Effective May 25, 2018
By using the Services and the Website you are accepting and consenting to the use of your information as described in this Policy.
Collection and Use of Personal Data
A visitor accessing the Website is not required to provide any personal information. If a visitor submits an informational request or enquiry to us, we may collect and retain such personal information as supplied by the visitor to facilitate return contact and answering of the request.
A Registered User is either: (i) an individual licensed to use the Services, or (ii) an individual identified by a company who licenses the Services. Qstream shall collect and store the Registered User’s email address and name pursuant to the Registered User’s use of the Services. This is used to identify the Registered User for purposes of logging in, and to send application notifications when action is required.
A Registered User may optionally provide a profile of themselves which can include a picture and/or a biographical description of themselves. The foregoing information is elective and not required for a Registered User’s use of the Services. Registered Users have the right to access their personal information and may view or amend it at any time while logged in to the Services in the Dashboard area of their account.
Through the use of the Services a Registered User may optionally be enrolled in one or more courses, and over a period of time be presented with questions from those courses. Qstream stores the responses from the Registered Users and may use them to dictate future scheduling and presentation of questions.
Qstream Registered Websites
Qstream will assign the Registered User a website from which the Registered User may access the Services (the “Registered Website”). Qstream will record that the Registered User is a member of the Registered Website. Optionally, in the event of a company managed Registered User, a Registered Website can be configured to grant access to a Registered User’s manager to view reports containing Registered User responses. Further, if the Services are licensed by a company, the company site administrator in their sole discretion may choose to apply arbitrary tags to Registered Users, such as “sales region” or “country”, to facilitate grouping in reports.
Should a Registered User wish to prevent their personal information being processed on the service, they may request to have their account removed by request to their own company administrator in the case of services licensed to a company, or by request to firstname.lastname@example.org in the case of a user registered independently. Upon removal of a user’s account, their personal information will be deleted and they will no longer have access to the service.
Qstream does not use, require, or knowingly record any sensitive personal information. We request that the Registered Users of our Services not provide to Qstream any sensitive information (e.g. data about an individual concerning racial origin; political, religious or sexual opinion, beliefs or persuasions; criminal convictions; trade union memberships; etc.), and we reserve the right to remove any such information on discovery.
Cookies, Web Beacons and Logging
Cookies are also used for the following purposes:
- to collect analytical statistics about use of the Services and your use of the Website. This helps us better understand user behavior, which parts of our websites people have visited most frequently, from what geographic regions, etc. Qstream uses the Google Analytics service to gather this information. Details of how Google use this information are available at: www.google.com/policies/privacy/partners;
- to further the Visitor experience of the Website and to provide visitors with useful information pertaining to the Website and the Services.; or
- by our third party service provider to display advertising to Visitors of the Website with advertising information based on their interest in the Website and the Services. Visitors may opt-out from receiving the targeted advertisements by visiting the NAI website opt-out page here: www.networkadvertising.org/choices or the DAA opt-out page here: www.aboutads.info or, for EU users, the EDAA opt-out page here: youronlinechoices.eu.
Qstream may use web beacons in emails it sends to record the status of email deliveries for Registered Users, such as bounced, delivered, opened, etc. Qstream uses this information collected from the Registered Websites for the purpose of delivery troubleshooting and statistical analysis pertaining to the Services.
Qstream may log access to its Services and Website and retain logs for a period of time to facilitate in monitoring and improving the performance, security, and functionality of the Services and the Website Logs may contain IP addresses, which may indicate the location of a user, or Registered User as applicable, accessing the Services or the Website.
Onward Transfer Principle
Qstream does not share, sell, rent or trade personal information to third parties for marketing or promotional purposes. Qstream may transfer personal information, solely as required to facilitate the essential operation of the service, to its infrastructure providers such as cloud service or data center operators. In cases of onward transfer to third parties of personal information of EU or Swiss individuals received pursuant to the EU-US or Swiss US Privacy Shield, Qstream is potentially liable.
