- What Information is Being Collected?
- How is it Being Collected?
- What is our Legal Basis for Collecting Personal Data?
- How do We Use Your Personal Data?
- How and To Whom do We Share Your Personal Data?
- Your Failure to Provide Personal Data
- Our Retention of your Personal Data
- Your Rights With Respect to Your Personal Data
- Our Opt-in/Opt-out Policy
- Changing or Deleting Your Information
- Third Party Service Providers, Links to other Sites, and Third Party Advertising
- International Transfer
- “Do Not Track” Signals
- Children’s Privacy
- Contacting Us
- Effective Date
Please review the entire policy to learn the types of Personal Data we gather, how we use that Personal Data, what Personal Data is disclosed and to what third parties, and how we safeguard your Personal Data.
2. What Information is Being Collected?
Personal Data. As you interact with and use our Sites, we may collect and use personal data from you. We use the term “Personal Data” to refer to any information that identifies or can be used to identify you.
Common Examples of Personal Data
– Full name
– Home address
– Email address
– Date of birth
– Digital identity
– Login name, screen name, nickname, or handle
– Information about your device:
– Manufacturer and model of your device; Internet Service Provider (ISP); Internet Protocol (“IP”) address (or other device identifier); browser type; and operating system
– Location; cookies; access times and dates; referring/exit pages; clickstream data; pages of the Sites that you visit; the time spent on those pages or interacting with certain portions of the Sites; information you search for on the Sites
If you are an employee of QASymphony, we may also collect the following Personal Data:
– Government-issued identification numbers: Social Security numbers, social insurance or similar numbers in all countries, driver’s license numbers, passport numbers, national identification numbers, vehicle registration plate number
– Bank account numbers
– Credit card numbers
– Employment background screening reports
Sensitive Personal Data.
We use the term “Sensitive Personal Data” to refer to a smaller subset of Personal Data which is considered more sensitive to the individual, such as: race and ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic or biometrical information, physical or mental health information, medical insurance data, or sexual orientation.
WE DO NOT COLLECT OR USE, AND WE DO NOT WANT YOU TO PROVIDE TO US, ANY SENSITIVE PERSONAL DATA.
3. How is it Being Collected?
We obtain information about you from a variety of sources, including you, your interaction with our Sites, and third parties. Such information may include your name, postal address, e-mail address, and telephone number, among other personally identifiable information.
Information you provide to us. If you use certain of our services or communicate with us (by phone, chat, email, web forms, social media or other means of communication), you may be required to provide us certain information and Personal Data, in the following ways:
– Information that you provide by filling in forms on our website. This includes information provided at the time of registering to use our services, subscribing to our services, posting material, requesting further services or applying for a job at QASymphony.
– We may also ask you for information when you report a problem with or have a question about our services.
– Records and copies of your correspondence (including e-mail addresses), if you contact us.
– Your responses to surveys that we might ask you to complete for research purposes.
– Details of transactions you carry out through our services and of the fulfillment of your orders.
– Your search queries on our website or through our services.
If you do not provide us with Personal Data, your ability to use certain aspects of our products and services may be limited.
Information provided to us by our customers. Because our products and services are intended to be accessed and used by multiple users of each of our customers, it is possible that we may receive information and Personal Data about you that was submitted to us by our customer (your employer). Further, due to the nature of our products and services, it is possible that our customer may provide to us, in the course of using our products and services, information and Personal Data about its own users and customers. We require our customers to agree to not share such information with us, however, we cannot control what our customers disclose to us. If Personal Data pertaining to you as an individual has been submitted to us by a QASymphony customer and you wish to exercise any rights you may have to access, correct, amend, or delete such data, please inquire with our customer directly. Because our personnel have limited ability to access data our customers submit to our products and services, if you wish to make your request directly to us, please provide the name of the QASymphony customer who submitted your data to us. We will refer your request to that customer, and will support them as needed in responding to your request within a reasonable timeframe.
Information we collect from your use of our services and other interactions you have with our Sites.
We may collect your usage information about how you use our services, including your access times, location, browser types and language, and Internet Protocol addresses. We may collect device-specific information when you access our services, including your hardware model, operating system and version, unique device identifiers, mobile network information, and information about the device’s interaction with our services.
This type of information is collected automatically by our servers when you access our Sites or use our services. The information we collect automatically is statistical data and may or may not include Personal Data, but we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties. It helps us to improve and to deliver better and more personalized services, including by enabling us to:
– Estimate our market size and usage patterns.
– Store information about your preferences, allowing us to customize our services according to your individual interests.
– Speed up your searches.
