PRIVACY POLICY

Last updated July 18, 2018.

INTRODUCTION
QuantCo, Inc. (“we”, “our”, “us”) is committed to protecting and respecting your privacy. We are a Delaware corporation established in the United States with a registered office at 955 Massachusetts Avenue, Cambridge, MA 02139.
For the purpose of the General Data Protection Regulation (the “GDPR”), we are the data controller. Our representative in the European Union, as defined at Article 4(17) and further described at Article 27 of the GDPR, is QuantCo Deutschland GmbH, a company established in Germany with a registered office at Am Wasserturm 1, 63110 Rodgau.
This policy sets out the basis on which we will process any personal data or usage information we collect from you, or that you provide to us, in connection with your use of our website at www.quantco.com and www.quant.co (the “Website”). Please read this policy carefully so that you understand your rights in relation to your personal data, and how we will collect, use, and process your personal data. If you do not agree with this Privacy Policy in general or any part of it, you should not access the Website.

WHAT TYPES OF INFORMATION DO WE COLLECT AND HOW DO WE USE IT?
Information you give us. You may provide information by contacting us via our Website, email, or phone.
As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our products and organization, we will use your information to:
• communicate with you;
• contact you via telephone or email;
• identify our users;
• personalize our services for you;
• enforce our Website terms and conditions.
Job applications. If you email us to apply for a job, your information will be treated in accordance with our separate candidate privacy policy, which we will provide to you when we first contact you.
Technical usage information. When you visit the Website, we collect the information sent to us by your computer, mobile phone, or other access device. This information includes:
• your IP address;
• device information including, but not limited to, identifier, name, and type of operating system;
• mobile network information; and
• standard web information, such as your browser type and the pages you access on our Website.
We collect this information in order to:
• personalize our Website to ensure content from the Website is presented in the most effective manner for you and your device;
• monitor and analyze trends, usage, and activity in connection with our Website and services to improve the Website;
• administer the Website and for internal operations, in order to conduct troubleshooting, data analysis, testing, research, statistical and survey analysis;
• keep the Website safe and secure; or
• measure and understand the effectiveness of the content we serve to you and others.

OUR POLICIES CONCERNING CHILDREN
The Website is not intended for use by children under 13 years of age. If we become aware that a child under 13 years of age or anyone else under the age of 18 has provided us with personal information, we will delete that information and the associated Account.

HOW DO WE SHARE YOUR PERSONAL DATA?
We do not sell, rent, or lease your personal information to others except as described in this Privacy Policy. We share your information with selected recipients. These categories of recipients include:
• a website domain administrator located in the United States and which stores your personal data in the United States for the purpose of administering our website;
• an internal company communications software provider located in the United States and which stores your personal data in the United States and the EEA for the purpose of facilitating employee communications.
We will share your information with law enforcement agencies, public authorities, or other organizations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:
• comply with a legal obligation, process or request;
• enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
• detect, prevent, or otherwise address security, fraud, or technical issues; or
• protect the rights, property, or safety of us, our users, a third party, or the public as required or permitted by law (exchanging information with other companies and organizations for the purposes of fraud protection).
We will also disclose your information to third parties:
• in the event that we sell any business or assets, in which case we will disclose your data to the prospective buyer of such business or assets; or
• if we or substantially all of our assets are acquired by a third party, in which case information held by us about our users will be one of the transferred assets.

WHERE DO WE STORE YOUR PERSONAL DATA?
The information that we collect from you will be transferred to and stored at/processed in the EEA, United States, and Switzerland. Your personal data is also processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff are engaged in, among other things, the processing of your details and the provision of support services. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this policy.
• White Listed Countries: Switzerland, which was found to have an adequate level of protection for personal data under Commission Decision 2000/518/EC of July 26, 2000.
• Privacy Shield: Our website domain and internal company communications software all comply with the US Department of Commerce's EU-US Privacy Shield and have certified that we adhere to the EU-US Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. For more information about the EU-US Privacy Shield Framework, visit the U.S. Department of Commerce's Privacy Shield website.

THE SECURITY OF YOUR PERSONAL DATA
Unfortunately, the transmission of information via the internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted through the Website or over email; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organizational measures to safeguard your personal data against loss, theft and unauthorized use, access, or modification.
We will, from time to time, host links to and from the websites of our affiliates or third parties. If you follow a link to any of these websites, these websites will have their own privacy policies, and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to those websites.

HOW LONG DO WE STORE YOUR PERSONAL DATA?
We will retain your information as follows:
• if you contact us via email or phone we will keep your data for up to 24 months;
• your technical usage information, such as IP address, for up to 6 months; and
• data on your use of our Website for up to 6 months.
After you have terminated your use of our Website, we will store your information in an aggregated and anonymized format.

YOUR RIGHTS
In certain circumstances you have rights in relation to the personal data we hold about you. We set out below an outline of those rights and how to exercise those rights. Please note that we will require you to verify your identity before responding to any requests to exercise your rights by confirming your name, email address used to communicate with us, and any other personal data you may have submitted to us. To exercise any of your rights, please email privacy@quantco.com. Please note that for each of the rights below, we may have valid legal reasons to refuse your request; in such instances we will let you know if that is the case.
• Access: You have the right to know whether we process personal data about you, and if we do, to access data we hold about you and certain information about how we use it and who we share it with.
• Portability: You have the right to receive a subset of the personal data you provide us if we process it on the bases of our contract with you or with your consent in a structured, commonly used and machine-readable format and a right to request that we transfer such personal data to another party. If you wish for us to transfer the personal data to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the personal data or its processing once received by the third party.
• Correction: You have the right to require us to correct any personal data held about you that is inaccurate and have incomplete data completed.
• Erasure: You may request that we erase the personal data we hold about you in the following circumstances: where you believe it is no longer necessary for us to hold the personal data, we are processing it on the basis of your consent and you wish to withdraw your consent, we are processing your data on the basis of our legitimate interest and you object to such processing, you no longer wish us to use your data to send you marketing or you believe we are unlawfully processing your data. Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure.
• Restriction of Processing to Storage Only: You have a right to require us to stop processing the personal data we hold about you other than for storage purposes in the following circumstances: you believe the personal data is not accurate for the period it takes for us to verify whether the data is accurate; we wish to erase the personal data as the processing we are doing is unlawful but you want us to simply restrict the use of that data; we no longer need the personal data for the purposes of the processing but you require us to retain the data for the establishment, exercise, or defense of legal claims; and you have objected to us processing personal data we hold about you on the basis of our legitimate interest and you wish us to stop processing the personal data whilst we determine whether there is an overriding interest in us retaining such personal data.
• Objection: You have the right to object to our processing of data about you, and we will consider your request. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims.

COMPLAINTS
In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at privacy@quantco.com, and our Data Protection Office will endeavor to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the Information Commissioner’s Office or the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.

CHANGES
Any changes we will make to this policy in the future will be posted on this page. Please check back frequently to see any updates or changes to this policy.

CONTACT
Questions, comments, and requests regarding this policy are welcomed and should be addressed to privacy@quantco.com.