Book a demo

Privacy Policy

Effective date: 01.04.2026

This Privacy Policy (the "Policy") aims to inform you in a transparent and understandable manner about what personal data we collect when you visit our website, contact us, or create an account and use the features of the Queast platform.

The protection of your personal data is a key priority for us, which is why we have set out here the purposes and legal grounds for processing, the categories of data processed, the periods for which they are stored, and your rights under applicable law.

I. DEFINITIONS

The terms used in this Policy have the following meanings:

"Personal data" - any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"Controller" - the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

"Processor" - a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

"Processing of personal data" - any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

"Data subject" - an identified or identifiable natural person to whom the personal data relate.

"Consent of the data subject" - any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Some of the terms in this Policy have the meaning given to them in our Terms and Conditions, unless otherwise expressly stated.

II. WHO PROCESSES YOUR PERSONAL DATA

Your personal data is being processed by East Interactive Bulgaria Ltd., UIC 148104636, with seat and address of management in 10 Yuri Venelin Str., 2nd floor, Sredets region, Sofia 1000, Republic of Bulgaria ("We"; the "Controller"; "Queast"), which administers and maintains the website http://qu.east.fi/ (the "Platform").

We are the controller of your personal data within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("GDPR"; the "Regulation").

III. CATEGORIES OF PERSONAL DATA WE PROCESS

When you use our Platform, we only process the minimum personal data necessary to provide you with secure access to our services and enable you to work effectively within your account.

The data we collect depends on how you interact with the Platform, for example when you create an account, use its features, or when you contact us via our contact form.

Data provided when creating an account

When an account is created on the Platform, we may process the following categories of personal data:

  • Name of representative;
  • Business email address;
  • Role / Job title;
  • Company affiliation (company name);

In addition, for the purposes of creating an account we may process the following non-personal data:

  • Company information (services, offering, technology stack)
  • Company case studies
  • Company business interests (ICP, service focus, sales strategic focus)
  • Specific LLM matching criteria regarding User's ICP

Data provided through the "Contact us" form

When you contact us via the contact form, waiting lists or other communication channels, we process the following data:

  • Name;
  • Email;
  • Name of the company you are part of;
  • Role / Job title;
  • Your main services;
  • Technologies / keywords you care about;
  • Target markets / regions;
  • Approximate size of your delivery team (optional);
  • How are you finding leads today? (optional);
  • Any information you have voluntarily provided in your message.

Data provided through the "Order your custom buying signals" form

When you request a "sample signal" via the order form we process the following data:

  • Your company offering;
  • First and Last Name;
  • Email;
  • Website of the company you are part of;
  • Target markets / regions;
  • Your services you provide to clients;
  • Your core techstack;
  • Your product type (optional);
  • Your target customers' industries (optional);
  • Your typical customer size (optional);

Publicly available professional data

Queast processes personal data obtained from publicly accessible sources and from third-party data providers that aggregate professional and business-related information. Such data is collected exclusively from sources that are publicly indexed and accessible without registration or login, and without circumventing any technical, contractual, or visibility restrictions imposed by the respective source. Queast does not intentionally collect personal data from private profiles, closed networks, or platforms requiring authenticated access.

Such data relates exclusively to individuals acting in a professional or business capacity and is collected solely in the context of their publicly presented professional activities. The categories of personal data processed may include:

  • Names;
  • Professional / Business email addresses;
  • Roles / Job titles;
  • Company affiliation;
  • Professional phone numbers;
  • Links to professional social network profiles.

Queast does not intentionally collect personal data relating to individuals acting in a private capacity, nor does it intentionally collect special categories of personal data within the meaning of Article 9 of the GDPR or other sensitive information.

Further information on how third-party data is aggregated and used within the Platform is set out in the Terms and Conditions.

Bank details related to subscription payments

Where subscription fees are paid by bank transfer, Queast processes the bank account information necessary to identify, record, and reconcile the payment, such as the payer's bank account identifier, payment reference, amount, and date of payment. Queast does not process or store full bank account details beyond what is required for accounting, invoicing, and compliance with applicable financial and tax obligations.

Where subscription fees are paid by bank card, Queast processes only the information strictly necessary to facilitate the payment transaction. Queast does not store full bank card numbers, security codes, or other sensitive authentication data beyond the duration required to complete the payment, unless otherwise required by applicable law.

