Effective Date: September 28, 2020
1. TYPES OF PERSONAL DATA WE COLLECT.
1.1 Personal Data You Voluntarily Provide to Us. If you provide us feedback or contact us via e-mail or through our Services, we will collect your name and e-mail address, as well as any other content included in the feedback ore-mail, in order to send you a reply. When you request information, or establish an account with us, we may collect additional profile information.
1.2 Data About Your Use of Our Services. Our computer systems(or those of our service providers) may electronically collect information about you when you use our Services. The information collected may be machine generated and may include, for example, the domain name of your Internet provider, your browser type, time zone, language, operating system, date of the visit, URL of the last webpage visited before visiting our website, and URL of the first page you visit after leaving our website, pages viewed, time spent on a page, click through and clickstream data, search results selected, history, or comments made. When we send you an electronic communication, such as an e-mail, we may collect certain information, such as the action taken upon receipt of the e-mail (for instance, whether you opened or deleted the e-mail).
1.3 Personal Data Collected from Third Parties. We may obtain information from third parties with whom we do business or for our business purposes, such as in connection with a trade show or webinar or through public databases, social media or joint marketing partners.
1.4 Personal Data We Collect from Public Sources. We collect Personal Data on public domains run by various entities, such as government institutions and social media service providers (“Review Data”). Review Data collected on these domains include name, e-mail, phone number, address, employment information, familial relations and birthdate. We process this data to provide our Services and assist our customers in performing due diligence and other screen activities required by law and risk management assessments that are in the public interest (“Reviews”). Please note that Quantifind’s customers make their own decisions about how to use the Review Data they receive to conduct their Reviews.
1.5 Personal Data You Provide to Our Affiliates and Subsidiaries. We may get Personal Data from our current and future subsidiaries, parent companies, or other companies that control or are under common control with us (our “Affiliates”).
2. USE OF YOUR DATA.
We use your Personal Data for the following purposes:
2.1 To Provide the Services Requested. We use the Personal Data you voluntarily provide us to remember a user’s preferences, such as language, font size and communication type, and the user’s interests regarding subject matter. We also use data to allow a user to navigate or browse through our Services more quickly and efficiently, and to perform other functions or processes described to the user at the time of collection of the Personal Data from that user. We use Personal Data collected from Public Source and Third Parties to provide the services requested by our customers.
2.2 For Internal Use. We use your Personal Data for the purposes of furthering our business, including improving, enhancing or modifying our Services through data analysis, audits, security and fraud monitoring and prevention. We may also use data to determine the approximate location of each user, calculate usage levels, diagnose server problems, and in general to administer the Services, in each case through use of a user’s IP address.
2.3 To Provide You with Service-Related Communications. We will send you administrative or account-related information to keep you updated about our Services. Such communications may include information about policy updates, security updates or tips or other relevant information. We process your contact information to send you such communications and to forward administrative information to the user. Service-related communications are not promotional in nature. You are not able to unsubscribe from such communications, otherwise you may miss important developments relating to your account or the Services.
2.5 To Engage in Marketing Activities. Marketing lets us grow our community and update you about new products and services. We process your Personal Data to send marketing information, invitations to events or other communications that we believe may be of interest to the user.
2.6 To Enforce Compliance with Our Terms and Agreements or Policies. When you access or use our Services, you are bound by this Policy. To ensure you comply with them, we process your Personal Data by actively monitoring, investigating, preventing and mitigating any alleged or actual prohibited, illicit or illegal activities on our Services. We also process your Personal Data to investigate, prevent or mitigate violations of our internal terms, agreements or policies; enforce our agreements with third parties and business partners; and, as applicable, collect fees based on your use of our Services.
2.7 To Maintain Legal and Regulatory Compliance. Our Services are subject to certain laws and regulations which may require us to process your Personal Data. For example, we process your Personal Data to pay our taxes, to fulfill our business obligations, ensure compliance with employment and recruitment laws or as necessary to manage risk as required under applicable law.
