Table of Contents
“Client” means a customer of QDiligence.
“Client Data” means any information in any form that a User of the Service stores within the Service.
“Personal Data” means any information relating to an identified or identifiable natural person.
“User” means an individual authorized by a Client to use the Service who is actively using the Service.
Information We Collect
We collect different types of information via the Website and the Service.
1. Information You Provide
When you access the Website or the Service, we collect any Personal Data you choose to provide to us. You determine what, if any, Personal Information is provided and you are solely responsible for the content and accuracy of any Personal Data you provide.
2. Information Clients Provide
When a Client accesses the Website or the Service, we collect any Client Data provided to us. Each Client is solely responsible for the content and accuracy of any Client Data provided to us and the Client determines what, if any, Personal Information is contained in the Client Data.
3. Information We Automatically Collect
When you access the Website, we may automatically record certain information from your device using various types of technology, including cookies, “clear gifs” or “web beacons.” This information may include an IP address or other device address or ID, web browser and/or device type, the web pages or sites visited just before or just after accessing the Website, the pages or other content you interact with via the Website, and the dates and times of your visit, access, or use of the Website. We also may use these technologies to collect information regarding your interaction with email messages, such as whether you open, click on, or forward a message. We do not and cannot associate any information we automatically collect via the Website directly to any individual.
When you access the Service, we automatically record certain information from your device using various types of technology including cookies. This information includes an IP address, the web browser and/or device type you are using, the dates and times of your use of the Service, and proprietary activity logging information.
Cookies and Tracking
Cookies are small files that a site or its service provider transfers to a computer hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information. In the Website we use Analytics cookies from Google Analytics (Opt out) and CrazyEgg (Opt out) to compile aggregate data about site traffic and site interaction so we can offer better experiences now and in the future. These cookies contain no personally identifiable information.
In the Service we use session cookies after authentication to allow you to move through the Service without reauthenticating. These session cookies contain no personally identifiable information and are removed when you close your web browser or if you logout from the Service. We do not use any third-party cookies in the Service.
How We Use Collected Information
Information Provided or Collected via the Service
Any Personal Data provided or collected via the Service is only used to enable us to provide and/or improve the Service, to customize the Service for you, to communicate with you regarding the Service, to comply with our legal or contractual obligations, or to exercise our legal rights.
Information Provided or Collected via the Website Any Personal Data provided or collected via the Website may be used to enable us to improve the Website, to customize the Website for you, to personalize any marketing messages we may send to you, to comply with our legal or contractual obligations, or to exercise our legal rights.
We respect your privacy rights. If you wish to access or amend any other Personal Data we hold about you, or to request that we delete or transfer any information about you that we have collected via the Website, you may contact us as set forth in the “How to Contact Us” section.
You may decline to share certain Personal Data with us, in which case we may not be able to provide to you some of the features and functionality of the Service.
At any time, you may object to the processing of your Personal Data, on legitimate grounds, except if otherwise permitted by applicable law. If you believe your right to privacy granted by applicable data protection laws has been infringed upon, please contact us as set forth in the “How to Contact Us” section. You also have a right to lodge a complaint with applicable data protection authorities.
We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate administrative, technical and physical safeguards to protect Personal Data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Data in our possession. Safeguards include appropriate network protections, encryption, access controls, physical controls, authenticated access, human resources controls, resiliency plans, and regular third-party auditing and testing.
Retention of Personal Data
We only retain Personal Information as long as is required to provide the Service, to maintain our relationship with you, as needed to maintain business records, and as needed to comply with our legal obligations, resolve disputes, or enforce our agreements. Any Personal Information no longer required to be retained is deleted or safeguards are applied to ensure it is no longer used.
Sharing of Personal Data
We share the Personal Data or Client Data of any Client User collected via the Service with the Client that authorized that User to use the Service.
