Quantum Business Innovations

GDPR Compliance

Last Updated: 12/12/2025

1. Introduction

At Quantum Business Innovations LLC, we are committed to protecting the privacy and rights of individuals in accordance with the General Data Protection Regulation (GDPR). This GDPR Compliance Statement outlines our approach to data protection and how we comply with the GDPR requirements.

The GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas.

2. Our Commitment to GDPR Compliance

We have implemented various measures to ensure compliance with the GDPR principles, including:

  • Lawfulness, fairness, and transparency: We process personal data lawfully, fairly, and in a transparent manner.
  • Purpose limitation: We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.
  • Data minimization: We ensure that personal data is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
  • Accuracy: We take reasonable steps to ensure that personal data is accurate and kept up to date.
  • Storage limitation: We keep personal data in a form that permits identification of data subjects for no longer than necessary for the purposes for which it is processed.
  • Integrity and confidentiality: We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
  • Accountability: We are responsible for and can demonstrate compliance with the GDPR principles.

3. Legal Basis for Processing

We process personal data only when we have a legal basis to do so. The legal bases we rely on include:

  • Consent: The individual has given clear consent for us to process their personal data for a specific purpose.
  • Contract: The processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract.
  • Legal obligation: The processing is necessary for us to comply with the law.
  • Legitimate interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual's personal data which overrides those legitimate interests.

4. Data Subject Rights

Under the GDPR, individuals have the following rights regarding their personal data:

  • Right to be informed: Individuals have the right to be informed about the collection and use of their personal data.
  • Right of access: Individuals have the right to request access to their personal data.
  • Right to rectification: Individuals have the right to have inaccurate personal data rectified, or completed if it is incomplete.
  • Right to erasure: Individuals have the right to have their personal data erased in certain circumstances.
  • Right to restrict processing: Individuals have the right to request the restriction or suppression of their personal data in certain circumstances.
  • Right to data portability: Individuals have the right to obtain and reuse their personal data for their own purposes across different services.
  • Right to object: Individuals have the right to object to the processing of their personal data in certain circumstances.
  • Rights related to automated decision making and profiling: Individuals have rights related to automated decision making and profiling.

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below.

5. Data Protection Officer

While we are not required to appoint a Data Protection Officer (DPO) under the GDPR, we have designated a point of contact for data protection matters to ensure compliance with the GDPR and to handle data subject requests.

6. Data Breach Notification

In the event of a personal data breach, we have procedures in place to detect, report, and investigate the breach. If the breach is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible. We will also notify the affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms.

7. Data Protection Impact Assessment

We conduct Data Protection Impact Assessments (DPIAs) when processing is likely to result in a high risk to the rights and freedoms of individuals. DPIAs help us identify and minimize data protection risks.

8. International Data Transfers

We may transfer personal data to countries outside the European Economic Area (EEA). When we do so, we ensure that appropriate safeguards are in place to protect the personal data, such as:

  • Standard contractual clauses approved by the European Commission
  • Binding corporate rules
  • Adherence to the EU-US Privacy Shield Framework (where applicable)
  • Other legally approved transfer mechanisms

9. Data Processors

We ensure that any third-party data processors we use comply with the GDPR. We have data processing agreements in place with our data processors that include provisions required by the GDPR.

10. Training and Awareness

We provide training to our staff on data protection and GDPR compliance to ensure they understand their responsibilities when handling personal data.

11. Records of Processing Activities

We maintain records of our processing activities as required by the GDPR. These records include information such as the purposes of processing, categories of personal data and data subjects, recipients of personal data, international transfers, retention periods, and security measures.

12. Cookies and Similar Technologies

We use cookies and similar technologies on our website. We obtain consent for the use of non-essential cookies in accordance with the GDPR and the ePrivacy Directive. For more information, please see our Cookie Policy.

13. Changes to This Statement

We may update this GDPR Compliance Statement from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the updated statement on our website with a new effective date.

14. Contact Us

If you have any questions, concerns, or requests regarding this GDPR Compliance Statement or our data protection practices, please contact us at:

Email: josh@quantumbusinessinnovations.com

Phone: (616) 287-0331