Privacy Policy Statement

GENERAL TERMS

These General Terms apply to anyone (except QuestaWeb employees and job applicants) whose Personal Data is processed by QuestaWeb.

Purposes of Personal Data Collection and Use

QuestaWeb collects, uses and processes Personal Data for the purposes of:

• Providing information about our products, services and events
• Providing products, services and support to our customers
• Administrative purposes relating to processing transactions with our customers
• Communicating with US Customs and Border Protection and other Government agencies on matters related to customers’ import/export operations and to domestic movements of goods
• Communicating with business partners such as database vendors, communication and hardware vendors about business matters
• Conducting business related tasks for legitimate business purposes
• Other purposes, if any, but purposely disclosed at the time of collection
• Compliance with legal requirements and protection of rights and property.

Entities Personal Data is collected from

QuestaWeb collects abovementioned personal information from the following entities:

• From potential and existing customers: Contact information, including name, address, email address and phone number, and business activities related to QuestaWeb software products
• From vendors: Contact information, including name, address, email address and phone number, and business services provided by the vendor
• From our website visitors requesting additional information about QuestaWeb products: Contact information, including name, address, email address and phone number, and business activities related to QuestaWeb software products. If a website visitor does not request additional information, no personal data is collected.

Types of Personal Data Collection

QuestaWeb never collects or requests any credit card information form any person or an entity. QuestaWeb does not use cookies on the website. QuestaWeb collects very limited personal information including the following specific types of information:

• Contact information, including name, address, email address and phone number
• Business activity information from our customers
• Information regarding use of QuestaWeb’s applications software or products and services as described in this Privacy Statement.

Security of Personal Data

QuestaWeb is committed to safeguarding the Personal Data that it receives. While QuestaWeb cannot guarantee the security of Personal Data, QuestaWeb has implemented reasonable technical and organizational measures to protect Personal Data in QuestaWeb’s possession from loss, misappropriation and unauthorized access, disclosure and destruction.

QuestaWeb utilizes a combination of online and offline security technologies, procedures and organizational measures to help safeguard Personal Data. For example, facility security is designed to prevent unauthorized access to QuestaWeb computers. Electronic security measures — including, for example, network access controls, passwords and access logging — provide protection from hacking and other unauthorized access. QuestaWeb also protects Personal Data through the use of firewalls, role-based restrictions and, where appropriate, encryption technology. QuestaWeb limits access to Personal Data to employees and subcontractors that have a specific business reason for accessing such Personal Data. Individuals who have been granted access to Personal Data will be made aware of their responsibilities to protect such information and will be provided training and instruction on how to do so. QuestaWeb maintains SOC2 certification.

If QuestaWeb learns of an unauthorized disclosure of Personal Data that is within QuestaWeb’s possession or control, QuestaWeb will perform all actions required by applicable laws, including taking prompt measures to remedy the unauthorized disclosure and providing required notices.

QuestaWeb hires other companies to provide certain services on our behalf; for example, to conduct penetration tests and to verify SOC2 compliance. QuestaWeb will provide these companies only with the information they need to deliver the services, and they are contractually prohibited from using that information for any other purpose.

Because QuestaWeb is the United States based company, Personal Data is stored and processed in the United States where QuestaWeb maintains facilities or personnel.

QuestaWeb’s products and services are not intended for children under the age of 13. QuestaWeb does not knowingly collect any information from children. If we learn that we have collected or received Personal Data from a child under 13 (with or without verification of parental consent), we will delete that information immediately.

Under certain circumstances, we may be required to disclose your Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

Your Access to and Control over Your Personal Data

In addition to not providing us any personal information upon reading our Privacy Policy, you may do the following at any time by contacting us at HRQW@QuestaWeb.com:

• Opt out of any future contacts from us
• See what information we have about you, if any
• Change, correct, or, in certain circumstances, request that we delete any Personal Data we have about you
• Express any concern you have about our use of your Personal Data

QuestaWeb will comply with these requests as required by law. We may request additional information from you in order to process your request.

Contact Us

Should you have any questions or concerns about this Privacy Statement, please contact our data protection officer as follows:

QuestaWeb, Inc.
Attn: Data Protection Officer
60 Walnut Avenue, Suite 300
Clark, NJ 07066, USA
HRQW@QuestaWeb.com

Requests to unsubscribe from (“opt-out” of) communications from QuestaWeb can be managed using the link in email communications. You may also mail or email your enquiry/request to the above address.

