top of page

Privacy Notice

Last updated: 13 April 2026

Who we are

Quantidal (“Quantidal”, “we”, “us”, “our”) provides consulting services focused on AI governance, risk management, and compliance.

 

For the purposes of data protection law, Quantidal Consulting is the data controller for personal data collected through this website.

 

Contact: If you have any questions about this notice or how we handle personal data, you can contact us at:

giovanni@quantidal.com

What personal data we collect

We collect very limited personal data, and only when you choose to provide it.

 

When you contact us by email

If you email us directly, we may collect:

  • Your email address

  • Your name (if provided)

  • Any information you choose to include in your message (such as your role, organisation, or enquiry details)

 

Newsletter subscriptions

Our newsletter is operated through Substack, a third-party platform.

  • Substack collects and processes subscriber data such as email addresses and engagement metrics

  • Quantidal does not collect newsletter subscription data directly through this website

  • Substack acts as an independent data controller and processes data in accordance with its own privacy policy

What we use your data for

We use personal data only for clear, limited purposes:

  • To respond to enquiries you send us

  • To communicate with you in a professional or business context

  • To operate and improve our communications (via Substack, where applicable)

 

We do not use personal data for automated decision-making or profiling.

Legal basis for processing

Under UK GDPR and EU GDPR, we rely on the following legal bases:

  • Legitimate interests – to respond to enquiries and conduct business communications

  • Consent – where you choose to subscribe to a newsletter via Substack

 

You can withdraw consent at any time by unsubscribing or contacting us.

How long we keep your data

We retain personal data only for as long as necessary to:

  • Respond to enquiries

  • Maintain a professional record of communications

  • Meet any legal or regulatory obligations

 

We do not retain personal data indefinitely.

Sharing and third parties

We do not sell or rent personal data.

 

Personal data may be processed by trusted third parties only where necessary, including:

  • Email service providers

  • Newsletter platforms (Substack)

 

These providers process data under their own privacy terms and appropriate safeguards.

International data transfer

Some third-party services we use (such as Substack) may process data outside the UK or EU.

 

Where this occurs, appropriate safeguards are used, such as:

  • UK adequacy regulations

  • EU Standard Contractual Clauses or equivalent measures

Your data protection rights

Under UK GDPR and EU GDPR, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request deletion of your data

  • Object to or restrict certain processing

  • Request data portability (where applicable)

 

To exercise any of these rights, please contact us using the details above.

 

You also have the right to lodge a complaint with:

  • The UK Information Commissioner’s Office (ICO)

  • Or your local EU supervisory authority

Cookies and tracking

This website does not intentionally use tracking cookies or advertising technologies.

 

If this changes in the future, this notice will be updated accordingly.

Changes to this notice

We may update this privacy notice from time to time to reflect legal, technical, or business changes.

The latest version will always be published on this page.

bottom of page