3. DISCLOSURE OF YOUR PERSONAL DATA.
3.1 Disclosure to Service Providers. We may share your Personal Data with service providers to provide you with the Services; to conduct quality assurance testing; to facilitate creation of accounts; or to provide technical support. These service providers are contractually required not to use your Personal Data other than to provide the services we request.
3.2 Quantifind Customers. We only make Review Data available to our customers that have a legitimate need to access such information in relation to Reviews. We also require that they only use it for the purposes of carrying out Reviews or to otherwise comply with law. If any of our customers uses Review Data beyond the limited purposes permitted by us, we may act to terminate the customer’s access to Quantifind.
3.5 Legal Requests and Prevention of Harm. We may use, share or disclose information about users, including your Personal Data, in order to address legal concerns or liabilities, particularly when we believe that a user has misused our Services, such as to gain unauthorized access to any system, to engage in spamming activities, to engage in denial of service or similar attacks, or to conduct any fraudulent or unlawful activity. We also may be required to provide legal authorities access to a user’s information, in accordance with applicable law, including laws outside the user’s country of residence.
4. SECURITY OF YOUR PERSONAL DATA.
We use a variety of technical, organizational and administrative measures to protect user information that we possess against unauthorized or unlawful access or processing, and against accidental loss, destruction or damage. We believe that these measures are reasonably adapted to the nature and types of information in our custody, However, even though we take reasonable efforts to protect the information in our custody, no transmission over the Internet and no data storage or security system is fully secure. Therefore, we cannot guarantee the security of any information that we may receive from you or transmit to you. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the website.
5. RETENTION OF YOUR PERSONAL DATA.
6. INTERNATIONAL TRANSFERS OF INFORMATION.
Your Personal Data maybe processed in the country in which it was collected and in other countries or jurisdictions that may not have the same data protection laws, or provide as much protection to Personal Data, as the country where you reside. If you are located outside the United States and choose to provide information to us, please note that we transfer your information, including your Personal Data, to United States and process it there.
If you are located in the European Economic Area (“EEA”), the United Kingdom or Switzerland at the time your Personal Data is collected, we will take appropriate contractual or other steps to protect the relevant Personal Data in accordance with applicable laws. These steps include implementing the European Commission’s Standard Contractual Clauses for transfers of Personal Data to those countries that are not deemed “adequate” by the European Commission.
7. THIRD-PARTY LINKS TO OTHER WEBSITES ON THE SERVICES.
7.2 Social Media. The Services may provide links to social media services (e.g., LinkedIn and Facebook) where a user is able to post comments. These services may collect, retain and share information about a user. Use of such services is subject to the terms and conditions of their privacy policies. Please note that any information that is posted or disclosed through social media may be available to us, to other users of that service or to the public. We recommend caution when using these features. Please check privacy policies of these social media websites before using their services.
Children under the age of 16 should not send us Personal Data. We do not knowingly collect any Personal Data from children who are under the age of 16. If we become aware that an individual under the age of 16 is submitting information to us, we will attempt to delete the information as soon as possible.
9. DO NOT TRACK SIGNALS.
Some browsers give individuals the ability to communicate that they wish not to be tracked while browsing on the Internet. The Internet industry has not yet agreed on a definition of what “Do Not Track” means, how compliance with “Do Not Track” would be measured or evaluated, or a common approach to responding to a “Do Not Track” signal. Consequently, due to the lack of guidance, we have not yet developed features that would recognize or respond to browser-initiated Do Not Track signals in response to the laws of California or any other jurisdiction.
10. YOUR PRIVACY RIGHTS.
10.2 Changes to and Deletion of Personal Data. You may request that we change or delete any of your Personal Data in your account by sending an e-mailto us at the e-mail address set forth below in the “How to Contact Us” section below. However, we may be required (by law or otherwise) to retain this information and not delete it (or to retain this information for a certain time period, in which case we will comply with your deletion request only after we have fulfilled such requirements).
