EU-US Privacy Shield and the GDPR
QuisLex certifies that it complies with both the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of Personal Data transferred from the European Union or Switzerland, as applicable, to the United States (the “Privacy Shield” and such Personal Data, “EU/Swiss Personal Data”). For EU/Swiss Personal Data, QuisLex further certifies that it adheres to:
- the General Data Protection Regulation (“GDPR”) principles of (i) lawfulness, fairness and transparency, (ii) purpose limitation, (iii) data minimization, (iv) accuracy, (v) storage limitation, (vi) integrity and confidentiality (security), and (vi) accountability.
The U.S. Federal Trade Commission has jurisdiction over QuisLex’s compliance with the Privacy Shield.
As regards EU/Swiss Personal Data, QuisLex is fully committed to implementing the rights for individuals under the GDPR including (i) the right to be informed, (ii) the right of access, (iii) the right to rectification, (iv) the right to erasure, (v) the right to restrict processing, (vi) the right to data portability, and (vii) the right to object. QuisLex does not use EU/Swiss Personal Data in relation to automated decision making and profiling. Any requests by individuals regarding effectuating the foregoing rights with respect to EU/Swiss Personal Data should be directed to firstname.lastname@example.org.
“Personal Data” is information that can be used to identify you. Such information might include your name, social security number, mailing address, email address, telephone number, company, title, username and password. Personal Data does not include data that is de-identified, anonymous or publicly available.
“Sensitive Personal Data” is Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or sexual orientation.
Application of Policy
In connection with the services provided by QuisLex, QuisLex may receive, store and/or process Personal Data on behalf of clients and business partners. In such cases, QuisLex will process such Personal Data pursuant to the terms of any contracts with such client or business partner. In the event of a conflict between such contracts and the Privacy Shield with respect to EU/Swiss Personal Data, the Privacy Shield shall prevail. Any questions, comments or complaints about the data practices of one of QuisLex’s clients or business partners should be addressed to that client or business partner.
QuisLex will not sell or rent to any third party any Personal Data that QuisLex collects.
QuisLex reserves the right to use Personal Data collected for any legitimate business purpose, including, but not limited to: (i) providing you the services you requested, (ii) communicating information about products or services, (iii) offering opportunities to become a QuisLex Personnel, (iv) responding to requests, (v) tracking compliance with the Terms and Conditions of Use of QuisLex’s website, (vi) analyzing the characteristics of visitors to our website, including applicants and clients/potential clients, and (vii) improving the services we offer.
EU/Swiss Personal Data shall be used only for the legitimate business purpose(s) for which QuisLex originally collected the data. In the case of client contact relationships and contact information collected during marketing events/activities, QuisLex views the use of this information for additional marketing purposes solely by QuisLex as a legitimate business purpose consistent with the intended purpose for collection of the information. All such information is subject to opt-out rights described below.
Personal Data collected from QuisLex Personnel solely in the context of employment or contractor relationships is solely used for employment- or contractor- related purposes, as applicable.
Sensitive Personal Data is generally only collected from QuisLex Personnel as (a) required by law (e.g., equal opportunity/anti-discrimination statutes) or (b) for employment purposes (e.g., offering of benefits), and will be used strictly for such purposes.
Disclosures of Information
QuisLex discloses Personal Data to third parties who reasonably need to know such Personal Data in connection with a contracted task or QuisLex business purpose, e.g., processing of benefits/payroll through third-party providers or credit/background checking. Such third parties contractually agree to similar protection of your Personal Data and limitation on the use of your Personal Data as QuisLex provides. To the extent the Privacy Shield applies, the following also apply: (i) such third parties contractually agree to at least the level of protection as QuisLex is required by the Privacy Shield to obtain from such third parties, (ii) QuisLex will obtain your prior approval for disclosure to third parties of any Sensitive Personal Data where such approval is required under the Privacy Shield, and (iii) QuisLex remains liable under the Privacy Shield if its agent processes Personal Data in a manner inconsistent with the Privacy Shield, unless QuisLex proves that it is not responsible for the event giving rise to the damage.
Other Data Received from Website Visitors
QuisLex collects the domain names and IP addresses of the visitors to its website. This information is generally used for purposes such as measuring the number of visitors to QuisLex’s website, average time spent by each visitor, pages viewed by each visitor, tracking each visitor’s use of the website, and ensuring compliance with the Terms and Conditions of our website.
QuisLex uses “cookies” on its website. A cookie is a piece of data stored on a website visitor's system that helps improve your access to the website and identify repeat visitors. Cookies can also enable QuisLex to track and serve the interests of users to enhance their experience on QuisLex’s website. You can disable or remove any cookies already stored on your computer, but these may stop QuisLex’s website from functioning properly.
