Our Privacy Policy
1. Overview
Your privacy is important to us. This Privacy Notice explains how Quantexa Limited and its group companies ("Quantexa", "we", "us" or "our") collect, use and protect your personal data when you:
visit our website at www.quantexa.com or any associated pages (the "Site");
register for, attend or participate in one of our events, webinars or community forums;
engage with us as a prospect, client, or vendor, including when we market our services to you;
are a director, beneficial owner or representative of a current or prospective client or vendor organisation; or
are an individual whose personal data we process as part of delivering our services to our clients.
This notice does NOT cover the processing of personal data about Quantexa's own employees, workers or job applicants. Those individuals should refer to Quantexa's separate Employee and Recruitment Privacy Notice.
Quantexa is committed to protecting your personal data in accordance with the UK GDPR, the EU GDPR, the Data Protection Act 2018, and applicable US state privacy laws including the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), and other applicable US state laws. This notice is provided in a layered format so you can navigate directly to the area most relevant to you.
2. Who We Are and How to Contact Us
Data Controller
The data controller responsible for your personal data is the Quantexa group entity to which you provided your data (the "Quantexa entity"). Where that Quantexa entity is located outside the United Kingdom, your personal data is jointly controlled by that entity and Quantexa Limited in the UK, with Quantexa Limited acting as the lead controller for processing. A joint controller and intercompany agreement is in place between the relevant Quantexa group entities to set out their respective roles and responsibilities. Where you provided your data to Quantexa Limited in the UK, Quantexa Limited is the sole controller of your personal data. Quantexa Limited is registered in England and Wales (company number 10045407).
The Quantexa group entities that may act as the Quantexa entity (or as a joint controller alongside Quantexa Limited) include:
Quantexa BVBA (Belgium)
Quantexa B.V. (Netherlands)
Other Quantexa group entities operating in your jurisdiction
Contact Details
For any questions about this notice or to exercise your rights, please contact [dpo email address].
3. Who This Notice Applies To
This notice applies to the following categories of data subjects:
Data Subject Category | Description |
Website Visitors | Individuals who visit www.quantexa.com or associated pages. |
Prospects / Potential Clients | Business contacts at organisations that may become Quantexa clients, including those sourced via website forms, events, third-party data providers, or direct outreach. |
Clients | Business contacts at organisations that have engaged Quantexa for products or services. |
Client Employees / End Users | Individuals at client organisations whose personal data Quantexa processes as part of delivering its services. |
Vendors / Supplier Contacts | Individuals employed by or representing organisations from which Quantexa procures goods or services. |
Directors & Beneficial Owners | Directors, officers and beneficial owners of client or vendor organisations, whose data Quantexa processes for compliance and due diligence purposes. |
Community Users | Individuals who register for and use the Quantexa Community Forum. |
Event / Webinar Attendees & Speakers | Individuals who attend or speak at Quantexa-hosted events or webinars, whether in person or online. |
This website and our services are not directed at children under the age of 16. We do not knowingly collect personal data from children.
4. The Data We Collect About You
Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). The types of personal data we may collect depend on your relationship with us:
Identity Data
First name, last name, job title, employer or organisation name
For directors and beneficial owners: date of birth, nationality, shareholding percentage, and registered address
Contact Data
Business email address, telephone number (including mobile), business postal address
Financial and Transaction Data
Bank account and payment card details (for client and vendor billing purposes only)
Invoice and payment records, details of products and services purchased
Compliance and Due Diligence Data
Results of PEP (Politically Exposed Person) screening, sanctions screening, and adverse media checks against the names of vendor and client directors and beneficial owners
Corporate filing information and share ownership details from public registries
This may in certain cases constitute special category personal data (e.g., political opinions) or data relating to criminal convictions
Technical and Usage Data
IP address, browser type and version, time zone and location, browser plug-ins, operating system and platform
Pages visited, links clicked, files downloaded, time spent on pages, referral source
Login credentials, session IDs and system activity logs (for clients and community users with system access)
Marketing and Communications Data
Your marketing preferences, opt-in and opt-out status, and communication preferences
Records of our communications with you, including email correspondence and call records
Webinar attendance and engagement data (e.g., registration, attendance, content viewed, questions asked)
Video recordings or photographs from in-person events or webinars where you appear
Profile Data
Community forum username, profile details, forum posts, and any personal data you voluntarily share in community discussions
Aggregated and Analytics Data
Statistical and demographic data derived from the above. Where this is combined with personal data in a way that identifies you, we treat the combination as personal data subject to this notice.
