Privacy Policy
Back to main page
Effective date: October 1, 2024

Introduction

This Privacy Policy applies to all personal information that AYSA OÜ, Address: Sepapaja 6, Tallinn 15551, Estonia Registry code 14471074
VAT number EE102068018(from 2018-05-14), a company incorporated in Tallinn, Estonia (we, us, our) collects in connection with the operation of our online platform called Quantum AdVantage Matrix (QUAM). You can read more about Staticflow at https://quam.cc

We provide QUAM across a number of different countries therefore we may be subject to different privacy and data protection laws depending on the locations of the individuals identified below under ‘Who we collect personal information from’ (you, your).
We are committed to complying with our obligations under all applicable privacy and data protection laws that apply to the collection, disclosure and processing of your personal information.

Who we collect personal information from ‍We collect personal information from individuals who are users of Staticflow (users). QUAM is not aimed at persons under the age of 18 and we do not knowingly collect data from or about such individuals. The personal information we collect and how we use it Categories of Personal Information. We will only use personal information in a manner that is lawful for us to do so. In most cases, we only use personal information for the purpose for which it was collected, or where we reasonably consider that we need to use the personal information for another reason and that reason is compatible with or related to the original purpose.

If we need to use your personal information for an unrelated purpose, where required by applicable law, we will notify you and explain the legal basis which allows us to do so.

We set out in the table below a description of the ways we use or intend to use your personal information, and the legal bases we rely on to do so.

Please note that we may process your personal information for more than one lawful ground, depending on the specific purpose for which we are using your data. Please contact us if you require details about the specific legal grounds we are relying on to process your personal information where more than one ground has been specified in the table below.

Data Subject: Users
Type of Data
  1. Identity
  2. Identification
  3. Contact
  4. Payment
  5. Transaction
  6. Technical
  7. Profile
  8. Usage
  9. Marketing and communications

Lawful basis for processing including basis of legitimate interest:
  1. Performance of a contract with you
  2. Necessary for our legitimate interests
  3. With your consent

Purpose/Activities
  1. To verify your eligibility to use our products/services.
  2. To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.
  3. To use data analytics to improve our products/services and user experiences.
  4. To make suggestions and recommendations to you about our products/services that may be of interest to you.
  5. To respond to your queries, complaints, and/or feedback.
  6. To provide you with technical support.
  7. Payment handling.

Marketing
You may receive marketing communications from us if you have requested information from us or purchased products and/or services from us and you have not opted out of receiving that marketing communication from us.

We may use your identity, contact, technical, usage and profile data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.

Aggregated Data

We also collect, use and share Aggregated Data such as statistical or demographic data for our business purposes. Aggregated Data could be derived from personal information but is not considered personal information because it is not capable, directly or indirectly, of revealing a person’s identity. For example, we may aggregate user usage data to calculate the percentage of users accessing a specific feature of Staticflow. However, if we combine or connect Aggregated Data with other information so that it can directly or indirectly identify a person, we treat the combined data as personal information, and will only use it in accordance with this Privacy Policy.

We do not collect any ‘special categories of personal information’ or ‘sensitive personal information’ about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data. Please do not enter any such information into Staticflow.

Consents

Users of QUAM are required to comply with all applicable privacy laws.

We rely on our users to obtain all relevant privacy consents and authorisations from any person required by law, in order for the personal information that is entered by our users into Staticflow to be collected, disclosed and otherwise processed by us in accordance with this Privacy Policy.

We also rely on users to ensure that all personal information about data subjects entered into QUAM by such users that is held by us is accurate, up to date, complete, relevant and not misleading.

When you provide us with the personal information of any other person, you must ensure that:
  • you are authorised by that person to provide their personal information to us;
  • you have referred them to this Privacy Policy and obtained their express consent to us collecting, using and disclosing their personal information in accordance with this Privacy Policy, where required by applicable law; and
  • you have complied with the applicable privacy legislation in collecting and disclosing to us the personal information.
If you do not provide your personal information
It is not feasible to access Staticflow on an anonymous basis.

Where we need to collect personal information by law, under the terms of a contract we have with a customer, or in order to identify you as a user of QUAM , and you do not provide that personal information when requested, we may not be able to perform the contract we have in place with the customer. In this case, you will not be able to continue to use QUAM.

However, in certain cases, you may object to providing us with certain information. For example, if you are providing us with general feedback about QUAM or making a sales enquiry about Staticflow, you may choose to use a pseudonym.

