Positively impacting the practice of law

Our Privacy Policy

QuisLex, Inc. and its affiliates (“QuisLex”) are committed to protecting the privacy of their clients, prospective clients, contractors, employees and business partners. This Privacy Policy sets forth the privacy principles QuisLex, Inc. and QuisLex New York LLC follow with respect to Personal Data (as defined below) that QuisLex collects.

EU-US Privacy Shield and the GDPR

QuisLex certifies that it complies with both the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of Personal Data transferred from the European Union or Switzerland, as applicable, to the United States (the “Privacy Shield” and such Personal Data, “EU/Swiss Personal Data”). For EU/Swiss Personal Data, QuisLex further certifies that it adheres to:

  • the Privacy Shield principles of (i) notice, (ii) choice, (iii) accountability for onward transfer, (iv) security, (v) data integrity and purpose limitation, (vi) access and (vii) recourse, enforcement and liability. If there is any conflict between this Privacy Policy and the Privacy Shield, the Privacy Shield shall prevail to the extent of such conflict. To learn more about the Privacy Shield and to view QuisLex’s certification page, visit URL:https://www.privacyshield.gov/; and
  • the General Data Protection Regulation (“GDPR”) principles of (i) lawfulness, fairness and transparency, (ii) purpose limitation, (iii) data minimization, (iv) accuracy, (v) storage limitation, (vi) integrity and confidentiality (security), and (vi) accountability.

The U.S. Federal Trade Commission has jurisdiction over QuisLex’s compliance with the Privacy Shield.

As regards EU/Swiss Personal Data, QuisLex is fully committed to implementing the rights for individuals under the GDPR including (i) the right to be informed, (ii) the right of access, (iii) the right to rectification, (iv) the right to erasure, (v) the right to restrict processing, (vi) the right to data portability, and (vii) the right to object. QuisLex does not use EU/Swiss Personal Data in relation to automated decision making and profiling. Any requests by individuals regarding effectuating the foregoing rights with respect to EU/Swiss Personal Data should be directed to privacy@quislex.com.

Personal Data

“Personal Data” is information that can be used to identify you. Such information might include your name, social security number, mailing address, email address, telephone number, company, title, username and password. Personal Data does not include data that is de-identified, anonymous or publicly available.

“Sensitive Personal Data” is Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or sexual orientation.

Application of Policy

This Privacy Policy applies solely to Personal Data collected by QuisLex.

Information Collection

In connection with the services provided by QuisLex, QuisLex may receive, store and/or process Personal Data on behalf of clients and business partners. In such cases, QuisLex will process such Personal Data pursuant to the terms of any contracts with such client or business partner. In the event of a conflict between such contracts and the Privacy Shield with respect to EU/Swiss Personal Data, the Privacy Shield shall prevail. Any questions, comments or complaints about the data practices of one of QuisLex’s clients or business partners should be addressed to that client or business partner.

In addition, Personal Data may be collected by QuisLex, its employees or contractors (“QuisLex Personnel”) (A) as a result of your status as an employee or contractor of QuisLex, or (B) when you (i) contact QuisLex through its website, (ii) register for or interact with QuisLex Personnel at an event, (iii) complete a survey from QuisLex or QuisLex Personnel, (iv) correspond with QuisLex or QuisLex Personnel, (v) inquire about QuisLex’s service offerings, or (vi) inquire about or apply to become an employee or contractor of QuisLex. Personal Data is also collected through marketing, recruitment, sales and other commercial activities. Personal Data is provided by you on a voluntary basis and by submitting your Personal Data you consent to its use in a manner consistent with this Privacy Policy.

Information Use

QuisLex will not sell or rent to any third party any Personal Data that QuisLex collects.

QuisLex reserves the right to use Personal Data collected for any legitimate business purpose, including, but not limited to: (i) providing you the services you requested, (ii) communicating information about products or services, (iii) offering opportunities to become a QuisLex Personnel, (iv) responding to requests, (v) tracking compliance with the Terms and Conditions of Use of QuisLex’s website, (vi) analyzing the characteristics of visitors to our website, including applicants and clients/potential clients, and (vii) improving the services we offer.

