Privacy policy

Access to and use of the website https://qversebeauty.com/ (hereinafter, the “Website”) confers the status of user upon the visitor of the Website (hereinafter, “you” or the “User(s)”) and implies the User’s full and unreserved acceptance of the Privacy Policy in force at any given time.

The purpose of this Privacy Policy is to provide Users with complete and accessible information regarding the processing of their personal data as a result of their use of the Website, in accordance with Regulation (EU) 2016/679 (the “General Data Protection Regulation” or “GDPR”) and Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (“LOPDGDD”).

QUANTUM ACTIVE GENERATOR, SL (hereinafter, “QUANTUM” or the “Controller”) undertakes to process your personal data in accordance with the applicable personal data protection regulations in force at any given time. In particular, QUANTUM complies with the provisions set forth in Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), as well as Regulation (EU) 2016/679 of 27 April 2016 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (GDPR), and any other applicable regulations in force.

By using our Website, the User acknowledges having read and accepted this Privacy Policy and our Legal Notice.

1. Who is the Controller of your personal data?

Data Controller:
QUANTUM ACTIVE GENERATOR, SL
Registered address: C/ Provença 339, 08037 Barcelona
Tax ID (NIF): B-66943630
Email address: ahidalgo@quantumactiveingredients.com

2. When do we collect your data?

This Website is essentially informational in nature and only processes personal data in the following cases:

Contact form or email communications:
The Website provides a contact form allowing Users to contact us to request information and/or submit inquiries. When completing this form, Users are required to identify themselves and provide contact details so that we can respond to their inquiry and/or request. Users may also contact us by sending an email. All data collection points are directed exclusively to Website Users, and no collection of third-party data is envisaged. Accordingly, all data must be provided directly by the data subject.

Private Area:
The Website offers Users a private area containing various forms through which they may request information and/or documentation or request samples of our products. In order to process such requests, Users are required to identify themselves and provide their contact details. Users may also contact us by email. All data collection points are intended exclusively for Website Users; the provision of third-party data is not contemplated, and all information provided must originate from the data subject.

Cookies:
The Website uses cookies that collect information about the User’s browsing activity. Users are advised to consult the Cookie Policy for detailed information on the data collected and the purposes thereof.

3. What are the main purposes of processing your data?

The Controller will process personal data for the following purposes:

• To manage and formalize registration through the Private Area form.
• To handle information requests and inquiries submitted through the “Contact” form.
• To respond to and address requests and inquiries made by the User through any means of contact with the Controller.
• To improve the services and content of the Website.
• To comply with legal obligations or obligations arising from a contractual relationship with the User.

4. What is the legal basis for processing your data?

When you submit a form or send us an email, you are providing your consent for the processing of your personal data in connection with that specific processing activity.

5. How long will we retain your data?

The Controller will process Users’ personal data for as long as it is necessary for the provision of the service and/or until the User requests the deletion of such data.

Notwithstanding the foregoing, even if the User requests the deletion of their data, the Controller may retain and block such data for the period necessary to comply with its legal obligations and to make it available to competent authorities, where required under applicable law.

6. Who may be recipients of your personal data?

Depending on the purposes for which personal data is collected, the following parties may have access to such information:

• Authorized personnel of the Controller or its representatives acting on its behalf, subject to applicable data protection laws;
• Regulatory authorities or other third parties, in accordance with applicable laws;
• Third parties (service providers acting as data processors), processing information on behalf of the Controller and under its instructions, only after implementing the necessary measures to ensure that such information can be shared and after executing the corresponding data processing agreement in accordance with applicable data protection regulations.

User data is not subject to international data transfers. Notwithstanding the above, if such transfers were to be required, the Controller will ensure that appropriate safeguards are in place at all times, which may include:

• EU Standard Contractual Clauses: contracts approved by the European legislator that provide sufficient guarantees to ensure compliance with GDPR requirements.
• Third-party certifications: such as the EU–U.S. Data Privacy Framework, a transatlantic framework agreement between the European Union and the United States ensuring a level of protection consistent with GDPR requirements.

For this purpose, we require our service providers to implement appropriate safeguards in accordance with the GDPR, such as the adoption of binding corporate rules or the execution of EU-approved standard contractual clauses, among other possible safeguards.

Under no circumstances will we sell or disclose to third parties any personal information provided by you through the Website that directly or indirectly identifies you.

