PRIVACY POLICY

PRIVACY POLICY

Effective Date: March 30, 2026

At Quantaro Solutions LLC (hereinafter referred to as “Company,” “we,” “us,” or “our”), safeguarding your personal information is a core priority. We are a company duly organized under the laws of the Republic of the Marshall Islands, with registration number 967493, and our registered office is located at Trust Company Complex, Ajeltake Road, Ajeltake Island, Majuro, Republic of the Marshall Islands, MH 96960.
We maintain strict compliance with applicable data protection legislation because we consider responsible data handling to be fundamental to building lasting and reliable relationships with our users and partners.
This Privacy Policy (the “Policy”) explains how we handle your personal data when you visit or interact with our website at quantarosolutions.com (the “Website”), contact us via email, or engage with us through any other communication channel. It covers what data we collect, why we collect it, how we use and protect it, and what rights you have in relation to your personal information.
This Policy has worldwide applicability and governs all personal data processing activities associated with your use of our Website or your communications with us.

Contents
1. Core Data Processing Principles
2. How We Gather Your Personal Data
3. Categories, Purposes, and Legal Grounds for Processing
4. Data Retention Periods
5. Third-Party Data Sharing
6. Cross-Border Data Transfers
7. Cookie Policy
8. Your Data Protection Rights
9. Children’s Privacy
10. Amendments to This Policy
11. External Links

1. Core Data Processing Principles
In order to operate our business, we need to collect and use certain types of information that relate to individuals (referred to as “personal data”). We are firmly committed to upholding the rights of every individual whose data we process, and we adhere to the following foundational principles:

Lawfulness, fairness, and transparency: All personal data is processed on a lawful basis, in a fair manner, and with full transparency toward the data subject.
Purpose limitation: Data is gathered only for clearly defined and legitimate purposes and is not subsequently used in ways that conflict with those original purposes.
Data minimisation: We collect only the data that is adequate, relevant, and strictly necessary for the intended processing purpose.
Accuracy: We take reasonable measures to keep personal data up to date and to promptly correct or remove any inaccurate records.
Storage limitation: Personal data is retained in an identifiable form only for as long as required to fulfil the stated processing purposes.
Integrity and confidentiality: Appropriate technical and organisational safeguards are in place to protect personal data against unauthorised access, accidental loss, destruction, or damage.

2. How We Gather Your Personal Data
We collect personal data exclusively where it is necessary and directly connected to our operational activities. Data is gathered in two principal ways:
Information you provide directly.
When you voluntarily submit information to us—for instance, by completing a contact form on our Website—we receive and process that data in order to respond to your enquiry or fulfil the purpose for which it was provided.
Information collected automatically.
Certain technical information is gathered automatically when you access our Website. This may include data such as your IP address, browser type, and operating system, which is used solely to maintain the Website’s functionality, detect issues, and improve performance.

3. Categories, Purposes, and Legal Grounds for Processing
We process personal data only when doing so is necessary to achieve a specific, identified purpose, and only to the extent required. The categories of data, purposes of processing, and corresponding legal bases are outlined below.
a) Maintaining Website Functionality and Security
To keep the Website running securely and reliably—including enabling safe form submissions and defending against malicious or automated activity—we process limited technical data. This processing does not involve behavioural analytics, user profiling, or tracking of browsing activity beyond what is strictly essential for the Website’s operation.
Data processed: IP address, browser type, operating system, and basic access logs.
Legal basis: Legitimate interest in ensuring the security, stability, and proper functioning of the Website.
b) Responding to Your Enquiries
If you reach out to us through the “Contact Us” form on the Website, by email, via social media, or by any other means, we will process your personal data in order to address your request and provide the assistance you need.
Data processed: Full name, email address, company or organisation name, phone number, and any additional information you include in your message.
Legal basis: Legitimate interest—specifically, your interest in receiving a timely and relevant response, and our interest in improving the quality of our Website and services.
c) Meeting Legal Obligations
We may be required to process or disclose personal data in order to comply with a court order, subpoena, regulatory enquiry, or other binding legal obligation. This may also involve protecting the rights, privacy, safety, or property of individuals, defending against legal claims, or auditing internal processes to verify compliance with applicable laws, contracts, and policies.
Legal basis: Compliance with legal obligations and/or legitimate interest in protecting legal rights.

4. Data Retention Periods
We keep personal data only for the duration necessary to fulfil the purpose for which it was collected.

