Privacy Policy

Quarticle GmbH (Zürcherstrasse 23, 5400 Baden, Switzerland) and Quarticle Research SRL (Emanoil Gojdu Street 11, 310090 Arad, Romania) (hereinafter collectively “Quarticle”, “we”, or “us”) are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data, in compliance with the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP). By using our website (https://quarticle.ch) and services, you agree to the processing of your personal data as described in this Policy. If you have any questions or concerns about our use of your personal information, you can contact us at contact@quarticle.ch.

We may collect and process the following categories of personal data:

• Information You Provide to Us: When you interact with our site or services (for example, by filling out the contact form or subscribing to our newsletter), you may provide personal information such as your first name, last name, business email address, company name, job title, industry, country, phone number, and any other information you choose to share (e.g. in a message). This includes data you provide when you:

• contact us via our online form or email for inquiries or support;
• subscribe to our newsletter or request marketing materials;
• apply for a job or submit a CV (if you send us recruitment-related communications);
• register for an event, download a whitepaper, or otherwise request information or services from us.

• Information Collected Automatically: When you visit our website, certain data may be collected automatically about your device and usage of the site. This may include your IP address, browser type, device information, pages visited, and the date/time of your visits. We use cookies and similar technologies to collect some of this information. Importantly, we only use essential cookies necessary for our site’s functionality. For analytics, we use Simple Analytics, a privacy-friendly analytics tool that does not use cookies or collect personally identifying information. This means we do not use Google Analytics or any intrusive tracking cookies on our site. The automatically-collected data is used in aggregate form to help us understand website traffic and usage patterns, without identifying individual visitors. For more details, please see our Cookie Policy (available on our website) which provides additional information on our use of cookies and similar technologies.
• Information from Public Sources: We may also collect information from publicly available sources. For example, we might obtain contact or professional information about you from public business profiles (e.g. LinkedIn) or company websites, especially if we believe your organization could benefit from our solutions. We only collect such public information where it is lawful and relevant to our business (for instance, identifying potential business customers or job candidates).

We do not knowingly collect any sensitive personal data (such as data about health, political opinions, etc.) through our website. We also do not intend to collect data from children or minors under the age of 18, and our services are not directed at minors. If you are under 18, please do not submit any personal information to us. If we learn that we have inadvertently collected personal data from a minor, we will delete it.

We process personal data for specific purposes and only where we have a lawful basis to do so. The purposes for which we use your personal information include:

• Providing and Improving Our Services: We use your contact and identity information to respond to your inquiries, provide the products or information you request, and deliver our services or materials to you. For example, if you fill out our contact form or request a demo, we will use your data to identify you and provide the appropriate response or service. This processing is generally necessary to take steps at your request prior to entering into a contract, or to fulfill our contractual obligations to you (GDPR Art. 6(1)(b)). We may also use the information to improve our offerings and user experience – for instance, by understanding common user questions or optimizing our website’s content and functionality. Such improvements may be based on our legitimate interest in enhancing our services (GDPR Art. 6(1)(f)), ensuring any impact on your privacy is minimal and justified.
• Marketing and Communications (with Consent): With your permission, we will use the personal data you provide (such as your name and email) to send you newsletters, updates about new products, industry insights, event invitations, or other marketing communications. This includes sending you technical eBooks, white papers, case studies, or webinar invitations if you have opted to receive such communications. The legal basis for this is your consent (GDPR Art. 6(1)(a)); for example, by ticking the box to subscribe to our newsletter or to receive marketing emails, you explicitly agree to this use. You can withdraw your consent at any time (see Your Rights below), and we will stop sending you marketing communications. We do not engage in unsolicited email marketing without your opt-in consent.
• Recruitment (Talent Acquisition): If you submit a job application or contact us regarding employment opportunities, we will use your personal data (such as your CV, cover letter, application form details, and contact information) solely for recruitment purposes – i.e. to evaluate your qualifications, contact you for interviews, and manage the hiring process. This processing is based on steps necessary prior to potentially entering an employment contract (GDPR Art. 6(1)(b)) and our legitimate interest in recruiting qualified personnel. We will retain recruitment data only for as long as necessary for the hiring process or as required by law, and will inform you separately if we intend to keep your application on file for future opportunities.
• Compliance with Legal Obligations: We may process your personal data where necessary to comply with applicable laws and regulations (GDPR Art. 6(1)(c)). For instance, to meet record-keeping requirements, to respond to lawful requests by public authorities, or to fulfill our obligations under financial, data protection, or other regulations. In such cases, the processing is strictly for legal compliance purposes.
• Internal Analytics and Business Reporting: We may use personal data in an aggregated or anonymized form to generate internal reports and statistics, such as measuring the performance of our marketing campaigns or improving our risk models and services. Where possible, we anonymize or pseudonymize data so that it no longer identifies individuals. Anonymized data is not considered personal data and may be used for any purpose. Any use of personal data beyond the purposes described in this Policy will only occur if it is compatible with the original purposes or if we obtain your consent.
• Protecting Our Rights and Interests: On rare occasions, we may need to process personal data to establish, exercise, or defend legal claims, or to investigate and prevent fraudulent activities or misuse of our services. Such processing is based on our legitimate interests in safeguarding our business and ensuring the security of our services, or on legal obligations if applicable.

