Quenvantor d.o.o., having its registered office at Ulica grada Vukovara 271, 10000 Zagreb, VAT ID (OIB): 12345678901 ("Quenvantor", "we", "us"), takes your privacy seriously as the controller of personal data. This Privacy Policy explains which data we collect, how we process it and what rights you have under Regulation (EU) 2016/679 (GDPR) and the Croatian Act implementing the GDPR (NN 42/2018).
The controller of personal data is Quenvantor d.o.o., registered with the Commercial Court in Zagreb under MBS 081234567. For any questions related to the processing of personal data you may contact us at info@quenvantor.com or by post at our registered address. We have appointed a Data Protection Officer reachable at dpo@quenvantor.com.
Depending on your interaction with the platform, we collect: identification data (first name, last name, OIB, date of birth, ID document number), contact data (email, phone, address), financial data (IBAN, source of funds information), investment data (history, amounts, risk profile), technical data (IP address, device identifier, browser data), and the documentation required for KYC and AML procedures under the Croatian Act on the Prevention of Money Laundering and Terrorist Financing (NN 108/2017).
We process your data for the following purposes: (i) conclusion and performance of the crowdfunding service agreement — legal basis Art. 6(1)(b) GDPR; (ii) compliance with legal obligations such as KYC, AML and HANFA reporting — Art. 6(1)(c) GDPR; (iii) marketing communications and platform analytics — Art. 6(1)(a) GDPR (consent); (iv) protection of the platform's legitimate interests and fraud prevention — Art. 6(1)(f) GDPR.
Data related to investments and KYC documentation are kept for at least 11 years after the end of the contractual relationship, in line with anti-money-laundering legislation. Marketing data are kept until consent is withdrawn, while technical logs are kept for 12 months. After these periods data are permanently anonymised or deleted.
Your data are available only to Quenvantor employees who need them to perform their duties, as well as to the following categories of recipients: payment service providers (card processors, banks), KYC/AML solution providers (Onfido, Sumsub), IT and cloud service providers within the EEA, external auditors, and competent authorities — HANFA, Tax Administration, Anti-Money-Laundering Office. Data processing agreements pursuant to Art. 28 GDPR have been concluded with all processors.
Quenvantor processes data primarily within the European Economic Area. Where data are transferred to third countries (e.g. because we use tools from US-based providers), such transfers are subject to the European Commission's Standard Contractual Clauses and appropriate safeguards.
You have the right of access, rectification, erasure, restriction of processing, data portability and the right to object to processing based on legitimate interest. You may withdraw consent at any time. Requests may be submitted in writing to info@quenvantor.com. You also have the right to lodge a complaint with the Croatian Personal Data Protection Agency (azop.hr).
We implement organisational and technical measures including encryption in transit (TLS 1.3), encryption at rest (AES-256), access control on a least-privilege basis, regular penetration testing and employee training. The system is hosted in ISO 27001-certified data centres located within the EU.
We may update this Privacy Policy from time to time. We will inform you of material changes via email and publish the latest version with the date of the last update.