Our Privacy Policy

QuisLex, Inc. and its affiliates (“QuisLex”) are committed to protecting the privacy of their clients, prospective clients, contractors, employees and business partners. This Privacy Policy sets forth the privacy principles QuisLex, Inc., QuisLex New York LLC, Verdant Analytics LLC and any future affiliates of QuisLex follow with respect to Personal Data (as defined below) that QuisLex collects.

Who does this Privacy Policy Apply to?

This Privacy Policy applies solely to Personal Data (defined below) collected by QuisLex.

 

Personal Data is provided by you on a voluntary basis and by submitting your Personal Data to QuisLex you consent to its use in a manner consistent with this Privacy Policy.

What do we Mean by Personal Data?

“Personal Data” is information that can be used to identify you. Such information might include your name, social security number, mailing address, email address, telephone number, company, title, username and password. Personal Data does not include data that is de-identified, anonymous or publicly available.

“Sensitive Personal Data” is Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or sexual orientation.

Your Personal Data may be covered by specific data protection laws such as the California Consumer Privacy Act or “CCPA” (Cal. Civ. Code § 1798.100 et seq.) or the EU General Data Protection Regulation (“GDPR”).  To the extent the foregoing definition of Personal Data is narrower than or conflicts with similar definitions under applicable specific data protection laws, the definitions in those data protection laws shall govern.

 

Am I obligated to provide my personal information?  What are the consequences if I do not?

Providing your Personal Data may be a requirement for us to provide certain services and/or in connection with employment-related matters, such as applying to work for QuisLex. In the above referenced circumstances, refusal to provide your Personal Data would make it impossible for us to perform such activities. 


Providing your Personal Data for marketing purposes is optional. Refusal to provide your Personal Data for marketing purposes will not have any impact on our performing the services and/or activities referenced above. When required under data protection laws, we will obtain your prior consent before using your personal data for marketing purposes.

Certain Personal Data, such as Activity Data (defined below), may be collected by QuisLex through automated means.  By using our website(s), you consent to the collection of this Personal Data, subject to the provisions of this Privacy Policy.

 

Types of Information we Collect

Human Resources Data

Personal Data collected by QuisLex (i) as a result of your status as an employee or contractor of QuisLex, or (ii) if inquire about or apply to become an employee or contractor of QuisLex.

Client Data

Personal Data collected by or supplied to QuisLex in connection with performing under contracts with our clients, potential clients, business partners and potential business partners (“Client Contracts”), including performing billing and collections. 

Marketing Data

Personal Data collected through marketing, sales and other commercial activities, including, without limitation, when you (i) contact QuisLex through its website(s), (ii) register for or interact with QuisLex Personnel at an event, (iii) complete a survey from QuisLex, (iv) correspond with QuisLex, excluding correspondence under or related to a Client Contract, or (v) inquire about QuisLex’s service offerings.  

Activity Data

Device and Usage Information: We collect information about how you access our website(s), including data about the device and network you use, such as your hardware model, operating system version, mobile network, IP address, unique device identifiers, browser type, and app version. We also collect information about your activity on our website(s), such as access times, pages viewed, links clicked, and the pages you visited on our website(s).

Information Collected by Cookies and Similar Tracking Technologies: We use tracking technologies, such as cookies and web beacons, to collect information about you. Cookies are small data files stored on your hard drive or in device memory that help us improve our website(s) and your experience, see which areas and features of our website(s) are popular, and count visits. Web beacons (also known as “pixel tags” or “clear GIFs”) are electronic images that we use on our website(s) and in our emails to help deliver cookies, count visits, and understand usage. We also work with third party analytics providers who use cookies, web beacons, device identifiers, and other technologies to collect information about your use of our website(s) and other website(s)s and applications, including your IP address, web browser, mobile network information, pages viewed, time spent on pages or in mobile apps, and links clicked. This information may be used by QuisLex and others to, among other things, analyze and track data, determine the popularity of certain content, deliver content targeted to your interests on our website(s), and better understand your online activity.

Biometric Data

Personal Data stored by QuisLex about an individual’s physical characteristics that can be used to identify that person. Biometric Data can include fingerprints, voiceprints, facial shape, retinal scans, or scans of hand or face geometry. 