We will not use your personal data for profiling or automated decision-making that produces legal effects or similarly significant effects without your explicit consent. In fact, currently we do not carry out any fully automated decision processes on your data (all significant decisions involve human review). If this changes in the future, we will update this Policy accordingly and inform you of your rights (including the right not to be subject to solely automated decisions).

‍

As noted above, our website’s use of cookies is limited to what is necessary for functionality and basic analytics:

• Essential Cookies: These are functional cookies required for the proper operation of our site (for example, to enable page navigation, form submissions, or remembering your preferences). Because they are necessary for our website to function, these cookies are used without requiring consent. We do not use cookies for advertising or profiling purposes.
• Analytics (Simple Analytics): We use Simple Analytics to gather basic usage statistics (such as page visit counts, referrer information, and aggregate visitor trends) in a way that does not identify you personally. Simple Analytics does not set any cookies on your browser and does not track you across websites. It helps us improve our website by understanding how users in general interact with it, without collecting personal data. For example, we can see which pages are most visited or how users find our site, but we cannot see who you are or link the analytics data back to an individual.

We are committed to transparent and lawful marketing practices. Beyond explicit consent, we may rely on a soft opt-in or legitimate interest basis to re-engage existing customers, prospects, or contacts who have previously interacted with us, provided we offer clear and easy-to-use opt-out mechanisms at every communication. At all data collection points, such as contact forms, newsletter sign-ups, and event registrations, we clearly inform you about the types of marketing communications you may receive, allowing you to grant specific consent to categories such as newsletters, product updates, and event invitations. You may withdraw your consent or object to marketing communications at any time through the provided unsubscribe links or by contacting us directly. Our marketing data handling processes are designed to comply fully with data protection laws while enabling effective, respectful engagement.

For more detailed information, please read our Cookie Policy, which lists the cookies in use and their purposes. If in the future we introduce any new cookies or tracking tools that are not purely functional, we will inform you and obtain consent as required by law.

We treat your personal data with care and confidentiality. Within Quarticle, your information is shared only on a need-to-know basis. As joint controllers, both Quarticle GmbH and Quarticle Research SRL will have access to the data collected for the purposes described, so that we can serve you using our combined resources and expertise. We ensure that any internal access to your data is limited to authorized personnel who require it for their job duties (for example, our sales team handling inquiries, or our IT team maintaining the website).

We do not sell or rent your personal data to third parties for their own marketing or other purposes, and we do not otherwise disclose your personal data outside our organization except in the limited circumstances described below.

Specifically, we may share or disclose data to third parties only as follows:

• Service Providers (Processors): We may use trusted third-party companies to perform certain business-related functions necessary for the provision of our services. This includes, for example, website hosting providers, cloud storage or IT infrastructure services, email delivery services, analytics providers, or customer relationship management tools. These third parties will process personal data on our behalf under strict instructions and are bound by contracts to protect your information and to only use it for the purposes we specify. We ensure that all such third parties provide adequate safeguards for your privacy.
• Legal Obligations and Protection: We may disclose personal data to courts, law enforcement agencies, regulators, or other authorities if required by law or legally entitled to such information. We may also disclose data if we believe in good faith that it is necessary to prevent or respond to fraud, defend our rights or property, protect the safety of our users or the public, or investigate violations of our terms or the law. Any such disclosure will be made in compliance with applicable laws.
• Consent or Instruction: We will share your information with third parties outside Quarticle only if you have given us explicit consent to do so, or if you actively request us to share the information. 

Aside from the above, no other third parties have access to your personal data. In particular, we do not exchange your data with advertisers or social media platforms, and we do not engage in any data sharing that is not described in this Policy. Our current policy is not to disclose your data to any third-party companies, partners, or individuals outside Quarticle unless required for the above reasons.