EU/Swiss Personal Data shall be used only for the legitimate business purpose(s) for which QuisLex originally collected the data. In the case of client contact relationships and contact information collected during marketing events/activities, QuisLex views the use of this information for additional marketing purposes solely by QuisLex as a legitimate business purpose consistent with the intended purpose for collection of the information. All such information is subject to opt-out rights described below.

Personal Data collected from QuisLex Personnel solely in the context of employment or contractor relationships is solely used for employment- or contractor- related purposes, as applicable.

Sensitive Personal Data is generally only collected from QuisLex Personnel as (a) required by law (e.g., equal opportunity/anti-discrimination statutes) or (b) for employment purposes (e.g., offering of benefits), and will be used strictly for such purposes.

Disclosures of Information

QuisLex may share your Personal Data with and among its affiliated or related entities. These entities will use your Personal Data in accordance with this Privacy Policy.

QuisLex discloses Personal Data to third parties who reasonably need to know such Personal Data in connection with a contracted task or QuisLex business purpose, e.g., processing of benefits/payroll through third-party providers or credit/background checking. Such third parties contractually agree to similar protection of your Personal Data and limitation on the use of your Personal Data as QuisLex provides. To the extent the Privacy Shield applies, the following also apply: (i) such third parties contractually agree to at least the level of protection as QuisLex is required by the Privacy Shield to obtain from such third parties, (ii) QuisLex will obtain your prior approval for disclosure to third parties of any Sensitive Personal Data where such approval is required under the Privacy Shield, and (iii) QuisLex remains liable under the Privacy Shield if its agent processes Personal Data in a manner inconsistent with the Privacy Shield, unless QuisLex proves that it is not responsible for the event giving rise to the damage.

In addition, QuisLex may disclose your Personal Data in the following circumstances: (a) as required by law, legal process, litigation and/or requests from public or governmental authorities, including to meet national security or law enforcement requirements, (b) in the context of an audit or to investigate fraud, (c) when QuisLex believes in good faith that disclosure is necessary to protect QuisLex’s rights, protect your safety or the safety of others, enforce the Terms and Conditions of Use of QuisLex’s website or of this Privacy Policy, (d) to a relevant third party if QuisLex becomes involved in a merger, acquisition or sale of some or all of its assets, (e) operational needs related to QuisLex Personnel, such as the booking of a flight, hotel room, or insurance coverage, or (f) with your prior consent to do so.

Other Data Received from Website Visitors

QuisLex collects the domain names and IP addresses of the visitors to its website. This information is generally used for purposes such as measuring the number of visitors to QuisLex’s website, average time spent by each visitor, pages viewed by each visitor, tracking each visitor’s use of the website, and ensuring compliance with the Terms and Conditions of our website.

QuisLex uses “cookies” on its website. A cookie is a piece of data stored on a website visitor's system that helps improve your access to the website and identify repeat visitors. Cookies can also enable QuisLex to track and serve the interests of users to enhance their experience on QuisLex’s website. You can disable or remove any cookies already stored on your computer, but these may stop QuisLex’s website from functioning properly.

Security

QuisLex has reasonable and appropriate measures in place to protect against the loss, misuse and unauthorized access, disclosure, alteration, and destruction of Personal Data.

QuisLex is ISO/IEC 27001:2013 certified for information security and is audited under the SSAE 16/ISAE 3402 (SOC1 - Type II) and AT 101 (SOC2 - Type II). We employ various physical, administrative, and technical measures to maintain the confidentiality and security of Personal Data and other confidential information, including by (i) educating and training QuisLex Personnel and keeping QuisLex Personnel up-to-date on its security and privacy practices, (ii) keeping such information in its offices and storing such information on its servers in a secure environment, with appropriate security measures, and (iii) only granting access to such information to individuals who need the information to perform a specific, authorized task.

Biometric Data

“Biometric Data” is Personal Data stored by QuisLex about an individual’s physical characteristics that can be used to identify that person. Biometric Data can include fingerprints, voiceprints, facial shape, retinal scans, or scans of hand or face geometry.

QuisLex’s policy is to protect and store Biometric Data in accordance with applicable laws including, but not limited to, the Illinois Biometric Information Privacy Act.

QuisLex does not obtain Biometric Data from any individual in the United States, or use the Biometric Data of any individual to access a QuisLex location in the United States without the prior written consent of the individual. QuisLex will inform such individuals of the reason Biometric Data is being collected and the length of time the data will be stored.

