GDPR Compliance
Qnite is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR).
Table of Contents
1. GDPR Overview
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It strengthens data protection rights for individuals within the European Union and applies to all organizations processing personal data of EU residents.
Data Protection
Enhanced protection of personal data and privacy rights for EU residents
Legal Compliance
Strict legal requirements for how organizations collect, process, and store personal data
Individual Rights
Comprehensive rights for individuals to control their personal data
Global Application
Applies to any organization processing EU residents' data, regardless of location
Our GDPR Commitment
Qnite is fully committed to GDPR compliance. We have implemented comprehensive policies, procedures, and technical measures to ensure your personal data is protected according to the highest standards.
2. Lawful Basis for Processing
Under GDPR, we must have a lawful basis for processing your personal data. Here are the legal bases we rely on:
Contractual Necessity
Processing necessary to provide our queue management services and fulfill our contractual obligations to you.
Legal Obligation
Processing required to comply with legal obligations, such as tax laws, financial regulations, or court orders.
Legitimate Interest
Processing for our legitimate business interests, balanced against your rights and interests.
Consent
Processing based on your explicit consent, which you can withdraw at any time.
3. Data We Collect
We collect personal data in various ways to provide our services. Here's a detailed breakdown:
Identity Data
- Name and surname
- Email address
- Phone number
- Account username
- Profile information
Business Data
- Company name and details
- Business address
- VAT/Tax numbers
- Industry classification
- Venue information
Technical Data
- IP address
- Browser type and version
- Device information
- Operating system
- Cookies and tracking data
Usage Data
- Queue interactions
- Booking history
- Feature usage patterns
- Session duration
- Platform navigation
4. Your GDPR Rights
Under GDPR, you have comprehensive rights regarding your personal data. These rights are fundamental and we are committed to facilitating their exercise.
Right of Access
You have the right to know what personal data we hold about you and how we process it.
- Confirmation of processing
- Copy of your personal data
- Information about processing purposes
- Details of data recipients
Right to Rectification
You can request correction of inaccurate or incomplete personal data.
- Correct inaccurate information
- Complete incomplete data
- Update outdated information
- Modify account details
Right to Erasure
Also known as the "right to be forgotten" - you can request deletion of your personal data.
- Data no longer necessary
- Consent withdrawn
- Unlawful processing
- Legal obligation to erase
Right to Restrict Processing
You can request that we limit how we process your personal data in certain circumstances.
- Accuracy is contested
- Processing is unlawful
- Data needed for legal claims
- Pending objection assessment
Right to Data Portability
You can receive your personal data in a structured, machine-readable format and transfer it to another service.
- Structured data export
- Common file formats
- Machine-readable format
- Direct transfer option
Right to Object
You can object to processing based on legitimate interests or for direct marketing purposes.
- Legitimate interest processing
- Direct marketing
- Profiling for marketing
- Scientific/historical research
Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time.
- Account settings
- Unsubscribe links
- Direct contact
- Cookie preferences
Right Not to be Subject to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing, including profiling.
- Human intervention
- Express your point of view
- Contest the decision
- Explanation of logic
5. Exercising Your Rights
We make it easy for you to exercise your GDPR rights. Here's how you can take action:
Self-Service Portal
Access many rights directly through your account dashboard.
- Download your data
- Update information
- Manage preferences
- Delete account
Email Request
Send us an email with your specific request and we'll respond within 30 days.
- Detailed requests
- Complex cases
- Legal assistance
- Documentation support
Live Support
Chat with our support team for immediate assistance with your rights.
- Immediate response
- Guided assistance
- Real-time help
- Question clarification
Response Timeline
Request Received
We acknowledge your request within 72 hours
Identity Verification
We verify your identity to protect your data (1-3 days)
Processing
We process your request and prepare the response (up to 30 days)
Response Delivered
You receive our complete response to your request
6. Data Retention
We only retain personal data for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, or resolve disputes.
