Effective Date: June 5, 2023
1. TYPES OF PERSONAL DATA WE COLLECT.
1.1 Personal Data You Voluntarily Provide to Us. If you are our potential customer or are interested in our Services on the website for other purposes, we process your personal data if you wish to request information, receive marketing or other communications from us (e.g., marketing emails, alerts, newsletters, etc.), register for or attend an event, or apply for a position on our website.
If you provide us feedback or contact us via e-mail or through our Services, we will collect your name and e-mail address, as well as any other content included in the feedback or the e-mail, in order to send you a reply. When you sign-up to use the Service or establish an account with us, we may collect additional profile information which may include:
- Name and contact data, such as first and last name, email address, postal address, phone number, and other similar contact data
- Employer and Professional Level data, such as the names of your current employers, job title(s), business contact information, etc.
- Account credentials, such as passwords and other security information for authentication and access
- Payment information, if you make a payment to use our Service
- Demographic information, such as, your country, and preferred language
1.2 Data About Your Use of Our Services. Our computer systems (or those of our service providers) may electronically and automatically collect information about you and your systems and devices when you use our Services to help us administer, protect (i.e., to detect and prevent fraud and security threats), and improve our Services, analyze usage and improve users’ experience. The information collected may be machine generated and may include, for example, the domain name of your Internet provider, your browser type, time zone, language, operating system, date of the visit, URL of the last web page visited before visiting our website, and URL of the first page you visit after leaving our website, pages viewed, time spent on a page, click through and clickstream data, search results selected, history, or comments made. When we send you an electronic communication, such as an e-mail, we may collect certain information, such as the action taken upon receipt of the e-mail (for instance, whether you opened or deleted the e-mail).
1.3 Personal Data Collected from Third Parties. We may obtain information from third parties with whom we do business or for our business purposes, such as in connection with a trade show or webinar or through public databases, social media or joint marketing partners. We may also collected Personal Data about you from the party or person(s) arranging for you to access our Services (e.g., your employer, subscriber, an organization, group, or association to which you belong or are associated with) in order to set up a user account or otherwise to access and/or use our Services.
1.4 Personal Data We Collect from Public and Private Sources as Part of Our Services. We collect Personal Data from private sources and from public domains run by various entities, such as government institutions and social media service providers (“Review Data”). Examples include Personal Data found on: (i) sanction disciplined, or debarred lists; (ii) law enforcement, court, regulatory, registry or other governmental websites and databases; (iii) political websites and publications such as parliamentary, local government or individual politician websites; (iv) reputable news media and publications; and (v) information sources made public by an individual themselves, for example on their website, blog or any social media application. Review Data collected on these domains include, but are not limited to name, e-mail, phone number, address, employment information, familial relations and birthdate. We process this data to provide our Services and assist our customers in performing due diligence and other screen activities required by law or regulation, and risk management assessments that are in the public interest (“Reviews”). Please note that Quantifind’s customers make their own decisions about how to use the Review Data they receive to conduct their Reviews. To the extent that any Personal Data is provided to us by a third-party, other than the individual to whom the Personal Data relates, such third parties are also responsible for their own compliance with applicable data protection and privacy laws.
1.5 Personal Data You Provide to Our Affiliates and Subsidiaries. We may get Personal Data from our current and future subsidiaries, parent companies, or other companies that control or are under common control with us (our “Affiliates”).
2. USE OF YOUR DATA.
We use your Personal Data for the following purposes:
2.1 To Provide the Services Requested. Where we have a contract with you, we will process your Personal Data in order to fulfill that contract (i.e., to provide you with the Services). This includes setting up your account, administering our relationship with you, performing identity and authentication activities, facilitating and processing transactions, and providing technical support.
2.2 To Personalize your Experience with our Service. We use the Personal Data you voluntarily provide us to remember a user’s preferences, such as language, font size and communication type, and the user’s interests regarding subject matter. We also use data to allow a user to navigate or browse through our Services more quickly and efficiently, and to perform other functions or processes described to the user at the time of collection of the Personal Data from that user.
2.3 For Internal Use. We use your Personal Data for the purposes of furthering our business, including improving, enhancing or modifying our Services through data analysis, audits, security and fraud monitoring and prevention. We may also use data to determine the approximate location of each user, calculate usage levels, diagnose server problems, and in general to administer the Services, in each case through use of a user’s IP address.
2.4 To Provide You with Service-Related Communications. We will send you administrative or account-related information to keep you updated about our Services. Such communications may include information about policy updates, security updates or tips or other relevant information. We process your contact information to send you such communications and to forward administrative information to the user. Service-related communications are not promotional in nature. You are not able to unsubscribe from such communications, otherwise you may miss important developments relating to your account or the Services.