Because Quarticle operates in both Switzerland and the European Union (Romania), your personal data may be transferred or accessible across these jurisdictions. We want to reassure you that Switzerland is recognized by the European Commission as providing an adequate level of data protection, equivalent to the standards of the GDPR. This means that personal data can flow between the EU/EEA and Switzerland freely under GDPR rules. Therefore, if we transfer data between our EU-based and Switzerland-based entities, such transfers are protected under the EU’s adequacy decision for Switzerland.

If we use third-party service providers located in other countries outside Switzerland or the European Economic Area (EEA), we will ensure that appropriate safeguards are in place for those data transfers. Our service providers are contractually obligated to handle personal data in compliance with privacy laws and this Policy.

You can contact us if you would like more information about international data transfers or the safeguards we have in place.

We will retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. In practice:

• contact form inquiries: retained for up to 2 years after our last correspondence, unless legal obligations require a longer period;
• newsletter subscribers: retained until you unsubscribe or withdraw your consent, after which your data will be deleted from our mailing lists within 30 days;
• customer/contractual data: retained for the duration of the contract and up to 10 years thereafter, in line with Swiss and Romanian laws;
• recruitment data: retained during the recruitment process and up to 12 months after its closure, unless you request earlier deletion or provide consent to a longer retention;
• website analytics data (via Simple Analytics): stored only in aggregate form, without personal identifiers, typically for up to 12 months.

Quarticle takes the security of your personal data seriously. We implement appropriate technical and organizational measures to safeguard your information against unauthorized access, disclosure, alteration, or destruction. These measures include, for example:

• Secure Communication: Our website uses HTTPS (SSL/TLS encryption) to secure the data transmitted between your browser and our site. This means any information you submit (such as form entries) is encrypted in transit.
• Access Controls: Internally, personal data is stored on secure servers, and we restrict access to personal information to authorized employees and contractors who need to process it for the purposes described in this Policy. They are subject to strict confidentiality obligations.
• System Security: We regularly update and patch our systems and software to address security vulnerabilities. We utilize firewalls, intrusion detection systems, and anti-malware tools to prevent and detect unauthorized system access. Our systems and databases are monitored for potential threats, and we conduct periodic security assessments and penetration tests where appropriate.
• Organizational Policies: We train our staff on privacy and security best practices. We have internal policies in place to handle data securely and to respond quickly in the event of an incident.

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the competent data protection authorities without undue delay (within 72 hours if required by GDPR), and we will inform affected individuals as appropriate. We will also take all necessary steps to contain and remedy the breach and prevent future occurrences.

Under applicable data protection laws (GDPR, and to a similar extent the Swiss FADP), you have a number of rights regarding your personal data. We respect and uphold these rights. They include:

• Right to Be Informed: You have the right to be informed about the collection and use of your personal data. This Privacy Policy is intended to provide you with that information.
• Right of Access: You can request confirmation of whether we are processing your personal data, and if so, request a copy of the data we hold about you. 
• Right to Rectification: If any personal data we have about you is inaccurate or incomplete, you have the right to request that we correct or update it without undue delay.
• Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal data in certain circumstances. This includes when the data is no longer needed for the purposes it was collected, if you have withdrawn consent and we have no other legal basis to continue processing, if you have objected to processing (see below) and we have no overriding legitimate grounds, if the data was processed unlawfully, or if erasure is required to comply with a legal obligation. Please note that this right is not absolute – sometimes we may need to retain certain information if required by law or if there are overriding legitimate grounds.
• Right to Restrict Processing: You have the right to request the restriction of processing of your personal data in certain situations. Restriction means we will store your data but not use it (other than minimal use as permitted, such as to secure the data or as necessary for legal claims) until the issue is resolved.
• Right to Object: You have the right to object to our processing of your personal data when such processing is based on legitimate interests or public interest (including profiling on those bases). If you file an objection, we will consider whether our legitimate grounds for processing override your privacy rights. Importantly, you have an unconditional right to object to the use of your personal data for direct marketing purposes at any time.
• Right to Object to Automated Decision-Making: As noted, we currently do not make decisions about you based solely on automated processing. However, should we engage in any automated decision-making (including profiling) that has legal or similarly significant effects on you, you have the right not to be subject to such decisions without human intervention. In any case, you would have the right to express your point of view and contest the decision We will inform you if we ever implement such automated decision processes.
• Right to Data Portability: For data you have provided to us and which we process by automated means on the basis of your consent or a contract, you have the right to request a digital copy in a common format so that you can reuse it or transfer it to another provider if you wish. Upon your request, we will supply your data in a structured, commonly used, readable format. You may also request that we transmit this data directly to another data controller where technically feasible.
• Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. For example, you can opt-out of our newsletter by clicking the “unsubscribe” link in any email or by contacting us. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal. Once consent is withdrawn, we will stop the specific processing that relied on consent. (Note: if there is another legal basis for the processing – for instance, if you consented to something that we can also process on a contractual basis – we may continue under that alternate basis, but we will inform you if so.)
• Right to Lodge a Complaint: If you believe that we have infringed your data protection rights or not handled your personal data lawfully, you have the right to file a complaint with a data protection supervisory authority. If you are in the EU/EEA, you can contact the supervisory authority in the member state of your habitual residence, place of work, or where an alleged infringement occurred. Our lead supervisory authority under the GDPR is likely the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP), given our EU establishment in Romania. If you are in Switzerland, you can contact the Federal Data Protection and Information Commissioner (FDPIC). We would, however, appreciate the chance to address your concerns directly before you approach a regulator – please feel free to contact us and we will do our best to resolve any issue.

