Privacy policyTerms and conditionsNDA

PRIVACY POLICY

PURSUANT TO EUROPEAN REGULATION NO. 2016/679 ("GDPR")

Please read carefully this privacy policy (hereinafter, "Privacy Policy") which is provided to users of the website qsrp.com (hereinafter, the "Website") pursuant to art. 13 of the GDPR, in which we indicate all the details relating to the processing of your personal data and their use.

1. DATA CONTROLLER

The data controller is QSRP Services AG with registered office in Alpenstrasse 15 6300 Zoug, Suisse, VAT N° CHE 162 125 585, (hereinafter "Data Controller") who can be contacted at the following e-mail address hello@qsrp.com.

2. PERSONAL DATA PROCESSED

The Data Controller will process the following personal data:

  1. Data provided voluntarily by the user: such as name, surname, telephone number, e-mail address, your postal address and country, services of interest and any other personal data provided by you spontaneously with your request (hereinafter "personal data" or even "data"). These are data directly provided by you by filling the contact form on the Website;
  2. Data acquired by us/provided by you in order to log in to the “Investor Relations” area: such as name, e-mail address and company/organization you work for, acquired by us or provided by you to create your account to access the Investor Relations Website’s private area (hereinafter “Area”) of the Website, as better specified in par. 3(b);
  3. Data collected using cookies or similar technologies: the Website employs only technical cookies, which are necessary for its functioning and cannot be disabled. These cookies do not store or process any personal information. In addition, we employ a tool called Plausible to conduct analytics activities on our Website. With this regard, please note that Plausible tracks visits to the Website by identifying unique IP addresses, anonymizing them immediately; therefore, no personal data is processed.
  4. Technical data: this category of data includes IP addresses or domain names of the devices used by users connecting to the Website, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment. These data are used only for statistical information (therefore they are anonymous), to check the correct functioning of the site and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Website: except for this possibility, the data on web contacts do not persist for more than 7 days.

3. PURPOSES AND LEGAL BASIS OF THE PROCESSING

Your personal data will be processed for the following purposes:

1. to respond to your requests

With reference to this purpose, the legal basis for the processing of your personal data is art. 6, paragraph 1, lett. b) of the GDPR "The processing is necessary for the execution of a contract of which the data subject is a party or for the execution of pre-contractual measures adopted at the request of the same".

The provision of personal data for this purpose is optional, but in the absence, it will not be possible for the Data Controller to follow up on your requests.

2. to allow you to access/register to the “Investor Relations” Website’s Area

The Data Controller will process Your Data in order to allow you to create an account to access the Area, as well as to manage the latter.

With reference to this purpose, the legal basis for the processing of your personal data is art. 6, paragraph 1, lett. b) of the GDPR "The processing is necessary for the execution of a contract of which the data subject is a party or for the execution of pre-contractual measures adopted at the request of the same".

The provision of personal data for this purpose is optional, but in the absence, it will not be possible for the Data Controller to create your account. Please also note that the creation of the account to access the Area is not automatic; all account creation requests will be examined and validated by the Data Controller discretionally; therefore, your request may be refused by the Data Controller.

Alternatively to the account creation process described above, the Data Controller can invite you to access the area by creating the account for you and sending you an e-mail containing a link to a page that allows you to create your password. In such context, the legal basis for the processing of your personal data is art. 6, paragraph 1, letter f) of the GDPR "The processing is necessary for the pursuit of the legitimate interest of the data controller or third parties, provided that the interests or fundamental rights and freedoms of the data subject that require the protection of personal data do not prevail, in particular if the person concerned is a minor". With particular reference to this account creation process based on the legitimate interest of the Data Controller or third parties, please note that the legitimate interest of the Data Controller to process the data is fairly balanced with your interests, rights and fundamental freedoms. The processing based on the legitimate interest of the Data Controller is not mandatory and you may oppose said processing in the manner referred to in this Privacy Policy and, in this case, the Data Controller shall no longer process personal data for this purpose, unless the Data Controller demonstrates the presence of overriding legitimate grounds. Therefore, if you oppose to the processing, in the absence of overriding legitimate grounds, the Data Controller will not be able to create your account.

3. To fulfil legal obligations to which the Data Controller is subject.

The Data Controller may use your personal data to: (i) fulfil any obligations under applicable laws, regulations or community legislation, satisfy requests from the authorities; and (ii) follow up on requests to exercise rights presented by the data subjects, involving, where appropriate, also third parties appointed as data processors.