– Recognize you when you return to our services.
The technologies we use for this automatic data collection may include:
– Web Beacons. Pages of our services or our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
Information We Collect from Your Use of Our Services and/or Third Party Services. We may also collect information about you from your interaction with and use of certain functionalities on our Sites:
– Messaging. The Sites provides messaging to enable users to communicate with one another and/or with us. We may review communications made between users using the Sites’ messaging for legitimate business purposes, including providing customer and technical support.
– Public Forums. Please note that if you use any bulletin board, chat room, comment posting feature, or other public communication service, forum, or feature offered through the Sites, or post any information available for viewing by other users, any of the information that you share will be visible to other users. The information that you make available can be read, used, and collected by other users to send you unsolicited messages outside of the Sites. We are not responsible for the manner in which the Personal Data that you decide to share in this way will be used by other users.
– Social Media. We operate and maintain networking pages on social media platforms such as Facebook, Twitter, and LinkedIn. We will, from time to time, import comments and posts from these third-party platforms to the QASymphony Sites. If you post to any of our networking pages on third-party social media platforms, you are providing information to the public and do so at your own risk. Further, we may use these postings on our Sites without notice or compensation to you. Please visit the privacy policies of any third-party social media platforms before posting to our pages there.
Information We Collect from Other Sources. We may also collect information about you from third parties, including but not limited to third-party verification services, credit bureaus, mailing list providers, and publicly available sources. This information may include your Social Security number. We may also collect information about you from our channel partners, including our resellers, third party marketing partners, or third party service providers we may engage to provide you with certain aspects of our services or products, such as help desk service providers or hosting services. We may also collect information about you if you attend one of our trade shows or events, or from social networks, public sources, and our third party analytics service providers.
4. What is our legal basis for collecting Personal Data?
Personal Data: Whenever we collect Personal Data from you, we may do so on the following legal bases:
– Your consent to such collection and use;
– Out of necessity for the performance of a contract between us and you, such as your agreement to use our services and products;
– Our legitimate business interest, including but not limited to the following circumstances where collecting / using Personal Data is necessary for:
– Intra-company transfers of employee/client data for admin purposes;
– Product development and enhancement – where the processing enables us to enhance, modify, personalize, or otherwise improve our services and communications for the benefit of our customers, and to better understand how people interact with our Sites;
– Communications, marketing and intelligence – including processing data for direct marketing purposes (subject to your right to opt out as provided in Section 10 below) and to determine the effectiveness of our promotional campaigns and advertising;
– Fraud detection and prevention (crime prevention);
– Industry watch-lists and industry self-regulatory schemes;
– Enhancement of our cybersecurity, including improving the security of our network and information systems; and
– General business operations and due diligence; provided that, in each circumstance, we will weigh the necessity of our processing for the purpose against your privacy and confidentiality interests, including taking into account your reasonable expectations, the impact of processing, and any safeguards which are or could be put in place. In all circumstances, we will limit such processing for our legitimate business interest to what is necessary for its purpose.
– Compliance with our legal obligations.
5. How do we use your Personal Data?
We will use Personal Data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by you. We will take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete, and current. This Section provides additional information on how we use your Personal Data.
We use information about you to provide, maintain, personalize and improve our services, to provide customer and technical support and to deliver information to you and support your requests, including support, marketing and administrative messages.
We may use information we collect to send you news and information about our services and to communicate with you about products or services. You may opt out of receiving promotional emails or text messages from us by following the instructions in those emails or text messages. If you opt out, we may still send you non-promotional communications, such as messages about your account or our ongoing business relations.
We may also use information about you (i) to track and analyze trends and usage in connection with our services; (ii) to protect our rights or property; (iii) to compare information for accuracy; (iv) to verify your identity; (v) to investigate and prevent fraud or other illegal activities; and (vi) for any other purpose disclosed to you in connection with our services.
Additionally, we use information that we collect about you or that you provide to us, including any Personal Data:
– To provide you with information, products or services that you request from us.
– To fulfill any other purpose for which you provide it.
– To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
– To notify you about changes to our services or any products or services we offer or provide though them.
– In any other way we may describe when you provide the information.
– For any other purpose with your consent.
We may use the information we have collected from you to enable us to display advertisements to our advertisers’ target audiences.
We may use third-party service providers to process and store Personal Data in the United States and other countries. See Section 13 below for more information on our policies regarding international transfer of your Personal Data.
We may combine Personal Data about you that we have collected from different sources, for example, by combining publicly available information from various sources (e.g., LinkedIn and others) to help analyze sales opportunities.
