Effective Date: [September 19, 2019]; Last Updated [March 30, 2021]
Your privacy is important to Q5id, Inc. (“Q5id,” “us,” “our,” and/or “we”). This Privacy Statement describes our information and privacy practices that apply when you use Q5id’s website located at q5id.com/privacy-policy, as well as our mobile application “App.” Q5id provides identity verification and authentication enrollment solutions (our “Services”) to its customers. We operate the for the benefit of our customers, and to provide information and resources about our products and Services. Q5id values the trust put in us by our customers, business partners, and others who share their personal information with us, and is committed to complying with applicable privacy and data protection laws. This Privacy Statement applies to information we process through the website and mobile application, as a data controller, and also describes how we process data through the provision of our Services on behalf of our customers, as a data processor.
PLEASE READ this Privacy Statement before you use the Website and Application. Your use of the Website and Application signifies to us that you have read and understood all of the terms of this Privacy Statement.
This Privacy Statement explains:
- What personal information we collect, and why we collect it;
- How we use personal information;
- How we protect that information;
- How you can control your information, including accessing, updating and deleting what we store;
- How and with whom we may share the information we collect;
- How long we retain personal information.
This Privacy Statement contains the following sections:
PLEASE READ this Privacy Statement before you use the Website and Application. Your use of the Website and Application signifies to us that you have read and understood all of the terms of this Privacy Statement.
We will seek your explicit consent prior to processing sensitive personal data, as required by applicable data protection laws. For example, see our “App Privacy Notice” and opt-in consent process in the Q5id app, as well as our Cookie Notice on our website with opt-in consent process.
Our Role as A Data Processor
We provide the Services to or for use by, or perform the Services on behalf of, our customers, and in some cases, their end-users. As described in this Privacy Statement, the use or performance of the Services may involve the processing of your personal information. In other words, we operate as a service provider, and, through the provision of our Services, we may collect and process personal information on behalf and at the direction of our customers. In these circumstances, and for purposes of applicable data privacy laws, Q5id is acting as a “Data Processor” and our customers remain the “Data Controller” with regard to any personal information that we collect, or they provide, for processing through use of our Services.
As the data controllers, our customers have primary responsibility for compliance with data privacy obligations over this personal information, including maintaining their own privacy program to communicate to individuals how their personal information is being processed and shared. As such, our customers’ individual organizational privacy statements will govern the use of personal information that is collected and processed through use of our Services. Q5id is not responsible for our customers’ privacy or security practices which may differ than those described in this Privacy Statement.
As the data processor, we process personal information input into the Services on behalf of our customers, and in accordance with our customers’ written instructions as well as the terms of our contracts with our customers. This also means that where instructed or authorized by our customers, we may share personal information with third parties to carry out further processing of personal information on our customers’ behalf. Further, as a data processor, we will assist our customers in complying with applicable data privacy laws to the extent any such laws cover the personal information we process on their behalf. As such, we do not respond directly to any requests from individuals who desire to exercise their data privacy rights (as describe herein, below) with regard to their personal information for which we are only a processor. Rather, we will refer any such requests to the customer who is the data controller of such personal information.
Our Role as a Data Controller
Types of Information Collected
Information You Provide to Us
Certain features of the Website may enable or require you to provide personal information. Some common ways you may provide us with personal information include when you contact us through the Website; create an account or profile on our website; submit, manage, or revise the personal information in your account profile; update your communication or other subscription preferences with us; make a [payment / purchase]. Depending on the nature of your interaction with us, the personal information collected on the Website and Application may consist of information including, but not limited to:
- first and last name;
- job title and company name;
- email address;
- phone number
- mailing address;
- password to register with us;
- any additional contact information you provide; and/or
- your photo or images of your likeness;
When we ask you to provide personal information on the Website or Application, we will explain, or otherwise make it evident, the reasons why you are asked to provide that information. Generally, and unless otherwise indicated, any required information that you may be asked to provide is needed to enable your use of certain features or provide you with services or information you request from us. In some instances, if you choose not to provide us with your personal information, you may not be able to use certain features of the application.