QuisLex has reasonable and appropriate measures in place to protect against the loss, misuse and unauthorized access, disclosure, alteration, and destruction of Personal Data.
QuisLex is ISO/IEC 27001:2013 certified for information security and is audited under the SSAE 16/ISAE 3402 (SOC1 - Type II) and AT 101 (SOC2 - Type II). We employ various physical, administrative, and technical measures to maintain the confidentiality and security of Personal Data and other confidential information, including by (i) educating and training QuisLex Personnel and keeping QuisLex Personnel up-to-date on its security and privacy practices, (ii) keeping such information in its offices and storing such information on its servers in a secure environment, with appropriate security measures, and (iii) only granting access to such information to individuals who need the information to perform a specific, authorized task.
“Biometric Data” is Personal Data stored by QuisLex about an individual’s physical characteristics that can be used to identify that person. Biometric Data can include fingerprints, voiceprints, facial shape, retinal scans, or scans of hand or face geometry.
QuisLex’s policy is to protect and store Biometric Data in accordance with applicable laws including, but not limited to, the Illinois Biometric Information Privacy Act.
QuisLex does not obtain Biometric Data from any individual in the United States, or use the Biometric Data of any individual to access a QuisLex location in the United States without the prior written consent of the individual. QuisLex will inform such individuals of the reason Biometric Data is being collected and the length of time the data will be stored.
QuisLex will not sell, lease, trade or otherwise profit from an individual’s Biometric Data.
Biometric Data of an individual will not be disclosed by QuisLex to any third party unless (i) consent of the individual is obtained, (ii) disclosure is necessary to complete a financial transaction requested or authorized by the individual, (iii) disclosure is required by law, or (iv) disclosure is required by subpoena.
Biometric Data will be stored using a reasonable standard of care for QuisLex’s industry and in a manner that is the same or exceeds the standards used to protect other non-encrypted confidential information held by QuisLex.
With respect to Biometric Data of individuals that QuisLex believes in good faith may require future access to QuisLex biometrically-protected locations, QuisLex destroys such Biometric Data within 3 years of the individual's last interaction with QuisLex. QuisLex destroys other Biometric Data when the initial purpose for obtaining or collecting such Biometric Data has been fulfilled (e.g., an employee is terminated by QuisLex).
You may request to opt out from QuisLex’s use of your Personal Data that you previously provided to QuisLex by sending such request to email@example.com. QuisLex will comply with such requests unless QuisLex has a legitimate business purpose for continuing to use such Personal Data, such as maintaining employment records.
Access, Change or Delete Information
To protect your privacy and security, QuisLex will take reasonable steps to verify your identity before granting access to your Personal Data. In addition, QuisLex may limit or deny access to Personal Data, including, without limitation where providing such access would be burdensome or expensive or where such information is legally privileged, in each case other than with respect to EU/Swiss Personal Data where an action is required under the Privacy Shield or the GDPR.
QuisLex’s website is not intended for use by children. QuisLex does not knowingly solicit or collect Personal Data from children under the age of 13. If you are under the age of 18, you must obtain the consent of your parent or guardian to use QuisLex’s website. QuisLex encourages parents and guardians to take an active role in their children’s online activities and interests.
Enforcement and Dispute Resolution
QuisLex has appointed the following Data Privacy Officer:
David M. Klein
QuisLex’s DPO may be contacted by email at firstname.lastname@example.org.
In compliance with the Privacy Shield Principles, QuisLex commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact QuisLex at email@example.com. In addition, under the EU-U.S. Privacy Shield Framework, individuals may invoke binding arbitration to address unresolved complaints that an organization has violated its obligations under the Privacy Shield Principles.
QuisLex has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.
QuisLex commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
For Personal Data not covered by the Privacy Shield, you should address any concerns you have to firstname.lastname@example.org.
When required under the Privacy Shield, QuisLex will notify you if your EU/Swiss Personal Data will be used for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorized by you and you may opt out of such usage. QuisLex will not use your Sensitive Personal Data that is EU/Swiss Personal Data for a purpose that is different from the purposes for which it was originally collected or subsequently authorized by you until any opt in from you to such usage that is required under the Privacy Shield is obtained.
QuisLex’s website contains links to other websites. QuisLex is not responsible for the content or privacy practices of such other websites. Be aware when you leave QuisLex’s website and read the privacy policies of other websites that may collect your Personal Data.
August 30, 2018