Our policy is not to share the Personal Data we collect with third parties other than as specified below, or unless a user expressly consents to our sharing of certain information with a specified third party.
We will never share any Sensitive Personal Data with any other third party unless you have explicitly consented to such disclosure.
With your consent. We may share Personal Data about you for any lawful purpose to which you have expressly consented or directed, or to fulfill the purpose for which you provided the Personal Data to us.
To Our Business Partners and Vendors. We work closely with certain business partners and vendors and we may provide Personal Data to our business partners and vendors so that they can offer or provide services to you. For example, we may provide Personal Data to our business partners or other trusted entities for the purpose of providing you with information on goods or services we believe will be of interest to you. We may also engage third party companies and individuals for any of the following: to provide customer and technical support; to facilitate the Sites; to provide the Sites or portions of the Sites on our behalf; to perform related services, including without limitation, maintenance services, database management, fulfillment, web analytics, and improvement of the features or functionality; or to assist us in analyzing how the Sites are being used.
It is our policy to only share Personal Data with contractors, service providers and other third parties who are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which we disclose it to them. Under certain circumstances, you may avoid having us share your information with our business partners and vendors by not granting us permission to share your information. Not granting us permission to share your information with our business partners or vendors may limit your access to their services through the Sites.
Compliance with Law and Protection of QASymphony and Others. We may release Personal Data when we believe, in our sole discretion, that release is appropriate:
– To comply with any court order, subpoena, law or legal process, including to respond to any government or regulatory request
– To enforce agreements we may have with you.
– If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of us, our customers or others.
– To prevent activity that we believe, in our sole discretion, may be or may become illegal, unethical, or legally actionable (including exchanging Personal Data with other companies and organizations for fraud protection).
Business Transfers. As we continue to develop our business, we may buy, sell, or share assets in connection with, for example, a merger, acquisition, reorganization, sale of assets, or bankruptcy. In such transactions, Personal Data about our users is often a transferred business asset. In the event that QASymphony itself or substantially all of our assets are acquired, Personal Data about our users may be one of the transferred assets.
Aggregate Site Use Information. We may release aggregate and anonymized / pseudonymized Personal Data to advertisers and other third parties in order to promote or describe use of the Sites.
7. Your Failure to Provide Personal Data
Your provision of Personal Data is required in order to use certain parts of our services and our products. If you fail to provide such Personal Data, you may not be able to access and use our services and/or our products, or parts of our services and/or our products.
8. Our Retention of your Personal Data
We may retain your Personal Data for a period of time consistent with the original purpose of collection. For example, we keep your Personal Data for no longer than reasonably necessary for your use of our products and services and for a reasonable period of time afterward. If you are a customer, we may delete your Personal Data from our systems within sixty (60) days after termination of your agreement with us. We also may retain your Personal Data during the period of time needed for us to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes and enforce our agreements.
9. Your Rights With Respect to Your Personal Data
Data protection laws, including the General Data Protection Regulation (“GDPR”), provide you with certain rights in connection with the Personal Data that you have shared with us. You have the following rights:
The right of access: You have the right to request a copy of your Personal Data which we hold about you.
The right of correction: You have the right to request correction or changes of your Personal Data if it is found to be inaccurate or out of date. Section 11 below provides more information about how you can request changes to your Personal Data.
The right to be forgotten: You have the right to request us, at any time, to delete your Personal Data from our servers and to erase your Personal Data when it is no longer necessary for us to retain such data. Note, however, that deletion of your Personal Data will likely impact your ability to use our services.
The right to object (opt-out): You have the right to opt out of certain uses of your Personal Data, such as direct marketing, at any time. Section 10 below provides more information about how you can opt out of such uses.
The right to data portability: You have the right to a “portable” copy of your Personal Data that you have submitted to us. Generally, this means your right to request that we move, copy or transmit your Personal Data stored on our servers / IT environment to another service provider’s servers / IT environment.
The right to refuse to be subjected to automated decision making, including profiling: You have the right not to be subject to a decision and insist on human intervention if the decision is based on automated processing and produces a legal effect or a similarly significant effect on you.
The right to lodge a complaint with a supervisory authority.
10. Our Opt-in/Opt-out Policy
We currently provide the following opt-out opportunities:
1. At any time, you can follow a link provided in offers, newsletters or other email messages (except for e-commerce confirmation or service notice emails) received from us to unsubscribe from the service.
11. Changing or Deleting Your Information
You may update or correct information about yourself by emailing us at email@example.com. If you completely delete all such information, then your account may become deactivated. We may retain an archived copy of your records as required by law, to comply with our legal obligations, to resolve disputes, to enforce our agreements or for other legitimate business purposes.