These rights may be subject to certain conditions and legal exceptions. For example, we might not erase data we are required by law to keep, or we might deny a request for access if it adversely affects the rights and freedoms of others (such as another person’s privacy). But in any case, we will explain to you the reasoning if we cannot fulfill a request in full. We will not discriminate against you for exercising any of these rights.

Contact for Privacy Inquiries: If you wish to exercise any of your rights, or if you have questions or requests regarding your personal data, you can contact us by email at contact@quarticle.ch. This is our dedicated contact point for privacy matters for both Quarticle GmbH and Quarticle Research SRL. You may also send your request in writing to either of our business addresses:

• Quarticle GmbH – Zürcherstrasse 23, 5400 Baden, Switzerland
• Quarticle Research SRL – Emanoil Gojdu Street 11, 310090 Arad, Romania

Please indicate the nature of your request (for example, “Data Access Request” or “Request to Delete My Data”) and provide enough information for us to verify your identity. For your security and to prevent unauthorized access to your data, we may need to ask for additional information to confirm your identity before fulfilling certain requests (especially for access, deletion, or portability requests).

We will respond to your inquiry or request without undue delay and in any event within one month of receiving it. This period may be extended by up to two further months if necessary due to the complexity or number of requests. In such cases, we will inform you within one month of receiving your request and explain the reasons for the delay.

There is no fee for making a request to exercise your rights. However, if your request is clearly unfounded or excessive (for example, repetitive), we may charge a reasonable fee or refuse to act on it, as permitted by law.

Our website may contain links to external websites or services (for example, links to our social media pages on LinkedIn, X (Twitter), Facebook, etc. Please be aware that this Privacy Policy does not cover external websites/services not operated by Quarticle. We have no control over the privacy practices of those third parties, and you should review the privacy policies of any external sites you visit. We are not responsible for the content or data handling of external sites.

We may update this Privacy Policy from time to time to reflect changes in our data practices or legal requirements. If we make material changes, we will post the updated policy on this page and update the “Effective Date”. In case of significant changes, we may also notify you through additional means (such as by email if you have an account or subscription with us, or via a notice on our website’s homepage). We encourage you to review this Policy periodically to stay informed about how we are protecting your information.

Your continued use of our website or services after any modifications to the Policy will constitute your acknowledgment of the changes. However, if changes require your consent (for example, if we start processing data for a new purpose that requires consent), we will seek that consent where legally necessary.

If you have any questions, concerns, or comments about this Privacy Policy or our privacy practices, please do not hesitate to contact us:

Email: contact@quarticle.ch
Phone: +41 41 552 99 92 (international)

Postal Addresses:
- Quarticle GmbH (Headquarters), Zürcherstrasse 23, 5400 Baden, Switzerland.
- Quarticle Research SRL (Engineering Office), Emanoil Gojdu Street 11, 310090 Arad, Romania.
(You may address correspondence to either address; both companies will receive and handle privacy communications jointly.)

We will gladly assist you and answer any questions you may have about your personal data or this Policy.

‍

This Privacy Policy is issued jointly by Quarticle GmbH and Quarticle Research SRL as associated data controllers. It reflects our unified approach to data protection and serves to inform all users of our website and services, regardless of location, about how we handle personal data. 

Effective date,

30.09.2025