We value your privacy

    We use cookies for analytics and to improve your experience. Read our Cookie Policy and Privacy Policy.

    Privacy Policy

    Last updated: February 2026

    1. Data Controller

    Quest2S BV ("we", "us", "our") is the data controller responsible for processing your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable national data protection legislation.

    2. What Personal Data We Collect

    2.1 Data you provide directly

    • Identification and contact information (e.g. name, email address, phone number)
    • Professional information (e.g. company name, job title)
    • Booking and meeting data, or gated content downloads
    • The content of your message or request (whether by submission of form, email, chat or otherwise)
    • Event registrations: details provided when registering for events we organise

    2.2 Data collected automatically when you use our website

    When you visit our website, we may (depending on your cookie choices) process:

    • Technical data: IP address, browser type, device and system information
    • Usage data: pages visited, time spent on pages, click behaviour, referring URLs, search terms used
    • Cookie data: information collected via cookies and similar tracking technologies (see also our Cookie Policy and cookie settings)
    • Behavioural data: browsing patterns used to personalise your website experience

    2.3 Data from third party sources

    We may (depending on configuration and your choices) receive or derive data via:

    • HubSpot Inc: CRM data and where enabled, website tracking/visitor identification, lead scoring data
    • Google Analytics 4 (GA4): anonymised analytics and conversion tracking data
    • Publicly available information: business contact details from publicly accessible sources for B2B prospecting

    3. Purposes and Legal Basis

    We process your personal data for the following purposes:

    Purpose Legal Basis
    Website operation and security — technical functioning, security and performance, troubleshooting Legitimate interest
    Analytics & improvement — understanding website usage to improve user experience and content Consent via cookie consent (where required)
    Contact requests and follow-up (lead generation) Legitimate interest; Consent for marketing
    Meeting bookings Legitimate interest
    Content personalisation — adapting content based on browsing behaviour Consent via cookie consent
    Marketing communications — newsletters, event invitations Consent; Legitimate interest for existing relationships
    Contract performance — provision of consulting, AI strategy and related services Contract performance
    Legal compliance Legal obligation

    4. Who We Share Your Data With

    We may share personal data with service providers supporting us (processors), solely for the purposes described in this policy and under appropriate contractual safeguards, including:

    • HubSpot Inc. (CRM, marketing automation) — EU data centre (eu1)
    • Google LLC (GA4, GTM) — EU data processing, anonymised IP
    • CookieYes Ltd (consent management)
    • Hosting provider (Lovable/Vercel) — website hosting and CDN
    • Prerender.io — server-side rendering for crawlability

    4.2 International transfers (outside the EEA)

    Some service providers may use (sub-)processors or infrastructure outside the European Economic Area (EEA). Where applicable, transfers are protected through appropriate safeguards, such as the EU-U.S. Data Privacy Framework and Standard Contractual Clauses (SCCs).

    4.3 No selling of personal data

    We do not sell personal data. We do not share data with third parties for their own marketing purposes.

    5. Data Retention

    We do not retain personal data longer than necessary. Indicative retention periods:

    • Website analytics (GA4) data: 14 months
    • Cookie consent records: 12 months
    • Server logs: 90 days
    • HubSpot contact records: duration of business relationship + 3 years
    • Marketing communication consent: until withdrawn
    • Contractual data: 10 years after termination

    6. Your Rights

    Under the GDPR, you have the following rights:

    • Right of access
    • Right to rectification
    • Right to erasure
    • Right to restriction
    • Right to data portability
    • Right to object
    • Right to withdraw consent at any time

    To exercise your rights, contact us at hello@renout.io.

    You also have the right to lodge a complaint with a supervisory authority (e.g. Gegevensbeschermingsautoriteit in Belgium, Autoriteit Persoonsgegevens in the Netherlands, CNIL in France, or the relevant Landesdatenschutzbehörde in Germany).

    7. Cookies

    We use cookies and similar technologies. For more information, please see our Cookie Policy.

    8. Security

    We implement appropriate technical and organisational measures to protect your personal data, including encryption (TLS/HTTPS), access controls, regular security assessments, and data processing agreements with service providers.

    9. Changes to This Policy

    We may update this Privacy Policy from time to time. The most recent version is always available on our website.

    10. Contact

    Quest2S BV — hello@renout.io