7. What rights do you have when you provide us with your data?

Applicable legislation grants Users the following rights in relation to the processing of their personal data:

1. Right of access: the right to know what personal data is processed by the Controller and for what purposes.
2. Right to rectification: the right to request the correction of inaccurate or incomplete data at any time.
3. Right to erasure: the right to request the deletion of personal data from the Controller’s files at any time. However, as indicated in the data retention section, in certain circumstances applicable law may prevent the effective exercise of this right.
4. Right to object: the right to object to the processing of personal data for any of the purposes for which the Controller processes such data, in accordance with applicable privacy policies.
5. Right to restriction of processing: the right to request restriction of processing where:
   a) the accuracy of the data is contested;
   b) the processing is considered unlawful, and deletion is opposed in favor of restriction;
   c) the data is no longer necessary for the purposes for which it was collected, but is required for the establishment, exercise, or defense of legal claims;
   d) an objection to processing is pending verification.
6. Right to data portability: where technically feasible and reasonable, the right to request that personal data provided directly by the User be transmitted to another controller.
7. Right not to be subject to automated decision-making: including profiling, based solely on automated processing.

Where processing is based on the User’s consent, such consent may be withdrawn at any time, without consequences other than the possible inability to provide certain services, depending on the right exercised.

To exercise these rights, Users may contact Quantum Active Generator, SL, at C/ Provença 339, 08037 Barcelona, or via email at ahidalgo@quantumactiveingredients.com. Where there are reasonable doubts regarding identity, Users may be required to provide a copy of their national identity document or an equivalent legally valid document. Users may also use the forms provided by the Spanish Data Protection Agency (AEPD) available at:
https://www.aepd.es/reglamento/derechos/index.html

Users are informed of their right to lodge a complaint with the competent supervisory authority, in particular with the Spanish Data Protection Agency (AEPD), at:
https://sedeagpd.gob.es/sede-electronica-web/vistas/formNuevaReclamacion/reclamacion.jsf
or with any other competent public authority.

8. How do we protect your personal data?

In order to protect personal information, the Controller implements appropriate technical and organizational measures to ensure a level of security consistent with applicable regulations. Such measures are applied both at the design stage of data processing systems and during actual data processing, in order to ensure protection and prevent unauthorized access or use.

Nevertheless, despite exercising due diligence, Users should be aware that no Internet security measures are entirely infallible. Consequently, the Controller shall not be liable for the actions of third parties who, in breach of such measures, gain access to the information or data referred to herein.

9. Confidentiality

Professionals working at QUANTUM who are involved in the services provided to Users are bound by confidentiality obligations and undertake not to disclose or misuse any information to which they have access. All information provided by the User shall be treated as confidential and shall not be used for purposes other than those related to the management of their requests and, where applicable, the services contracted with QUANTUM. In this regard, we undertake not to disclose or reveal information relating to the User’s claims, the reasons for the requested advice, or the duration of the relationship.

10. Links

The Website may contain links to other websites. Please note that we are not responsible for the privacy practices or data processing activities of other websites. This Privacy Policy applies exclusively to information collected through the Website. Users are encouraged to review the privacy policies of any third-party websites accessed through links from our Website.

11. Social Media

The Controller maintains a presence on certain major social media platforms and acts as data controller with respect to personal data published therein.

The Controller will process personal data on each social media platform in accordance with the rules established by each platform. Accordingly, unless otherwise indicated by QUANTUM, we may inform our followers, through the channels provided by each platform, about our activities, events and related matters, including follower engagement.

The Controller will not extract personal data from social media platforms unless the User has given express consent.

12. Amendments and integrity of this Privacy Policy

We will only use personal data in accordance with the Privacy Policy in force at the time such data is collected. QUANTUM reserves the right to amend this Privacy Policy at any time by publishing the updated version on the Website. Users are therefore encouraged to review the Privacy Policy each time they access the Website.

If at any time we decide to use personal data in a manner different from that stated at the time of collection, we will notify you by email, where available. At that time, you will be given the opportunity to consent to such additional uses or disclosures of personal data provided prior to the modification.

If any provision of this Privacy Policy is declared invalid or unenforceable, the remaining provisions shall remain fully valid and effective, in accordance with applicable law.

Last update: November 2025.