QuestaWeb is committed to maintaining your confidence and trust, and accordingly complies with the following Privacy Statement to protect the personal information you provide to QuestaWeb, Inc. and all of its related worldwide affiliates and subsidiaries (collectively, “QuestaWeb”). As used in this Privacy Statement, “Personal Data”, means any information about an identified or identifiable natural person.
This statement is divided into sections based on your relationship with QuestaWeb. Please select the appropriate section(s) below for information that applies to your Personal Data. Keep in mind that more than one section might apply to you. Note that this Privacy Statement does not apply to QuestaWeb employees or job applicants.
These General Terms apply to anyone (except QuestaWeb employees and job applicants) whose Personal Data is processed by QuestaWeb.
Purposes of Personal Data Collection and Use
QuestaWeb collects, uses and processes Personal Data for the purposes of:
- Providing information about our products, services and events
- Providing products, services and support to our customers
- Administrative purposes relating to processing transactions with our customers
- Communicating with US Customs and Border Protection and other Government agencies on matters related to customers’ import/export operations and to domestic movements of goods
- Communicating with business partners such as database vendors, communication and hardware vendors about business matters
- Conducting business related tasks for legitimate business purposes
- Other purposes, if any, but purposely disclosed at the time of collection
- Compliance with legal requirements and protection of rights and property.
Entities Personal Data is collected from
QuestaWeb collects abovementioned personal information from the following entities:
- From potential and existing customers: Contact information, including name, address, email address and phone number, and business activities related to QuestaWeb software products
- From vendors: Contact information, including name, address, email address and phone number, and business services provided by the vendor
- From our website visitors requesting additional information about QuestaWeb products: Contact information, including name, address, email address and phone number, and business activities related to QuestaWeb software products. If a website visitor does not request additional information, no personal data is collected.
Types of Personal Data Collection
- Contact information, including name, address, email address and phone number
- Business activity information from our customers
- Information regarding use of QuestaWeb’s applications software or products and services as described in this Privacy Statement.
Security of Personal Data
QuestaWeb is committed to safeguarding the Personal Data that it receives. While QuestaWeb cannot guarantee the security of Personal Data, QuestaWeb has implemented reasonable technical and organizational measures to protect Personal Data in QuestaWeb’s possession from loss, misappropriation and unauthorized access, disclosure and destruction.
QuestaWeb utilizes a combination of online and offline security technologies, procedures and organizational measures to help safeguard Personal Data. For example, facility security is designed to prevent unauthorized access to QuestaWeb computers. Electronic security measures — including, for example, network access controls, passwords and access logging — provide protection from hacking and other unauthorized access. QuestaWeb also protects Personal Data through the use of firewalls, role-based restrictions and, where appropriate, encryption technology. QuestaWeb limits access to Personal Data to employees and subcontractors that have a specific business reason for accessing such Personal Data. Individuals who have been granted access to Personal Data will be made aware of their responsibilities to protect such information and will be provided training and instruction on how to do so. QuestaWeb maintains SOC2 certification.
If QuestaWeb learns of an unauthorized disclosure of Personal Data that is within QuestaWeb’s possession or control, QuestaWeb will perform all actions required by applicable laws, including taking prompt measures to remedy the unauthorized disclosure and providing required notices.
QuestaWeb hires other companies to provide certain services on our behalf; for example, to conduct penetration tests and to verify SOC2 compliance. QuestaWeb will provide these companies only with the information they need to deliver the services, and they are contractually prohibited from using that information for any other purpose.
Because QuestaWeb is the United States based company, Personal Data is stored and processed in the United States where QuestaWeb maintains facilities or personnel.
QuestaWeb’s products and services are not intended for children under the age of 13. QuestaWeb does not knowingly collect any information from children. If we learn that we have collected or received Personal Data from a child under 13 (with or without verification of parental consent), we will delete that information immediately.
Under certain circumstances, we may be required to disclose your Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
Your Access to and Control over Your Personal Data
- Opt out of any future contacts from us
- See what information we have about you, if any
- Change, correct, or, in certain circumstances, request that we delete any Personal Data we have about you
- Express any concern you have about our use of your Personal Data
QuestaWeb will comply with these requests as required by law. We may request additional information from you in order to process your request.