Information Provided or Collected About You Via our Services
As described above, Q5id is a service provider, and, through the provision of our services, we may collect and process personal information about you either on behalf, and at the direction of our customers., or for our own business purposes in order to provide services directly to end-users. Specifically, the services we provide to our customers include identity verification and authentication solutions. The services we provide to our end-users include identity verification for use with businesses which require such verification. Through the provision of the services, we may collect the following types of personal information from or about you:
- biometric identifiers usage (e.g., face, palm, voice);
- A facial image is collected during enrollment and is converted to a model/template by Amazon Recognition for use in the login process. The login process consists of capturing a face at login and matching it to the saved face model/template that was previously enrolled. The face image is not modified in anyway or used for any other purpose post enrollment. The face mode/template is used for two purposes; matching at login as well as comparing the face on the ID to the enrolled face model/template. If the face on the ID does not match, the user will not be enrolled and the data will be deleted. The user’s model/template is never shared with any customer or user.
- A palm image is collected during enrollment and is converted to a model/template by our internal palm matching server for use in the login process. The login process consists of capturing a palm at login and matching it to the saved palm model/template that was enrolled. The palm image is not modified in anyway or used for any other purpose. The palm model/template is used for one purpose, matching at login and never shared with any customer or user.
- A voice sample is collected during enrollment and is converted to a model/template by our internal voice matching server for use in the login process. The login process may consist of capturing a voice at login and matching it to the saved voice model/template that was enrolled. The voice sample is not modified in anyway or used for any other purpose. The voice model/template is used for one purpose, matching at login. The user’s model/template is never shared with any customer or user.
- photocopies of your ID documentation which may include your government ID number, name, date of birth, and address;
- other information to help us verify your identity, such as your e-mail address, phone number, and last four digits of SSN or other government identifier;
- Information related to your use of the services, such as log-in information, program identifier, communication preferences, and products that interest you;
- Information you provide when you interact with us (for example, customer service and advisor calls may be recorded for quality, training and research purposes;
Please note, however, that where one of our customers asks you to verify and authenticate your identity as part of an enrollment or other transactional process with that customer, Q5id will not process any of your personal information unless or until you initiate the enrollment process using our app. Please review our App Privacy Notice in our app (www.q5id.com/privacy-policy) prior to enrolling in our services and/or submitting your personal information. You will be required to explicitly consent to our collection and processing of certain sensitive personal information, such as biometric and other sensitive information, before you can submit that information to us.
Information Collected from Third Parties
Q5id may obtain personal information from other third-party sources, including our customers and business partners, as well as publicly and commercially available sources. We may combine the information we receive from these third-party sources with information that we collect from you or your device, as described above, in order to perform the Services for you and our customers.
Information That We Collect Automatically
We use certain analytics tools on the Website and Application that help us analyze usage and performance when you visit and use the Website or Application. The information we collect automatically does not include any individuals’ names or contact information. Rather, when you visit, use, or navigate to the Website, these analytics tools automatically collect and store certain information from your computer or device about your visit, such as your IP address, browser and device characteristics, the date and time of visit, duration of visit, operating system, referring URLs, device name, and certain location information such as the country or region you are browsing from. We may also note whether and how you use the Website by recording site traffic patterns and “clickstreams.” Some of the usage data is collected by Google Analytics or Microsoft Azure App Insights and provided to us, as explained in greater detail in the How We Collect Automatically Collected Information section, below.
This Automatically Collected Information allows us to better understand the visitors to our Website and Application, where they come from, and what content on our Website and Application is of interest to them. It also helps us to maintain the security and operation of our Website and Application. We only ever use this Automatically Collected Information for our internal analytics purposes, to diagnose problems with our servers, and to improve the quality, performance, and functionality of the Website.
How We Collect Automatically Collected Information
A cookie is a text file containing small amounts of information that are downloaded to a device when it visits a website. Standing alone, a cookie does not identify an individual user. Rather, it identifies the computer, mobile device, or browser that a user uses to access the Website. Cookies may be used to remember your personal settings, pre-fill forms for you, and to monitor your use of the Website to improve our services.
Most browsers allow you to refuse to accept cookies and to delete cookies, though the methods for doing so may vary from browser to browser. Information about managing cookies in commonly used browsers is available online from www.allaboutcookies.org.
Types of Cookies and Why We Use Them
There are two types of cookies: Session-based and persistent. Session cookies exist only during one session, and they disappear from your computer or device when you close your browser software or otherwise end your session. Persistent cookies remain on your computer or device after you close your browser or otherwise end your session.