Changes to this Privacy Statement

QuestaWeb may revise this Privacy Statement from time to time in order to comply with new laws and regulations; to conform to industry best practices; to reflect changes in QuestaWeb product and service offerings; and for other reasons. The revised Privacy Statement will become effective when it is posted on the QuestaWeb website.

 

WEBSITE VISITORS & REPRESENTATIVES OF POTENTIAL CUSTOMERS

This section of the Privacy Statement describes our practices in connection with information we may collect through your use of our website (collectively, our “Site”). By using our Site, you consent to our collection and use of the information described in this Privacy Statement. This section also describes our practices about Personal Data of representatives of potential customers, whether we interact with those representatives directly through the Site or in other ways.

Although QuestaWeb has endeavored to create a secure and reliable site for you, the confidentiality of any communication or material transmitted to or from QuestaWeb via the Site or email cannot be guaranteed.

Collection and Use of Information

QuestaWeb collects your Personal Data (such as your name, address, or telephone number) through our Site only if you provide it to us voluntarily.

In addition, as you use our Site we automatically collect certain information regarding your visit, including information about your equipment, operating system, browsing actions including log data and usage patterns. The information we collect automatically is statistical data. We use this information for internal purposes, such as to improve our Site. We do not use cookies to assist us in collecting this information (a cookie is a small file placed on the hard drive of your computer).

At any time, while accessing our Site, any user may decline participation in any activity that would require active submission of Personal Data (e.g., submitting a request for product information). Your decision not to participate will not affect your ability to use any other feature on our Site. When choosing to provide Personal Data through our Site, you acknowledge that QuestaWeb may store and process your Personal Data.

QuestaWeb may offer you opportunities to engage in blogs, forums, and social media accounts that are designed to be visible to other users, including comments and postings. You should be aware that any Personal Data you choose to submit via those media can be read, collected, and used by other participants, and could be used to send you unsolicited messages. We are not responsible for the Personal Data you choose to submit when you engage in such activities.

External Websites

Some hyperlinks may link to third-party websites. You should be aware that these third-party websites are not controlled by QuestaWeb and are not subject to this Privacy Statement. You should check the privacy policies of the third-party websites to see how your Personal Data will be collected and used.

 

QUESTAWEB CUSTOMERS

The contracts between QuestaWeb and its customers may contain terms regarding the protection of Personal Data. When that is the case, the applicable contract provision shall supersede any conflicting provision in this Privacy Statement.

QuestaWeb’s Role as a Service Provider to Its Customers

QuestaWeb offers product solutions to its customers to store and manage their electronic documents, document metadata, and data relevant to managing Global Trade activities. QuestaWeb may provide product development services, solution engineering services, professional technical services and product technical support services to its customers from any country in which QuestaWeb. As a result, customers’ Personal Data may be transferred, accessed and stored as necessary for the uses stated in this Privacy Statement. Whenever QuestaWeb handles Personal Data, regardless of where this occurs, we take appropriate steps to ensure that customers’ information is treated securely and in accordance with this Privacy Statement and all applicable laws and regulations.

The Customer’s Responsibilities with Respect to Its Personal Data

QuestaWeb’s customers may choose to include Personal Data with the customer data provided to QuestaWeb. This Personal Data may include employee name and contact details for the purpose of administering the customer’s account with QuestaWeb.

QuestaWeb processes Personal Data that its customers have chosen to share with QuestaWeb. QuestaWeb has no direct or contractual relationship with the subjects of this Personal Data (the “Customer Data Subjects”). As a result, when customer data includes Personal Data, the customer is solely responsible for satisfying all legal obligations owed directly to Customer Data Subjects under applicable data protection laws.

It is the QuestaWeb customer’s responsibility to ensure that Personal Data it collects or directs QuestaWeb to collect can be legally collected. The customer also is responsible for providing to Customer Data Subjects any notices required by applicable law and for responding appropriately to Customer Data Subjects’ requests to exercise their rights with respect to Personal Data. In addition, the customer is responsible for ensuring that its disclosure of Personal Data to QuestaWeb is consistent with any privacy policy the customer has established and any notices it has provided or is required to provide to Customer Data Subjects.

QuestaWeb is not responsible for its customers’ privacy policies or practices; or for customers’ compliance with such policies/practices. QuestaWeb does not review, comment upon, or monitor its customers’ privacy policies or its customers’ compliance with such policies. QuestaWeb does not review instructions or authorizations sent to QuestaWeb by customers or other parties to determine whether the instructions or authorizations are in compliance with, or conflict with, the terms of a customer’s published privacy policy or of any notice provided to Customer Data Subjects.

