hl=en

Further information on Google’s privacy policy can be found here: https://policies.google.com/privacy?https://policies.google.com/privacy?gl=DE&hl=engl=DE&hl=en

10. Services with marketing cookies
    

    Hub Spot

    a) Type and scope of data processing
    

    On our website we use HubSpot a Service of HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500. („Hub Spot“).

    Hubspot is an integrated software solution that covers various aspects of our online marketing. This includes especially the analysis of landing pages and reporting. During this processes Hub Spot uses so-called "web beacons" and cookies which are stored on your end device by visiting our website.

    For example, the following personal data may be collected:

    • IP address,
    • geographical location,
    • type of browser,
    • duration of the visit,
    • pages viewed.
    • usage data (e.g. web pages visited, interest in content, access times);
    • meta, communication and procedural data (e.g. time data, identification numbers, consent status).

    We use Hub Spot with enabled IP anonymization. Through this, the IP addresses are shortened by the last octet (e.g. 192.168.79.***; so-called IP masking). It is no longer possible to assign the abbreviated IP address to the calling computer or terminal device.

    We have concluded a so-called order processing agreement insofar as HubSpot acts as a processor for us. For more information please see: https://legal.hubspot.com/dpa

    FADP:
    Hub Spot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, transmits data to Hub Spot Inc, 25 First St., 2nd floor Cambridge, Massachusetts 02141, USA. We would like to point out that the European Court of Justice (ECJ) has doubts about the adequacy of the level of data protection in the USA. In particular, there is a risk that personal data may be processed by government authorities for control and monitoring purposes, possibly also without any legal remedy.
    
    GDPR:
    Hub Spot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, transmits data to Hub Spot Inc, 25 First St., 2nd floor Cambridge, Massachusetts 02141, USA. The USA is a so-called third country, because it is located outside the EU. However, the USA has an adequacy decision from the European Commission (EU-U.S. Data Privacy Framework (DPF)). The decision concludes that the United States ensures an adequate level of protection – comparable to that of the European Union – for personal data transferred from the EU to US companies under the new framework. Hub Spot Inc. has certified itself according to the DPF: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TN8pAAG&status=Active
    
    

    b) Purpose of data processing
    

    We use HubSpot to analyse the user behaviour of our website. This allows us to constantly optimise our website and make it more user-friendly. We also use information to determine which of our company's services are of interest to customers and newsletter subscribers and to contact them for advertising purposes. Furthermore, we use the analysis to optimise our website for you.

    c) Legal basis
    

    Under the GDPR, the legal basis for the use of HubSpot is your consent pursuant to Article 6(1)(a) GDPR respectively Section 25(2) TTDSG. In addition, we process personal data in accordance with Article 6(1)(f) GDPR. Our interest is to improve our website and make it more user-friendly by analyzing the user behavior.  
    
    Your consent is also consent to data processing in the USA pursuant to Article 17 (1) (a) FADP.

     d) Storage period
    Your personal data will be stored until you withdraw your consent or until the data is no longer required for the specified purposes.

    e) Right of withdrawal
    

    The stored data will be stored as soon as the cookie expires or you withdraw your consent by deselecting the selected cookie category "Statistics" under "Change cookie settings".

    f) Further information
    

    Further information and the valid data protection regulations of Hub Spot can be found here:

    Hub Spot Website: https://www.hubspot.de;

    Hub Spot Privacy Policy: https://legal.hubspot.com/de/privacy-policy
    

    
    

    Google Tag Manager
    
    We use Google Tag Manager. Google Tag Manager is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, ("Google") that allows marketers to manage website tags through a single interface.

    FADP:
    Google Ireland Limited transmits data to Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. We would like to point out that the Court of Justice of the European Union (CJEU) has doubts about the adequacy of the level of data protection in the USA. 
    
    In particular, there is a risk that personal data may be processed by government authorities for control and monitoring purposes, possibly also without any legal remedy.
    
    GDPR:
    Google Ireland Limited transmits data to Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The USA is a so-called third country, because it is located outside the EU. However, the USA has an adequacy decision from the European Commission (EU-U.S. Data Privacy Framework (DPF)). The decision concludes that the United States ensures an adequate level of protection – comparable to that of the European Union – for personal data transferred from the EU to US companies under the new framework. Google LLC has certified itself according to the DPF: 
    
    https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active 

    Google Tag Manager only implements tags. Tags are small elements of code on your website which, among other things, serve to measure traffic and visitor behaviour, to identify the impacts of online advertisement and social channels, use remarketing and targeting and to test and optimize your website. This means: No additional cookies are used. Google Tag Manager triggers other tags, which may collect data. Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level - in particular, if you have opted for the Google Analytics opt-out solution described above or have made the corresponding settings in your browser - it will remain in effect for all tracking tags provided that these are implemented with the Google Tag Manager.