We may contact you to request that you update your Personal Data on a regular basis to ensure its integrity for the purposes of ongoing data management.
Third Party Service Providers, Links to other Sites, and Third Party Advertising
13. International Transfer
We are committed to complying with applicable laws, regulations and mandatory government standards regarding the protection of Personal Data.
If we transfer your Personal Data out of your jurisdiction, we will implement suitable safeguards to ensure that your Personal Data is protected. We are certified to the EU-US Privacy Shield and it is our policy to, where required by applicable laws, execute a Data Privacy & Data Security Addendum with all third parties with whom we may share Personal Data.
EU-US Privacy Shield Certified
We participate in the EU-US Privacy Shield Framework regarding the collection, use, and retention of Personal Data from European Union member countries. We have certified with the U.S. Department of Commerce that we adhere to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. To learn more about the Privacy Shield Principles, visit www.privacyshield.gov.
If you have any inquiries or complaints about our handling of your personal data under the Privacy Shield, or about our privacy practices generally, please contact us at: firstname.lastname@example.org. We will respond to your inquiry promptly. We have committed to refer unresolved privacy complaints under the Privacy Shield to an independent third party dispute resolution mechanism. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based privacy and data usage third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Under certain conditions, as more fully described on the Privacy Shield website (www.privacyshield.gov/article?id=How-to-Submit-a-Complaint), you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
If you are a QASymphony employee and you are not satisfied with our response to your concerns with regard to the handling of any of your Personal Data, you are advised to contact the state or national data protection or labor authority in the jurisdiction where you reside. We commit to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.
As explained here we sometimes provide Personal Data to third parties to perform services on our behalf. If we transfer Personal Data received under the Privacy Shield to a third party, the third party’s access, use, and disclosure of the personal data must also be in compliance with the Privacy Shield framework, and we will remain liable under the Privacy Shield for any failure of the third party to meet such compliance obligations unless we prove we are not responsible. Such third parties must agree to use such Personal Data only for the purposes for which they have been engaged by us and they must either: (i) comply with the Privacy Shield Principles or another mechanism permitted by the applicable EU data protection law(s) for transfers and processing of Personal Data; or (ii) agree to provide adequate protections for the Personal Data that are no less protective than those set out in this Policy.
You can review our Privacy Shield registration at www.privacyshield.gov/list. We are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). We may be required to disclose Personal Data that we handle under the Privacy Shield in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Data Privacy & Data Security Addendum
When necessary under applicable laws, we require our third party service providers to agree to terms and conditions addressing the data privacy, data security, adequate data protection and transfer of Personal Data, and containing the standard contractual clauses authorized by the Commission Decision of 5 February 2010 under Directive 95/46/EC of the European Parliament and of the Council. For more information and to request a copy of the standard contractual clauses you can contact us at our contact information below.
We are very concerned with safeguarding your information. We employ administrative, physical, and electronic measures designed to protect your information from unauthorized access. We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account technological reality, cost, the scope, context and purposes of processing weighted against the severity and likelihood that the processing could threaten individual rights and freedoms. For example, we use commercially reasonable security measures such as encryption, firewalls, and transport layer security (TLS) or hypertext transfer protocol secure (HTTPS) to protect Personal Data.
Please note that no security system is impenetrable. Accordingly, we do not guarantee the security of our databases, nor that information you supply won’t be intercepted while being transmitted to us over the Internet or other network. Any information you transmit to us, you do at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on or within our services. Where we have given you (or where you have chosen) a password for access to certain parts of our services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored “personal data” (as defined in applicable state statutes on security breach notification) to you via email or conspicuous posting through the Sites in the most expedient time possible and without unreasonable delay, as consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
15. “Do Not Track” Signals
Some Web browsers may be configured to send Do Not Track signals to websites, or users may use similar mechanisms, to indicate a user’s preference that certain web technologies not be used to track the user’s online activity. The Sites do not accept or process such Do Not Track signals or similar mechanisms.
16. Children’s Privacy
We are committed to protecting the privacy of children. Our services are not intended for anyone under the age of 13. If you are under 13, do not use or provide any information on or through our services. If we learn we have collected or received Personal Data from a child under 13 without verification of parental consent, we will delete that information. If you are a parent or guardian or otherwise believe we might have any information from or about a child under 13, please contact us so that we can delete the child’s information. Our services will never knowingly accept, collect, maintain or use any information from a child under the age of 13. If a child whom we know to be under the age of 13 sends Personal Data to us online, we will only use that information to respond directly to that child or notify parents.
18. Contacting Us
19. Effective Date