If Queast introduces the use of a third-party payment service provider, Queast will not process or store bank card details or sensitive payment information directly. In such case, payment processing will be carried out by the relevant third-party provider acting as an independent data controller or processor in accordance with its own privacy documentation. Queast will update this Privacy Policy accordingly and inform Users of any material changes.

Data processed for direct marketing purposes

For direct marketing purposes, when you have given your explicit consent, we may process your name and email address to send you information about updates, new features, or services related to the Platform.

Data generated when using the Platform

When using the Platform, technical data related to its use is automatically generated, such as logs of actions performed, IP address, time stamps, and information about the device or browser of the User. This data is processed solely to ensure the normal functionality of the services, technical support, information security, and prevention of abuse.

IV. FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA

Any references to identifiable individuals are processed strictly in a professional or business context and remain auxiliary to the analysis of job advertisements and company-level activity. Queast does not process personal data as a standalone product, does not engage in profiling of individuals and does not use such data to directly contact data subjects. Individual-level information is used solely to provide contextual insight in a business-to-business environment.

Creating and managing user accounts

In order to create and administer user accounts, provide access to the Platform, and enable the use of its functionalities, Queast processes the personal data provided during registration for the following purposes:

  • Identifying and authenticating users when creating and accessing an account;
  • Maintaining accurate and up-to-date account and contact information;
  • Managing subscriptions, billing, invoicing, and payment-related communications;
  • Providing customer support, technical assistance, and service-related communications;
  • Ensuring that users can access the functionalities and services associated with their subscription.

The legal basis for the processing is the performance of the contract concluded between you and Queast (Art. 6, para. 1, item "b" of the GDPR).

Provision of the Services

In order to provide the services offered through the Platform and to perform the contractual relationship with Users, Queast processes personal data for the following purposes:

  • Enabling Users to access, search, view, and analyze aggregated job market, company, and professional data through the Platform;
  • Displaying professional contact information and other business-related data in connection with job ads, companies, and relevant market signals;
  • Generating sales intelligence insights and analytical outputs based on the available data;
  • Ensuring the technical delivery, performance, availability, and proper functioning of the Services;
  • Providing updates, changes, or improvements to the Services that are necessary for their continued operation.

The legal basis for the processing is the performance of the contract concluded between you and Queast (Art. 6, para. 1, item "b" of the GDPR).

Technical support, security and optimization of the Platform

The Platform requires regular monitoring, maintenance, and information security measures to operate reliably and protect the data of all users. For these purposes, we process technical and log data, which allows us to:

  • Maintain the stability and security of the system;
  • Prevent and detect attempts at unauthorized access or misuse;
  • Analyze technical problems and perform diagnostics;
  • Improve the quality and functionality of the Platform.

The legal basis for processing this type of data is our legitimate interest in ensuring the security and normal functioning of the Platform (Art. 6, para. 1, item "f" of the GDPR).

Processing of inquiries and communication via the contact form

When you contact us via any of the contact forms, we process the data you provide so that we can respond to your inquiries in a timely and appropriate manner. This processing is necessary for:

  • Providing a response to the inquiry;
  • Follow-up communication, if necessary;
  • Tailoring an offer for the User's specific use case;
  • Identification when additional clarification is needed;
  • Documenting correspondence for traceability purposes.

The legal grounds here are our legitimate interest in processing inquiries (Art. 6, para. 1, item "f" of the GDPR) and consent when additional data is provided at the user's discretion (Art. 6, para. 1, item "a" of the GDPR).

Administrative, contractual and accounting activities

In order to manage our customer relationships and comply with our regulatory obligations, we process data relating to:

  • Administration of subscriptions and contractual relationships;
  • Issuing invoices and accounting documents;
  • Maintaining records required by law;
  • Processing of reports related to accounting.

The legal grounds for data processing are the performance of a contract (Art. 6, para. 1, item "b" of the GDPR) and compliance with a legal obligation (Art. 6, para. 1, item "c" of the GDPR).