Special Category and Criminal Conviction Data
In limited circumstances, Quantexa processes special category personal data or data relating to criminal convictions and offences as part of its statutory compliance obligations:
The screening of vendor and client directors and beneficial owners against PEP and sanctions lists may reveal political opinions or information relating to criminal offences. This processing is conducted on the basis of compliance with legal obligations and, where applicable, substantial public interest under Schedule 1, Part 2 of the Data Protection Act 2018.
For all other data subjects covered by this notice, we do not seek to collect special category personal data. If you voluntarily disclose such information (for example in a community forum post), we will handle it in accordance with this notice and applicable law.
5. How We Collect Your Personal Data
Direct Interactions
You provide data when you: fill in a form on our website (e.g., a contact, demo request, or content download form); register for or attend an event, webinar or community forum; engage with us in a sales or procurement process; correspond with us by email, phone or otherwise; subscribe to our newsletter or marketing communications; or give us feedback or contact us.
Automated Technologies and Interactions
As you interact with our website, we automatically collect Technical Data via cookies, web beacons, server logs and similar technologies. For full details see our Cookie Declaration at www.quantexa.com/legal/cookie-declaration/. We ask your consent before dropping any non-essential cookies.
Third-Party and Publicly Available Sources
We receive or obtain personal data from third parties including:
B2B data providers and brokers (such as ZoomInfo and Bloomberg) who supply business contact details for individuals at organisations in our target market;
Event partners and co-hosts who share attendee information where you have consented or sharing is otherwise lawful;
Analytics providers (including Google Analytics) who supply aggregated and pseudonymised usage data;
Public corporate registries (such as Companies House, the KVK in the Netherlands, and equivalents) for directors and beneficial owner information;
Compliance data providers (such as CreditSafe) used for PEP, sanctions and adverse media screening;
Social media platforms (such as LinkedIn) where you have made your professional profile publicly available; and
Other Quantexa group entities, in the course of operating our global business.
Article 14 GDPR Notice: Where we obtain your personal data from a third party (e.g., a B2B data provider) and you have not directly interacted with us, we are required under Article 14 of the UK/EU GDPR to inform you that we hold your data. We do this by including this notice on our website and by contacting you at the point of first outreach or as soon as reasonably practicable.
6. How We Use Your Personal Data
We will only use your personal data when the law allows us to. The legal bases we rely on are:
Contract: processing is necessary to perform a contract with you or take steps at your request before entering a contract;
Legal Obligation: processing is required to comply with a legal obligation;
Legitimate Interests: processing is necessary for our legitimate interests (or those of a third party), and those interests are not overridden by your interests, rights or freedoms; or
Consent: you have given freely given, specific, informed and unambiguous consent (e.g., for certain marketing communications or non-essential cookies).
The table below sets out all the ways we use your personal data, the legal basis, and the data subjects affected.
