Sub-Processor &
Data Transfer Policy

Scope of this Policy

This policy applies to Quantum Intelligence Hub Ltd and its connected websites, platforms, business divisions and digital services, including but not limited to:

• qihhub.com — corporate intelligence, cybersecurity, OSINT, global analysis and legal policy centre
• qihhub.info — company formation, business infrastructure and global expansion services
• qihnetwork.com — hosting, web development, SEO, ADS, automation and digital operations services
• qihhub.online — academy, certification, cyber education and AI education services
• qihhub.net — infrastructure, network and operational systems
• qihhub.shop — UK and European e-commerce operations
• qihhub.store — United States e-commerce operations
• omerakin.nl — founder profile, strategic publications and public thought leadership content

Purpose of Using Sub-Processors

QIH may engage sub-processors where this is necessary or commercially reasonable for the provision, protection, improvement, administration or legal operation of its services.

• Hosting websites, databases, applications, dashboards and digital infrastructure
• Processing payments, invoices, subscriptions, refunds and fraud checks
• Delivering customer support, email communications and service notifications
• Operating educational platforms, certification systems and learning environments
• Providing cybersecurity monitoring, log analysis, access control and incident response
• Managing company formation, compliance checks, accounting support and business onboarding
• Operating AI-assisted systems, automation tools, content systems and analytics services
• Maintaining legal, accounting, tax, compliance, audit and operational records

Categories of Sub-Processors

QIH may use the following categories of sub-processors and operational providers across its ecosystem:

Authorisation to Use Sub-Processors

Users and clients authorise QIH to engage sub-processors where QIH determines that such engagement is necessary for the provision, security, continuity, maintenance or improvement of its services.

• QIH may appoint, replace, remove or update sub-processors without requiring individual prior approval from each user
• QIH will use commercially reasonable efforts to select reputable service providers suitable for the relevant processing activity
• Sub-processors may process limited data strictly for the purpose of delivering the relevant service
• QIH may use different sub-processors depending on service type, client location, technical requirement or operational need
• Refusal to allow required sub-processing may make certain QIH services unavailable or technically impossible to provide

International Data Transfers

QIH is a UK-based company operating across international markets. As a result, certain data may be transferred, accessed, stored or processed outside the United Kingdom.

• Data may be transferred to or accessed from the European Economic Area, the United States, Canada, the United Arab Emirates, Turkey or other operational jurisdictions
• International transfers may occur when using cloud hosting, payment gateways, AI providers, email systems, CRM tools or certification platforms
• Users acknowledge that some third-party providers operate global data centres and distributed infrastructure
• Data transfers may be necessary for fraud prevention, cybersecurity, account verification, payment processing and service delivery
• QIH may rely on recognised transfer mechanisms where required by applicable data protection laws

UK GDPR and Data Protection Framework

QIH aims to process personal data in accordance with applicable UK data protection requirements, including the UK GDPR and Data Protection Act 2018 where applicable.

• QIH applies data minimisation principles where commercially and technically reasonable
• QIH limits sub-processor access to the data necessary for the relevant service
• QIH may enter into data processing agreements with key providers where required
• QIH may conduct reasonable vendor checks before using critical sub-processors
• QIH may update its processing structure to reflect technical, legal or business changes
• QIH does not sell personal data as a standalone commercial product

Types of Data That May Be Transferred

Depending on the service used, QIH and its authorised sub-processors may process or transfer the following categories of data:

• Identity data, including name, surname, company name, job title and authorised representative details
• Contact data, including email address, phone number, billing address and business address
• Account data, including usernames, login records, support tickets and service preferences
• Payment and billing data, including invoices, subscription status, payment references and transaction metadata
• Technical data, including IP address, device information, browser type, server logs and security events
• Educational data, including course registration, progress, certification records and learning activity
• Business formation data, including company details, compliance information and onboarding documents
• E-commerce data, including order details, shipping information, return requests and customer service history

Data Transfer for Company Formation Services

For company formation, bank account assistance, accounting support, compliance checks and global expansion services, QIH may need to share client data with third-party professionals, platforms and official bodies.

• Data may be shared with company registration agents, accountants, legal professionals, compliance partners and official registries
• QIH does not guarantee approval by Companies House, banks, payment providers, government departments or other official bodies
• QIH may refuse, pause or terminate processing where documents are incomplete, inaccurate, suspicious or legally unsuitable
• Banking, tax, visa, payment account or government approval decisions remain outside QIH’s control
• Clients are responsible for providing accurate, complete and lawful information

Data Transfer for Hosting, Web and Digital Services

For hosting, website development, e-commerce infrastructure, SEO, advertising, automation and digital operations services, QIH may transfer or process technical, operational and business data through third-party infrastructure.

• Website files, databases, logs and backups may be stored on third-party servers
• DNS, CDN, firewall, cache and security filtering may be performed by infrastructure providers
• Advertising platforms may process campaign data, audience data, tracking data and conversion events
• SEO and analytics tools may process website usage data and technical performance data
• Service interruptions caused by hosting providers, CDNs, registrars, plugins, APIs or third-party platforms are outside QIH’s direct control

Data Transfer for AI and Automated Systems

QIH may use AI-assisted platforms and automated systems to support analysis, documentation, content preparation, workflow optimisation, cybersecurity review, customer support and operational efficiency.