2.6 To Engage in Marketing Activities, as Permitted by Law. Marketing lets us grow our community and update you about new products and services. When you sign-up to receive marketing or promotional communications from us, we process your Personal Data to send marketing information, invitations to events or other communications that we believe may be of interest to the user.
2.7 To Enforce Compliance with Our Terms and Agreements or Policies. When you access or use our Services, you are bound by this Policy. To ensure you comply with them, we process your Personal Data by actively monitoring, investigating, preventing and mitigating any alleged or actual prohibited, illicit or illegal activities on our Services. We also process your Personal Data to investigate, prevent or mitigate violations of our internal terms, agreements or policies; enforce our agreements with third parties and business partners; and, as applicable, collect fees based on your use of our Services.
2.8 To Maintain Legal and Regulatory Compliance. Our Services are subject to certain laws and regulations which may require us to process your Personal Data. For example, we process your Personal Data to pay our taxes, to fulfill our business obligations, ensure compliance with employment and recruitment laws, to comply with requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, to exercise our rights, and to defend ourselves from claims, or as necessary to manage risk as required under applicable law.
3. DISCLOSURE OF YOUR PERSONAL DATA.
3.1 Disclosure to Service Providers. We may share your Personal Data with service providers to provide you with the Services; to conduct quality assurance testing; to facilitate creation of accounts; or to provide technical support. These service providers are contractually required not to use your Personal Data other than to provide the services we request, and are bound by contractual obligations that are at least equivalent to those obligations imposed on us by our customers..
3.2 Quantifind Customers. We only make Review Data available to our customers that have a legitimate need to access such information in relation to Reviews. We also require that they only use it for the purposes of carrying out Reviews or to otherwise comply with law. If any of our customers uses Review Data beyond the limited purposes permitted by us, we may act to terminate the customer’s access to Quantifind.
3.5 Legal Requests and Prevention of Harm. We may use, share or disclose information about users, including your Personal Data, in order to address legal concerns or liabilities, particularly when we believe that a user has misused our Services, such as to gain unauthorized access to any system, to engage in spamming activities, to engage in denial of service or similar attacks, or to conduct any fraudulent or unlawful activity. We also may be required to provide legal authorities access to a user’s information, in accordance with applicable law, including laws outside the user’s country of residence.
4. SECURITY OF YOUR PERSONAL DATA.
We use a variety of technical, organizational and administrative measures to protect user information that we possess against unauthorized or unlawful access or processing, and against accidental loss, destruction or damage. We believe that these measures are reasonably adapted to the nature and types of information in our custody.
5. RETENTION OF YOUR PERSONAL DATA.
In determining the retention period for your Personal Data, we take the following criteria into account:
- the length of time necessary to fulfill the purposes we collected it for
- when you cease to use our Services
- the length of time it is reasonable to keep records to demonstrate that we have fulfilled our duties and obligations
- any limitation periods within which claims might be made
- any retention periods prescribed by law or recommended by regulators, professional bodies or associations
- the existence of any relevant proceedings
6. INTERNATIONAL TRANSFERS OF INFORMATION.
Your Personal Data may be processed in the country in which it was collected and in other countries or jurisdictions that may not have the same data protection laws, or provide as much protection to Personal Data, as the country where you reside. If you are located outside the United States and choose to provide information to us, please note that we transfer your information, including your Personal Data, to the United States and process it there.
If you are located in the European Economic Area (“EEA”), the United Kingdom or Switzerland at the time your Personal Data is collected, we will take appropriate contractual or other steps to protect the relevant Personal Data in accordance with the applicable laws. These steps include implementing the European Commission’s Standard Contractual Clauses for transfers of Personal Data to those countries that are not deemed “adequate” by the European Commission.
7. THIRD-PARTY LINKS TO OTHER WEBSITES ON THE SERVICES.
7.2 Social Media. The Services may provide links to social media services (e.g., LinkedIn and Facebook) where a user is able to post comments. These services may collect, retain and share information about a user. Use of such services is subject to the terms and conditions of their privacy policies. Please note that any information that is posted or disclosed through social media may be available to us, to other users of that service or to the public. We recommend caution when using these features. Please check the privacy policies of these social media websites before using their services.
Our Services are not generally aimed at children. We do not intentionally collect Personal Data from or about individuals under the age of thirteen (13). Children under the age of 13 should not send us Personal Data. We do not knowingly collect any Personal Data from children who are under the age of 13. If we become aware that an individual under the age of 13 is submitting information to us, we will make reasonable efforts to delete the information as soon as possible.
9. DO NOT TRACK SIGNALS.
Some browsers give individuals the ability to communicate that they wish not to be tracked while browsing on the Internet. The Internet industry has not yet agreed on a definition of what “Do Not Track” means, how compliance with “Do Not Track” would be measured or evaluated, or a common approach to responding to a “Do Not Track” signal. Consequently, due to the lack of guidance, we have not yet developed features that would recognize or respond to browser-initiated Do Not Track signals in response to the laws of California or any other jurisdiction.