Third-Party data

In order to provide the services offered through the Platform and to support its functionalities, Queast processes personal data obtained from third-party and publicly available sources for the following purposes:

  • Aggregating and consolidating publicly available professional and business-related data from multiple sources;
  • Identifying and presenting job market signals, company activity, and related professional context;
  • Enriching job ads and company profiles with relevant professional account and contact information;
  • Enabling Users to identify potential professional contacts in a business-to-business context;
  • Maintaining, updating, and improving the accuracy, relevance, and usefulness of the data made available through the Platform.

Where Queast processes personal data obtained from publicly accessible sources, such processing is based on the legitimate interests of Queast and its Users in identifying hiring signals, business activity, and relevant professional roles in a business-to-business context (Art. 6, para. 1, item "f" of the GDPR).

This processing relates exclusively to individuals acting in a professional capacity and aligns with their reasonable expectations, given the public nature and professional purpose of the information.

Queast has conducted a legitimate interest assessment and applies appropriate safeguards to ensure that the rights and freedoms of data subjects are not overridden. You may object to this processing at any time.

Compliance with regulatory obligations

In certain cases, we are required to process or store personal data in order to comply with applicable law. This includes:

  • Response to requests from competent authorities;
  • Storage of documents within the time limits provided for by law;
  • Performance of obligations related to the protection of the rights and legitimate interests of the controller.

The legal basis for this processing is compliance with a legal obligation (Art. 6, para. 1, item "c" of the GDPR).

Direct marketing

In order to inform you about improvements to the Platform, updates, new features, or services that may be relevant to your organization, we may engage in limited direct marketing activities.

In cases where your data is processed for direct marketing purposes, the basis for processing is your voluntary and informed explicit consent (Art. 6, para. 1, item "a" of the GDPR).

Recipients of marketing communications always have the right to object to the processing of their data for this purpose or to opt out of receiving such communications at any time.

V. AUTOMATED PROCESSING AND AI-ASSISTED FEATURES

Queast provides AI-assisted features that generate suggestions and other contextual outputs by analysing data available within the Platform, including any prompts or account inputs a User elects to submit.

These features operate by automatically analysing and combining existing data already aggregated by Queast and generating suggested content for the User's consideration. The generated output is provided solely as a supporting tool and does not constitute advice, recommendations, or decisions regarding any individual data subject.

In the event that a User voluntarily includes personal data within a free-text prompt or input, whether such data relates to the User, a prospective lead, or a third party, Queast processes such data solely as a transient input to produce the requested contextual suggestion. Queast does not extract, index, or otherwise utilize incidentally provided personal data to create user profiles, identify natural persons, or enrich its internal databases. The processing of such data is strictly confined to the immediate generation of the requested output and is not used to inform any other functionality within the Platform. The legal basis for such processing is the performance of the contract concluded between you and Queast (Art. 6, para. 1, item "b" of the GDPR), as the processing of the input is strictly necessary to deliver the specific functionality requested by the User.

The use of such features does not involve automated decision-making within the meaning of Art. 22 of the GDPR. Queast does not carry out any processing that produces legal effects concerning data subjects or similarly significantly affects them and no automated decisions are taken about individuals.

Any use of AI-generated content, including whether to rely on, modify, or send such content, remains entirely at the discretion and responsibility of the user.

VI. TO WHOM WE PROVIDE YOUR PERSONAL DATA

In certain cases, when necessary for the normal functioning of the Platform, for the performance of our contractual obligations, or for compliance with legal requirements, Queast may share personal data with a limited range of third parties.

Some of these third parties may be:

  • IT and hosting service providers who ensure the maintenance and development of the Platform;
  • Cloud service providers necessary for data storage, processing, or archiving;
  • Third-party service providers supporting data aggregation, enrichment, or structuring functionalities of the Platform, where necessary for the provision of the Services;
  • Competent authorities that, by virtue of a normative act, have the power to request Queast to provide information, including personal data, such as the Bulgarian court or a court of another country, various supervisory/regulatory authorities;
  • Accounting service providers for the purposes of recording issued invoices and other accounting documents in our accounting records;
  • Legal advisors in connection with the implementation or application of the Terms and Conditions or this Policy;
  • Other persons, when necessary to protect our rights or legitimate interests, including in the context of establishing, exercising, or defending legal claims.

We require all third parties to whom we disclose personal data to maintain confidentiality and take all technical and organizational measures to protect such data in accordance with the Regulation. Where required by applicable law, Queast enters into data processing agreements with third parties acting as processors.