• AI providers may process prompts, technical text, operational instructions or anonymised business context where required
• Users must not submit sensitive, unlawful, confidential or third-party restricted information unless authorised to do so
• AI-generated outputs are not guaranteed to be accurate, complete, legally sufficient or suitable for critical decisions without human review
• Third-party AI providers may update models, restrict features, suspend access or modify processing rules independently
• QIH is not responsible for model changes, API failures, provider outages or inaccurate outputs caused by third-party AI systems

Data Transfer for E-Commerce, Orders and Returns

For QIH e-commerce operations, order processing, fulfilment, supplier coordination, customer service and return handling may require data transfers to third-party suppliers, fulfilment partners and courier companies.

• Customer name, delivery address, phone number, order details and delivery instructions may be shared with suppliers and courier companies
• Shipping providers may process delivery data under their own terms, policies and operational conditions
• Return shipping arrangements may require customer data to be shared with logistics partners
• Unless otherwise required by mandatory consumer law, return shipping costs may be the responsibility of the customer where stated in the applicable return terms
• QIH is not liable for courier delays, customs delays, failed delivery attempts, incorrect customer address details or third-party logistics errors beyond its reasonable control

Security Measures

QIH applies commercially reasonable technical and organisational measures to protect data processed through its ecosystem.

• Access controls, password protection and account-level permissions where appropriate
• Use of SSL/TLS encryption for supported websites and communication channels
• Firewall, CDN, anti-abuse and monitoring systems where technically available
• Limited access to systems and data on a need-to-know basis
• Backup, recovery and continuity measures where included in the relevant service package
• Review of suspicious activity, abuse patterns, unauthorised access attempts and security incidents

Sub-Processor Changes

QIH may update, replace or add sub-processors where required for business continuity, better service quality, cost efficiency, compliance, security, technical performance or operational necessity.

• QIH may update its provider structure without requiring individual written approval from every user
• Material changes may be reflected in this policy or related privacy documentation
• Users who object to necessary sub-processing may need to discontinue affected services
• QIH may immediately replace a sub-processor where security, legal, operational or commercial reasons require urgent action
• QIH is not liable for disruption arising from unavoidable provider migration, account transfer, platform suspension or infrastructure replacement

Data Retention by Sub-Processors

Sub-processors may retain certain data for legal, operational, security, accounting, dispute resolution, fraud prevention or compliance purposes.

• Payment providers may retain transaction records according to financial regulation and anti-fraud requirements
• Hosting providers may retain logs, backups or security records for limited periods
• Courier and fulfilment providers may retain delivery and proof-of-delivery information
• Certification and education partners may retain learning, examination or certificate records
• Legal, accounting and compliance partners may retain records according to statutory retention obligations
• Deletion from QIH systems does not guarantee immediate deletion from every third-party system where lawful retention obligations apply

Client Responsibilities

Clients and users are responsible for ensuring that the data they submit to QIH is lawful, accurate, complete and suitable for the requested service.

• Users must not submit data they are not authorised to provide
• Users must not submit unlawful, fraudulent, misleading or false information
• Users are responsible for obtaining consent from employees, clients, partners or third parties whose data they submit
• Users must keep account credentials secure and must not share access with unauthorised persons
• Users must immediately notify QIH of suspected unauthorised access, incorrect data or compliance concerns
• Users must understand that refusal to provide required data may prevent QIH from delivering the requested service

Limitation of Liability

To the maximum extent permitted by applicable law, QIH, its directors, employees, contractors, advisors and partners shall not be liable for indirect, incidental, special, punitive, consequential or business-interruption damages arising from third-party processing, infrastructure failure, data transfer issues or sub-processor activity.

• QIH is not liable for outages, breaches, errors or suspensions caused by independent third-party providers
• QIH is not liable for payment provider account reviews, transaction delays, chargebacks, frozen funds or rejected payments
• QIH is not liable for courier errors, supplier delays, customs issues or fulfilment failures outside its reasonable control
• QIH is not liable for loss of profit, loss of opportunity, loss of goodwill, loss of rankings, loss of data or loss of revenue except where liability cannot legally be excluded
• QIH’s aggregate liability shall not exceed the fees paid by the client for the specific service giving rise to the claim

Contact, Complaints and Data Requests

Users may contact QIH regarding this policy, data transfers, sub-processor questions, data protection requests or privacy-related concerns through the following channels:

• Data Protection: compliance@qihhub.com
• Legal: legal@qihhub.com
• Support: support@qihhub.com
• Security: security@qihhub.com
• UK Headquarters: +44 7447 237982
• NL Operations: +31 638582434
• USA Academy & EDU Operations: +1 205-900-1258
• Registered Address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

Policy Updates & Governing Law

QIH reserves the right to update this Sub-Processor & Data Transfer Policy at any time to reflect changes in service providers, international transfer requirements, technical infrastructure, legal obligations, business operations or data protection practices.

This policy is governed by the laws of England and Wales. The courts of England and Wales shall have jurisdiction over any disputes arising from or connected to this policy, except where mandatory law provides otherwise. Continued use of QIH services after publication of an updated version constitutes acceptance of the revised policy.