Should you have any questions or concerns about this Privacy Statement, please contact our data protection officer as follows:
Attn: Data Protection Officer
60 Walnut Avenue, Suite 300
Clark, NJ 07066, USA
Requests to unsubscribe from (“opt-out” of) communications from QuestaWeb can be managed using the link in email communications. You may also mail or email your enquiry/request to the above address.
Changes to this Privacy Statement
QuestaWeb may revise this Privacy Statement from time to time in order to comply with new laws and regulations; to conform to industry best practices; to reflect changes in QuestaWeb product and service offerings; and for other reasons. The revised Privacy Statement will become effective when it is posted on the QuestaWeb website.
WEBSITE VISITORS & REPRESENTATIVES OF POTENTIAL CUSTOMERS
This section of the Privacy Statement describes our practices in connection with information we may collect through your use of our website (collectively, our “Site”). By using our Site, you consent to our collection and use of the information described in this Privacy Statement. This section also describes our practices about Personal Data of representatives of potential customers, whether we interact with those representatives directly through the Site or in other ways.
Although QuestaWeb has endeavored to create a secure and reliable site for you, the confidentiality of any communication or material transmitted to or from QuestaWeb via the Site or email cannot be guaranteed.
Collection and Use of Information
QuestaWeb collects your Personal Data (such as your name, address, or telephone number) through our Site only if you provide it to us voluntarily.
At any time, while accessing our Site, any user may decline participation in any activity that would require active submission of Personal Data (e.g., submitting a request for product information). Your decision not to participate will not affect your ability to use any other feature on our Site. When choosing to provide Personal Data through our Site, you acknowledge that QuestaWeb may store and process your Personal Data.
QuestaWeb may offer you opportunities to engage in blogs, forums, and social media accounts that are designed to be visible to other users, including comments and postings. You should be aware that any Personal Data you choose to submit via those media can be read, collected, and used by other participants, and could be used to send you unsolicited messages. We are not responsible for the Personal Data you choose to submit when you engage in such activities.
Some hyperlinks may link to third-party websites. You should be aware that these third-party websites are not controlled by QuestaWeb and are not subject to this Privacy Statement. You should check the privacy policies of the third-party websites to see how your Personal Data will be collected and used.
The contracts between QuestaWeb and its customers may contain terms regarding the protection of Personal Data. When that is the case, the applicable contract provision shall supersede any conflicting provision in this Privacy Statement.
QuestaWeb’s Role as a Service Provider to Its Customers
QuestaWeb offers product solutions to its customers to store and manage their electronic documents, document metadata, and data relevant to managing Global Trade activities. QuestaWeb may provide product development services, solution engineering services, professional technical services and product technical support services to its customers from any country in which QuestaWeb. As a result, customers’ Personal Data may be transferred, accessed and stored as necessary for the uses stated in this Privacy Statement. Whenever QuestaWeb handles Personal Data, regardless of where this occurs, we take appropriate steps to ensure that customers’ information is treated securely and in accordance with this Privacy Statement and all applicable laws and regulations.
The Customer’s Responsibilities with Respect to Its Personal Data
QuestaWeb’s customers may choose to include Personal Data with the customer data provided to QuestaWeb. This Personal Data may include employee name and contact details for the purpose of administering the customer’s account with QuestaWeb.
QuestaWeb processes Personal Data that its customers have chosen to share with QuestaWeb. QuestaWeb has no direct or contractual relationship with the subjects of this Personal Data (the “Customer Data Subjects”). As a result, when customer data includes Personal Data, the customer is solely responsible for satisfying all legal obligations owed directly to Customer Data Subjects under applicable data protection laws.