    For more information see Google's privacy policy: https://policies.google.com/terms?gl=DE&hl=en

    Privacy Policy for Advertising: www.google.de/intl/de/policies/technologies/ads.

11. Contact options by e-mail
    a) Type and scope of data processing
    

    You can contact us by e-mail. Our data collection is limited to the e-mail address of the e-mail account used by you to contact us as well as to the personal data provided by you in the course of contacting us. If you send us an e-mail without encryption, the e-mail is not protected against unauthorized access or modification by third parties during transmission.

    b) Purpose of data processing
    

    The purpose of data processing is to be able to answer your request appropriately.

    c) Legal basis
    Under the GDPR, the legal basis for this is Article 6(1)(f) GDPR. There is a legitimate interest in the processing of the above-mentioned personal data in order to be able to process your request appropriately, e.g. to answer your inquiry or to fulfil your request for information.
    e) Storage period
    

    The duration of the storage of the above-mentioned data depends on the background of your contact. Your personal data will be deleted on a regular basis if the intended purpose of the communication ceases to apply and storage is no longer necessary. This may result, for example, from processing your request.

12. Newsletter
    a) Type and scope of data processing
    

    On our website you can subscribe to a free regular e-mail newsletter. In order to send you the newsletter regularly, we need your e-mail address. Beyond this, your data will not be passed on to third parties. For the newsletter distribution, we use the so-called double opt-in procedure. This means that we will only send you an e-mail newsletter if you have explicitly confirmed your consent to the dispatch of the newsletter. We will then send you a confirmation e-mail asking you to click on a link to confirm that you wish to receive newsletters from us in the future. This is to ensure that only you yourself, as the owner of the e-mail address provided, can subscribe to the newsletter. Your confirmation must take place promptly after receipt of the confirmation e-mail, otherwise your newsletter registration will be automatically deleted from our database. When you subscribe to the newsletter, we collect and store the data you enter in the input mask (e.g. last name, first name, e-mail address).

    When you register for the newsletter, we may save your IP address entered by your Internet Service Provider (ISP) as well as the date and time of registration, in order to be able to trace possible misuse of your e-mail address at a later time. In the confirmation mail sent for control purposes (double opt in the e-mail) we may also save the date and time of the click on the confirmation link and the IP address entered by the Internet Service Provider (ISP).

    Furthermore, the success of the newsletter is measured. If you open our e-mail newsletters, click on the links contained in them, send a web page form after clicking on a link, you retrieve images in e-mail newsletters, we may track this and save this information. In addition, we may determine the type of end device used and, by assigning your IP address, from which location the retrieval took place.

    b) Purpose of data processing
    

    The data collected by us when registering for the newsletter will be used exclusively for the following purposes. By subscribing, you agree that we and our affiliated companies Terra Quantum GmbH, Germany, QMware GmbH, Germany, QMware GmbH, Austria, and Novarion Systems GmbH, Austria may send you information about our and our above-mentioned affiliated companies’ products and services limited to the topics artificial intelligence, processing of classical signals by quantum information methods, quantum metrology and sensors, quantum random number generator, quantum cryptography, machine learning, software and hardware development, quantum computing, quantum internet and MRI Scanner (algorithmic cooling)) by e-mail to your business email you have provided us.

    c) Legal basis
    

    Under the GDPR, the processing of your e-mail address for the newsletter dispatch is based on the declaration of consent voluntarily submitted by you in the following and revocable at any time in the future in accordance with Article 6(1)(a) GDPR and – if German law applies – Section 7(2)(3) UWG (German law against unfair competition).

    In addition, we process your personal data to document your consent (Article 6(1)(c) GDPR).

    d) Storage period
    

    Your e-mail address will be stored as long as you have subscribed to the newsletter. After you have unsubscribed from the newsletter, your e-mail address will be deleted, unless you have explicitly consented to further use of your data.

13. Use of Google Fonts
    a) Type and scope of data processing
    

    We use external fonts from Google Fonts on this website. Google Fonts is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660 („Google").
    