11. NOTICE FOR CALIFORNIA RESIDENTS.
This section applies only to California residents. Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), below is a summary for the last twelve (12) months of the Personal Information categories, as identified and defined by the CCPA (see California Civil Code section 1798.140 (o)), that we collect, the reason we collect the Personal Information, where we obtain the Personal Information, and the third parties that we may share the Personal Information. Under the CCPA,Personal Information is defined as any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“Personal Information”).
We generally collect the following categories of Personal Information in providing our Services
- identifiers such as a name, address, unique personal identifier, email, phone number, your device’s IP address, software, and identification numbers associated with your devices;
- information in customer records;
- characteristics of protected classifications under California or federal law, such as gender.
- commercial information such as records of products or services purchased, obtained, or considered by you;
- Internet or other electronic information regarding you browsing history, search history, the webpage visited before you came to our website, length of visit and number of page views, click-stream data, locale preferences, your mobile carrier, date and time stamps associated with transactions, and system configuration information;
- professional or employment-related information;
- your geolocation, to the extent you have configured your device to permit us to collect such information;
- audio recordings of your voice to the extent you call us, as permitted under applicable law; and
- inferences about your preferences, characteristics, behavior and attitudes.
- The categories of third parties with whom we may share your Personal Information are listed in Section 3 above.
11.1 California Privacy Rights. If you are a California resident, you have rights in relation to your Personal Information; however, your rights are subject to certain exceptions. For instance, we cannot disclose specific pieces of Personal Information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of the Personal Information, your account with us or the security of our network systems.
To assert your right to know, to access, or to delete your Personal Information, please contact us by email. To confirm your identity, we may ask you to verify Personal Information we already have on file for you.If we cannot verify your identity based on the information we have on file, we may request additional information from you, which we will only use to verify your identity, and for security or fraud-prevention purposes.
- Right Against Discrimination. You have the right not to be discriminated against for exercising any of the rights described in this section. We will not discriminate against you for exercising your right to know, delete or opt-out of sales.
- Right to Know. You have the right to request in writing: (i) a list of the categories of Personal Information, such as name, address, email address, that a business has disclosed to third parties during the immediately preceding calendar year for the third parties’ direct marketing purposes, and (ii) the names and addresses of all such third parties.In addition, you have the right to request: (i) the categories of Personal Information we have collected about you, (ii) the categories of sources from which Personal Information is collected, (iii) the business or commercial purpose for the information collection, (iv) the categories of third parties with whom we have shared Personal Information, and (v) the specific pieces of Personal Information we hold about an individual.
- Right to Access. You have the right to request a copy of the specific Personal Information we collected about you during the 12 months before your request.
- Right to Delete. You have the right to request us delete any Personal Information we have collected from you or maintain about you, subject to certain exceptions.
- Right to Opt-Out of Selling. California residents have the right to opt-out of having their Personal Information sold. In 2019, we were sharing identifiers about you with certain third-party advertising cookie providers in such a way that, under the CCPA, may be defined as selling. We do not currently sell your Personal Information.
11.2 Shine the Light Law. We currently do not sharePersonal Information with third parties for their direct marketing purposes without the express consent of the user.
12. NOTICE TO INDIVIDUALS IN THE EUROPEAN ECONOMIC AREA, UNITED KINGDOM AND SWITZERLAND
This section only applies to individuals that access or use our Services while located in the EEA, United Kingdom and/or Switzerland (collectively, the“Designated Countries”). We may ask you to identify which country you are located in when you use some of the Services or we may rely on your IP address to identify which country you are located in. When we rely on your IP address, we cannot apply the terms of this section to any individual that masks or otherwise hides their location information from us so as not to appear located in the Designated Countries. If any terms in this section conflict with other terms contained in this Policy, the terms in this section shall apply to users in the Designated Countries.