The Website uses session cookies to provide us with information about the Website features used and activities conducted while you are using the Website. It also uses session cookies to help process information you input into the Website. The Website uses persistent cookies solely for remembering any preferences or choices you make regarding your use of the website, including your cookie settings.
There are four general categories of cookies. A description of each category of cookie is below, followed by a table describing the categories of cookies used on the Website.
- Strictly necessary cookies.These cookies are essential to enable you to move around a website and use its features. Without these cookies, services you have asked for, like logging into a secure area of our Website, cannot be provided.
- Performance / analytical.These cookies collect information about how visitors use a website. The information collected by these cookies is performance and usage data such as that collected by Google Analytics and Microsoft Azure App Insights as described throughout this Privacy Statement.
- Functionality cookies.These cookies allow a website to remember choices you make (such as your username or ID, language preference, or the area or region you are in) and provide enhanced, more personal features. They may also be used to provide services you have asked for. The information these cookies collect may be anonymized, and they cannot track your browsing activity on other websites.
- Targeting and advertising cookies.These cookies track browsing habits and are used to deliver targeted (interest-based) advertising. They are also used to limit the number of times you see an ad and to measure the effectiveness of advertising campaigns. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organizations, such as advertisers.
Third Party Cookies and Website Analytics
We use third party services including Microsoft Azure App Insights to analyze application activity. When you visit the Website, App Analytics automatically collects information from you through the use of tags. A tag is a specific string of numbers and letters (often called a “character string”) that is assigned to your computer or device but does not name you. The analytics tag allows us to track usage data of the Website, such as date and time of visit, duration of visit, Website traffic patterns, “clickstreams,” other similar information about your use of the Website, the type of web browser used, the operating system/platform you are using, your IP address, the websites that referred or linked you to our Website, and your CPU speed. App Analytics does not share the ID tag assigned to your computer or device that you use to access and use the Website. App Analytics provides information about the use of our Website to us in aggregate form (i.e., data about many Website users combined and not just about you). Some of this data might include the regional location of Website users, but again, this data will be in aggregate (and not individual) form. We rely on this aggregate data to inform us how users are using the Website and to help us improve the Website.
How We Use the Information We Collect
We use information that we collect about you or that you provide to us for the reasons described in this Privacy Statement. In general, we will use the personal information we collect from you only for the purposes described in this Statement, or for the purposes stated at the time we collect your personal information. We may also use your personal information for other purposes that are not incompatible with the purposes we have disclosed to you if and where this is permitted or required by applicable data protection laws. If your personal information is used for additional purposes, we will notify you of those new uses via revisions to this Privacy Statement. Where necessary, we will seek your consent for those new uses.
We may use both automatically collect Information and your personal information to help diagnose problems with the Website or Application, to analyze performance and usage patterns, and to improve the Website or Application and the services offered to you through them.
Our Lawful Basis for Processing Your Information
Where required by applicable data protection laws, we will only use your personal information where we have a lawful basis to do so. In such cases, we generally process personal information either to perform a contract for requested services with you, or for our legitimate business interests. Any processing of personal information we perform in our role as a data processor is done in accordance with the instructions of our customers, who, as the data controllers, are responsible for establishing the lawful basis for such processing where required by applicable data protection laws. Also, in our role as a data controller and a data processor, we use the information we collect or are provided for the following purposes:
- To perform our contract with you: To perform the services that you request from us, including to respond to your inquiries and support our relationship with you, our customers, and their end-users, to contact you about your account, and to notify you about changes to our Website, products, the Services, and/or this Privacy Statement and our other Website terms and policies.
- For our legitimate interests: To improve performance and user experience, we use the information provided to us, as well as automatically-collected information, to analyze trends and statistics, as well as to update and improve our Website, products, and the Services that we provide. We also use this information to generally run the Website and for internal operations, including to help diagnose problems with the Website and Application, in order to provide you with an up to date, efficient and reliable service. In some cases, we may use this information for certain marketing purposes (as described in greater detail in the Marketing Communicationssection, below).
- To comply with our legal obligations: In certain situations we may disclose the information provided to us, as well as automatically-collected information, to any competent law enforcement body, regulatory or government agency, court, or other third party if (i) we believe we are legally obligated to do so, including under applicable data protection laws, (ii) we believe disclosure is necessary to protect, establish, or exercise our legal rights or defend against legal claims, or (iii) we believe disclosure is necessary to help prevent fraudulent or criminal activity, or to protect you, our customers, third parties, or our employees, property, or business.
