DATA PRIVACY FRAMEWORK PRIVACY POLICY
LAST UPDATED: February 20, 2024
Quantum Metric, Inc. in the United States (“Quantum US,” “we,” or “our”) has created this Data Privacy Framework Privacy Policy (the “DPF Privacy Policy”) to help you learn about how we handle Personal Information that we receive from our affiliates, clients, and business partners located in the European Economic Area (the “EEA”), the United Kingdom (the “UK”), Gibraltar, and Switzerland under the Data Privacy Framework. This DPF Privacy Policy supplements our Quantum Metric Privacy Policy. Unless specifically defined in this DPF Privacy Policy, the terms in this DPF Privacy Policy have the same meaning as in our Quantum Metric Privacy Policy.
Quantum US has certified to the EU-US Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework (collectively the “DPF”) with regard to the processing of Personal Information received from the EEA, the UK, Gibraltar, and Switzerland, and we are committed to adhering to the DPF Principles for Personal Information covered by this DPF Privacy Policy. More information about the DPF, including the list of certified organizations, can be found at https://www.dataprivacyframework.gov/. This DPF Privacy Policy applies to Quantum US.
Personal Information that is transferred to Quantum US from the EEA, the UK, Gibraltar, and Switzerland falls into two categories: 1) Personal Information regarding the personnel of Quantum US’s potential, former, and current clients in the EEA, the UK, Gibraltar, and Switzerland (“Client Personal Information”); and 2) Personal Information that Quantum US processes on behalf of our clients (such as IP address and website usage data). In the case of the latter category, Quantum US acts as a data processor and processes such information only according to instructions from our clients. This information is controlled by our clients in the EEA, the UK, Gibraltar, and Switzerland.
Because the requirements of the DPF vary depending on whether Quantum US is acting as a data processor on behalf of our clients or as a data controller (meaning that Quantum US makes independent decisions about how that information will be used), Quantum US’s policies and practices are described separately below.
Quantum US Acting as a Data Processor on Behalf of Our Clients
When Quantum US acts as a data processor on behalf of our clients, the following policies apply to all data processing operations concerning Personal Information that has been transferred from the EEA, the UK, Gibraltar, and Switzerland to the United States.
Use of Personal Information
Quantum US will process the Personal Information only for the purposes requested by the client.
Access and Correction
Quantum US will assist the data controller (the client) in responding to individuals exercising their rights under the DPF Principles.
Agents and Service Providers
Quantum US will not transfer Personal Information to third parties except as permitted or required by the client and then in accordance with the DPF Principles.
Notice and Choice
Because the Personal Information is under the control of Quantum US’s clients, appropriate notice and choice to the individual are provided by Quantum US’s clients. As the data processor, Quantum US does not have a direct relationship with our clients’ customers.
Quantum US Acting as a Data Controller
Quantum US may receive information from our affiliates and clients in the EEA, UK, Gibraltar, and Switzerland regarding the personnel of our potential, former, and current clients, including name, postal address, telephone number, and e-mail address.
Use of Client Personal Information
Any Client Personal Information sent to us may be used by Quantum US and our agents for the purposes indicated in our Quantum Metric Privacy Policy. If we intend to use such information for a purpose that is materially different from these purposes, or if we intend to disclose it to a third party (a non-agent) not previously identified, we will notify you and offer you the opportunity to opt out of such uses and/or disclosures where non-sensitive information is involved, or to opt-in where sensitive information is involved.
Disclosures to Affiliates and Third Parties
Client Personal Information may be disclosed:
- To our affiliates for the purposes described in this DPF Privacy Policy;
- To third parties, to permit them to send you marketing communications, consistent with your choices;
- To third-party sponsors of sweepstakes, contests and similar promotions; or
- To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
Disclosures to Agents and Service Providers
We sometimes contract with other companies and individuals to perform functions or services on our behalf, such as website hosting, data analysis, payment processing, order fulfillment, return authorization, fraud prevention, information technology and related infrastructure provision, customer service or related benefits (including special promotions), email delivery, auditing, and other services. These agents and service providers may have access to Personal Information, including Client Personal Information, as needed to perform their functions, but they are restricted from using such information for purposes other than providing services for us or to us. Quantum US requires that our agents and service providers that have access to Personal Information, including Client Personal Information, received from the EEA, the UK, Gibraltar, and Switzerland provide the same level of protection as required by the DPF Principles. We are responsible for ensuring that our agents and service providers process the information in a manner consistent with our obligations under the DPF Principles.
Data Security
We use reasonable physical, electronic, and administrative safeguards to protect Personal Information, including Client Personal Information, from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the nature of the information and the risks involved in processing that information.
Data Integrity and Purpose Limitation
We limit the collection and use of Client Personal Information to information that is relevant for the purposes of processing, and we will not process Client Personal Information in a way that is incompatible with the purposes for which the information has been collected or subsequently authorized by you. We take reasonable steps to ensure that Client Personal Information is reliable for its intended use, as well as accurate, complete, and current, to the extent necessary for the purposes for which we use such information.
Access to Client Personal Information
You can ask to review and correct Client Personal Information that we maintain about you by sending a written request to privacy@quantummetric.com or 833-QMETRIC.
DPF Enforcement and Dispute Resolution
If you have any questions or concerns, please write to us at the address listed below. We will investigate and attempt to resolve complaints and disputes regarding the use and disclosure of Personal Information in accordance with the DPF Principles.
In the event we are unable to resolve your complaints or disputes, you may contact BBB EU Data Privacy Framework, an alternative dispute resolution provider located in the United States, and they will investigate and assist you free of charge in resolving your complaint.
As further explained in the DPF Principles, a binding arbitration option [link] will also be made available to you in order to address residual complaints not resolved by any other means. Quantum US is subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC).
Disclosures Required by Law
We may need to disclose Personal Information, including Client Personal Information, in response to lawful requests by public authorities for law enforcement or national security reasons, when such action is necessary to comply with a judicial proceeding or court order, or as otherwise required by law.
Contact Information
If you have any questions regarding this DPF Privacy Policy, please contact us by email at privacy@quantummetric.com or 833-QMETRIC, or please write to the following address:
Quantum Metric, Inc.,
Privacy Office
10807 New Allegiance Dr., Ste. 155,
Colorado Springs, Colorado, 80921,
USA
DPF Privacy Policy Changes
This DPF Privacy Policy may be changed from time to time, consistent with the requirements of the DPF. You can determine when this DPF Privacy Policy was last revised by referring to the “LAST UPDATED” legend at the top of this page. Any changes to our DPF Privacy Policy will become effective upon our posting of the revised DPF Privacy Policy on our Services.