Sharing of Personal Data with Third-Parties
QuestaWeb shares Personal Data with our subcontractors and business partners only to the extent required in order to deliver products or services requested by customers. The shared Personal Data may include the name of a contact person together with associated business name, address, email, telephone number, and the list of QuestaWeb’s modules used by the company. Before transferring Personal Data to these third-parties, QuestaWeb will obtain assurances from the recipient that it will safeguard Personal Data in a manner consistent with this Privacy Statement and otherwise to support QuestaWeb business activities. If QuestaWeb learns that a recipient is using or disclosing Personal Data in a manner contrary to this Privacy Statement, QuestaWeb will take steps to prevent such use or disclosure.
QuestaWeb also may disclose Personal Data as required by law, for example, in response to a court order, an administrative proceeding or subpoena. QuestaWeb will, as soon as practical, inform the customer when permitted by law, so the customer may take such actions as it deems necessary to protect the rights of Customer Data Subjects.
QuestaWeb’s customers are responsible for ensuring that they collect only that Personal Data needed to accomplish the purposes disclosed to Customer Data Subjects. They also are responsible for providing QuestaWeb with instructions for the processing of Personal Data consistent with the purposes stated in the customers’ notice to Customer Data Subjects. QuestaWeb will process Personal Data only in accordance with the customer’s instructions.
QuestaWeb will retain Personal Data as necessary to fulfill the purposes described in this Privacy Statement or in our customer agreements. QuestaWeb will return or destroy Personal Data stored by QuestaWeb in accordance with applicable law.
Access to and Correction of Personal Data
Customers have the right to access and review, correct or amend and, in certain circumstances, delete their Personal Data that QuestaWeb holds by contacting QuestaWeb. Customers are responsible for providing QuestaWeb with accurate and complete Personal Data, and for contacting QuestaWeb if correction of such information is required. QuestaWeb will cooperate with its customers’ reasonable requests for assistance in permitting Customer Data Subjects to exercise their rights under applicable data protection laws to amend or delete their Personal Data. Please note that, where permitted, we may charge a fee for fulfilling access requests and that we reserve the right to disallow unreasonable requests for access. If a Customer Data Subject’s Personal Data was provided to us by a QuestaWeb customer, we may facilitate access to such data by directing the Customer Data Subject to the customer that provided the Personal Data to us.
How QuestaWeb Uses Customer Data
QuestaWeb uses Personal Data submitted to us for general business purposes, including:
- to deliver or provide products and services ordered by customers, including administering the delivery of electronic products and services requiring logins and passwords, confirming compliance with licensing terms, and responding to technical queries
- to perform accounting and Global Trade Management functions
- to notify customers of new products and services from QuestaWeb and for other general marketing purposes, such as advertising QuestaWeb’s customer events and engaging with customers via online communities and social media
- for our business purposes, such as data analysis, audits, fraud monitoring and prevention, developing new products, services and offerings, enhancing, improving or modifying our products and services, and operating and expanding our business activities
- to comply with legal requirements.
PEOPLE IN THE EUROPEAN ECONOMIC AREA (“EEA”) OR SWITZERLAND
The EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield Frameworks (collectively, “Privacy Shield”) governs how QuestaWeb collects, uses, and discloses Personal Data that we receive in the United States (“U.S.”) from the EEA and Switzerland. In this Privacy Statement we refer to Personal Data from the EEA or Switzerland as “EEA or Swiss Data”.
- Contact information, including name, address, email address and phone number
- Business activity information from our customers
- Information regarding use of QuestaWeb’s Site or products and services as described in this Privacy Statement
QuestaWeb recognizes that the EEA and Switzerland have established strict protections regarding the handling of EEA or Swiss Data, including requirements to provide adequate protection for EEA or Swiss Data transferred outside of the EEA and Switzerland.
To provide adequate protection for certain EEA or Swiss Data relating to website visitors, customers, and prospective customers that QuestaWeb receives in the U.S., QuestaWeb complies with the Privacy Shield as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the EEA and Switzerland to the U.S. QuestaWeb has certified to the Department of Commerce that it adheres to the Privacy Shield. QuestaWeb adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the terms in this Privacy Statement and the Privacy Shield, the Privacy Shield shall govern.