- With your consent: If you request to be put on our promotional mailing list, or otherwise provide your consent to receive marketing messages from us, we may use the information you voluntarily provide to us, as well as automatically-collected information (such as your IP address and device information), to send you announcements and other materials from time-to-time. More information about our marketing and advertising practices are described in greater detail in the Marketing Communicationssection, below.
Information You Provide to Us
We use personal information you provide to us to provide you with services or information associated that you request from us. Specific uses of your personal information you provide to us include:
- delivering services or carrying out transactions that you have requested;
- account set up and administration;
- responding to questions or inquiries that you make, including customer service requests;
- providing information about Q5id products, services, and developments that may interest you;
- providing you a more consistent experience in interacting with Q5id
- To send you information about offers, events, commercial incentives, or promotions you may be interested in, as described in the Marketing Communicationssection, below.
Information Provided or Collected About You via our Services for Our Customers
As a service provider, we use the information provided or collected about you through the provision of the Services to our customers for the sole purpose of providing the Services to, or on behalf of, our Customers. Specifically, we use your personal information to verify your identity, prevent fraud and facilitate online digital commercial transactions on behalf of our customers, or for end-users.
Our customers are the data controllers with respect to this information and are responsible for instructing us on how to process it, as well as for establishing a lawful basis for processing any personal information (where required by applicable data protection laws). Depending on the data processing instructions we receive from a customer, we may disclose to the customer all or part of the personal information processed through the provisions of Services on their behalf, or data or information derived therefrom.
Unless instructed by a customer, or required for legal or regulatory purposes, we will never disclose information processed through the provision of the Services to any third party, or use such information for marketing purposes.
Information We Collect Automatically
As described in the sections on Automatically Collected Information above, we use Automatically Collected Information in an effort to ensure that our Website and Application will appear and function appropriately on your computer or device, to help us improve the Website and Services, and to determine which website referred you to our Website, Application and Services. This may include customizing our Website and Services to your preferences or interests, making them more compatible with your technology, or otherwise making them easier to use; maintaining the security of and otherwise protecting them; and developing new Q5id internet sites, applications, products and services.We may also use Automatically Collected Information specifically to track what our Website users are looking at most frequently so we can recognize and deliver more of the features, products, and services that our users desire.
If you sign up for our mailing list, complete enrollment in the Q5id Proven Identity app, or otherwise subscribe to receive communication from us, we will contact you to provide information about products or services that may be of interest to you, or to provide other information regarding Q5id, upcoming events and promotions, new products, and other general information about our products and/or services. We may also invite you to participate in, or inform you of the results of, customer satisfaction or market research surveys.
At times, we will share with your financial incentives offered to our users by our business partners. We do not disclose any personal information to third parties for their marketing purposes. Rather, such incentives are offered through the Services to all of our users, and no personal information is provided to the party offering the incentive unless you provide it when you accept or use the incentive offered.
With each marketing communication, you will be given the opportunity to opt-out of receiving future marketing notices by using the unsubscribe mechanism provided through the marketing communication. If you request that we not contact you for marketing purposes, we reserve the right to retain your contact information and to contact you for non-marketing purposes relating to your use of the Website and any of your purchases from us. We further retain the right to use your contact information to comply with our legal obligations, resolve disputes, and enforce our agreements.
Disclosure of Collected Information to Others
Except in the limited circumstances stated in this Privacy Statement, we do not share, sell, or otherwise transfer or disclose your personal information to any third party. Q5id never shares your personal information with any third party for its direct marketing purposes.
Sharing and Disclosure of Biometric Data
As a data controller, Q5ID collects biometric information for face, palm and voice that is used by our software application to authenticate users of the application and verify the identity of the user. Unless a user provides Q5ID with permission at the time of disclosure or at another time, Q5ID will not transfer, lease, or sell face images, face biometric information, or any other biometric information collected at the time of such registration or commercial transaction. Similarly, Q5ID will not transfer, lease, or sell such user biometric information. As an exception to this promise, Q5ID may share such information in response to a subpoena, court order, or other governmental request, or when Q5ID believes in good faith that disclosure is reasonably necessary to protect the rights or interests of Q5ID, its customers, business partners, or the public at large.
Biometric Data is used in the following circumstances
- Verification of users on behalf of our clients, such as to a bank or merchant for processing a payment at a point of sale or with an agency for confirming your account.
