Data protection and privacy policy


Privacy Policy

1.      Quantrom Ltd. as data controller

Data Protection, which regulates the use of personal data, applies to only two types of entities – Data Controllers and Data Processors. Quantrom Ltd. might be a Controller for some activities and a Processor for others but cannot be both for the same processing activity.

Data Controllers have ultimate control of the processing in question and full responsibility for Data Protection compliance. A Processor by contrast processes on behalf of a Controller, e.g. an outsourced transfer agent, and has more restricted liability. The existence of a Data Processor, therefore, implies a Data Controller. The relationship between Controllers and Processors is always governed and documented in a written contract, e.g. a Data Processing Agreement (DPA).

2.      Controller’s contact details

Responsible party pursuant to data protection laws, in particular the EU General Data Protection Regulation (GDPR), is

Quantrom Limited

Gustav Jensen, acting as Data Protection Officer (DPO)

50-60 O’Connell Street

Limerick, Ireland

V94 E95T


3.      Your rights as the data subject

You can exercise the following rights at any time using the contact details of our data protection officer:

  • Information on your data stored by us and the processing thereof (Art. 15 GDPR),
  • Rectification of inaccurate personal data (Art. 16 GDPR),
  • Deletion of your data stored by us (Art. 17 GDPR),
  • Restriction of the data processing, provided that we may not delete your data due to legal obligations (Art. 18 GDPR),
  • Objection to the processing of your data with us (Art. 21 GDPR) and
  • Data portability, provide that you have consented to the data processing or have entered into a contract with us (Art. 20 GDPR).
  • If you have given us consent (Art. 7 GDPR), you may withdraw this consent at any time through either directly contacting our Data Protection Officer or by using the “wheel icon” displayed at the bottom left of our webpages showing your cookie settings. The legality of your data having been processed until you withdraw your consent remains in effect.

You can contact a supervisory authority with a complaint at any time, e.g. the supervisory authority of the state of your residence or the DPC, which is the authority that oversees us as the responsible party (


4.1. Collecting general information during a visit to our website

Type and purpose of the processing

When you access our website – i.e. if you do not submit information to us – information of a general nature will be collected automatically by our website typically from your browser. This information (i.e. server log files) contains:

  • Type of web browser and browser version,
  • Operating system that you used,
  • The domain name of your internet service provider,
  • Referrer URL,
  • Your IP address,
  • Date and time of your session and the like.

This data is processed for the following purposes:

  • Establishing and maintaining an unproblematic website connection,
  • Maintaining a seamless use of our website,
  • Analyzing system and website security,
  • Analyzing system and website stability and
  • For additional administrative purposes.

We will not use your data to draw conclusions about your person. This type of information will be statistically analyzed by us if necessary to optimize our website and its underlying technology.

Legal basis

The processing on our website occurs according to Art. 6 Para. 1 (f) GDPR, based on our legitimate interest in improving the stability and functionality of our website.


Other recipients than us

Recipients of the data may, besides us as data controller, also be technical service providers, who work on the operation and maintenance of our website as data processors.

Retention period

The data will be deleted as soon as it is no longer required to fulfil the purpose that it was originally collected for. This is generally the case, after the respective session has ended, and the data is no longer used to make the website available. In special circumstances such as that an attack on our website was launched from your IP address, we may retain your data for longer than the session to protect our website from further cyber-attacks from you.

Mandatory or required provision

The provision of the aforementioned personal data is neither legally nor contractually mandatory. However, without the provision of your IP address, the service and functionality of our website cannot be guaranteed. Furthermore, individual services can become temporarily or fully unavailable for you to use. For this reason, an objection is excluded.