How we collect your personal information
Our policy is to not collect personal information by means that are unfair or unreasonably intrusive in the circumstances. It is also our policy to collect personal information directly from the data subject about whom the personal information relates, where it is practicable for us to do so, for example, where you enter personal information of another individual into Staticflow. We use different methods to collect data from and about users including through:

Direct Interactions
You may provide us with your personal information by completing forms or by corresponding with us by post, phone, email or otherwise. This includes personal information you provide when you:
  • enquire about using our products or services;
  • enter into a business relationship with us;
  • create or login to your Staticflow account;
  • request marketing materials be sent to you;
  • enter a competition, promotion or survey; or
  • give us feedback or contact us.

Automated technologies or interactions
As you interact with our websites and platform, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal information by using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites that use our cookies. Further details about our use of cookies are provided below.
Third parties or publicly available sources
We may receive personal information about you from various third parties, who may be based outside of your jurisdiction, including:
  • analytics providers such as Google Analytics;
  • payment service providers such as Stripe, Inc.;
  • advertising networks such as Google Ads and Facebook Ads; and
  • search information providers such as Google.


Cookies
We may obtain information about your general internet usage by using cookies. A cookie is a small file which is stored on the hard drive of your computer. They help us to improve our websites and platform and to deliver a better and more personalised service.

You may block cookies by activating settings on your browser which allow you to refuse the setting of some or all cookies. If you do choose to block all cookies or essential cookies, you may not be able to access all or some parts of our websites or platform.

Most cookies we use are known as session cookies. These cookies will expire whenever you close your browser or shut down your computer. Other cookies used for a specific purpose will expire when that purpose is no longer required.

We use the following cookies:
  • Strictly necessary cookies: which are required for the operation of our websites and platform, such as enabling you to log into secure areas of our websites and platform, submitting comments to our blogs, or using submission forms.
  • Analytical/performance cookies: which allow us to recognise and count the number of visitors and to see how visitors move around our websites and platform when they are using them. These cookies help us improve our websites and platform such as ensuring visitors are able to easily find the content they are looking for.
  • Functionality cookies: which are used to recognise you when you return to our websites and platform and enable us to personalise our content for you and to remember your preferences, such as your choice of language or region.
  • Targeting cookies: which record your visits to our websites and platform, the webpages visited and links followed. This information is used to make our websites and platform and any advertising displayed there more relevant to your interests. We may also share this information with third parties for this purpose.

Disclosures of your personal information
We may share your personal information with the parties set out below. We will require all such third parties to respect the security of your personal information and to treat it in accordance with applicable law.
Marketing provider.
In order to analyse, advertise and promote our platform we use our marketing provider Element-X DOO Tivat, based in Montenegro, PIB 03470598, Registration number 51061508.
‍Offshore disclosure
There may be circumstances where we need to disclose personal information that we hold to overseas recipients, including our third-party service providers.

We will only do so in respect of overseas recipients who agree to comply with applicable privacy legislation.
Service providers
Our service providers act as processors and provide us with services that we use to:
  • operate and host our websites and platform;
  • provide our products and services;
  • send communications, including marketing, surveys and feedback requests;
  • measure the effectiveness our marketing communications.

We may collect and disclose your personal information using the following services:
  • Our analytics provider: Google Analytics
  • place of processing: United States;
  • Google’s privacy policy: https://policies.google.com/privacy;
  • Opt-out: https://tools.google.com/dlpage/gaoptout?hl=en;
  • Google utilises the personal information collected to track and examine the use of Staticflow, to prepare reports on its activities and share them with other Google services. Google may use the personal information collected to contextualise and personalise the ads of its own advertising network.

Our payment service provider: Stripe, Inc.
  • place of processing: United States
  • Stripe’s privacy policy: https://stripe.com/gb/privacy
  • payment for your subscription is processed by our payment service provider;
  • users are requested to provide their payment details and personal information directly to the payment service provider;
  • we will only receive a notification by the payment service provider as to whether payment has been successfully completed;

Our registration and authentication service provider: Firebase Authentication provided by Google LLC
  • place of processing: United States;
  • Google’s privacy policy: https://policies.google.com/privacy;
  • In order to simplify the registration and authentication process, Firebase Authentication can make use of third-party identity providers and save the information on its platform; Staticflow will be able to access some of the data stored by Firebase Authentication, for user registration or identification purposes;
  • Firebase Authentication may collect personal information for targeting and profiling purposes

Professional advisers
You may receive marketing communications from us if you have requested information from us or purchased products and/or services from us and you have not opted out of receiving that marketing communication from us.

We may supply personal information to our lawyers, bankers, auditors and insurers who provide consulting, banking, legal, insurance and accounting services, where they need to know the information in order to provide their services to us.