- In use of third-party service providers that provide services or perform functions on our behalf necessary to provide the service to the client or end user. These service providers are limited to using the biometric data to provide those services and functions, and to maintain such biometric data in a secure fashion consistent with this consent.
- Q5ID does not sell, lease, or trade the user’s Biometric Data to any third parties or derive any profit from the sale, lease or trade of biometric data.
Retention of Biometric Data
Q5ID stores and uses your Biometric Data as long as you have an active account with Q5ID and are using the services. After you close your account or stop using the services, we may retain your Biometric Data to comply with legal, contractual and policy obligations, except where applicable law provides for or requires immediate deletion (for example, for certain state’s residents, we destroy Biometric Data when the initial purpose for collecting or obtaining such identifiers or information has been satisfied). After your account is closed, you will need to re-enroll, which may include providing your Biometric Data and state IDs again, before you can use the services. In addition, you may request that Q5ID delete your Biometric Data at any time. See section below about how to make such a request. Please note such deletion may affect the functionality and scope of Services that we can provide.
Requesting Access, Correction or Deletion of my Biometric Data
Third-Party Service Providers
As a data controller and data processor, we may provide your personal information and Automatically Collected Information to third parties that provide us with data processing services. These third- party sources include government ID verification vendors, fraud detection vendors, biometric algorithm vendors including Amazon Rekognition, software hosting and database providers and security compliance companies. We only make such disclosures to the extent they are necessary and appropriate, in our discretion, to perform certain services on our behalf (e.g., improving security, services and features, directing mailings, fulfilling orders, conducting website analytics, or other data processing as described in this statement or described to you when we collect your information). These third parties are required to keep the information confidential and are not authorized to process your personal information or Automatically Collected Information for any other purpose other than as instructed by us. We will not make third-party disclosures of any personal information we process in our role as a data processor for our customers, unless we are instructed or authorized to do so by our customers. We will also update the list of third -party service providers with whom we share your personal information by updating this Privacy Statement as needed.
Data Processing Partner Overview of Service
- Daon Biometric Enrollment and Authentication
- RedRock Biometric Enrollment and Authentication
- Acuant Biometric Enrollment and Authentication
- AWS Rekognition for image processing and facial recognition
- ThreatMetrix Cyber security and risk management through data science innovation and global shared intelligence
- LexisNexis Risk providing computer-assisted legal research as well as business research and risk management services
- Twilio Omnichannel communications platform
- Microsoft Azure
Merger, Acquisition, or Sale
We may share and transfer any and all personal information and Automatically Collected Information with and to a third party (whether affiliated or not), in the event of a sale or transfer of assets, or other disposition of all or any portion of our business, whether as a going concern or as part of a bankruptcy, liquidation, or similar proceedings in which information of users is among the assets transferred. Note that personal information and Automatically Collected Information will be shared in connection with evaluating any such transaction before it happens, and as part of the transferred assets.
To Meet our Legal Obligations
Notwithstanding anything to the contrary in this Privacy Statement, we may also use and/or disclose your personal information and Automatically Collected Information, to any competent law enforcement body, regulatory or government agency, court, or other third party if (i) we believe we are legally obligated to do so, (ii) we believe disclosure is necessary to protect, establish, or exercise our legal rights or defend against legal claims, or (iii) we believe disclosure is necessary to protect our customers, third parties, or our employees, property, or business.
Disclosures under this section may include, but are not limited to: complying with our obligations to retain certain business records for minimum retention periods; establishing, exercising, or defending legal claims; complying with laws, regulations, court orders, or other legal process; detecting, preventing, and responding to fraud, intellectual property infringement, violation of our contracts or agreements, violations of law, or other misuse of Q5id internet sites, applications, products or services; and protecting Q5id’s rights or property, or yours or others’ health, safety, welfare, rights, or property.
De-identified and Aggregate Automatically Collected Information
Q5id may anonymize or aggregate any of the information we collect and use it for any purpose, including for research and product-development purposes. Such information will not identify you individually outside of Q5id’s systems.
Do Not Track
The Website and Application does not track your online activities over time and across third-party web sites or online services, and so does not respond to browser “Do Not Track” signals. As described below, the Website may contain links to other websites not owned or operated by Q5id. These websites may set cookies that obtain information about the fact that a web browser visited the Website from a certain IP address. These websites are not authorized to collect any other personal data from the Website unless you provide it to them directly.