 

Why we Collect this Information 

Human Resources Data

Human Resources data is collected by QuisLex (i) in order to consider you for employment with QuisLex, (ii) to facilitate your employment with QuisLex, or (iii) for post-employment recordkeeping and other purposes associated with your former employment by QuisLex.

Client Data

Client Data is collected by QuisLex to support activity in connection with performing under Client Contracts.

Marketing Data

Marketing Data is collected in order to enable QuisLex to perform marketing, sales and other commercial activities related to its business. 

Activity Data

Activity Data is collected by QuisLex to, among other things, analyze and track use of our website(s), determine the popularity of certain content, deliver content targeted to your interests, and better understand your online activity. 

Biometric Data

Biometric Data is collected by QuisLex (i) for use in security of QuisLex facilities, such as fingerprint scanning for use on biometric door locks and turnstiles, and (ii) for tracking employees, potential employees and third parties in QuisLex facilities or using QuisLex equipment.  Examples of the latter type of use include use of biometrics to track employee hours, attendance, activity regarding securing confidential information, and to monitor productivity.

 

How does QuisLex use this Information -

Sharing with Third Parties 

General:  

  • We do not sell or rent to any third party any Personal Data we collect.  
  • We share your Personal Data with and among our affiliated entities. These entities will use your Personal Data in accordance with this Privacy Policy. We reserve the right to use and share with third parties Personal Data we collect for any legitimate business purpose.
  • We share Personal Data with vendors, service providers, and consultants that need access to personal information in order to perform services for us, such as companies that assist us with processing of benefits/payroll, credit/background checking, security and analytics. 
  • We share Personal Data with our lawyers and other professional advisors where necessary to obtain advice or otherwise protect and manage our business interests.
  • Sensitive Personal Data is generally only collected (i) as required by law (e.g., to comply with equal opportunity/anti-discrimination statutes), or (ii) for employment purposes (e.g., offering of benefits), and will be used strictly for such purposes.
  • Without limiting other use rights as set forth below, we may use and disclose your Personal Data in the following circumstances: (i) as required by law, legal process, litigation and/or requests from public or governmental authorities, including to meet national security or law enforcement requirements, (ii) in the context of an audit or to investigate fraud, (iii) when QuisLex believes in good faith that disclosure is necessary to protect QuisLex’s rights, or enforce the Terms and Conditions of Use of QuisLex’s website(s) or of this Privacy Policy, (iv) to relevant third parties if QuisLex becomes involved in a merger, acquisition or sale of some or all of its assets, or (v) with your prior consent to do so.

Human Resources Data

Human Resources Data is used by QuisLex (i) in order to consider you for employment with QuisLex, (ii) to facilitate your employment with QuisLex, and (ii) for post-employment recordkeeping and other purposes associated with your former employment by QuisLex.  Human Resources Data may be shared with third parties for any legitimate business purpose consistent with the purposes described above.  Examples include, but are not limited to, (i) performing background checking and security screening, (ii) enabling clients to approve the qualifications of team members on their projects, (iii) providing Personal Data to building management for security and other purposes, or (iv) to meet operational needs related to QuisLex employees and contractors, such as booking a flight or hotel room, or obtaining insurance coverage.

Client Data

Client Data is used by QuisLex to provide services or otherwise perform under Client Contracts, and is used by QuisLex and shared with third parties in a manner that is consistent with the terms of each Client Contract. 

Marketing Data

Marketing Data is used by QuisLex to perform marketing, sales and other commercial activities related to its business.  Marketing Data may be shared with third parties for any legitimate business purpose. 

Activity Data

Activity Data is used by QuisLex to, among other things, analyze and track use of our website(s), determine the popularity of certain content, deliver content targeted to your interests, and better understand your online activity. Activity Data may be shared with third parties for any legitimate business purpose.

Biometric Data

Biometric Data is used by QuisLex (i) for security in QuisLex facilities, and (ii) for tracking employees, potential employees and third parties in QuisLex facilities or using QuisLex equipment.  Examples of the latter type of use include using biometrics to track employee hours, attendance, activity regarding securing confidential information, and to monitor productivity.