Contact form submissions are retained long enough to review and respond to the enquiry and to conduct any directly related follow-up communication. Once the exchange is concluded and the data is no longer needed, it is deleted or securely anonymised—unless retention is reasonably required for operational, security, or dispute-resolution reasons.
Technical data gathered automatically (e.g., basic access logs) is stored for a limited period and used exclusively to ensure the Website’s security and stability. It is deleted or anonymised as soon as it is no longer needed for those purposes.

Where immediate deletion is not technically feasible (for example, due to routine backup processes), data is stored securely, isolated from active use, and removed in accordance with standard retention and backup schedules.
We do not keep personal data beyond what is reasonably necessary, nor do we repurpose retained data for objectives outside the scope of this Policy. For individuals in the European Union, data is retained in line with the storage limitation principle set forth in Article 5(1)(e) of the GDPR, and you may request erasure of your data where the applicable GDPR conditions are satisfied.

5. Third-Party Data Sharing
We adopt a careful and restrictive approach to sharing personal data. Disclosure to third parties occurs only when it is necessary for the operation, security, or maintenance of the Website, or when required to safeguard legitimate operational interests. We do not sell, rent, or commercially exploit personal data, and we do not disclose it to third parties for marketing, advertising, or profiling purposes.
Any data sharing is carried out on a strictly need-to-know basis, limited in scope, and aligned with the purposes described in this Policy. Recipients of personal data are required to maintain appropriate confidentiality obligations and to implement reasonable technical and organisational measures to protect data from unauthorised access, loss, or misuse.
Disclosures required by law.
We may share personal data with third parties where reasonably necessary to comply with lawful requests, legal processes, or binding obligations from competent authorities—for example, in response to court orders or subpoenas, or where disclosure is necessary to protect the rights, property, or safety of the Company, its users, or the public. Such disclosures are limited to the minimum scope required and are made only after appropriate assessment.
Service providers.
We may engage third-party service providers—such as hosting or technical infrastructure providers—to support the operation of the Website. These providers may have limited access to personal data solely to the extent necessary to perform their functions on our behalf. They are prohibited from using personal data for their own purposes and are required to apply reasonable safeguards to protect it.
Business transactions.
In connection with a merger, acquisition, corporate restructuring, asset sale, or similar transaction involving the Company, personal data may be transferred to a successor or acquiring entity. In such circumstances, the data will remain subject to confidentiality obligations and will be handled consistently with this Policy until a new privacy policy, if any, is adopted.

6. Cross-Border Data Transfers
The Company operates internationally. As a consequence, personal data may be transferred to, stored in, and processed in jurisdictions other than the one in which you are located. Such transfers may occur, for instance, when data is processed by service providers that support the operation, hosting, security, or maintenance of the Website, or when data is stored on servers situated outside your country of residence.
We apply reasonable technical and organisational measures to protect personal data during international transfers and to ensure it is treated in a manner consistent with this Policy. These measures may include:

transferring data only to recipients bound by contractual obligations concerning confidentiality and data protection;
restricting the scope of transferred data to what is necessary for the relevant purpose;
implementing organisational and technical safeguards to secure personal data during transfer and processing.

Additional information for individuals in the European Union
If you are located in the EU, personal data may be transferred outside the European Economic Area. In such cases, we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR, which may include the use of Standard Contractual Clauses approved by the European Commission or other lawful transfer mechanisms recognised under the GDPR. You may contact us for further details about international transfers and the applicable safeguards.

7. Cookie Policy
Like the vast majority of websites, our Website uses cookies—small text files stored in your browser that help us and, where applicable, third parties enhance your browsing experience. This section also covers any similar technologies that store or access information on your device.
7.1 Overview
Our Website employs a limited set of strictly necessary technical cookies that are essential for the Website to function correctly and to deliver the core functionality you expect. We do not deploy cookies for analytics, statistics, advertising, marketing, profiling, or tracking purposes.
7.2 What strictly necessary cookies do
These cookies serve the following purposes exclusively:

enabling basic Website navigation and functionality;
maintaining secure sessions and ensuring continuity of your interactions during a browsing session;
facilitating secure form submissions and preventing technical errors during data transmission;
protecting the Website against unauthorised access, automated abuse, fraud, or other malicious activity;
preserving the overall security and stability of the Website infrastructure.