Purpose / Activity | Legal Basis (and legitimate interest where applicable) | Data Subjects Affected |
Operating and maintaining our website, including security, hosting and troubleshooting | Legitimate interests (ensuring our website functions securely and effectively) | Website visitors |
Analytics and functional cookies | Legitimate interests (strictly necessary / functional); Consent (analytics, advertising and non-essential cookies) | Website visitors |
Sourcing B2B leads via forms and events where opt-in consent was given | Consent | Prospects |
Sourcing B2B leads via forms and events where no opt-in was given (e.g., business card exchange, event attendance without opt-in) | Legitimate interests (promoting our B2B services to relevant business professionals) | Prospects |
Sourcing B2B leads from third-party data providers (e.g., ZoomInfo, Bloomberg, data brokers) | Legitimate interests (identifying and contacting relevant business contacts in our target market) | Prospects |
Lead management: progressing prospects through our sales funnel via CRM | Legitimate interests (managing our sales process efficiently) | Prospects |
Email marketing to existing contacts and clients | Legitimate interests (nurturing existing business relationships) | Prospects, Clients |
Telephone marketing: calling business contacts to discuss Quantexa products and services | Legitimate interests (B2B telephone marketing) | Prospects, Clients |
Postal marketing: sending printed materials, gifts and marketing collateral | Legitimate interests (B2B direct mail) | Prospects, Clients |
Online advertising: targeted ads on third-party platforms (e.g., LinkedIn) using business profile data | Legitimate interests (promoting our services to relevant audiences); Consent (where required by applicable law) | Prospects, Clients |
Lead generation by third-party marketing partners acting on our behalf | Legitimate interests (identifying potential clients through partners) | Prospects |
Marketing analytics: measuring campaign effectiveness and building audience models | Legitimate interests (improving and targeting our marketing) | Prospects, Clients |
Webinar hosting: registration, access management, session recording, attendee follow-up | Legitimate interests (delivering educational content and nurturing relationships) | Prospects, Clients, Event Attendees |
Event recording and photography (in-person and online events where you may appear) | Legitimate interests (brand promotion and event marketing). You may opt out by notifying a member of staff at the event. | Event Attendees, Speakers |
Registering and onboarding new clients and managing the contractual relationship | Legitimate interest (operating our business, managing the client relationship, and ensuring accurate records of client engagements)
| Clients |
Delivering services to clients, including processing personal data appearing in client datasets | Legitimate interests (delivering contracted services to our clients); Legal obligation (where applicable) | Clients, Client Employees |
System activity logging: recording client user activity to detect misuse and fraud | Legitimate interests (protecting our systems and clients from misuse and fraud) | Clients |
Operating the Quantexa Community Forum | Performance of a contract (community membership terms) | Community Users |
Client and vendor invoicing and payment processing | Legitimate interests (collecting payment from clients and paying vendors as part of operating our business); Legal obligation (tax and accounting record-keeping) | Clients, Vendors |
Vendor and supplier management | Legitimate interests (managing our procurement and supplier relationships) | Vendors |
PEP, sanctions and adverse media screening of vendor and client directors and beneficial owners | Legal obligation (AML, sanctions, and anti-bribery compliance obligations) | Directors & Beneficial Owners |
Statutory filings and corporate registry submissions (e.g., Companies House, KVK) | Legal obligation | Directors & Beneficial Owners |
Managing our relationship with you (notifying of changes to terms or this notice, requesting reviews/surveys) | Legitimate interests (keeping records up to date and maintaining business relationships); Legal obligation (where applicable) | All relevant data subjects |
Communicating with you about enquiries, requests or complaints | Legitimate interests; Legal obligation (as applicable) | All data subjects |
Data subject rights management (DSARs and other privacy rights requests) | Legal obligation | All data subjects |
Defending or establishing legal claims, or complying with court orders | Legitimate interests; Legal obligation | All data subjects |
Business reorganisation, merger, acquisition or asset sale | Legitimate interests (conducting lawful business restructuring) | All data subjects |
Marketing Choices
You can opt out of marketing at any time by: clicking the unsubscribe link in any marketing email; contacting us at dpo@quantexa.com; or, for California residents, exercising your opt-out rights under Section 13. Opting out will not affect processing we carry out on other legal bases.
Profiling
We carry out profiling for marketing purposes, including segmenting our database by sector, seniority, geography and engagement level to serve you more relevant communications. This profiling does not involve solely automated decision-making that produces legal or similarly significant effects on you.