Sharing of Personal Data with Third-Parties

QuestaWeb shares Personal Data with our subcontractors and business partners only to the extent required in order to deliver products or services requested by customers. The shared Personal Data may include the name of a contact person together with associated business name, address, email, telephone number, and the list of QuestaWeb’s modules used by the company. Before transferring Personal Data to these third-parties, QuestaWeb will obtain assurances from the recipient that it will safeguard Personal Data in a manner consistent with this Privacy Statement and otherwise to support QuestaWeb business activities. If QuestaWeb learns that a recipient is using or disclosing Personal Data in a manner contrary to this Privacy Statement, QuestaWeb will take steps to prevent such use or disclosure.

QuestaWeb also may disclose Personal Data as required by law, for example, in response to a court order, an administrative proceeding or subpoena. QuestaWeb will, as soon as practical, inform the customer when permitted by law, so the customer may take such actions as it deems necessary to protect the rights of Customer Data Subjects.

Data Integrity

QuestaWeb’s customers are responsible for ensuring that they collect only that Personal Data needed to accomplish the purposes disclosed to Customer Data Subjects. They also are responsible for providing QuestaWeb with instructions for the processing of Personal Data consistent with the purposes stated in the customers’ notice to Customer Data Subjects. QuestaWeb will process Personal Data only in accordance with the customer’s instructions.

QuestaWeb will retain Personal Data as necessary to fulfill the purposes described in this Privacy Statement or in our customer agreements. QuestaWeb will return or destroy Personal Data stored by QuestaWeb in accordance with applicable law.

Access to and Correction of Personal Data

Customers have the right to access and review, correct or amend and, in certain circumstances, delete their Personal Data that QuestaWeb holds by contacting QuestaWeb. Customers are responsible for providing QuestaWeb with accurate and complete Personal Data, and for contacting QuestaWeb if correction of such information is required. QuestaWeb will cooperate with its customers’ reasonable requests for assistance in permitting Customer Data Subjects to exercise their rights under applicable data protection laws to amend or delete their Personal Data. Please note that, where permitted, we may charge a fee for fulfilling access requests and that we reserve the right to disallow unreasonable requests for access. If a Customer Data Subject’s Personal Data was provided to us by a QuestaWeb customer, we may facilitate access to such data by directing the Customer Data Subject to the customer that provided the Personal Data to us.

How QuestaWeb Uses Customer Data

QuestaWeb uses Personal Data submitted to us for general business purposes, including:

• to deliver or provide products and services ordered by customers, including administering the delivery of electronic products and services requiring logins and passwords, confirming compliance with licensing terms, and responding to technical queries
• to perform accounting and Global Trade Management functions
• to notify customers of new products and services from QuestaWeb and for other general marketing purposes, such as advertising QuestaWeb’s customer events and engaging with customers via online communities and social media
• for our business purposes, such as data analysis, audits, fraud monitoring and prevention, developing new products, services and offerings, enhancing, improving or modifying our products and services, and operating and expanding our business activities
• to comply with legal requirements.

 

PEOPLE IN THE EUROPEAN ECONOMIC AREA (“EEA”) OR SWITZERLAND

The EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield Frameworks (collectively, “Privacy Shield”) governs how QuestaWeb collects, uses, and discloses Personal Data that we receive in the United States (“U.S.”) from the EEA and Switzerland. In this Privacy Statement we refer to Personal Data from the EEA or Switzerland as “EEA or Swiss Data”.

QuestaWeb does not use cookies on our Site. QuestaWeb collects EEA or Swiss Data (i) from individuals who visit our Site, and (ii) from our customers, including the following specific types of information:

• Contact information, including name, address, email address and phone number
• Business activity information from our customers
• Information regarding use of QuestaWeb’s Site or products and services as described in this Privacy Statement

QuestaWeb recognizes that the EEA and Switzerland have established strict protections regarding the handling of EEA or Swiss Data, including requirements to provide adequate protection for EEA or Swiss Data transferred outside of the EEA and Switzerland.

To provide adequate protection for certain EEA or Swiss Data relating to website visitors, customers, and prospective customers that QuestaWeb receives in the U.S., QuestaWeb complies with the Privacy Shield as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the EEA and Switzerland to the U.S. QuestaWeb has certified to the Department of Commerce that it adheres to the Privacy Shield. QuestaWeb adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the terms in this Privacy Statement and the Privacy Shield, the Privacy Shield shall govern.