Qstream reserves the right to use or disclose personal information provided to Qstream in response to a lawful request by public authorities, including to meet national security or law enforcement requirements, or if Qstream reasonably believes that use or disclosure is necessary to protect Qstream’s rights and/or to comply with a judicial proceeding, court order, or legal process.
Data Security and Integrity
Qstream takes data security seriously and has in place appropriate physical and virtual safeguards, procedures and policies to prevent unauthorized access, disclosure, alteration or destruction of personal information.
Qstream uses personal information supplied by or on behalf of Registered Users solely to facilitate use of the Services by said users and, where relevant, their managers or administrators. Qstream will take reasonable steps to verify the validity of personal information supplied, for example by validating email addresses and/or the source of data supplied.
Privacy Shield Principles
One Burlington Woods
Burlington, MA 01803
Qstream has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.
You may have the option to select binding arbitration under the Privacy Shield Panel for the resolution of your complaint under certain circumstances. For further information, please see the Privacy Shield website referenced above.
EU General Data Protection Regulation (GDPR)
Qstream complies with the principles of the GDPR, which are designed to safeguard the personal data and rights of individuals. Qstream applies these principles not just to EU residents, but to all individuals using the Services regardless of where they may be located, thus affording equal protections to all.
Qstream requires access to minimal personal data to provide the Services, such as name and email address, and does not process any sensitive data. Qstream uses this data in order to provide the Services to you. However, Qstream takes the security of all of your data seriously, and has in place appropriate technical and organisational safeguards, including but not limited to, the use of encryption and firewalls to protect your data.
In the provision of its Services, Qstream contracts with its customers and acts wholly in the capacity of a Data Processor, while those customers act in the capacity of Data Controller, with respect to the data provided by them to Qstream, and this forms the legal basis for processing such data. This is an important point to note, as while Qstream is committed to upholding an individual’s rights under GDPR, certain of those rights may need the input or action from their Data Controller, who is responsible for their data.
Under the GDPR, individuals have various rights with respect to their data. In support of this users of the Service, may view, obtain or correct their personal information by logging in with their dashboard.
Individuals also have the right to object or restrict such processing, or have their data erased. In such instances, individuals should contact their Data Controller directly, which will typically be your Qstream Program Manager at your company or organisation. If you do not know who this is, or you are unable to contact this person, or you should have any other queries with respect to GDPR or how Qstream process your personal data, you should contact us directly at email@example.com, and we will endeavour to assist you.
In order to support the Qstream application Services, Qstream uses a number of trusted infrastructure hosting providers to provide essential functionality. In the context of GDPR, where your personal data may be transferred to a third-party, these third-parties are known as Sub-Processors.
Note that in the case of the Qstream Services, these infrastructure providers do not interact with or view your personal data but are used solely in the provision of technical infrastructure, but as they do technically process your data, it is important for you to know who there are.
In each case, Qstream has thoroughly vetted, and put in place appropriate Data Processing Agreements with such sub-processors to ensure that they maintain sufficient protections for your data as required by GDPR.
- Amazon Web Services (AWS), for infrastructure and data centers
- Heroku, for Application Server container provisioning
- Sendgrid, for delivery of emails related to the Qstream Services
In the course of operating its general business, and providing the servicesServices to its customers, including troubleshooting errors, obtaining feedback and responding to email requests, storing project plans, etc., Qstream uses a number of other trusted service providers.
While the majority of such providers do not process your personal data, should you interact with us outside of web-based Services, your Personal data may be processed by some of these providers, which include email and helpdesk and file sharing solution providers such as G Suite, Zendesk and Dropbox.
Regardless of whether or not they process any personal data, Qstream, though its vendor management program, vets such providers to ensure they meet any requirements for GDPR, and has appropriate data processing agreements in place.
U.S. Government Agency Governing Authority
Qstream, Inc. is subject to the investigatory and enforcement powers of the Federal Trade Commission.