These cookies are not used to observe user behaviour, analyse usage patterns, or personalise content.
7.3 Data collected through cookies
The strictly necessary cookies on the Website may process limited technical information, such as session identifiers, basic connection or security-related data required for functionality, and information necessary to protect the integrity and security of communications. This information does not directly identify individual users and is not combined with other data to build user profiles.
7.4 No analytical or marketing cookies
The Website does not deploy analytical or performance cookies, advertising or marketing cookies, social media cookies, or cookies used for profiling or cross-site tracking. No third-party analytics or advertising technologies are integrated into the Website.
7.5 Managing cookies
Because strictly necessary cookies are essential for the Website’s operation, they are placed automatically when you visit the Website and cannot be disabled through the Website’s own settings. You may, however, adjust your browser settings to block or delete cookies. Please be aware that disabling strictly necessary cookies may impair the Website’s functionality, security, or availability.

8. Your Data Protection Rights
We value your privacy and are committed to helping you exercise meaningful control over your personal data. The specific rights available to you depend on the data protection legislation applicable in your jurisdiction.
Subject to reasonable identity verification and assessment of the scope of your request, you may contact us to exercise any of the following rights in relation to personal data you have provided to us:
Right of Access
You may ask us to confirm whether we process personal data about you and, if so, to provide you with access to that data in a reasonable format.
Right to Rectification
You may request that we correct or update any personal data that is inaccurate, incomplete, or outdated.
Right to Erasure
You may ask us to delete your personal data where it is no longer reasonably necessary for the purposes for which it was collected. Please note that we may retain data where continued storage is necessary for legitimate operational, security, or dispute-resolution purposes, or to meet applicable legal obligations.
Right to Restrict or Object to Processing
In certain circumstances, you may request that we limit or cease the processing of your personal data where you believe such processing is no longer appropriate or justified. Each request will be evaluated individually, taking into account the nature of the processing and the legitimate interests involved.
Right to Withdraw Consent
Where processing is based on your consent, you may withdraw that consent at any time. Doing so will not affect the lawfulness of any processing carried out prior to the withdrawal.
Regional Considerations
Depending on your location, you may have additional rights under local data protection frameworks. Where applicable, we will make reasonable efforts to honour those rights in line with recognised international privacy standards and to the extent practicable within the scope of our Website’s operations.
Limitations and Exceptions
The exercise of these rights is subject to reasonable limitations. We may decline or restrict a request where identity cannot be adequately verified, the request is manifestly unfounded or excessive, compliance would be impractical or disproportionate, or retention or processing is reasonably necessary for legitimate operational, security, or protective purposes.
How to exercise your rights
You may submit a data protection request or raise any questions or concerns about the processing of your personal data by contacting us:

By email: info@quantarosolutions.com
By post: Trust Company Complex, Ajeltake Road, Ajeltake Island, Majuro, Republic of the Marshall Islands, MH 96960.

Please provide sufficient information to help us identify your request and locate the relevant data. We may ask for additional details where reasonably necessary to verify your identity. We aim to respond within a reasonable timeframe, taking into account the complexity of the request.

9. Children’s Privacy
Our Website is not designed for, nor directed at, children. We do not knowingly collect, use, or disclose personal data from individuals under the age of 16. The Website is intended for professional and business-related interactions. If we learn that personal data has been collected from a child without proper authorisation, we will take reasonable steps to delete that data as soon as practicable in accordance with applicable data protection laws. If you believe a child has submitted personal data to us, please contact us using the details in this Policy so that we can take appropriate action.

10. Amendments to This Policy
We may update this Policy from time to time to reflect changes in technology, legal requirements, or our operational practices. Your continued use of the Website after the effective date of any revised Policy will constitute acceptance of the updated terms. Where a material change requires your explicit consent for continued processing of your personal data, we will seek your consent or renewed consent (if previously obtained) before proceeding.

11. External Links
Our Website may contain links to external websites or online resources operated by third parties that are not under our control. If you follow such a link, please note that the third-party website is governed by its own privacy policy and terms of use. We are not responsible for the content, privacy practices, or data processing activities of any third-party site or service.
This Policy applies exclusively to personal data collected through our Website. It does not extend to information collected by third parties, whether online or offline, even if accessed via links on our Website. We encourage you to review the privacy policies of any third-party websites you visit.
* * *
Quantaro Solutions LLC — Privacy Policy — Effective March 30, 2026