    The integration of these web fonts is carried out through a server call, usually one of Google’s servers in the United States. Hereby, the server will receive information on which websites you visited. Also, Google stores the IP address of the visitor’s terminal device’s browser. 
    
    FADP:
    Google Ireland Limited transmits data to Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. We would like to point out that the European Court of Justice (ECJ) has doubts about the adequacy of the level of data protection in the USA. In particular, there is a risk that personal data may be processed by government authorities for control and monitoring purposes, possibly also without any legal remedy.
    
    GDPR:
    Google Ireland Limited transmits data to Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The USA is a so-called third country, because it is located outside the EU. However, the USA has an adequacy decision from the European Commission (EU-U.S. Data Privacy Framework (DPF)). The decision concludes that the United States ensures an adequate level of protection – comparable to that of the European Union – for personal data transferred from the EU to US companies under the new framework. Google LLC has certified itself according to the DPF: 
    
    https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active 
    

    b) Purpose of data processing
    

    The purpose of using Google Fonts is the uniform presentation of fonts.

    c) Legal basis
    

    Under the GDPR, the legal basis for the use of Google Fonts is Article 6(1)(f) GDPR. We have a legitimate interest in the interest of a uniform and consistent presentation of our online offers.

    d) Storage period
    

    The stored data will be deleted as soon as they are no longer required for our purposes.

    e) Right of objection
    

    You have the right to object to this processing. However, we have legitimate compelling reasons for processing the data, because without processing this data we cannot properly display the fonts on the website.

    f) Further information
    Further information on data processing by Google can be found in Google's privacy policy at https://www.google.com/intl/en/policies/privacy

14. Categories of recipients of the personal data
    Under the GDPR, we only pass on your personal data to third parties if:
    a)     you have given your explicit consent to do so in accordance with Article 6(1)(a) GDPR.
    b)     this is legally permissible and, in accordance with Article 6(1)(b) GDPR, is necessary for the fulfilment of a contractual relationship with you or the implementation of pre-contractual measures.
    c)     there is a legal obligation under Article 6(1)(c) GDPR for the transfer.
    We are legally obliged to transfer data to state authorities, e.g. tax authorities and law enforcement agencies.
    d)     the disclosure in accordance with Article 6(1)(f) GDPR is necessary to safeguard legitimate corporate interests and to assert, exercise or defend legal claims, and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
    
    We use external service providers (so-called processors) to process personal data in accordance with Article 9 FADP or Article 28(3) GDPR. These processors have been carefully selected by us and are obliged by a data processing agreement to handle personal data in accordance with data protection regulations. 
    
    We use such external service providers in the following areas: 
    •    IT service providers
    •    Marketing
    
    FADP:
    When transferring personal data abroad, we ensure that personal data is treated with the same care. We only transfer personal data abroad if the legislation of the State concerned or the international body guarantees an adequate level of protection. In the absence of a decision by the Federal Council we disclose personal data abroad only if an adequate level of data protection is guaranteed by a treaty under international law, data protection clauses in an agreement between the controller or the processor and its contractual partner, notice of which has been given to the FDPIC beforehand; specific guarantees drawn up by the competent federal body, notice of which has been given to the FDPIC beforehand, standard data protection clauses that the FDPIC has approved, issued or recognised beforehand; or binding corporate rules that have been approved in advance by the FDPIC or by the authority responsible for data protection in a State that guarantees an adequate level of protection.
    
    GDPR:
    When transferring personal data to so-called third countries, i.e. outside the EU or EEA, we ensure that your personal data is treated with the same care as within the EU or EEA. We only transfer personal data to third countries where the EU Commission has confirmed an adequate level of data protection or where we have ensured the careful handling of personal data by contractual agreements or other suitable guarantees.
    
    
15. Access to restricted content (e.g. Whitepapers) in exchange for the consent to commercial data processing
    
    a) Type and scope of data processing
    

    On our website we may offer you to gain access to restricted content (e.g. white papers, studies, booklets) on the condition and in exchange for the provision of personal data (first name, last name, business email, role, primary area of interest) and giving us your consent to process your provided personal data for the purposes specified under b).

    To activate you access request, we use the so-called “double opt-in procedure”, in which we will send you an email to the email address you provided with a request to confirm your consent. This ensures that the access was requested by you and not by a third party.

    b) Purpose of data processing
    

    We have put an investment of time and money into creating the materials we offer as restricted content, which is why we cannot give everyone unrestricted access to them. We are making the restricted content available on the condition of and in exchange for your personal data and consent to the use of your personal data for commercial purposes.