Regulators and other authorities
We may supply personal information to regulators and other authorities where applicable law requires us to provide the information to them.

Third party buyers
We may supply personal information to actual or potential third parties that we may elect to sell, transfer or merge parts of our business or assets to or with.

Third parties with your consent
We may also supply personal information to other third parties with your consent.

Other disclosures
We may also provide your personal information to our lawyers, insurers and professional advisors and any court or administrative body, for one or more of the following purposes:
For the purposes of obtaining professional advice;
  • To obtain or maintain insurance;
  • The prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;
  • To protect or enforce our rights or defend claims;
  • Enforcement of our claims against you or third parties;
  • The enforcement of laws relating to the confiscation of the proceeds of crime;
  • The protection of the public revenue;
The prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;
  • The preparation for, or conduct of, proceedings before any court, tribunal, mediator or arbitrator or implementation of the orders and binding decisions of the court, tribunal or arbitrator.
  • Where disclosure is required to protect the safety or vital interests of employees, users or property.


‍Data security
We have put in place industry standard security measures to prevent personal information from being lost, used, misused, accessed in an unauthorised way, altered or disclosed.

Although we take all reasonable steps to ensure that personal information is stored in a secure operating environment, we cannot guarantee the absolute security of personal information during its transmission or its storage on our systems.

Further, while we make every effort to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party hackers from illegally obtaining access to personal information.

We have procedures to deal with any suspected or actual personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.


‍Data storage and retention
Storage locations
We use our internal backend system to host personal information in Georgia.

Retention
We will only retain your personal information for as long as reasonably necessary while we have a business relationship with you (or your company), and thereafter where we have an ongoing business need to retain it, as required under law or to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information in the event of a complaint or if we reasonably believe there is a prospect it will be required for the purposes of litigation.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of the personal information, the purposes for which we process the personal information and whether we can achieve those purposes through other means, and any applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances, you can ask us to delete your data: see ‘Your legal rights’ below for further information.
We may, where permitted by applicable law, de-identify your personal information (so that it can no longer be associated with you, and is therefore no longer personal information) for research or statistical purposes.

Access to and correction of your personal information
Access to your personal information
We will handle all requests for access to personal information in accordance with our statutory obligations. You can request a copy of your personal information by contacting us using the contact details set out below.

Correcting your personal information
We rely on the individuals who provide us with personal information to provide us with accurate, up to date and reliable data, and to update us when personal information that we hold about them is not accurate, up to date or reliable.

You may contact us to make corrections to your personal information. In certain circumstances, our website and platform allow users to update the personal information about them and other data subjects that we hold.

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

We may need to request specific information from you to help us confirm your identity and ensure your right to access or correct your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response

Third party websites, plug-ins and applications
Our websites or platform may include links to third-party websites, plug-ins and applications. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites, plug-ins or applications and are not responsible for their privacy practices. We encourage you to read their privacy policies so that you understand how they may collect and process your personal information.

Complaints
You have the right to make a complaint about our handling of your personal information, or where you are not satisfied with our handling of your complaint by contacting the relevant privacy or information related agency in your jurisdiction:
Australia:
Australian Information Commissioner
Telephone:
1300 363 992
Website:
Enquiry form via the Contact us page at https://www.oaic.gov.au/about-us/contact-us
Address:
GPO Box 5288, Sydney NSW 2001 Australia

UK:
Information Commissioner
Telephone:
0303 123 1113
Email:icocasework@ico.org.uk

Address:
Wycliffe House, Water Lane Wilmslow, Cheshire SK9 5AF United Kingdom
Website: https://ico.org.uk/make-a-complaint/

California, USA:
California Privacy Protection Agency
Website: https://cppa.ca.gov/webapplications/complaint
Email: info@cppa.ca.gov

New Zealand:

Privacy Commissioner
Telephone:09-302 8655 (Auckland) / 0800 803 909 (outside Auckland)
Email: enquiries@privacy.org.nz
Address: PO Box 10-094, Wellington 6143 New Zealand

If a data subject wishes to make a complaint about a breach of the EU GDPR, they may refer the complaint to the relevant national Data Protection Authority that can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

Before you make a complaint to the relevant agency, we would appreciate the opportunity to address your concerns, so please contact us in the first instance. We will endeavour to respond to your complaint as soon as possible and in any event within 30 calendar days.

Please feel welcome to contact our Privacy Compliance Officer if you have any questions about this Privacy Policy using the following details:

Email: support@quam.cc

We may update or replace this Privacy Policy from time to time. We encourage you to periodically review this page for the latest information on our privacy practices.


Made on
Tilda