The Website is not directed at nor intended for use by children under the age of 18, and as a data controller we do not knowingly collect any personal information directly from children under the age of 18. At times, in our role as a data processor, a customer may instruct us to use the Services to verify and authenticate the identity of an individual under the age of 18. In such case the customer is the data controller, and its privacy policies govern the use of such data. Notwithstanding the foregoing, we will never use or disclose any personal information of a child under the age of 18 for marketing or advertising purposes. If you are under age 18, you should not use our Website or Application and you should not send us personal information about yourself.
Transfer and Storage of Information
Your use of the Website and Application may involve your personal information being transferred to, and processed in, countries other than the country in which you reside. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).
Specifically, we are headquartered in the United States, and our Website and Services are hosted in the United States. This means that if you use our Website or Services, and if we collect your personal information through the means described in this Statement, your personal information will be processed by us in the United States. To ensure adequate data protection, as required by global data protection laws, we have put a legal data transfer mechanism in place with which to transfer EU personal information from the EU and other applicable jurisdictions to the United States. This statement and data transfer mechanism will be provided upon request.
Securing Collected Information
Q5id takes the privacy and security of your information very seriously. There are several ways that this is accomplished. Q5id has taken a Privacy by Design (PbD) approach, limiting collection, storage, Encryption and transfer of data to the minimum amount necessary to achieve the purpose for which it is collected. Data protection in data processing procedures is best adhered to when it is already integrated in the technology when created. We also limit 3rd party sharing and utilize technological controls wherever appropriate that include, but are not limited to, encryption, blockchain, and data anonymization techniques. Unfortunately, no data storage system, or system of transmitting data over the Internet or wireless network, can be guaranteed to be 100% secure, and no security system can prevent all security breaches. As a result, we do not and cannot guarantee the security of our servers, the means by which personal information is transmitted between your computer or device and our servers, or any personal information provided to us or to any third party to or in connection with the Website or otherwise.
Updating or Correcting your Personal Information
You may update your personal information we hold about you in our role as a data controller as follows. You may update personal information associated with your account by logging into your account and editing your account information. Please note that your account and all features of the Website or Application may not function properly if you remove any or all of your personal information.
If you have voluntarily given us personal information through our Website and Application or by contacting us with a request or inquiry, you may update or change your personal information by sending an email request to Privacy@Q5id.com.
If you request that your personal information be changed or deleted from our databases, we will use commercially-reasonable efforts to remove your personal information from our databases, but see below regarding Retention and Storage as to why we might maintain some information. Please note that before carrying out your request, we will ask you to verify your identity with your biometrics and/or provide further details about your request.
Where we hold personal information about you on behalf of our customers in our role as a data processor, we can only update or correct the information we hold in accordance with the instructions or authorization from our customers. As such, you should make any request to update or correct such personal information directly to the customer who is the data controller. Alternatively, you may choose to request changes to or deletion of your personal info to Q5id. In our role as data processor, we will communicate these requests to the data controller as soon as reasonably possible.
Your Rights Regarding your Personal Information
If you are based in certain jurisdictions, you may also, in some circumstances, have the following rights in relation to the personal information we hold about you in our capacity as a data controller. You can request to:
- access a copy of the personal information held about you;
- rectify any incorrect or incomplete personal information we hold about you
- delete, restrict or remove the personal information we hold about you
- transfer the personal information we hold about you to another party
- object to any further processing of your personal information, if we are processing your personal information on the basis of our legitimate interests (see above), or for direct marketing; or
- object to the sale of your personal information
- right to request disclosures about their personal information collected within the previous 12 months
- right to know categories of personal information collected
- sources from which collected
- purposes for which collected
- categories of third parties with whom information is shared, and
- the right to request specific pieces of personal information collected about you
To exercise any data privacy rights you might have, please e-mail us at Privacy@Q5id.com, or write to us at the address provided in the Contact Us section below. We attempt to respond to requests within one month and free of charge. Please note that with regard to all these rights, we reserve the right to:
- refuse your request based on the exemptions set out in the applicable data protection laws
- communicate your request to the data controller where we process your data on behalf of our customers in our role as a data processor
- request for proof of your identity or your authorized agent’s authority to act on your behalf, to process the request or request further information
- charge you a reasonable administrative fee for any repetitive, manifestly unfounded, or excessive requests.