    By activating your request, you agree that we share your personal data with our affiliated companies Terra Quantum GmbH, Germany, QMware GmbH, Germany, QMware GmbH, Austria, and Novarion Systems GmbH, Austria, and that we and our affiliated companies may store and use your personal data (i) for our and our affiliated companies’ market research purposes, (ii) for our and our affiliated companies’ customer relationship management databases and customer relationship purposes, (iii) for contacting you for commercial purposes by email with information about our and our affiliated companies’ products and services and with related commercial offers limited to the topics artificial intelligence, processing of classical signals by quantum information methods, quantum metrology and sensors, quantum random number generator, quantum cryptography, machine learning, software and hardware development, quantum computing, quantum internet and MRI Scanner (algorithmic cooling)) as well as (iv) for targeting you on the internet (e.g. our and our affiliated companies’ websites), by search engines and via social media, based on your personal interest.

    c) Legal basis
    

    Under the GDPR, the legal basis for this is Article 6 (1) (b) GDPR, the processing of the data serves the fulfilment of a contract or the implementation of pre-contractual measures and your consent pursuant to Article 6 (1) (a) GDPR.
    
    Your consent is also consent to data processing in the USA pursuant to Article 17 (1) (a) FADP.

    d) Storage period
    

    If you do not confirm your access request by using the link in the email we send to you, your personal data will be deleted promptly.

    If you have successfully requested access to our restricted content and, thus, given us your consent to process your provided personal data for the aforementioned purposes, the stored data will be deleted as soon as it is no longer necessary for the purpose of its processing or if you withdraw your consent.

    e) Right of withdrawal
    

    You can withdraw your consent at any time with effect for the future towards us, e.g. by sending an email to our contact information stated in Section 2.

16. Data security and security measures
    

    We are committed to protecting your privacy and treating your personal data confidentially. For this purpose, we take extensive technical and organisational security precautions, which are regularly checked and adapted to technological progress.

    These include the use of recognised encryption procedures (SSL or TLS). Unencrypted data, e.g. when sent by unencrypted email, may be read by third parties. We have no influence on this. It is the responsibility of the respective user to protect the data provided by him/her against misuse by means of encryption or in any other way.

17. Your rights (as a data subject)

Here you will find your rights regarding your personal data. Details of this are set out in Chapter 4 and 5 of the FADP or Articles 7, 15-22 and 77 of the GDPR, as applicable. You can contact the controller (Section 2) or representative (Section 3) in this regard.

a) Under the FADP you have the following rights:

aa) Right to information according to Article 25 FADP

You have the right to request confirmation as to whether we process personal data relating to you. If this is the case, you have the right to be informed about your personal data and to receive further information, e.g. identity and the contact details of the controller; the processed personal data, the purpose of processing; the retention period for the personal data, the available information about the source of the personal data, recipients or the categories of recipients to which personal data is disclosed. We may refuse to provide information, or restrict or delay the provision of information according to Article 26, 27 FADP

bb) Right to data portability according to Article 28 FADP

You have the right to request the controller to deliver the personal data that they have disclosed to it in a conventional electronic format.

The controller may refuse, restrict or delay the delivery or transfer of personal data for the reasons set out in Article 26 paragraphs 1 and 2 according to Article 29. The controller must give reasons why it has decided to refuse, restrict or delay the delivery or transfer.

cc) Right to correction according to Article 32 (1) FADP

You have the right to request that incorrect personal data be corrected unless: a statutory provision prohibits the correction or the personal data are processed for archiving purposes that are in the public interest.

b) Under the GDPR you have the following rights:

aa) Right to withdraw your data protection consent in accordance with Article 7(3) GDPR

You can withdraw your consent to the processing of your personal data at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

bb) Right of access according to Article 15 GDPR 

You have the right to request confirmation as to whether we process personal data concerning you. If this is the case, you have the right to be informed about your personal data and to receive further information, e.g. the purposes of processing, the categories of personal data processed, the recipients and the planned duration of storage or the criteria for determining the duration.

cc) Right to rectification and completion under Article 16 GDPR

You have the right to demand the correction of incorrect data without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete data.

dd) Right to erasure („right to be forgotten“) in accordance with Article 17 GDPR

You have the right of erasure, as far as the processing is not necessary.
This is the case, for example, if your data is no longer necessary for the original purposes, if you have withdrawn your declaration of consent under data protection law or if the data was processed unlawfully.