With reference to this purpose, the legal basis for the processing of your personal data is art. 6, paragraph 1, letter c) of the GDPR "The processing is necessary to fulfil a legal obligation to which the data controller is subject".

4. for the pursuit of the legitimate interests of the Data Controller or third parties.

The Data Controller may use your personal data for the purpose of preventing fraud committed through the use of the Website and to allow the Data Controller or third parties to protect their rights and legitimate interests in court and / or out of court.

With reference to this purpose, the legal basis for the processing of your personal data is art. 6, paragraph 1, letter f) of the GDPR "The processing is necessary for the pursuit of the legitimate interest of the data controller or third parties, provided that the interests or fundamental rights and freedoms of the data subject that require the protection of personal data do not prevail, in particular if the person concerned is a minor". With particular reference to this purpose based on the legitimate interest of the Data Controller or third parties, pursuant to Article 6, paragraph 1, letter f) of the GDPR, please note that the legitimate interest of the Data Controller to process the data is fairly balanced with your interests, rights and fundamental freedoms. The processing based on the legitimate interest of the Data Controller is not mandatory and you may oppose said processing in the manner referred to in this Privacy Policy and, in this case, the Data Controller shall no longer process personal data for this purpose, unless the Data Controller demonstrates the presence of overriding legitimate grounds.

4. RECIPIENTS OF DATA AND DATA TRANSFER

Your data may be shared with:

  1. service providers, duly appointed as data processors;
  2. persons authorized by the Data Controller to process personal data who are committed to confidentiality or have an appropriate legal obligation of confidentiality;
  3. subjects delegated and / or appointed by the Data Controller to carry out activities strictly related to the pursuit of the aforementioned purposes, rightly appointed, where necessary, data processors;
  4. persons, companies or professional firms that provide assistance and advice to the Data Controller, rightly appointed as data processors where necessary;
  5. other companies of the Data Controller's Group.

Outside of the aforementioned hypotheses, your personal data will not be communicated except to subjects, bodies or authorities to whom communication is mandatory under legal or regulatory provisions.

Also considering that the Data Controller is part of an international group, Your personal data may be transferred outside the European Economic Area ("EEA"). The transfer of your personal data outside the EEA will take place in full compliance with the applicable data protection legislation, guidelines and recommendations issued by the relevant Supervisory Authorities.

5. DATA RETENTION PERIOD

The Data Controller will process personal data for the time strictly necessary to fulfil the purposes referred to in point 3 above.

With particular reference to the purpose referred to in point 3 a), your data will be kept for the time strictly necessary to respond to your request for information you have transmitted.

The personal data processed for the performance of the activities referred to in points 3 b) will be stored until your account is deleted – or, if the processing is based on the Data Controller’s legitimate interest, until you oppose to the processing – and, subsequently, where appropriate, for the retention period required by the applicable law.

We inform you that the personal data processed for the pursuit of the purposes referred to in point 3 c) will be kept until the time required by the specific obligation or applicable law.

Finally, the personal data processed for the pursuit of the purposes referred to in point 3 d) of this Privacy Policy will be retained until the exercise of the right of opposition by the data subject without prejudice to the right for the Data Controller to keep your personal data for the period of time provided and permitted by applicable law to protect its interests or third parties.

6. DATA PROTECTION

Your personal data are processed by the Data Controller in full compliance with current legislation. In particular, to ensure the security of your personal data, taking into account the state of the art and the costs of implementation, as well as the nature, object, context and purposes of the processing, as well as the risk of varying probability and severity for the rights and freedoms of individuals, the Data Controller has adopted appropriate technical and organizational measures to guarantee a level of security appropriate to the risk.

7. RIGHTS OF THE DATA SUBJECT AND WITHDRAWAL OF CONSENT

Consistent with the provisions of the GDPR, in the presence of the legal requirements, you have the right to ask the Data Controller, at any time, access to your personal data, the correction or cancellation of the same or to oppose their treatment. The law also allows you to exercise the right to request the limitation of processing in the cases provided for by art. 18 of the GDPR.

In the cases referred to in art. 20 of the GDPR, the data subject has the right to obtain in a structured format, commonly used and readable by automatic device, the data concerning him, as well as, if technically feasible, to transmit them to another holder without hindrance.

Requests relating to their rights and / or aimed at obtaining further clarification can be addressed to the Data Controller at the following e-mail address: hello@qsrp.com.

Finally, we remind you that you always have the right to lodge a complaint with the competent Data Protection Supervisory Authority, pursuant to art. 77 of the GDPR, if you believe that the processing of your data is contrary to the legislation in force.

Last updated: 16/07/2024