We use a variety of third party digital tools and digital infrastructure providers (collectively “Service Providers”) to perform our own internal business operations (accounting, billing, marketing, sales, communications, etc.) and to provide the Service (computing hardware, data centers, networks, security devices, etc.) These Service Providers may have access to or may process Personal Data or Client Data for us. Service Providers are subject to written agreements requiring them to only access or process Personal Data or Client Data as needed to provide services to us, to maintain the confidentiality of all Personal Data and Client Data they may process or may access, to maintain generally accepted industry standard controls, to regularly evaluate those controls, and to obey all applicable data privacy laws and regulations.
Law Enforcement, Legal Process and Compliance
We may disclose Personal Data or other information, if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a legitimately valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies. We also reserve the right to disclose Personal Data or other information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Service and any facilities or equipment used to make the Service available, or (v) protect our property or other legal rights, enforce our contracts, or protect the rights, property, or safety of others. Disclosures described above are subject to obligations described in applicable Client agreements.
Change of Ownership
International or Onward Transfer of Personal Data
All Personal Data and Client Data collected by the Website or the Service is stored within the United States. We do not forward or onward transfer any Personal Data or Client Data to any other country except to fulfill a User’s specific request.
We understand the importance of protecting children’s privacy, especially in an online environment. In particular, our Service is not intentionally designed for or directed at children under the age of 18. It is our policy never to knowingly collect or maintain information about anyone under the age of 18, except as part of an engagement to provide the Service.
Links to Other Sites
We may include or offer third-party products or services on the Website. Clients may also submit or provide Client Data that contains links to third party sites within the Service for the benefit of their Client Users. These third-party sites have separate and independent privacy policies and we have no responsibility or liability for the content on or activities of these linked sites.
EU-U.S. Privacy Shield Framework / Swiss-U.S. Privacy Shield Framework
We are responsible for the processing of Personal Data we receive, under the Privacy Shield Frameworks, or subsequently transfer to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for all onward transfers of Personal Data from the EU, EEA and Switzerland, including the onward transfer liability provisions.
With respect to Personal Data received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
In compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Principles, we commit to resolving complaints about your privacy and our collection or use of your personal information.
Chief Information Security Officer
1600 Golf Road, Suite 1200
Rolling Meadows, IL 60008
or by contacting us through our website QDiligence.com.
Under certain conditions, more fully described on the Privacy Shield website at www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”)
This GDPR section only applies to individuals located in the European Economic Area (“EEA”), United Kingdom, or Switzerland.1. Our Relationship with You and Clients
If we have collected your Personal Data via the Website, we are the “controller” with respect to your Personal Data. If we have collected your Personal Data via the Service, the applicable Client is the “controller” with respect to your Personal Data and we are that Client’s “processor.”
2. Categories / Special Categories of Data
We may process the following Categories of Personal Data: first and last name, title, position, employer, contact information (company, email, phone, physical business address), ID data, professional life data, personal life data, connection data, localization data.We may process the following Special Categories of Personal Data: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic or biometric data, health, or sex life.
3. Legal Bases for Processing Personal Data Subject to GDPR
We may rely on the following lawful grounds when we collect or process your Personal Data that is subject to GDPR: Contract, Consent, and/or Legitimate interests.
4. Additional GDPR Privacy Rights
GDPR provides individuals subject to it with additional rights related to their Personal Data. You have the right to request access to, a copy of, rectification, restriction in the use of, or erasure of your information in accordance with all applicable laws. The erasure of your information shall be subject to applicable state and federal laws, technical limitations, and applicable retention periods in our policies. If you have provided consent to the use of your information, you have the right to withdraw consent without affecting the lawfulness of our use of the information prior to receipt of your request. Information created in the European Union will be transferred out of the European Union to us. If you feel we have not complied with applicable foreign laws regulating such information, you have the right to file a complaint with the appropriate supervisory authority in the European Union. To exercise these rights when QDiligence is the controller, you may contact us as set forth in the “How to Contact Us” section. For all other cases, these rights can only be exercised by contacting the applicable Client.
How To Contact Us
Please address any questions or concerns regarding this Policy or QDiligence practices concerning Personal Data by contacting us through our website QDiligence.com or by writing to:
Chief Information Security Officer
1600 Golf Road, Suite 1200
Rolling Meadows, IL 60008
Notification of Changes