ee) Right to restriction of processing in accordance with Article 18 GDPR

You have the right to limit the processing, for example if you believe that personal data is incorrect.

ff) Right to data portability according to Article 20 GDPR

You have the right to receive personal data concerning you in a structured, common and machine-readable format.

gg) Right to object according to Article 21 GDPR

You have the right to object at any time for reasons arising from your particular situation to the processing of certain personal data concerning you.
In the case of direct marketing, you, as the data subject, have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing, including profiling, insofar as it relates to such direct marketing.

hh) Automated individual decision-making, including profiling in accordance with Article 22 GDPR

You have the right not to be subject to a decision based solely on automated processing, including profiling, except in the exceptional circumstances referred to in Article 22 GDPR.
You will not be subject to a decision based solely on automated processing of your data, including profiling (Article 13 (2) (f) GDPR, Articles 22 (1) to (4) GDPR, Article 4 (4) GDPR, Articles 22 (1) to (4) GDPR), which would have legal effect on you or would have a similarly significant adverse effect on you.

ii) Right to lodge a complaint with a data protection supervisory authority according to Article 77 GDPR

You can also lodge a complaint with a data protection supervisory authority at any time, for example if you believe that data processing is not in compliance with data protection regulations.

18. Changes to this privacy policy

Our privacy policy serves the fulfilment of legal information duties. We update our data protection declaration as far as this becomes necessary.

III. Our privacy policy (data protection policy) under the CCPA

Pursuant to California law, we are providing additional information to California residents. Please read this information together with our Privacy Policy under Section II.

Under California law, certain organizations need to disclose whether the following categories of “personal information” are collected or disclosed for an organization’s “business purpose” as those terms are defined under California law.

Below please find the categories of personal information about California residents that we collect or disclose to third parties or service providers.

Note that while a category may be included below that does not necessarily mean that we have or collect information in that category about you. The personal information we collect depends on the nature of our interaction with you and the Services you may use.

We do not sell personal information.

We and our third-party service providers collect personal information from the following sources:

• Direct interactions, such as, when you register for our Services or make a purchase
• Data from third parties, such as, information on third-party websites or other information you may have made publicly available or information provided by third party sources, including but not limited to government entities and data resellers
• Automated tracking technologies, such as, information automatically collected about your interaction with our Services and websites using various technologies such as cookies, web logs and beacons and internet tags
• Depending on how you interact with us and our Services, we may use and disclose personal information for the following business purposes:
• Auditing
• Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity,
• Detecting and repairing errors,
• Performing services on behalf of other businesses,
• Processing or fulfilling orders and transactions,
• Providing advertising or marketing,
• Conducting internal research for product and service development, and
• Improving, upgrading, and enhancing our services.
• In addition to sharing personal information for the business purposes identified within the California Consumer Privacy Act, we also share personal information as needed, or required, with the following additional third parties:
• organizations involved in business transfers, e.g. to a purchaser or successor entity in the event of a sale or any other corporate transaction involving some or all of our business;
• other parties, e.g. as needed for external audit, compliance, risk management, corporate development and/or corporate governance related matters,
• business partners as directed by an individual, or as needed to process an individual’s request; and
• governmental authorities and regulators, as required under applicable law.

Exercising Rights to Request Access and Request Deletion

Subject to certain exceptions, California residents have the right to request access, deletion and portability of their personal information. This includes

• the right to know about the personal information a business collects about them and how it is used and shared;
• the right to delete personal information collected from them;
• the right to opt-out of the sale of their personal information; and
• the right to non-discrimination for exercising their CCPA rights.

For further rights, we refer to our privacy policy under Section I.

If you would like to submit a request or have additional questions about the personal information that we have about you, please contact us at privacy@terraquantum.swiss or via our contact form.

When you submit your request, we will take steps to attempt to verify your identity. We will seek to match the information in your request to the personal information we maintain about you. As part of our verification process, we may ask you to submit additional information, use identity verification services to assist us, or if you have set up an account on our website, we may ask you to sign in to your account as part of our identity verification process. Please understand that, depending on the type of request you submit, to protect the privacy and security of your personal information, we will only complete your request when we are satisfied that we have verified your identity to a reasonable degree of certainty.

We do not discriminate against individuals who exercise their rights under applicable law.

If we receive a request from an authorized agent, we have the right to verify with the data subject that the data subject indeed wants to take the action requested by the agent and will do so by contacting the data subject directly.