7. Who We Share Your Data With
We may share your personal data with the following categories of recipients for the purposes set out in Section 6:
Quantexa Group Companies
Other entities in the Quantexa group (including entities in the UK, Belgium, Netherlands, USA, Canada, Australia, Singapore and other countries) acting as joint controllers or processors, for shared business operations, IT services and leadership reporting.
Technology and Service Providers
Processors providing CRM, marketing automation, IT infrastructure, cloud hosting, cybersecurity, webinar platforms, community forum platforms, event management, analytics and advertising services, postal and fulfilment services, and document processing and storage.
Compliance and Due Diligence Providers
Providers of PEP, sanctions and adverse media screening services (such as CreditSafe) and corporate registry data services, for statutory compliance purposes.
Professional Advisers
Lawyers, auditors, accountants, insurers and other professional advisers in connection with our business operations, legal proceedings or insurance claims.
Regulatory and Government Authorities
HM Revenue & Customs, the ICO, Companies House, the KVK, the Financial Conduct Authority, and equivalent regulatory, tax and corporate registration authorities in the countries where we operate, where required by law.
Event and Webinar Co-Hosts
Where we co-host events or webinars, we may share attendee details with the co-host where you have agreed to this or where it is communicated at registration.
Business Transfers
In the event of a merger, acquisition or asset sale, your personal data may transfer to the relevant third party, who must use it consistently with this notice.
All third parties are required to process your data securely, in accordance with applicable law and our instructions, and only for specified purposes.
8. International Transfers of Personal Data
Quantexa is a global organisation and your personal data may be transferred to and processed in countries outside the UK and/or the EEA, including the United States, Canada, Australia, Singapore and other countries where our group companies or service providers operate. These countries may not have equivalent data protection laws to those in the UK or EU.
We ensure that international transfers are subject to appropriate safeguards:
Transfers from the UK
Adequacy regulations: transfers to countries the UK Secretary of State has deemed adequate.
UK International Data Transfer Agreements (IDTAs): used where no UK adequacy decision applies, or the ICO-approved addendum to the EU Standard Contractual Clauses.
Transfers from the EEA
European Commission adequacy decisions: transfers to countries the European Commission has found adequate.
EU Standard Contractual Clauses (SCCs): used where no adequacy decision applies.
Where applicable, we also carry out Transfer Impact Assessments to evaluate the laws and practices of the destination country and to confirm that the safeguards in place provide an essentially equivalent level of protection.
9. Cookies and Tracking Technologies
We use cookies, web beacons, pixels, and server logs on our website and in marketing communications to: remember your preferences and settings; analyse how visitors use our website; measure advertising campaign effectiveness; and personalise content and advertisements.
Strictly necessary and functional cookies are placed on the basis of legitimate interests in operating our website. All other cookies (analytics, advertising and personalisation) are placed only with your consent, which you can give or withdraw at any time via the cookie banner or preferences centre on our website.
For full details of the cookies we use, their purposes, duration and the third parties involved, please see our Cookie Declaration at: www.quantexa.com/legal/cookie-declaration/.
10. Data Security
We have implemented appropriate technical and organisational security measures to protect your personal data against accidental or unlawful loss, use, alteration, unauthorised disclosure or access. These measures include: encryption of data in transit and at rest; access controls and role-based permissions; regular security assessments and penetration testing; staff training on data protection; and incident response and breach notification procedures.
Access to your personal data is limited to those with a legitimate business need. All such individuals process data on our instructions and are subject to confidentiality obligations.
We have procedures in place to deal with suspected personal data breaches and will notify you and the relevant supervisory authority where legally required to do so.
11. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, regulatory, tax, accounting or reporting requirements.
