Privacy Policy

This Privacy Policy describes how Qustrava collects and uses personal information in connection with lighting installation services offered through the website abostra.digital. The policy covers information provided directly by users, information collected automatically during website use, and third-party sources. Contact details for Qustrava are provided below. This policy reflects practices as of the effective date and explains user choices and rights regarding personal data. Business ID: 272552170.

2026-04-14 Qustrava privacy@abostra.digital

Definitions

Terms used in this policy have the following meanings as applied to the services of Qustrava. These definitions are provided to clarify scope and responsibilities when personal data is processed.

Personal data means information that identifies or can be used to identify an individual, directly or indirectly, such as name, email address, phone number, postal address, or billing details.
Processing means any operation performed on personal data, including collection, storage, use, disclosure, transmission, deletion and combination.
User refers to an individual who interacts with the Qustrava website or receives services related to lighting installation, including potential clients and contact persons.
Service refers to offerings related to lighting installation, consultations, estimates and related communications provided by Qustrava through abostra.digital.
Cookies are small text files placed on a device by the website to remember information about a user, support site functionality and gather analytics data.

Data collection

Qustrava collects information necessary to provide installation services, respond to inquiries and comply with legal obligations. Data collection is limited to the scope required to deliver the requested service or to meet regulatory requirements.

Information you provide

Users supply information directly when requesting a consultation, completing a form, or communicating with Qustrava. This data typically includes:

  • Contact details such as name, email address and phone number
  • Site address and property details, including the project location
  • Project descriptions, photos and preferred scheduling information
  • Payment or billing information when a paid service is requested (processed by third-party payment providers)
  • Communications history including messages and service notes
  • Consent choices and marketing preferences

Information collected automatically

When users visit abostra.digital, certain technical data is collected automatically to operate and secure the site and to analyze usage patterns.

  • IP address and approximate location data
  • Device and browser type, screen resolution and operating system
  • Pages visited, actions taken on the site and referral source
  • Cookie identifiers and similar local storage data
  • Performance and error logs related to site operation
  • Analytics data aggregated to improve service delivery

Third-party sources

Qustrava may receive information about users from third parties in limited circumstances, for example payment processors, scheduling platforms or analytics providers.

  • Payment processors supplying transaction confirmations
  • Scheduling or quoting platforms used to coordinate site visits
  • Analytics and hosting providers that assist with site performance

Purposes of processing

Collected data is used only for legitimate and specified purposes necessary to provide services, maintain the website and meet legal obligations.

  • To provide, manage and schedule lighting installation services
  • To communicate with users about quotes, appointments and service updates
  • To process payments and verify billing information via third-party processors
  • To maintain and improve the website, including performance and security monitoring
  • To comply with legal obligations and respond to lawful requests from authorities
  • To analyze service usage and client needs using aggregated analytics
  • To manage customer support, dispute resolution and follow-up adjustments
  • To retain records for tax, accounting and regulatory compliance

Legal basis for processing

Where applicable, Qustrava relies on recognized legal bases to process personal data, depending on the specific processing activity.

  • Performance of a contract: processing necessary to provide requested services
  • Legal obligation: processing to comply with laws and regulatory requirements
  • Legitimate interests: processing for site security, fraud prevention and business operations, balanced against user rights
  • Consent: where required for marketing communications or optional cookies

EU and EEA data subject rights

For EU and EEA residents, this section summarizes rights under applicable data protection laws. Qustrava follows relevant procedures for access, correction and objections where those laws apply.

  • Right of access: request a copy of personal data held by Qustrava
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of personal data where lawful basis allows
  • Right to restriction and objection: request limits on processing or object to certain uses
  • Right to data portability: request transfer of provided data in a structured, commonly used format
  • Right to withdraw consent: where processing is based on consent, users may withdraw consent at any time

Cookies and tracking

Cookies and similar technologies are used to support site functionality, analytics and preferences. Users can manage cookie settings via their browser or device.

Types of cookies include essential cookies required for site operation, performance cookies used for analytics, and optional cookies used for preferences and advertising.

Essential cookies maintain basic site functions; analytics cookies collect usage data; preference cookies remember choices; advertising cookies may be used by third parties for targeted content.

Most browsers allow users to block or delete cookies through settings. Disabling certain cookies may affect site functionality. Consent controls on the site enable users to accept or reject non-essential cookies.

Cookie policy and preferences

Data sharing and disclosures

Qustrava shares personal data only as necessary to deliver services, for legal reasons, or with service providers under contract who follow appropriate safeguards.