Account Data
Retained to provide services and for legal compliance
Queue & Booking Data
Used for service improvement and analytics
Communication Records
Maintained for customer support and legal purposes
Analytics Data
Anonymized after 6 months for insights
Legal & Compliance
Retained according to applicable legal requirements
Financial Records
Required for tax and financial regulations
7. International Data Transfers
When we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place.
Adequacy Decisions
We transfer data to countries with European Commission adequacy decisions
Standard Contractual Clauses
We use EU-approved Standard Contractual Clauses (SCCs) for transfers
Additional Safeguards
Technical and organizational measures to protect data during transfers
Transfer Impact Assessments
We conduct assessments to ensure transfer safety and legality
Our Transfer Practices
United States
Cloud hosting services with SCCs and additional safeguards
Switzerland
Primary data processing location with adequacy decision
United Kingdom
Support services with adequacy decision and data sharing agreement
8. Data Protection Officer
Our Data Protection Officer (DPO) oversees our data protection strategy and GDPR compliance efforts.
Data Protection Officer
Privacy and data protection specialist
Responsibilities
- Monitor GDPR compliance
- Conduct privacy impact assessments
- Provide data protection training
- Serve as contact point for authorities
- Handle data subject requests
- Advise on data protection matters
Contact Our DPO
9. Data Breach Procedures
We have comprehensive procedures to detect, report, and address data breaches in compliance with GDPR requirements.
Authority Notification
We notify relevant supervisory authorities within 72 hours of becoming aware of a breach
Individual Notification
If there's a high risk to your rights, we notify you without undue delay
Remediation
We take immediate steps to contain the breach and prevent further unauthorized access
What We Include in Breach Notifications
Nature of Breach
Description of what happened and categories of data affected
Impact Assessment
Number of individuals affected and potential consequences
Measures Taken
Steps taken to address the breach and mitigate harm
Contact Information
How to reach our DPO for more information
10. Filing Complaints
If you're not satisfied with how we handle your personal data or GDPR request, you have the right to file a complaint.
Step 1: Contact Us First
We encourage you to contact our DPO first. Many issues can be resolved quickly through direct communication.
Step 2: Supervisory Authority
If we can't resolve your concern, you can file a complaint with your local data protection authority or the Swiss Federal Data Protection and Information Commissioner.
11. Children's Data
We take special care when it comes to children's personal data, in accordance with GDPR requirements.
Age Requirement
Our services are not intended for children under 16 years of age
Parental Consent
For users aged 13-15, we require verifiable parental consent where legally required
Data Deletion
We promptly delete any data we discover belongs to children under our age limit
Reporting
Parents can report underage accounts to us for immediate investigation and action
For Parents and Guardians
If you believe your child has provided personal information to us without your consent, please contact our DPO immediately. We will investigate and take appropriate action, including deleting the information if necessary.
12. Automated Decision Making
We use automated processing and algorithms to improve our services. Here's how we ensure your rights are protected:
Queue Optimization
Automated algorithms help optimize queue management and wait time predictions.
- Human oversight and intervention available
- Ability to request manual review
- Transparent explanation of logic
Recommendation Engine
We use data to suggest relevant venues and optimize your experience.
- User control over recommendations
- Opt-out options available
- Regular algorithm audits
Fraud Detection
Automated systems help detect and prevent fraudulent activities.
- Human review of all decisions
- Appeal process for false positives
- Regular model validation
Profiling Activities
We may create profiles based on your usage patterns to improve our services. You have the right to:
Know About Profiling
Understand what profiling we do and why
Object to Profiling
Opt out of profiling activities
Request Human Review
Ask for human intervention in automated decisions
13. Policy Updates
We may update this GDPR compliance information from time to time. We will notify you of significant changes through multiple channels.
Email Notification
Important changes sent to your registered email address
Website Notice
Prominent notifications displayed on our website
In-App Alert
Push notifications and in-app messages about policy changes
Version History
Previous versions available for review and comparison
14. Contact Information
For any questions about GDPR compliance, your rights, or our data protection practices, please contact us:
Postal Address
Qnite - GDPR Compliance Team
Nidfeldstrasse 2b
6010 Kriens
Switzerland