GDPR Information

Last Updated: 9/18/2025

QuantumSpring is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR). This page provides specific information about your rights under GDPR and how we handle your personal data.

Data Controller Information

Company: QuantumSpring s.r.o.

Registration: Prague, Czech Republic

Data Protection Contact: privacy@quantumspring.ai

Website: https://quantumspring.ai

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

Right to Information (Article 13-14)

You have the right to be informed about the collection and use of your personal data. This information is provided in our Privacy Policy.

Right of Access (Article 15)

You can request access to your personal data and receive a copy of the data we process about you.

Right to Rectification (Article 16)

You can request correction of inaccurate personal data or completion of incomplete data.

Right to Erasure (Article 17)

Also known as the "right to be forgotten," you can request deletion of your personal data under certain circumstances.

Right to Restriction of Processing (Article 18)

You can request limitation of processing in certain situations, such as when you contest the accuracy of the data.

Right to Data Portability (Article 20)

You can receive your personal data in a structured, commonly used, and machine-readable format.

Right to Object (Article 21)

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: To provide our AI-amplified development services
  • Legal Obligations: To comply with accounting, tax, and other legal requirements
  • Legitimate Interests: To improve our services and ensure security
  • Consent: Where you have explicitly agreed to specific processing activities

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication mechanisms
  • Employee training on data protection
  • Incident response procedures

International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for countries with sufficient data protection laws
  • Binding Corporate Rules where applicable

Data Breach Notification

In the event of a personal data breach that poses a high risk to your rights and freedoms, we will notify you without undue delay in accordance with Article 34 of GDPR. We will also notify the relevant supervisory authority within 72 hours as required by Article 33.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

Email: privacy@quantumspring.ai

Response Time: We will respond to your request within 30 days

Verification: We may request additional information to verify your identity

Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the supervisory authority:

Czech Data Protection Authority

Úřad pro ochranu osobních údajů

Website: www.uoou.cz

This GDPR information page supplements our Privacy Policy and is updated regularly to reflect current practices and legal requirements.