12.1 Our Relationship to You. Quantifind is a controller with regard to any Personal Data collected from individuals where it determines the purposes for which and the manner in which any Personal Data is processed. In certain situations, customers may hire Quantifind to collect Personal Data about individuals. In such cases, we are processing such Personal Data purely on behalf of our customers as data processors, and any individuals who seek to exercise their rights should first direct their query to our customer (the controller).
12.2 Data Transfers Outside the EEA. When Quantifind transfers your Personal Data to a business not located in the Designated Countries, we comply with the conditions laid down in Chapter 5 of the General Data Protection Regulation (“GDPR”). We transfer your Personal Data subject to the appropriate safeguards required under the applicable law. Depending on the circumstances the transfer of your Personal Data out of the Designated Countries, or an onward transfer of your Personal Data, may be necessary for the performance of our contract with you, the performance of a contract between us and another party that we entered into for your interest, or for important reasons of public interest. Whenever we share your Personal Data with another party, we contractually require the recipients to comply with the GDPR and all other applicable data protection laws in processing your Personal Data and/or we rely on Standard Contractual Clauses in relation to such transfers.
Quantifind also participates in and has certified its compliance with both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks asset forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Economic Area (“EEA”), United Kingdom, and Switzerland to the United States, respectively. Under the Privacy Shield Frameworks, Quantifind is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. To learn more about the Privacy Shield program, and to view our certification, please visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/list.
Quantifind commits to resolve complaints about the processing of Personal Data collected from individuals located in the EEA, the United Kingdom and Switzerland in compliance with the Privacy Shield Principles. European data subjects with inquiries or complaints relating to our Privacy Shield certifications should first contact us at firstname.lastname@example.org. If we are unable to you may refer your complaint to our designated independent dispute resolution mechanism is JAMS at https://www.jamsadr.com/eu-us-privacy-shield. If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield, Annex 1.
12.3 Marketing. We will only contact individuals located in the Designated Countries by electronic means (including email or SMS) based on our legitimate interests, as permitted by applicable law or the individual’s consent. If you do not want us to use your Personal Data in this way or to disclose your Personal Data to third parties for marketing purposes, please click an unsubscribe link in your emails or contact us at email@example.com. You can object to direct marketing at any time and free of charge.
To the extent we process your Personal Data perform a contract with you or comply with a legal requirement, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not. If we process your Personal Data in reliance on our legitimate interests (or those of any third party), we will indicate what those legitimate interests are at the relevant time, or upon request.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to contact us” heading below.
12.5 Your Individual Rights. We provide you with the rights described below when you use our Services. We may limit your individual rights requests in the following ways: (a) where denial of access is required or authorized by law; (b) when granting access would have a negative impact on other’s privacy; (c) to protect our rights and properties; and (d) where the request is frivolous or burdensome.
If you would like to exercise your rights under applicable law, you can do so at any time by filling out Quantifind’s Data Subject Rights Requests Form. Please note that we may ask you to verify your identity before responding to such requests.When we fulfill your individual rights requests for rectification, erasure or restriction of processing, we will notify third parties also handling the relevant Personal Data unless this proves impossible or involves disproportionate effort. In certain circumstances, you have the following data protection rights:
• Access or delete. You can seek to access or to request deletion of the Personal Data we hold about you.
• Rectification. You may seek to have your Personal Data rectified if that information is inaccurate or incomplete.
• Object to processing. You have the right to object to our processing of your Personal Data.
• Restriction. You may have the right to request that we restrict the processing of your Personal Data.
• Portability. You may have the right to be provided with a copy of the Personal Data we have on you in a structured, machine-readable and commonly used format.
• Withdraw consent. You may have the right to withdraw your consent at any time where we relied on your consent to process your Personal Data.
• Not to be subject to automated individual decision-making. We do not subject your Personal Data to such processing activities.
13. HOW TO CONTACT US.