Quarrionthex

Legal · Data protection

Privacy policy

This document explains what we collect when you visit quarrionthex.world, why we process it, how long we keep it, and which rights you can exercise under the GDPR and complementary international privacy standards.

Who controls your data

The data controller is Quarrionthex, located at Leidsestraat 74–76, 1017 GM Amsterdam, Netherlands. For privacy-related correspondence, including requests to access or delete data, email contact@quarrionthex.world or call +31 20 422 0210. We respond to verifiable requests without undue delay and within the statutory timeframe, typically within one month, unless complexity requires an extension that we will explain to you.

We do not require you to create an account to read most of the website. When you voluntarily use the contact form, you enter into a limited processing relationship with us so we can understand your project and reply with relevant studio information.

Categories of personal data

Depending on how you interact with us, we may process the following categories of data:

  • Identity and contact data: your name, email address, and any phone number or postal details you include in a message.
  • Communication content: the text of your inquiry, attachments you choose to send, and our reply history tied to that thread.
  • Technical metadata: IP address, browser type and version, device category, operating system, referral URL, and timestamps supplied by our hosting environment or content delivery tools.
  • Usage signals: aggregated information about which pages load successfully, approximate geography derived from IP at regional level, and error logs that help us fix broken links.
  • Advertising context: if you arrive from an online advertisement, the referring URL or campaign parameters may appear in standard server logs. We do not sell personal data to advertisers; optional analytics or marketing technologies activate only with the cookie choices you save.
  • Cookie and storage signals: records stored locally in your browser when you interact with the cookie banner, as described in our cookie policy.

We avoid collecting special categories of data unless you voluntarily include them in a message. If that happens, we treat the message under heightened care and delete unnecessary portions once the conversation reaches a natural close, unless law requires longer retention.

Purposes and legal bases

Responding to inquiries

When you submit the contact form, we process your details to answer questions, schedule conversations, or prepare a proposal. The legal basis is Article 6(1)(b) GDPR for steps prior to a contract, and where no contract follows, Article 6(1)(f) GDPR for our legitimate interest in operating a professional design studio and maintaining courteous correspondence.

Website security and reliability

We monitor logs to detect abuse, block malicious traffic, and restore service after incidents. The legal basis is Article 6(1)(f) GDPR, balancing our interest in secure infrastructure against minimal intrusion.

Compliance and accountability

We retain proof of consent where required and maintain records that demonstrate compliance with tax or corporate obligations when invoices exist. The legal basis is Article 6(1)(c) GDPR for legal obligations and Article 5(2) accountability principle.

Optional analytics or marketing

Non-essential technologies activate only after you opt in through the cookie interface. The legal basis is Article 6(1)(a) GDPR consent, which you may withdraw at any time without affecting prior lawful processing.

Retention schedule

Contact archives and related metadata are kept for up to twenty-four months after the last substantive message unless an active project, unpaid invoice, or legal hold requires longer storage. Accounting records linked to payments follow statutory bookkeeping periods applicable in the Netherlands.

Server and security logs typically rotate after ninety days, unless an investigation requires an isolated retention window. Cookie preference data stored locally on your device persists until you clear site storage or revoke consent through browser controls.

If you ask us to delete personal data earlier and no overriding legal basis applies, we will comply and confirm once erasure is complete, subject to technical limitations such as backup cycles.

Recipients and international transfers

We rely on vetted processors for hosting, email delivery, and occasional productivity tooling. Each processor signs a data processing agreement or adheres to approved standard contractual clauses. We do not sell personal data and we do not allow third parties to use your inquiry for unrelated profiling.

If a processor stores data outside the European Economic Area, we implement safeguards recognized under Chapter V GDPR, including Standard Contractual Clauses, adequacy decisions where available, and supplementary measures when risk assessments require them.

Security measures

We combine organizational and technical measures: role-based access, separation of production and staging environments, transport encryption for web traffic where supported, vendor reviews before onboarding new tools, and periodic checks of administrator accounts. Staff who handle inboxes receive briefings on confidentiality.

No online system is perfectly secure. If we become aware of an incident that affects your personal data, we evaluate notification duties and contact affected individuals when required by law.

Your rights

Subject to conditions in the GDPR and local law, you may request:

  • Access to the personal data we hold about you.
  • Rectification of inaccurate or incomplete records.
  • Erasure when data is no longer needed or when you withdraw consent for optional processing.
  • Restriction of processing while disputes are resolved.
  • Data portability for information you provided and that we process by automated means under contract or consent.
  • Objection to processing grounded in legitimate interests, including profiling that produces legal effects.

To exercise these rights, email us with enough detail to verify your identity. You may also lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or another EU supervisory authority where you reside or work.

Automated decision-making

We do not use fully automated decision systems that produce legal or similarly significant effects on you. If that changes in the future, we will update this policy and provide transparent information about logic, significance, and your rights before deployment.

Children

Our services address adults planning physical and temporal environments. We do not knowingly collect data from children under sixteen without appropriate authorization. If you believe a minor submitted data, contact us and we will delete it promptly where verification allows.

Third-party sites

Links to external websites are provided for convenience. Their privacy practices are independent from ours. Review their policies before submitting personal information.

Changes to this policy

We revise this text when our processing activities evolve. The date in the hero records the day your browser loads this page so you can note when you reviewed the policy; it is not a substitute for version history in signed contracts. Material changes may also be announced through the contact channels you already use with us.