Where third parties act as independent data controllers, their processing of personal data is governed by their own privacy policies.

We do not share your personal data with third parties for their own business or marketing activities without your consent.

VII. STORAGE PERIODS

We store personal data only for the period necessary to achieve the purposes for which it is processed, unless a longer period is required by law. After the expiry of the relevant period, the data is deleted or anonymized.

  • Personal data processed within user accounts are stored for the entire period of your registration. After termination of the legal relationship and deletion of the specific user profile, the data is stored for up to 5 years for the purposes of establishing, exercising, or defending legal claims.
  • Personal data obtained from publicly available sources or through third-party data aggregation services is stored only for as long as it remains relevant for the purpose of providing the Platform Services and its functionalities. Such data is periodically reviewed, updated, refreshed, or removed to ensure its accuracy and relevance, or deleted where it is no longer necessary, no longer publicly available, or where a valid objection to the processing has been received.
  • In accordance with the Bulgarian Accounting Act, certain personal data is stored by Queast for a period of 10 years, starting from January 1 of the reporting period following the reporting period to which the accounting and/or tax information containing personal data relates.
  • Data processed for direct marketing purposes is stored until the data subject withdraws their consent or objects to such processing.
  • AI-generated outputs and related systems logs are stored for the entire period of your registration.
  • Personal data received in connection with inquiries or correspondence submitted via the contact forms is stored for up to 1 (one) year after the end of the communication.
  • Where there is a potential legal dispute, complaint, or regulatory investigation, data may be stored until the relevant proceedings are concluded, even if this exceeds the usual retention periods.

VIII. DO WE USE COOKIES

We use cookies to improve the quality of our services. You can find more information about the use of cookies in our Cookie Policy.

IX. WHAT ARE YOUR RIGHTS IN RELATION TO THE PROTECTION OF YOUR PERSONAL DATA

You have the following rights regarding the processing of data and the data that is recorded about you:

Right to information and access

You have the right to request confirmation from us as to whether we are processing your personal data and, if so, to obtain access to that data and information about the purposes of the processing, the time limits and the recipients of the personal data. We will provide you with free access to your data and, upon your request, we will also provide you with a copy of the data.

Right to rectification

You have the right to request correction of inaccuracies in your personal data or completion of incomplete personal data.

Right to erasure ("right to be forgotten")

You have the right to request that we delete personal data relating to you that is no longer necessary for the purposes for which it was collected, or in respect of which you have withdrawn your consent to processing or exercised your right to object to processing. In certain legally regulated cases, we may refuse to delete your personal data.

Right to restriction of processing

In certain cases, you may request that we restrict the processing of your personal data, in which case it will only be stored but not otherwise processed.

Right to data portability

You have the right to receive the data we process about you in a structured, commonly used, and machine-readable format, as well as to transfer it to another controller.

Right to object to processing

You have the right to object to the processing of your personal data for direct marketing purposes, as well as to the processing of personal data relating to you based on Art. 6, para. 1, item "e" or item "f" of the GDPR.

Right to withdraw consent

If we process your personal data on the basis of consent, you have the right to withdraw your consent to the processing of your personal data at any time, without this affecting the lawfulness of the processing based on consent before its withdrawal.

Right to file a complaint

You have the right to lodge a complaint with the Bulgarian Commission for Personal Data Protection ("CPDP") if you believe that there has been a violation of the applicable legislation in the field of personal data protection. Complaints to the CPDP can be submitted in person or by letter to the following address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Republic of Bulgaria; by fax - 029153525; by email to the CPDP at kzld@cpdp.bg. More information about the procedure can be found at: https://www.cpdp.bg/.

X. CONTACTS

You can contact us with any questions regarding the processing of your personal data, including in relation to exercising your rights described in this Policy, in one of the following ways:

  • By mail to address 10 Yuri Venelin Str., 2nd floor, Sredets region, Sofia 1000, Republic of Bulgaria;
  • By e-mail: legal@east.fi;
  • Using our contact form;

The Supplier has also appointed a Data Protection Officer who may be contacted in connection with any questions relating to the processing of personal data or the exercise of data subject rights at the following contact details:

XI. AMENDMENTS TO THE POLICY

We may periodically amend this Privacy Policy. All amendments and additions to the Policy will be applied after publication of its current content, available on our website.