QuisLex’s policy is to protect and store Biometric Data in accordance with applicable laws including, but not limited to, the Illinois Biometric Information Privacy Act. QuisLex does not obtain or use Biometric Data without the prior written consent of the individual for the purposes specified in the consent. QuisLex will inform such individuals of the reason Biometric Data is being collected and the length of time the data will be stored.

 

QuisLex will not sell, lease, trade or otherwise profit from an individual’s Biometric Data. Biometric Data of an individual will not be disclosed by QuisLex to any third party other than vendors assisting QuisLex with the uses set forth above unless (i) consent of the individual is obtained, (ii) disclosure is necessary to complete a financial transaction requested or authorized by the individual, (iii) disclosure is required by law, or (iv) disclosure is required by subpoena.

 

Biometric Data will be stored using a reasonable standard of care for QuisLex’s industry and in a manner that is the same or exceeds the standards used to protect other non-encrypted confidential information held by QuisLex.

 

With respect to Biometric Data of individuals that QuisLex believes in good faith may require future access to QuisLex biometrically-protected locations, QuisLex destroys such Biometric Data within 3 years of the individual's last interaction with QuisLex. QuisLex destroys other Biometric Data when the initial purpose for obtaining or collecting such Biometric Data has been fulfilled (e.g., an employee is terminated by QuisLex).

 

Your California Privacy Rights

The CCPA affords consumers residing in California certain rights with respect to their Personal Data. If you are a California resident, this section applies to you.

In the preceding 12 months, we have collected the following categories of personal information: Human Resources Data, Client Data, Marketing Data and Activity Data, each as detailed above.  For details about the precise data points we collect and the sources of such collection, please see the “Types of Information We Collect” section above. We collect personal information for the business and commercial purposes described in the “How does QuisLex use this Information/Sharing with Third Parties“ section above. In the preceding 12 months, we have disclosed the following categories of personal information for business purposes to the following categories of recipients:

Human Resources Data:  Affiliates, third-party vendors, clients, attorneys

Client Data:  Affiliates, third-party vendors, clients, client representatives and attorneys

Marketing Data:  Affiliates, third party-vendors

Activity Data:  Affiliates, third-party vendors

Subject to certain limitations, you have the right to (i) request to know more about the categories and specific pieces of personal information we collect, use, and disclose about you, (ii) request deletion of your personal information, (iii) opt out of any sales of your personal information, if we engage in that activity in the future, and (iv) not be discriminated against for exercising these rights. You may make these requests by emailing us at privacy@quislex.com. We will not discriminate against you if you exercise your rights under the CCPA.

If we receive your request from an authorized agent, we may ask for evidence that you have provided such agent with a power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf. This may include requiring you to verify your identity. If you are an authorized agent seeking to make a request, please contact us at privacy@quislex.com.

Rights under GDPR and Similar Legislation

The GDPR affords residents in certain European countries certain rights with respect to their Personal Data. If you are an EU resident or otherwise covered by GDPR, this section applies to you.

As regards EU/Swiss Personal Data, QuisLex is fully committed to implementing the rights for individuals under the GDPR including (i) the right to be informed, (ii) the right of access, (iii) the right to rectification, (iv) the right to erasure, (v) the right to restrict processing, (vi) the right to data portability, and (vii) the right to object. QuisLex does not use EU/Swiss Personal Data in relation to automated decision making and profiling. Any requests by individuals regarding effectuating the foregoing rights with respect to EU/Swiss Personal Data should be directed to privacy@quislex.com.

We collect Personal Data for the business and commercial purposes described in the “How does QuisLex use this Information/Sharing with Third Parties“ section above. EU/Swiss Personal Data shall be used only for the legitimate business purpose(s) for which QuisLex originally collected the data. In the case of Marketing Data (see above), QuisLex views the use of this information for additional marketing purposes solely by QuisLex and third parties engaged on its behalf as a legitimate business purpose consistent with the intended purpose for collection of the information. All such information is subject to opt-out rights described below.

