Privacy Policy

Definitions

To ensure clarity and consistency throughout this Privacy Policy, we apply the following definitions:
Privacy Policy: This document, which fulfills our duty to inform you as set out in Articles 13 and 14 of the GDPR.
Data: Personal data, meaning any information concerning an identified or identifiable natural person. For such individuals, our duty to provide information is fulfilled by making the contents of this Privacy Policy continually accessible.
You: The individual whose Data we process as outlined in this Privacy Policy.
We/Controller: Quantum Studio Limited, company number 78387886, address: Flat A, 8/F, Kingswell Comm Tower, 171 Lockhart Rd, Wan Chai, Hong Kong. You can reach us by mail at the listed address or via email info@quantumstudiolimited.com.
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of data and the free movement of such data, and repealing Directive
Customer: A party with whom the Controller has concluded or is negotiating an agreement to provide services.
Representative: An individual who interacts with the Controller on behalf of the Customer or other cooperating or corresponding entity.

‍

Data collection and refusal implications

This Policy applies to the Data we collect from the following:

• Individuals who contact us, particularly via email.
• Visitors to the website http://quantumstudiolimited.com/, where data may be gathered through cookies.

Purposes, legal basis, and data processing periods

We process your personal data for the purposes detailed below. Each purpose includes the legal basis and corresponding data processing period.

We retain Data only for as long as necessary for its purpose. After that, it is either deleted or anonymized, unless we are legally obligated or permitted to retain it longer.

‍

Data we do not process

We do not knowingly collect or store personal data of children under 18. If you believe your child has provided us with personal data, please notify us. If we discover such data was collected without verified parental consent, we will delete it.

We also do not process any Sensitive Personal Information, such as racial or ethnic origin, membership in political parties or political opinions, religious or philosophical beliefs, trade union membership, genetic/biometric data, health, sex life or sexual orientation. Nor do we collect any information about criminal convictions and offenses. If you believe that We have collected such information, please directly contact Us immediately in order to delete this information and resolve issues.

‍

Data recipients

In some cases, your Data may be shared with third parties, including:

• Entities to whom we outsource Data processing services will include our contractors, accounting entities, law firms, hosting, CRM, tools, and other entities necessary to fulfill our obligations; 
• Public authorities, including the Police and other law enforcement agencies, in connection with their proceedings under the relevant provisions of law. We ensure that our processors are fulfilling all obligations and requirements stemming from art. 28 GDPR.

‍

Your rights

Under applicable data protection laws, you have the following rights:

• Right to withdraw - you have the right to withdraw your consent where you have previously given your consent to the processing of your Data;
• Right to object - you have the right to object to the processing of your Data if the processing is carried out on a legal basis other than consent.
• Right to be informed - you can ask Us what categories of your Data is being collected;
• Right to opt-out - you can ask Us to stop using your Data for business and other benefits;
• Right to erasure (right to be forgotten) - you can ask Us to delete your Data;
• Right of access - you can ask Us to provide the list of actual Data values collected;
• Right to non-discrimination - We provides equal services, meaning they cannot discriminate against your rights;
• Right to rectification - you can ask Us to correct your Data in a situation when such data available Us or disclosed to third parties is inaccurate or incomplete;
• Right to restrict - you can ask Us to introduce the restriction regime on the processing of your Data, so that in each case the data may be processed only upon separate consent from you.
• Right to data portability - if We process your Data based on your consent, or the processing is carried out by automated means, you may request to receive your Data in a structured, commonly used and machine-readable format, and to have Us transfer your Data directly to another Controller, where technically feasible unless the exercise of this right adversely affects the rights and freedoms of others. (Controller is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of your Data).
• Right to lodge a complaint - if you believe that we have infringed your rights, We encourage you to contact us first so that We can try to resolve your issue or dispute informally. You also have a right to lodge a complaint with a competent supervisory authority.
• Storage of your personal information - We will try to limit the storage of your Data to the extent that storage is necessary to serve the purpose(s) for which the Data was processed, to resolve disputes, enforce our agreements, and as required or permitted by law.

To exercise any of these rights, please contact Us and We will respond to your request within a reasonable timeframe and notify you of the actions taken. 

‍

International data transfers

If you are located in the EU, note that your Data may be transferred to countries outside the EU. We will take additional measures in order to establish that your Data is treated just as safely and securely as it would be within the European Union and under the Data Protection Legislation as follows: 

• Only using service providers compliant with EU data standards;
• Granting access to your Data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality; 
• Procedures for breach handling (the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, your personal data) including notifying you and the governing authority where We are legally required to do so.

We only transfer Data internationally when adequate protections are in place.  We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other Data. Some third parties we use are outside the EEA. In those cases, we follow EEA adequacy decisions or use contractual protections.

Once We transfer your Data outside the EEA, We shall observe the criteria set within the EEA. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries:(https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en) Where We share Data with fraud and crime prevention agencies and fraud and/or criminal history checking service providers in the EEA, they may transfer your Data outside of the EEA, in this case they impose contractual obligations on the recipients of that data to protect your Data to the standard required in the EEA and/or they may require the recipient to subscribe to certain standards, intended to enable secure data sharing. 

If you’d like further information on our international transfer safeguards, please contact us.

‍

Personal data retention

We retain your Data only as long as necessary for its intended purposes, and as required by law. We will not keep your Data for any longer than is necessary for the scope of the reason(s) for which it was collected.  Retention duration is based on:

• Our objectives and requirements;
• The type of data involved;
• Legal basis for processing;
• Statutory or contractual retention obligations.

We regularly review stored Data to determine whether it remains necessary.

‍

Automated decision-making

We do not engage in automated decision-making, including profiling.

‍

Policy updates

This Privacy Policy is effective as of the publication date and remains in force until modified.
except with respect to any changes in its provisions in the future, that come into force and will be applied immediately after they are published on the Website. We may update and/or change the terms of this Privacy Policy, and We will notify you by revising the date at the top of this policy and, in some cases, We may provide you with additional notice such as adding a statement to Website by emailing you directly prior to these changes taking effect, so that you aware of the type of Data We collect, proceeds and storage, and how it will be used, and under what circumstances, if any, We may disclose such information. The current option was last updated on July 15, 2025.