10. YOUR PRIVACY RIGHTS.
10.2 Changes to and Deletion of Personal Data. You may request that we change or delete any of your Personal Data in your account by sending an e-mail to us at the e-mail address set forth below in the “How to Contact Us” section below. However, we may be required (by law or otherwise) to retain this information and not delete it (or to retain this information for a certain time period, in which case we will comply with your deletion request only after we have fulfilled such requirements).
11. NOTICE FOR UNITED STATES RESIDENTS.
This section applies only to United States residents and explains how we collect, use, and disclose your Personal Information. It also describes how to exercise your rights under the California Consumer Privacy Act, the Colorado Privacy Act, the Connecticut Act Concerning Personal Data Privacy and Online Monitoring, the Utah Consumer Privacy Act, and the Virginia Consumer Data Protection Act. (collectively referenced as the “U.S. Privacy Laws”). Pursuant to the U.S. Privacy Laws, below is a summary for the last twelve (12) months of the Personal Information categories that we collect, the reason we collect the Personal Information, where we obtain the Personal Information, and the third parties that we may share the Personal Information. When we say “Personal Information” in this section, we mean any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
We generally collect the following categories of Personal Information in providing our Services
- Identifiers such as a name, address, unique personal identifier, email, phone number, your device’s IP address, software, and identification numbers associated with your devices;
- Information in customer records;
- Certain characteristics of protected classifications under U.S state or federal law, such as gender, as part of our Services to our customers.
- Commercial information such as records of products or services purchased, obtained, or considered by you;
- Internet or other electronic information regarding you browsing history, search history, the web page visited before you came to our website, length of visit and number of page views, click-stream data, locale preferences, your mobile carrier, date and time stamps associated with transactions, and system configuration information;
- professional or employment-related information;
- your geolocation, to the extent you have configured your device to permit us to collect such information;
- audio recordings of your voice to the extent you call us, as permitted under applicable law; and
- inferences about your preferences, characteristics, behavior and attitudes.
- The categories of sources from which we collect Personal Information about you are described in Section 1 above.
- The categories of third parties with whom we may share your Personal Information are listed in Section 3 above.
- We will retain your Personal Information, including Sensitive Personal Information in accordance with the criteria described in Section 5 above.
11.1 Your Privacy Rights Under the U.S Privacy Laws. Depending on where you live, you may have some or all of the rights described within this section in relation to your Personal Information; however, your rights are subject to certain exceptions. For instance, we cannot disclose specific pieces of Personal Information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of the Personal Information, your account with us or the security of our network systems.
To assert your rights in relation to your Personal Information, please contact us by email. To confirm your identity, we may ask you to verify Personal Information we already have on file for you. If we cannot verify your identity based on the information we have on file, we may request additional information from you, which we will only use to verify your identity, and for security or fraud-prevention purposes. If you are using an authorized agent to exercise your rights, we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.
- Right Against Discrimination. You have the right not to be discriminated against for exercising any of the rights described in this section. We will not discriminate against you for exercising your right to know, delete or opt-out of sales.
- Right to Know. You have the right to request in writing: (i) a list of the categories of Personal Information, such as name, address, email address, that a business has disclosed to third parties during the immediately preceding calendar year for the third parties’ direct marketing purposes, and (ii) the names and addresses of all such third parties.In addition, you have the right to request: (i) the categories of Personal Information we have collected about you, (ii) the categories of sources from which Personal Information is collected, (iii) the business or commercial purpose for the information collection, (iv) the categories of third parties with whom we have shared Personal Information, and (v) the specific pieces of Personal Information we hold about an individual.
- Right to Access. You have the right to request a copy of the specific Personal Information we collected about you during the 12 months before your request.
- Right to Delete. You have the right to request us delete any Personal Information we have collected from you or maintain about you, subject to certain exceptions.
- Right to Opt-Out of Targeted Advertising or Selling. In 2019, we were sharing identifiers about you with certain third-party advertising cookie providers in such a way that, under the U.S Privacy Laws, may be defined as selling. We do not currently sell your Personal Information.
- Right to Correct.You may seek to have your Personal Information corrected if that information is inaccurate or incomplete.
- Right to Opt-Out of Automated Decision-Making (or Data Profiling). We do not subject your Personal Information to such processing activities.
- Right to Limit the Collection and Use of Sensitive Personal Information. You have the right to direct us to limit the use or disclosure of your sensitive personal information to that which is necessary to perform the Services. We do not currently collect, process or disclose Sensitive Personal Information for the purpose of inferring characteristics about you.