 

EU GDPR Representative
Our Data Representative for all data protection enquiries is:
GDPREP.ORG
a: Suite 10357, 5 Fitzwilliam Square, Dublin 2, Ireland, D02 R744
w: www.gdprep.org
e:  info@gdprep.org
t: +44 (0) 7810 883333

UK GDPR Representative
Our Data Representative for all data protection enquiries is:
GDPREP.ORG
a: 3rd Floor, 86-90 Paul Street, London, EC2A 4NE
w: www.gdprep.org
e: info@gdprep.org
t: +44 (0) 7810 883333

SWISS DATA Representative
Our Data Representative for all data protection enquiries is:
GDPREP.ORG
Andreaspark, Hagenholzstrasse 56, 7th Floor, Zurich, 805
w: www.gdprep.org
e:  info@gdprep.org
t: +44 (0) 7810 883333

Opting Out

You may request to opt out from QuisLex’s use of your Personal Data that you previously provided to QuisLex by sending such request to privacy@quislex.com. QuisLex will comply with such requests unless QuisLex has a legitimate business purpose for continuing to use such Personal Data, such as maintaining employment records.

Access, Change or Delete Information

You can also send a request to privacy@quislex.com if you want to (i) review your Personal Data that has been collected and stored by QuisLex, (ii) request modification/correction of any Personal Data that is incorrect, or (iii) request removal/inactivation of Personal Data. Any resulting modification/correction or removal/inactivation of your Personal Data will not affect other information that QuisLex maintains or information that QuisLex has provided to third parties in accordance with this Privacy Policy before such update. QuisLex will use reasonable efforts to comply with such requests unless QuisLex has a legitimate business purpose for not doing so.

To protect your privacy and security, QuisLex will take reasonable steps to verify your identity before granting access to your Personal Data. In addition, QuisLex may limit or deny access to Personal Data, including, without limitation where providing such access would be burdensome or expensive or where such information is legally privileged, in each case, unless such actions are prohibited by data privacy laws.

 

Children

QuisLex’s website(s) is not intended for use by children. QuisLex does not knowingly solicit or collect Personal Data from children under the age of 13. If you are under the age of 18, you must obtain the consent of your parent or guardian to use QuisLex’s website(s). QuisLex encourages parents and guardians to take an active role in their children’s online activities and interests.

Enforcement and Dispute Resolution

QuisLex regularly reviews its compliance with this Privacy Policy.

QuisLex has appointed the following Data Privacy Officer: Megan Silverman

QuisLex’s DPO may be contacted by email at privacy@quislex.com.

QuisLex commits to resolve complaints about our collection or use of your personal information.  Any individuals with inquiries or complaints our Privacy Policy should contact QuisLex at privacy@quislex.com. 

QuisLex commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.

Updates

 

This Privacy Policy may be updated periodically and without prior notice to you to reflect changes in our information practices or relevant laws. We will post a notice on quislex.com to notify you of any substantive changes to the way we collect and use information.  We will indicate at the top of the Privacy Policy when it was last updated.  Any changes to our Privacy Policy will become effective upon posting of the revised policy on this site. Use of the site, any of our services, and/or providing consent to the updated Privacy Policy following such changes constitutes your acceptance of the revised Privacy Policy.

 

Security

QuisLex has reasonable and appropriate measures in place to protect against the loss, misuse and unauthorized access, disclosure, alteration, and destruction of Personal Data.

QuisLex is ISO/IEC 27001:2013 certified for Information Security Management Systems, and ISO 9008:2015 certified for Quality Management Systems.  QuisLex is audited under the SSAE 16/ISAE 3402 (SOC1 - Type II) and AT 101 (SOC2 - Type II). We employ various physical, administrative, and technical measures to maintain the confidentiality and security of Personal Data and other confidential information, including by (i) educating and training QuisLex Personnel and keeping QuisLex Personnel up-to-date on its security and privacy practices, (ii) keeping such information in its offices and storing such information on its servers in a secure environment, with appropriate security measures, and (iii) only granting access to such information to individuals who need the information to perform a specific, authorized task.

 

Links

QuisLex’s website(s) contains links to other website(s)s. QuisLex is not responsible for the content or privacy practices of such other website(s)s. Be aware when you leave QuisLex’s website(s) and read the privacy policies of other website(s)s that may collect your Personal Data.