4.2. Collecting information during the subscription or redemption process to one of our products

Type and purpose of the processing

When you wish to subscribe to our products – i.e. if you do submit information to us – we require you to forward us information to process your request in order to fulfil the conclusion of a contract, i.e. subscription to a private placement note (PPN).  This information usually contains:

  • Full legal name
  • Address
  • Salutation (If applicable)
  • Maiden Name (If applicable)
  • Date of birth
  • Place of birth
  • Nationality
  • Proof of residency
  • Proof of Identity
  • Proof of ID number i.e. (passport number)
  • Job position
  • TIN
  • Tax residency
  • Social Security Number
  • Phone number and/or mobile phone number
  • Bank details
  • Source of Funds
  • Personal E-mail address
  • Corporate E-mail address linked to a natural person

This data is processed for the following purposes:

  • Establishing and maintaining a contractual relationship with natural persons or natural persons signing on behalf of a legal person, who are subscribing to our products,
  • Identification and verification of the natural persons or natural persons behind a legal person, who are subscribing to our products in line with Irish Anti-Money Laundering (AML) laws and regulations

We will not use your data to draw conclusions about your person and only to fulfil our contractual and legal obligations.

Legal basis

The processing of this information occurs according to Art. 6 Para. 1 (b, c) GDPR, based on the necessity that you wish to entering a contract with us and for the performance of this contract to which you will or already are party as well as for ensuring compliance with our legal obligations to which we are subject.

Other recipients than us

Recipients of the data may, besides us as data controller, also be outsourcing service providers, who work on the review of your data and support us with the monitoring of our compliance as data processors.

Retention period

The data will be retained and kept up to date during our relationship and will only be deleted 10 years after you will have redeemed all of your private placement notes in line with commercial and AML laws and regulations in Ireland.

4.3. Contact form

Type and purpose of the processing

The data you enter are used for individual communication with you. A valid e-mail address and name are required for this communication, which serves to organize your inquiry and the respective subsequent reply. Providing additional information is optional.

Legal basis

The processing of the data entered in the contact form occurs on the basis of a legitimate interest (Art. 6 Para. 1 (f) GDPR).

By providing the contact form, our aim is to facilitate uncomplicated means for you to contact us directly. The information you enter will be used to process the inquiry and saved for possible follow-up questions.

If you contact us to request a subscription, the processing of the information provided in the contact form will occur in order to implement pre-contractual measures (Art. 6 Para. 1 (b) GDPR).


Recipients of the data may also be processors, e.g. our hosting provider.

Retention period

The data will be retained until you request us to delete this data or after the purpose for our processing your inquiry has ended.

Provided that we enter into a legal contract together, we will use the statutory retention periods provided for in the Irish Commercial Code. Therefore, the deletion of your data will occur according to the respective stipulated deadlines for such data, which typically is 10 years after the end of the contractual relationship with us.

Mandatory or required provision

The provision of your personal data is voluntary. However, we can only process your inquiry if you provide us with your name, e-mail address and the reason for your inquiry.

5. SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption methods (such as SSL) via HTTPS on our website.

6. Social Media

We maintain an online presence on social networks and platforms in order to communicate with our customers, interested parties, and users and to inform them about our services and products. We use LinkedIn, Facebook and Instagram, among others. When visiting each of these platforms, you as a user agree to the terms and conditions and the data privacy policies of the corresponding operator. Unless stated otherwise in our privacy policy, we process user data if users communicate with us on these social networks and platforms, e.g. publish posts on our pages or send us messages, in order to implement pre-contractual measures (Art. 6 Para. 1 (b) GDPR). We do not link directly from our website to these third part operators.

6.      Appointed processors

The following organizations, companies or people were commissioned with data processing by Quantrom Ltd. as data controller in line with Art. 28 under GDPR:

  • IONOS Inc.
  • Doran + Minehane Limited
  • Cohn & Co.
  • ActiveCampaign
  • NinjaForms
  • SiteOrigin
  • WordPress
  • Approve Me
  • Lever Technology LLC
  • Hetzner

7.      Revision of our privacy policy

We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new products or services. Your next visit might be subject to a new privacy policy.