- Right to appeal. If we decline to take action regarding your request, we will inform you of our decision and reasoning behind it. If you wish to appeal our decision, please email us at the e-mail address set forth below in the “How to Contact Us” section below. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may contact the appropriate Attorney General to submit a complaint.
11.2 Shine the Light Law. We currently do not share Personal Information with third parties for their direct marketing purposes without the express consent of the user.
12. NOTICE TO INDIVIDUALS IN THE EUROPEAN ECONOMIC AREA, UNITED KINGDOM AND SWITZERLAND
This section only applies to individuals that access or use our Services while located in the EEA, United Kingdom and/or Switzerland (collectively, the “Designated Countries”). We may ask you to identify which country you are located in when you use some of the Services or we may rely on your IP address to identify which country you are located in. When we rely on your IP address, we cannot apply the terms of this section to any individual that masks or otherwise hides their location information from us so as not to appear located in the Designated Countries. If any terms in this section conflict with other terms contained in this Policy, the terms in this section shall apply to users in the Designated Countries.
12.1 Our Relationship to You. Quantifind is a controller with regards to any Personal Data collected from individuals where it determines the purposes for which and the manner in which any Personal Data is processed. In certain situations, customers may hire Quantifind to collect Personal Data about individuals. In such cases, we are processing such Personal Data purely on behalf of our customers as data processors, and any individuals who seek to exercise their rights should first direct their query to our customer (the controller).
12.2 Data Transfers Outside the EEA. When Quantifind transfers your Personal Data to a business not located in the Designated Countries, we comply with the conditions laid down in Chapter 5 of the General Data Protection Regulation (“GDPR”). We transfer your Personal Data subject to the appropriate safeguards required under the applicable law. Depending on the circumstances the transfer of your Personal Data out of the Designated Countries, or an onward transfer of your Personal Data, may be necessary for the performance of our contract with you, the performance of a contract between us and another party that we entered into for your interest, or for important reasons of public interest. Whenever we share your Personal Data with another party, we contractually require the recipients to comply with the GDPR and all other applicable data protection laws in processing your Personal Data and/or we rely on Standard Contractual Clauses in relation to such transfers.
Quantifind also participates in and has certified its compliance with both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks asset forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Economic Area (“EEA”), United Kingdom, and Switzerland to the United States, respectively. Under the Privacy Shield Frameworks, Quantifind is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. To learn more about the Privacy Shield program, and to view our certification, please visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/list.
Quantifind commits to resolve complaints about the processing of Personal Data collected from individuals located in the EEA, the United Kingdom and Switzerland in compliance with the applicable privacy laws and Privacy Shield Principles. European data subjects with inquiries or complaints relating to our Privacy Shield certifications should first contact us at firstname.lastname@example.org. If we are unable to you may refer your complaint to our designated independent dispute resolution mechanism is JAMS at https://www.jamsadr.com/eu-us-privacy-shield. If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield, Annex 1.
12.3 Marketing. We will only contact individuals located in the Designated Countries by electronic means (including email or SMS) based on our legitimate interests, as permitted by applicable law or the individual’s consent. If you do not want us to use your Personal Data in this way or to disclose your Personal Data to third parties for marketing purposes, please click an unsubscribe link in your emails or contact us at email@example.com. You can object to direct marketing at any time and free of charge.
To the extent we process your Personal Data to perform a contract with you or comply with a legal requirement, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not. If we process your Personal Data in reliance on our legitimate interests (or those of any third party), we will indicate what those legitimate interests are at the relevant time, or upon request.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to contact us” heading below.
12.5 Your Individual Rights. We provide you with the rights described below when you use our Services. We may limit your individual rights requests in the following ways: (a) where denial of access is required or authorized by law; (b) when granting access would have a negative impact on other’s privacy; (c) to protect our rights and properties; and (d) where the request is frivolous or burdensome.
If you would like to exercise your rights under applicable law, you can do so at any time by filling out Quantifind’s Data Subject Rights Requests Form. Please note that we may ask you to verify your identity before responding to such requests.When we fulfill your individual rights requests for rectification, erasure or restriction of processing, we will notify third parties also handling the relevant Personal Data unless this proves impossible or involves disproportionate effort. In certain circumstances, you have the following data protection rights:
- Access or delete. You can seek to access or to request deletion of the Personal Data we hold about you.
- You may seek to have your Personal Data rectified if that information is inaccurate or incomplete.
- Object to processing. You have the right to object to our processing of your Personal Data.
- You may have the right to request that we restrict the processing of your Personal Data.
- You may have the right to be provided with a copy of the Personal Data we have on you in a structured, machine-readable and commonly used format.
- Withdraw consent. You may have the right to withdraw your consent at any time where we relied on your consent to process your Personal Data.
- Not to be subject to automated individual decision-making. We do not subject your Personal Data to such processing activities.
13. HOW TO CONTACT US.