If we refuse or are unable to meet your request to exercise these rights, we will give reasons for our decision and allow you to challenge it. If we have shared your personal information with others, we will tell them about your request to rectify, erase, restrict or object to the processing where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your personal information so that you can contact them directly.
If you have any concerns about how we handle your personal information, please contact us. If you are not satisfied after we’ve tried to resolve your issue, and as permitted by applicable data protection laws, you’ll be entitled to lodge a complaint with the data protection regulator for your country of residence.
Your California Privacy Rights
If you are a California resident, you have the right to request information from us regarding the manner in which we share certain categories of your personal information with third-parties. Specifically, California law provides you the right to submit a request to us at the designated address in the “Contact Us” section below to receive the following information:
- the categories of information we disclosed to third-parties for the third-parties’ direct marketing purposes during the preceding calendar year;
- the names and addresses of third-parties that received such information; and
- if the nature of a third-parties’ business cannot be reasonably determined from the third-parties’ name, examples of the products or services marketed.
You are entitled to receive a copy of this information in a standardized format and the information will not be specific to you individually. The above is true even if you do not reside in California.
Retention & Storage
You may request deletion of your personal information from our systems at any time. One way to do this is to delete your Q5id account in the mobile application. You may also contact us and request deletion, using the contact information listed at the end of this Privacy Statement. Failed enrollments and incomplete enrollments will be automatically deleted with 14 days.
We may retain all personal information and Automatically Collected Information in our databases for as long as necessary to meet the relevant purposes for which we’ve collected it, including for the purposes of performing our duties in our role as a data processor for our customers, and as a data controller, as well as satisfying any applicable legal, accounting, or regulatory requirements. To determine the appropriate length of time for holding your personal information, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purpose for which we process your data and whether we can achieve those purposes through other means, along with the applicable legal requirements. As described above, you may also be able to ask us to remove your information from our databases, unless applicable laws require otherwise.
Note that even after you ask us to remove your information from our databases, it may be impossible to remove some information, such as information tracked in our web server log files and information that may reside in backup files. We may also retain Automatically Collected Information even after you request that we remove your information from our databases, for use in the aggregate and to analyze and improve the Website, our products, and our services.
Further, even after you request that we remove your information from our databases, we may retain personal information and Automatically Collected Information for a limited time to comply with any applicable law, rule, regulation, or guideline, to prevent fraudulent activity, to protect ourselves against liability, and to allow us to enforce our contractual or other rights and to pursue available remedies and limit any damages we might sustain.
Links to Third-Party Websites
This Privacy Statement applies only to the personal information and Automatically Collected Information collected through the Website or otherwise given to us by you through offline contact. The Website contains links to other websites (“Linked Sites”), products, and services that are not owned or controlled by us. We provide Linked Sites to you solely as a convenience, and the inclusion of Linked Sites does not imply endorsement by Q5id of the Linked Sites or the products or services available on the Linked Sites. You access Linked Sites at your own risk, and by accessing them, you leave the Website. We are not responsible for and have not reviewed the privacy practices of the Linked Sites, or the owners or operators of the Linked Sites, the products or services they offer, or the tracking technologies they use. The owners and operators of the Linked Sites, products, or services may have their own policies regarding privacy and security. You should review any Linked Sites, products, or services for their own privacy practices to determine what information about you may be collected and used when you use such Linked Sites, products, or services.
Effective Date and Modifications
This Privacy Statement is effective as of the date listed at the top of this page. Please note that we may modify this Privacy Statement at any time, at our sole discretion, by posting the modified version on our Website. You can determine if this Privacy Statement has been revised since your last visit to the Website by referring to the effective date. Q5id will also provide notification of significant changes to this Privacy Statement through a link on the home page of the Website. In addition, if changes are significant and if you have set up an account through the Website, we will also notify you of such changes via the email address you have provided to us. You are responsible for providing us an up-to-date and active e-mail address, and for periodically reviewing this Privacy Statement to check for any changes. The modifications will be effective upon posting, unless some other date is specified. All personal information held by us will be governed by the most recent Privacy Statement posted on the Website. We will keep prior versions in an archive for your review upon your request.
If you have any comments or questions about this Privacy Statement or the use of your personal or Automatically Collected Information, please write to us at Privacy@Q5id.com, or by mail to:
Q5id Privacy & Data Protection
9525 SW Gemini Drive
Beaverton, OR 97008