Data Subject / Processing Activity | Retention Period | Rationale |
Website visitors (analytics data) | Up to 26 months from collection, or as set by cookie preferences | Standard analytics cycle |
Prospects — consent-based marketing | Until consent is withdrawn, plus 12 months | Active until opt-out |
Prospects — legitimate interest-based marketing | 3 years from last engagement, or until objection received | B2B sales cycle |
Prospects — data from third-party providers | 12 months from receipt, unless converted to active prospect | Data minimisation |
Client contact data and correspondence | Duration of contract plus 7 years from contract end | Limitation periods and tax/accounting requirements |
Client invoicing and financial records | 7 years from date of invoice | HMRC and legal requirements |
Client system activity logs | 12 months from date of activity | Security and fraud investigation |
Community forum data | Duration of membership plus 3 years after account closure | Dispute resolution and moderation |
Event / webinar recordings and photographs | 3 years from date of event | Marketing and brand promotion |
Vendor contact data and correspondence | Duration of contract plus 7 years from contract end | Limitation periods and procurement obligations |
PEPs / sanctions / adverse media screening records | 7 years from date of screen or end of relationship (whichever is later) | AML and legal compliance |
Director / beneficial owner data (statutory filings) | As required by applicable corporate law; typically 7 years from filing | Legal obligation |
Data subject rights requests (DSARs) | 3 years from completion of request | Demonstrating compliance and defending claims |
In some circumstances we may anonymise personal data so it can no longer be associated with you, in which case it may be retained indefinitely. In some circumstances you can ask us to delete your data earlier — see your rights in Section 12.
12. Your Rights Under UK and EU Data Protection Law
Under the UK GDPR and EU GDPR, you have the following rights. They are not absolute and may be subject to exceptions:
Right | What it means |
Access (Art. 15) | Request a copy of the personal data we hold about you and information about how we process it. We will respond within one month (extendable by two further months for complex requests). |
Rectification (Art. 16) | Ask us to correct personal data that is inaccurate or incomplete. |
Erasure (Art. 17) | Ask us to delete your personal data in certain circumstances, e.g., where we no longer need it, you have withdrawn consent, or you have objected successfully. Legal or contractual obligations may prevent immediate deletion. |
Object (Art. 21) | Object at any time to processing based on legitimate interests. You have an absolute right to object to direct marketing processing; for other purposes we will assess whether our interests override yours. |
Restriction (Art. 18) | Ask us to pause processing in certain circumstances, e.g., while we verify accuracy or consider an objection. |
Portability (Art. 20) | Where processing is based on consent or contract and is automated, receive your data in a structured, machine-readable format and request transfer to another controller. |
Withdraw Consent | Where we rely on consent, withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal. |
Automated Decision-Making (Art. 22) | Not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects on you. Under the UK GDPR (as supplemented by section 14 of the Data Protection Act 2018), this right applies to qualifying significant decisions, including those involving special category data, with additional safeguards. We do not currently make such decisions, but will update this notice and obtain your consent (or rely on another lawful basis) if this changes. |
How to Exercise Your Rights
Contact our DPO at dpo@quantexa.com or by post at FAO: Data Protection Officer, Quantexa Limited, 10 York Road, London, SE1 7ND. We may verify your identity before responding and will not normally charge a fee unless requests are manifestly unfounded or excessive.
Complaints
UK: all complaints must be sent to us in the first instance, and we will respond within the statutory time frame of 30 days. If you remain dissatisfied, you may then refer your complaint to the Information Commissioner's Office — www.ico.org.uk — 0303 123 1113
Belgium: Autorité de protection des données — www.dataprotectionauthority.be
Netherlands: Autoriteit Persoonsgegevens — www.autoriteitpersoonsgegevens.nl
Other EU member states: your local supervisory authority
13. Additional Rights for US Residents
This section applies to residents of US states with applicable privacy laws and supplements the information elsewhere in this notice.
California Residents — CCPA/CPRA
The California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA) provides California residents with specific rights regarding their personal information. The disclosures below cover personal information collected about individuals in a business context.