  • Service providers and contractors involved in scheduling, installation and logistics
  • Payment processors to handle transactions and billing verification
  • Hosting and analytics providers for website operation and analysis
  • Legal and regulatory authorities when required by law or to respond to official requests
  • Professional advisors such as accountants or insurers where necessary for legitimate business purposes
  • Affiliated partners under strict controls and contractual protections

International transfers

Some service providers used by Qustrava may operate in countries outside Canada. Where data is transferred internationally, Qustrava implements appropriate safeguards such as contractual clauses and controls to protect personal information and to meet applicable legal requirements.

When personal data is transferred across borders for operational, hosting or vendor purposes, Qustrava evaluates the recipient’s data protection measures and implements contractual safeguards such as standard contractual clauses, data processing agreements, and access limitations. Transfers are limited to jurisdictions with adequate protections where possible. Where additional technical or organizational measures are required, Qustrava applies encryption, pseudonymization and strict role-based access to minimize exposure.

Data retention

Qustrava retains personal information only for as long as needed to provide services, meet legal obligations, resolve disputes, and enforce agreements. Retention periods are determined by the type of data, the purpose for which it was collected, and applicable Canadian law.

Account records, including contact details and service history, are retained for the duration of the customer relationship and for a period of up to seven years after account closure where required for tax or regulatory compliance. Records no longer needed are securely deleted or aggregated.

Communications such as emails and messaging platform with Qustrava are retained for operational purposes and to maintain service continuity. Routine correspondence is archived for a minimum of one year and for longer when necessary to address disputes or regulatory requests.

System logs and access records are retained for security monitoring and incident contribute. Typical retention for logs is 12 to 24 months, depending on log type and operational needs. Log data is aggregated or purged according to retention schedules and applicable rules.

When personal data is no longer required, Qustrava applies secure deletion methods appropriate to the storage medium. Backup copies are retained according to backup policies and deleted in subsequent cycles. Requests for deletion are handled in accordance with applicable law and internal processes.

Security of personal information

Qustrava implements administrative, technical and physical safeguards designed to protect personal information against unauthorized access, loss, misuse and alteration. Security practices are reviewed periodically and updated to reflect changes in technology and operational risks. Security measures are intended to reduce risk but cannot eliminate it entirely.

  • Access control: role-based permissions and multi-factor authentication for administrative access.
  • Data protection: encryption of sensitive data in transit and at rest where feasible, and secure key management.
  • Operational safeguards: regular security assessments, patch management, and monitored logging for anomaly detection.

User rights and choices

Depending on your jurisdiction and the nature of the data, you may have rights relating to your personal information. Qustrava provides mechanisms to exercise these rights where applicable and consistent with legal requirements.

  • Access: request a copy of personal data processed by Qustrava.
  • Rectification: request correction of inaccurate or incomplete personal data.
  • Erasure: request deletion of personal data where retention is not required by law.
  • Restriction: request restriction of processing under certain conditions.
  • Portability: request a machine-readable copy of data you provided, where applicable.
  • Objection: object to processing based on legitimate interests, where applicable.
  • Withdraw consent: withdraw consent for processing when consent was the legal basis.
  • Complaint: lodge a complaint with a supervisory authority if you believe your rights were not respected.

How to make a rights request

To exercise any privacy rights, contact Qustrava using the contact details below. Provide sufficient information to identify yourself and describe the request. Qustrava may ask for additional information to verify identity before processing a request in order to protect personal data.

contact@qustrava.abostra.digital

Qustrava aims to respond to verified requests promptly and within timeframes required by applicable law. Where permitted, complex requests may require additional time and Qustrava will communicate expected timelines and any necessary extensions.

Marketing communications

Qustrava may send marketing communications about services, events or offers when you have opted in or where permitted by law. Communications are intended to be relevant and limited to your preferences and service relationship.

You can opt out of marketing communications at any time via unsubscribe links in emails or by contacting Qustrava at the address below. Opting out will not affect transactional messages related to service provision.

Children's information

Qustrava does not target services to children under the age of majority and does not knowingly collect personal information from children without verifiable parental consent. If Qustrava becomes aware of inadvertent collection of a minor's data, steps will be taken to delete it in accordance with applicable law.

Links to other sites

Websites and services linked from Qustrava may have different privacy practices. Qustrava is not responsible for the content or policies of third-party sites and encourages users to review the privacy statements of any external services they visit.

Changes to this privacy statement

Qustrava may update this privacy statement to reflect operational or legal changes. Material changes will be posted on the site with an updated effective date. Continued use of services after changes indicates acceptance of the revised policy where permitted by law.