QuisLex will not sell, lease, trade or otherwise profit from an individual’s Biometric Data.

Biometric Data of an individual will not be disclosed by QuisLex to any third party unless (i) consent of the individual is obtained, (ii) disclosure is necessary to complete a financial transaction requested or authorized by the individual, (iii) disclosure is required by law, or (iv) disclosure is required by subpoena.

Biometric Data will be stored using a reasonable standard of care for QuisLex’s industry and in a manner that is the same or exceeds the standards used to protect other non-encrypted confidential information held by QuisLex.

With respect to Biometric Data of individuals that QuisLex believes in good faith may require future access to QuisLex biometrically-protected locations, QuisLex destroys such Biometric Data within 3 years of the individual's last interaction with QuisLex. QuisLex destroys other Biometric Data when the initial purpose for obtaining or collecting such Biometric Data has been fulfilled (e.g., an employee is terminated by QuisLex).

Opting Out

You may request to opt out from QuisLex’s use of your Personal Data that you previously provided to QuisLex by sending such request to privacy@quislex.com. QuisLex will comply with such requests unless QuisLex has a legitimate business purpose for continuing to use such Personal Data, such as maintaining employment records.

Access, Change or Delete Information

You can also send a request to privacy@quislex.com if you want to (i) review your Personal Data that has been collected and stored by QuisLex, (ii) request modification/correction of any Personal Data that is incorrect, or (iii) request removal/inactivation of Personal Data. Any resulting modification/correction or removal/inactivation of your Personal Data will not affect other information that QuisLex maintains or information that QuisLex has provided to third parties in accordance with this Privacy Policy before such update. QuisLex will use reasonable efforts to comply with such requests unless QuisLex has a legitimate business purpose for not doing so.

To protect your privacy and security, QuisLex will take reasonable steps to verify your identity before granting access to your Personal Data. In addition, QuisLex may limit or deny access to Personal Data, including, without limitation where providing such access would be burdensome or expensive or where such information is legally privileged, in each case other than with respect to EU/Swiss Personal Data where an action is required under the Privacy Shield or the GDPR.

Children

QuisLex’s website is not intended for use by children. QuisLex does not knowingly solicit or collect Personal Data from children under the age of 13. If you are under the age of 18, you must obtain the consent of your parent or guardian to use QuisLex’s website. QuisLex encourages parents and guardians to take an active role in their children’s online activities and interests.

Enforcement and Dispute Resolution

QuisLex regularly reviews its compliance with this Privacy Policy.

QuisLex has appointed the following Data Privacy Officer:

David M. Klein

QuisLex’s DPO may be contacted by email at privacy@quislex.com.

In compliance with the Privacy Shield Principles, QuisLex commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact QuisLex at privacy@quislex.com. In addition, under the EU-U.S. Privacy Shield Framework, individuals may invoke binding arbitration to address unresolved complaints that an organization has violated its obligations under the Privacy Shield Principles.

QuisLex has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.

QuisLex commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.

For Personal Data not covered by the Privacy Shield, you should address any concerns you have to privacy@quislex.com.

Changes to this Privacy Policy

QuisLex reserves the right, in its sole discretion, to make changes to this Privacy Policy, provided that such changes are not inconsistent with (i) the Privacy Shield and (ii) other data protection and privacy laws/principles applicable to QuisLex. Changes become effective upon notice, which may occur by posting a revised Privacy Policy to QuisLex’s website, through email or other communication mediums. QuisLex encourages you to periodically review this Privacy Policy to be informed of any changes.

When required under the Privacy Shield, QuisLex will notify you if your EU/Swiss Personal Data will be used for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorized by you and you may opt out of such usage. QuisLex will not use your Sensitive Personal Data that is EU/Swiss Personal Data for a purpose that is different from the purposes for which it was originally collected or subsequently authorized by you until any opt in from you to such usage that is required under the Privacy Shield is obtained.

Links

QuisLex’s website contains links to other websites. QuisLex is not responsible for the content or privacy practices of such other websites. Be aware when you leave QuisLex’s website and read the privacy policies of other websites that may collect your Personal Data.

August 30, 2018