Categories of Personal Information Collected (past 12 months)
CCPA Category | Examples | Collected? |
Identifiers | Name, business email, IP address, business address | Yes |
Personal information (Cal. Civ. Code §1798.80) | Name, employer, business address, telephone number | Yes |
Protected classification characteristics | Not collected | No |
Commercial information | Records of products/services purchased or considered | Yes |
Biometric information | Not collected | No |
Internet / network activity | Browsing history on our site, interaction with content | Yes |
Geolocation data | General location inferred from IP address | Yes (limited) |
Sensory data | Event photographs and webinar recordings | Yes (where applicable) |
Professional / employment information | Job title, employer name | Yes |
Inferences from personal information | Marketing segments and interest profiles | Yes |
Sensitive personal information (CPRA) | Not processed for purposes beyond those permitted by CPRA | No (beyond permitted uses) |
Sale or Sharing of Personal Information
We do not sell personal information for money. However, under the CCPA/CPRA, sharing personal information with third-party advertising platforms for cross-context behavioural advertising (e.g., LinkedIn Matched Audiences) may constitute "sharing." You have the right to opt out of this sharing.
To opt out:
Use the "Do Not Sell or Share My Personal Information" link in the footer of our website;
Contact us at dpo@quantexa.com with the subject line "CCPA Opt-Out"; or
Use a browser or device signalling the Global Privacy Control (GPC), which we will honour as a valid opt-out signal.
Your CCPA/CPRA Rights
Right | What it means |
Right to Know | Request disclosure of the categories and specific pieces of personal information collected about you, sources and purposes of collection, and categories of third parties with whom it was shared. |
Right to Delete | Request deletion of personal information collected from you, subject to certain exceptions. |
Right to Correct | Request correction of inaccurate personal information we hold about you. |
Right to Opt-Out | Direct us not to sell or share your personal information for cross-context behavioural advertising (see above). |
Right to Limit Sensitive PI | Direct us to limit use of sensitive personal information to what is necessary. We do not use sensitive PI beyond CPRA-permitted purposes. |
Right to Non-Discrimination | We will not discriminate against you for exercising any of your CCPA/CPRA rights. |
To exercise your CCPA/CPRA rights, contact us at dpo@quantexa.com (subject: "CCPA Rights Request") or via our website contact form. You may designate an authorised agent with written proof of authority. We aim to respond within 45 days (extendable by a further 45 days with notice).
Other US State Residents
Residents of the following states have similar rights under applicable state privacy laws, including rights to access, correct and delete personal data, opt out of targeted advertising and profiling for decisions with significant effects, and appeal our decisions:
Virginia (Virginia Consumer Data Protection Act — VCDPA)
Colorado (Colorado Privacy Act — CPA)
Connecticut (Connecticut Data Privacy Act — CTDPA)
Texas (Texas Data Privacy and Security Act — TDPSA)
Oregon (Oregon Consumer Privacy Act — OCPA)
Other applicable US states
To exercise your rights under applicable US state law, contact us at dpo@quantexa.com with the subject line "US Privacy Rights Request" and specify your state. We will process your request in accordance with applicable law.
14. Third-Party Links
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
15. Changes to This Privacy Notice
We review this Privacy Notice regularly and update it to reflect changes in our practices, technology, legal requirements and other factors. The version date at the top of this notice indicates when it was last updated. Where changes are material, we will notify you by email (where we hold your address) or by posting a prominent notice on our website. Continued engagement with our services after an update constitutes your acknowledgment of the changes.
16. Contact Us
For any questions about this Privacy Notice, or to exercise your rights, please contact our Data Protection Officer:
Email: dpo@quantexa.com
Post: FAO: Data Protection Officer, Quantexa Limited, 10 York Road, London, SE1 7ND, UK
Website: www.quantexa.com/get-in-touch/
We aim to respond to all legitimate requests within one month. We will notify you if we need more time due to complexity or volume of requests.