Privacy Policy | Quadoro GmbH

The following is an overview of how we process your personal data and of your rights under data protection law. 

Who will process your personal data? 

Quadoro GmbH
Berliner Strasse 114
63065 Offenbach, Germany
Tel.: +49 69 247559 910
Fax: +49 69 247559 911

(hereinafter referred to as the "Company"). 

Data protection officer

The Company has appointed a data protection officer:

Doric GmbH
Berliner Strasse 114
63065 Offenbach, Germany
Tel.: +49 69 247559 100
Fax: +49 69 247559 990

Scope of application and further information

This Privacy Policy covers the processing of personal data of those who are in contact with the Company other than in a capacity as an investor in our investment opportunities.

Personal data means information relating to an identifiable natural person (hereinafter referred to as the "data subject"). This data protection information applies to you as a natural person if you are in contact with the Company for business purposes or if you are involved as an owner/shareholder, representative, employee or other contact person of a legal entity.

If applicable to you, please also consider the further information of the Company on data protection. As a user of the Company's website, you can read the Company's website-specific privacy policy here.

Processing of personal data 

Personal data are processed by the Company in compliance with applicable data protection laws, in particular with the requirements of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz or BDSG). Data processing is carried out for specifically defined purposes and in a lawful manner (i.e. with a legal basis). Data will only be processed for purposes other than those for which the Company originally collected it if this is compatible with the original purposes in accordance with legal requirements, taking into account the collection context, type of data and consequences of further processing. Within the scope of its statutory duty, the Company will inform you if it processes your data for any other purposes.

The Company collects personal data about you when you contact the Company or communicate it yourself (e.g. by handing over your business card). In addition, if necessary the Company processes personal data which it obtains from publicly accessible sources such as land registers, commercial and association registers, the press or Internet or which are transmitted to the Company by other Doric Group companies, their business partners or other third parties entitled to do so.

Relevant personal data are:

  • Particulars such as your name, address and other data required to contact you
  • Identification data such as those provided on your ID card or passport
  • Authentification data such as a sample of your signature
  • Tax and financial data such as your bank account details

The Company may legitimately process such personal data for the purposes stated below:

a) To fulfil contractual obligations (Art. 6 para. 1 lit. b) GDPR): In particular personal data will be processed so that the Company can provide services and implement any pre or post contractual measures. This includes the identification of contractual parties for correspondence and payment purposes;

b) To fulfil legal obligations (Art. 6 para. 1 lit. c) GDPR): The Company also processes your personal data in order to fulfil legal obligations to which the Company is subject. These include regulatory or official requirements (e.g. under the Anti-Money Laundering Act) as well as general business or tax obligations (e.g. compliance with retention periods);

c) On the basis of consent given (Art. 6 para. 1 lit. a) GDPR): Furthermore, the Company will process your personal data if you have consented to this for specific purposes, for example, for marketing purposes. You may revoke your consent, in whole or in part, at any given time;

d) To protect legitimate interests (Art. 6 para. 1 lit. f) GDPR): The company may also process your personal data to protect the Company's or third parties' legitimate interests. Such interests include: 

  • Communication and correspondence, aside from for contractual purposes
  • The assertion of legal claims and defence in legal disputes
  • The prevention and investigation of criminal offences
  • Marketing/direct marketing purposes
  • The management of business and the development of products and services
  • Ensuring IT security and operations
  • Consulting credit agencies to determine credit worthiness and default risk.

Transmission of personal data 

In order to fulfil the aforementioned legitimate purposes, the Company may pass on your personal data to third-party service providers and others to whom the company delegates tasks. In some cases, the service provider used by the Company receives such information as contract processors and is then strictly bound by the Company's instructions when handling your personal data. 

Recipients of your personal data may include: 

  • Payment service providers and banks in order to process payments
  • Credit agencies and the like to ascertain credit worthiness and default risk
  • Logistics service providers to transmit documents, etc. to you
  • Media companies such as advertising agencies, printers, copy shops, etc. to process marketing activities
  • IT service providers who administer and maintain the Company's IT systems
  • Collection agencies and legal advisors to assert any claims
  • Public authorities so the Company complies with its legal obligations.

Data will be transmitted to authorities in countries outside the EU or the EEA (so-called third countries) only if this is necessary to fulfil a legitimate purpose or is required by law, if you have given your consent to the Company or in the context of the processing of your order. Both companies affiliated with the Doric Group and external service providers in a third country may carry out such data processing. Compliance with European data protection norms is ensured by the Company through contracts containing clauses prescribed by the EU Commission or, alternatively, through comparable suitable guarantees within the meaning of Art. 46 GDPR.

Duration of data storage 

The Company processes and stores your personal data if necessary for the fulfilment of contractual and legal obligations or based on justified interests. This may include the initiation (pre-contractual legal relationship) and the settlement of contractual relationships. If you have given your consent, your personal data will be processed for the respective purpose until you revoke your consent.

In addition, the Company may store your personal data until the statute of limitations for any legal claims arising from the Company's relationship with you has passed in order to be able to use your data for verification purposes if necessary. As a rule, the limitation period is three years.

When the statute of limitations comes into effect, the Company deletes your personal data unless there is an additional legal obligation to store data, for example from the German Commercial Code, the Tax Code or the Anti-Money Laundering Act. These retention obligations can last up to ten years.

Your rights 

Every data subject has the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure (right to be forgotten) under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. Restrictions according to §§ 34 and 35 of the Federal Data Protection Act (BDSG) apply to the right of access and the right to erasure.

Note on your right to object pursuant to Art. 21 para. 1, para. 2 GDPR

Based on Art. 6 para. 1 lit. f) GDPR (data processing on the basis of legitimate interests) you have the right to object at any time to the processing of your data if there are reasons arising from your particular situation.

If you file an objection, the Company will no longer process your personal data unless compelling legitimate grounds for processing your data can be proven which outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims (reconsideration).

Insofar as the Company processes your personal data in order to carry out direct marketing on the basis of Art. 6 para. 1 lit. f) GDPR, you have the right to object at any time to the processing of your personal data for marketing purposes. The Company will comply with your objection for the future unreservedly and without further consideration. In this case, the Company will no longer process your data for direct marketing purposes.


You may revoke your consent to the processing of personal data at any time. A revocation can also apply to declarations of consent issued to the Company prior to the validity of the GDPR, i.e. before 25 May 2018. Please note that the revocation can only have a future effect. Processing that took place before the revocation is not affected by this.

To exercise your rights, please contact:

Quadoro GmbH
Berliner Strasse 114 - 116
63065 Offenbach, Germany
Tel.: +49 69 247559 910
Fax: +49 69 247559 911

In addition, you have a right to lodge a complaint with a supervisory authority (Article 77 GDPR). The supervisory authority responsible for the Company is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
(the Hessian Commissioner for Data Protection and Freedom of Information)

Gustav-Stresemann-Ring 1
65189 Wiesbaden, Germany
Tel.: +49 611 1408 0
Fax: +49 611 1408 611

Scope of your obligation to provide data

In principle, you are not obliged to provide the Company with your personal data. However, the company can only fulfil contractual and legal obligations if the necessary personal data are provided. Without this data, the Company will generally not be in a position to enter into or fulfil contractual obligations. Personal data that are not necessary for the respective processing purposes will be marked by the Company as voluntary data.

Automated decision-making/profiling

The Company does not employ any purely automated decision-making procedures (including profiling).