Privacy Policy

Last Updated: October 20, 2025
Effective Date: October 20, 2025

At Qynzoo, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website qynzoo.com and use our services.

This policy is designed to comply with the General Data Protection Regulation (GDPR) and other European data protection laws.

1. Information We Collect

1.1 Personal Data You Provide

When you use our contact forms or request our services, we may collect:

Name: To address you personally and provide personalized service
Email Address: To respond to your inquiries and send service-related communications
Phone Number: For direct communication when requested (displayed publicly on our website)
Subject and Message: To understand your inquiry and provide relevant assistance
Service Interest: To better understand your needs and tailor our response

1.2 Automatically Collected Information

When you visit our website, we may automatically collect:

IP Address: For security purposes and to analyze website traffic
Browser Type and Version: To optimize website performance
Device Information: To ensure mobile compatibility
Pages Visited: To improve user experience
Time and Date of Visit: For analytics and security logging

Data Minimization: We only collect information that is necessary to provide our services and respond to your inquiries. We do not collect excessive or unnecessary personal data.

2. How We Use Your Information

We use your personal information for the following purposes:

Purpose	Legal Basis (GDPR)
Respond to your inquiries and provide customer support	Consent (Article 6(1)(a))
Provide our services (AI automation, website building, etc.)	Contract Performance (Article 6(1)(b))
Send service-related communications	Legitimate Interest (Article 6(1)(f))
Improve our website and services	Legitimate Interest (Article 6(1)(f))
Maintain security and prevent fraud	Legitimate Interest (Article 6(1)(f))
Comply with legal obligations	Legal Obligation (Article 6(1)(c))

We will never sell, rent, or share your personal information with third parties for their marketing purposes without your explicit consent.

3. Third-Party Service Providers

We use carefully selected third-party service providers to help us deliver our services. These processors have access to your personal data only to perform specific tasks on our behalf:

3.1 Web3Forms (Contact Form Processing)

Purpose: Processing and delivering contact form submissions via email
Data Shared: Name, email address, subject, message, service interest
Data Location: United States (GDPR-compliant with appropriate safeguards)
Privacy Policy: Web3Forms Privacy Policy
Retention: Contact form data is transmitted and not stored by Web3Forms long-term

3.2 Google Fonts

Purpose: Font delivery for website display
Data Shared: IP address (automatically collected by Google)
Privacy Policy: Google Privacy Policy
Note: We are working to self-host fonts to minimize third-party data sharing

3.3 CDN Providers (Cloudflare, jsDelivr, Unpkg)

Purpose: Delivering static assets (JavaScript libraries, CSS frameworks)
Data Shared: IP address, request headers (standard HTTP data)
Note: These providers only collect standard web server logs

Data Processing Agreements: We ensure that all third-party processors comply with GDPR requirements and have appropriate Data Processing Agreements (DPAs) in place where required.

4. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

4.1 Right to Access (Article 15)

You have the right to request a copy of the personal data we hold about you. We will provide this information within 30 days of your request.

4.2 Right to Rectification (Article 16)

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

4.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request that we delete your personal data in certain circumstances, including:

The data is no longer necessary for the purpose it was collected
You withdraw your consent and there is no other legal basis for processing
You object to the processing and there are no overriding legitimate grounds
The data has been unlawfully processed

4.4 Right to Restriction of Processing (Article 18)

You have the right to request that we restrict the processing of your personal data in certain circumstances.

4.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

4.6 Right to Object (Article 21)

You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.

4.7 Rights Related to Automated Decision-Making (Article 22)

We do not use automated decision-making or profiling that produces legal effects concerning you.

How to Exercise Your Rights:
To exercise any of these rights, please contact us at:
Email: mostafa.yaghi@qynzoo.com
Response Time: We will respond to your request within 30 days (or 60 days for complex requests, with notification).
Verification: We may need to verify your identity before processing your request to protect your privacy.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

Contact Form Submissions: Retained in our email system until the inquiry is resolved or for up to 2 years for business continuity purposes
Web Server Logs: Retained for 90 days for security and troubleshooting purposes
Email Communications: Retained until the business purpose is fulfilled or you request deletion
Service Contracts: Retained for 7 years after contract completion for legal and tax compliance

After the retention period expires, we will securely delete or anonymize your personal data.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

Technical Measures:

HTTPS Encryption: All data transmitted between your browser and our website is encrypted using TLS/SSL
Security Headers: Content Security Policy (CSP), X-Frame-Options, HSTS, and other headers prevent common attacks
Input Validation: All form inputs are validated and sanitized to prevent injection attacks
Bot Protection: Honeypot fields and spam detection prevent automated abuse
Access Controls: Limited access to personal data on a need-to-know basis

Organizational Measures:

Regular security audits and vulnerability assessments
Staff training on data protection and privacy
Incident response and data breach notification procedures
Regular review and update of security policies

Data Breach Notification: In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform you without undue delay, as required by GDPR Article 33 and 34.

7. Cookies and Tracking

Current Status: Our website uses cookies and tracking technologies to analyze website traffic and improve user experience.

Google Analytics

We use Google Analytics 4 (GA4), a web analytics service provided by Google LLC ("Google"), to collect and analyze information about how visitors use our website. Google Analytics uses cookies and similar technologies to:

Track page views and user interactions
Analyze traffic patterns and user behavior
Monitor website performance and engagement
Generate statistical reports about website usage

Information Collected by Google Analytics:

Pages visited and time spent on each page
Referral sources (how you arrived at our website)
Device information (browser type, operating system, screen resolution)
Geographic location (country, region, city - based on IP address)
User interactions (clicks, scrolls, form submissions, button clicks)

IP Anonymization: We have enabled IP anonymization in Google Analytics, which means your IP address is truncated before being stored, enhancing your privacy.

Data Retention: Analytics data is retained for 14 months, after which it is automatically deleted.

Opt-Out: You can opt out of Google Analytics tracking by:

Installing the Google Analytics Opt-out Browser Add-on
Enabling "Do Not Track" in your browser settings
Using browser extensions that block tracking cookies

For more information about how Google collects and processes data, please visit Google's Privacy Policy and Google Analytics Privacy Information.

Third-Party Cookies

Some third-party services we use (such as Google Fonts, Google Analytics, and CDN providers) may set their own cookies. We do not control these cookies. Please refer to their respective privacy policies for more information.

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including:

United States: Web3Forms (contact form processing)
United States: Google Analytics (website analytics and tracking)

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions by the European Commission
Privacy Shield certification (where applicable)
Binding Corporate Rules

9. Children's Privacy

Our services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at mostafa.yaghi@qynzoo.com, and we will delete such information from our systems.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.

When we make changes:

We will update the "Last Updated" date at the top of this policy
For material changes, we will provide prominent notice on our website
We may also notify you via email if we have your contact information

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

11. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Controller: Qynzoo
Privacy Contact: mostafa.yaghi@qynzoo.com
General Contact: mostafa.yaghi@qynzoo.com
Phone (Mostafa): +31 6 84550084
Phone (Bader): +31 6 25126914
Email (Bader): bader.atem@qynzoo.com
Location: Worldwide - Remote Services

Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe we have processed your personal data unlawfully or in violation of your rights.

For residents of the European Union, you can find your local supervisory authority here: EDPB Members

12. Consent

By using our website and submitting your personal information through our contact forms, you consent to the collection, use, and processing of your data as described in this Privacy Policy.

You have the right to withdraw your consent at any time by contacting us at mostafa.yaghi@qynzoo.com. However, withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

Back to Home