QuestaWeb will only process EEA or Swiss Data in ways that are compatible with the purpose for which QuestaWeb collected the EEA or Swiss Data, or for purposes that the individual or entity providing the EEA or Swiss Data later authorizes. Before we use your EEA or Swiss Data for a purpose that is materially different than the purpose for which it was collected or that you later authorized, we will provide you with the opportunity to opt out. QuestaWeb maintains reasonable procedures to help ensure that EEA or Swiss Data is reliable for its intended use, accurate, complete, and current.
We do not request and/or collect, or our customers do not provide to us when using QuestaWeb services, certain EEA or Swiss Data that is regarded as “sensitive,” including data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, ideological views or activities, trade-union membership, administrative or criminal proceedings/sanctions, information on social security measures, or data concerning health or sex life.
You may have the right to access the EEA or Swiss Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your EEA or Swiss Data, you can submit a written request to the contact information provided under General Terms above. We may request specific information from you to confirm your identity. In some circumstances we may charge a reasonable fee for access to your information. If your EEA or Swiss Data was provided to us by an QuestaWeb customer, we may facilitate your access to such data by directing you to the customer that provided your Personal Data to us.
QuestaWeb maintains reasonable and appropriate security measures to protect EEA or Swiss Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield.
Data Transfers to Third-Parties
Third-Party Agents or Service Providers. We may transfer EEA or Swiss Data to our business partners that perform functions on our behalf. Where required by the Privacy Shield, we enter into written agreements with those business partners requiring them to provide the same level of protection that the Privacy Shield requires and limiting their use of the data to the specified services provided on our behalf. We take reasonable and appropriate steps (i) to ensure that our business partners process EEA or Swiss Data in accordance with our Privacy Shield obligations and (ii) to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our business partners that perform services on our behalf for their handling of EEA or Swiss Data that we transfer to them.
Third-Party Data Controllers. In some cases, we may transfer EEA or Swiss Data to unaffiliated third-party data controllers. These third-parties do not act as agents or service providers and are not performing functions on our behalf. We may transfer your EEA or Swiss Data to third-party data controllers for the following purposes:
- Sponsors and exhibitors at certain QuestaWeb events receive EEA or Swiss Data about attendees, which the sponsors and exhibitors may use for their own promotional purposes.
- To facilitate provision of services to QuestaWeb customers, QuestaWeb may provide EEA or Swiss Data to third-party software and services companies whose products interact with QuestaWeb products and services in certain instances where a QuestaWeb customer is also a client of such third-party.
We enter into written contracts with any unaffiliated third-party data controllers requiring them to provide the same level of protection for EEA or Swiss Data that the Privacy Shield requires. We also limit their use of your EEA or Swiss Data so that it is consistent with any consent you have provided and with the notices you have received. If we transfer your EEA or Swiss Data to one of our affiliated entities within our corporate group, we will take steps to ensure that your EEA or Swiss Data is protected with the same level of protection that the Privacy Shield requires.
QuestaWeb will conduct periodic (no less frequently than annually) self-assessments of its relevant practices to verify adherence to this Privacy Statement and the Privacy Shield Principles. Any data subject in the EEA or Switzerland with a complaint concerning QuestaWeb’s processing of Personal Data may contact QuestaWeb’s data protection officer at HRQW@QuestaWeb.com.
For purposes of enforcing compliance with the Privacy Shield, QuestaWeb is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission. For more information about the Privacy Shield, see the U.S. Department of Commerce’s Privacy Shield website located at https://www.privacyshield.gov. To review QuestaWeb’s Privacy Shield certification, see the U.S. Department of Commerce’s list of Privacy Shield certified companies located at https://www.privacyshield.gov/list.
Questions or Complaints
You can direct any questions or complaints about the use or disclosure of your EEA or Swiss Data to us as noted above (Contact Us). We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your EEA or Swiss Data within 45 days of receiving your complaint. If you are located in the EEA or Switzerland and have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim. If you wish, you may also contact your local data protection authority in respect of any complaints you may have.
You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have first taken the following steps: (1) raised your complaint directly with QuestaWeb and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the U.S. Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see U.S. Department of Commerce’s Privacy Shield Framework: Annex I (Binding Arbitration)