Qumulex and the EU-U.S. Privacy Shield Notice
Effective October 14, 2019
Qumulex Inc. adheres to the principles of the EU-U.S. Privacy Shield framework with respect to Personal Data submitted by individuals from European Union (E.U.) member countries who visit the Qumulex web sites (“Visitors”) and individuals from E.U. member countries who are associated with organizations that register and/or pay to use the Qumulex Services (“Customers”) in reliance on the Privacy Shield. Specifically, Qumulex complies with the E.U.-U.S. Privacy Shield framework as agreed to between the U.S. Department of Commerce and the European Commission regarding the collection, use, and retention of personal information from European Union (EU) member countries to the United States. Qumulex has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability. By participating in the Privacy Shield, we have agreed to abide by the investigatory and enforcement powers of the U.S. Federal Trade Commission or any other U.S. authorized statutory body. To learn more about the Privacy Shield Program, and to view Qumulex’s certification, please visit the U.S. Department of Commerce’s Privacy Shield website at www.privacyshield.gov.
This notice outlines our general policy and practices for implementing the Privacy Shield Principles. If there is any conflict between the terms in this privacy notice and the Privacy Shield Principles, the Privacy Shield Principles will govern. For the purposes of this notice, “Personal Data” means any information relating to an identified or identifiable natural person. “Sensitive Personal Data” is a subcategory of “Personal Data” and is defined as Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or the sex life of the individual.
For more information on how Qumulex generally collects and maintains Personal Data, and to review our policies regarding data privacy and security, please access the Qumulex Privacy Statement at www.qumulex.com/privacy-policy/.
Personal Data Processing
Qumulex is a data processor on behalf of its Customers. We provide services to our Customers to use to operate aspects of their businesses. Qumulex may process Personal Data that our Customers submit to our Services or instruct us to process the Personal Data on their behalves. Qumulex’s Customers are data controllers and decide what Personal Data to submit.
Types of Personal Data Collected and Purposes for Using and Disclosing Personal Data
To provide Services to our Customers, Qumulex may collect Personal Data that includes, but is not limited to, (1) first and last names; (2) email addresses; (3) telephone numbers; (4) mailing addresses; and (5) access control events and (6) CCTV video, generated by our Customers’ clients.
Qumulex processes Personal Data submitted by Customers for various purposes, including, but not limited to: (1) providing Qumulex’s Services to our Customers and (2) marketing our products and services to our Customers. To fulfill these purposes, Qumulex may access the Personal Data to provide the Services, to correct and address technical or service problems, to follow the instructions of the Customer who submitted the Personal Data, or to fulfill contractual requirements. Please be aware that in rare situations, it may be necessary disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Choice to Limit Use and Disclosure of Personal Data
We recognize that individuals from E.U. member countries have the right to limit the use and disclosure of their Personal Data, and Qumulex is committed to respecting those rights. We offer individuals the opportunity to opt-out of disclosures of Personal Data to a third party or the use of Personal Data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual.
We will comply with the Privacy Shield Principles with respect to disclosures of sensitive data including, when applicable, obtaining the explicit consent (i.e., opt-in consent by way of our Customers) of the individual prior to disclosing Sensitive Personal Data to a third party or using Sensitive Personal Data for purposes other than those for which it was originally collected or subsequently authorized by the individual.
Accountability for Onward Transfers of Personal Data to Third Parties
We may be responsible for onward transfers of personal information to third parties, such as when third parties act as agents on our behalf to process personal information. Qumulex uses a limited number of third-party service providers to assist us in providing our Services to Customers. These third parties may access, process, or store Personal Data in the course of providing their services. Qumulex maintains contracts with these third parties to ensure that they provide the same level of privacy protection as is required by the Privacy Shield principles and to restrict their access, use and disclosure of Personal Data in compliance with our Privacy Shield obligations.
We also transfer Personal Data to our third-party agents, such as infrastructure as a service providers and vulnerability testing providers.
Right to Access Personal Data
Qumulex recognizes that individuals from E.U. member countries have the right to access their Personal Data, and to limit use and disclosure of their Personal Data and Qumulex is committed to respect such rights. Individuals also have the right to obtain our confirmation of whether we maintain Personal Data relating to them. Further, Qumulex will also enable such individuals to correct, amend or delete their Personal Data that is in our possession and control and that is inaccurate or incomplete. The right to access such Personal Data may be restricted in exceptional circumstances, including, but not limited to, when the burden or expense of providing this access would be disproportionate to the risks to privacy in the case in question, or where the rights of other persons would be violated by the provision of such access. If Qumulex determines that access should be restricted in a particular instance, we will provide an explanation of our determination and respond to any inquiries.
Because Qumulex personnel have limited ability to access the data our Customers submit to our Services, individuals who wish to request access, to limit use, or to limit disclosure of his/her Personal Data must provide the name of the Qumulex Customer that submitted his or her Personal Data to the Service(s). Qumulex will contact the Customer with the request and will support the Customer as needed in responding to the request. To request to access, correct, amend, or delete Personal Data, please contact Qumulex at firstname.lastname@example.org.
Recourse, Enforcement, and Liability
In compliance with the Privacy Shield Principles, Qumulex commits to resolve complaints about our collection or use of Personal Data. Individuals from E.U. member countries with inquiries or complaints regarding our Privacy Shield policy should first contact Qumulex at:
9059 Technology Ln
Fishers, IN 46038 USA
Phone: +1 (317) 207-0520
Qumulex has further committed to refer unresolved Privacy Shield complaints to ICDR/AAA, an alternative dispute resolution provider located in the United States. If timely acknowledgment of a complaint is not received from us, or if we have not addressed the complaint satisfactorily, please contact or visit www.adr.org for more information or to file a complaint. The services of ICDR/AAA are provided at no cost to the individual.
Please note that if an individual’s complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.