QuestaWeb will only process EEA or Swiss Data in ways that are compatible with the purpose for which QuestaWeb collected the EEA or Swiss Data, or for purposes that the individual or entity providing the EEA or Swiss Data later authorizes. Before we use your EEA or Swiss Data for a purpose that is materially different than the purpose for which it was collected or that you later authorized, we will provide you with the opportunity to opt out. QuestaWeb maintains reasonable procedures to help ensure that EEA or Swiss Data is reliable for its intended use, accurate, complete, and current.

We do not request and/or collect, or our customers do not provide to us when using QuestaWeb services, certain EEA or Swiss Data that is regarded as “sensitive,” including data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, ideological views or activities, trade-union membership, administrative or criminal proceedings/sanctions, information on social security measures, or data concerning health or sex life.

Access Rights

You may have the right to access the EEA or Swiss Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your EEA or Swiss Data, you can submit a written request to the contact information provided under General Terms above. We may request specific information from you to confirm your identity. In some circumstances we may charge a reasonable fee for access to your information. If your EEA or Swiss Data was provided to us by an QuestaWeb customer, we may facilitate your access to such data by directing you to the customer that provided your Personal Data to us.

Security

QuestaWeb maintains reasonable and appropriate security measures to protect EEA or Swiss Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield.

Data Transfers to Third-Parties

Third-Party Agents or Service Providers. We may transfer EEA or Swiss Data to our business partners that perform functions on our behalf. Where required by the Privacy Shield, we enter into written agreements with those business partners requiring them to provide the same level of protection that the Privacy Shield requires and limiting their use of the data to the specified services provided on our behalf. We take reasonable and appropriate steps (i) to ensure that our business partners process EEA or Swiss Data in accordance with our Privacy Shield obligations and (ii) to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our business partners that perform services on our behalf for their handling of EEA or Swiss Data that we transfer to them.

Third-Party Data Controllers. In some cases, we may transfer EEA or Swiss Data to unaffiliated third-party data controllers. These third-parties do not act as agents or service providers and are not performing functions on our behalf. We may transfer your EEA or Swiss Data to third-party data controllers for the following purposes:

• Sponsors and exhibitors at certain QuestaWeb events receive EEA or Swiss Data about attendees, which the sponsors and exhibitors may use for their own promotional purposes.
• To facilitate provision of services to QuestaWeb customers, QuestaWeb may provide EEA or Swiss Data to third-party software and services companies whose products interact with QuestaWeb products and services in certain instances where a QuestaWeb customer is also a client of such third-party.

 

We enter into written contracts with any unaffiliated third-party data controllers requiring them to provide the same level of protection for EEA or Swiss Data that the Privacy Shield requires. We also limit their use of your EEA or Swiss Data so that it is consistent with any consent you have provided and with the notices you have received. If we transfer your EEA or Swiss Data to one of our affiliated entities within our corporate group, we will take steps to ensure that your EEA or Swiss Data is protected with the same level of protection that the Privacy Shield requires.

Enforcement

QuestaWeb will conduct periodic (no less frequently than annually) self-assessments of its relevant practices to verify adherence to this Privacy Statement and the Privacy Shield Principles. Any data subject in the EEA or Switzerland with a complaint concerning QuestaWeb’s processing of Personal Data may contact QuestaWeb’s data protection officer at HRQW@QuestaWeb.com.

For purposes of enforcing compliance with the Privacy Shield, QuestaWeb is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission. For more information about the Privacy Shield, see the U.S. Department of Commerce’s Privacy Shield website located at https://www.privacyshield.gov. To review QuestaWeb’s Privacy Shield certification, see the U.S. Department of Commerce’s list of Privacy Shield certified companies located at https://www.privacyshield.gov/list.

Questions or Complaints

You can direct any questions or complaints about the use or disclosure of your EEA or Swiss Data to us as noted above (Contact Us). We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your EEA or Swiss Data within 45 days of receiving your complaint. If you are located in the EEA or Switzerland and have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim. If you wish, you may also contact your local data protection authority in respect of any complaints you may have.

Binding Arbitration

You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have first taken the following steps: (1) raised your complaint directly with QuestaWeb and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the U.S. Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see U.S. Department of Commerce’s Privacy Shield Framework: Annex I (Binding Arbitration)

at http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016D1250&from=EN.