Effective Date: August 16, 2016
Last update: July 12, 2022
On July 16, 2020, the Court of Justice of the European Union (“CJEU”) invalidated the EU-US Privacy Shield mechanism on the ground that it does not ensure guarantees essentially equivalent to those required by the GDPR and the Charter of Fundamental Rights of the European union (“Charter”) for a transfer from the European Economic Area (“EEA”) to a third country. For more information, please refer to the Privacy Shield website.
Therefore, Qubit Inc. (“Qubit”) does not rely on the Privacy Shield Framework as a transfer mechanism pursuant to the GDPR but continues to abide by its principles, as described below.
Qubit, Inc. complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom to the United States. Qubit has certified to the Department of Commerce that it adheres to the Privacy Shield Principles as part of Coveo group (the “Principles”). All personal data that Qubit receives from the European Economic Area ("EEA") or the United Kingdom ("UK") in reliance on Privacy Shield is subject to the Principles. If there is any conflict between the terms in this Notice and the Principles, the Principles shall govern.
To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/
The types of information collected and how it is processed
Qubit collects personal data about EEA and UK personnel that customers and their authorized users either enter into Qubit’s cloud-based product solutions (the “Products”), or provide to Qubit under an agreement for professional services (collectively, “Collected Personal Data”). Qubit acts as a data processor with respect to all Collected Personal Data.
Qubit processes Collected Personal Data to provide and support the Products. Qubit processes Collected Personal Data strictly in accordance with its customers’ instructions from time to time, and does not control or own the Collected Personal Data it processes.
Commitment to the Privacy Shield Principles
Qubit subjects to the Principles all Collected Personal Data that it receives from the EEA and the UK in reliance on the Privacy Shield. Qubit also receives some data in reliance on other compliance mechanisms, which includes data processing agreements based on the EU Standard Contractual Clauses.
Right to access
Where Qubit is a data processor, individuals who seek access or who seek to correct, amend or delete inaccurate Collected Personal Data, should contact the Qubit customer (the data controller). If the customer requests Qubit remove the Collected Personal Data to comply with data protection regulations, Qubit will respond to the customer’s request within 30 days or such shorter period as may be specified in the customer agreement.
Choices and means
Qubit retains Collected Personal Data according to the timeframes set forth in the relevant customer agreement. Individuals who would like to request that their personal data not be used for specific purposes or disclosed should contact the Qubit customer (the data controller).
Third party disclosures
As a data processor, Qubit will disclose Collected Personal Data only as instructed by the data controller or otherwise as permitted by the applicable customer agreement. Collected Personal Data may also be disclosed in the event that Qubit goes through a business transition, such as a merger, acquisition by another company or sale of all or a portion of its assets.
In addition Qubit may be required to disclose Collected Personal Data to conform to legal requirements or in response to a subpoena, court order or other governmental request. Qubit will notify the applicable data controller of any such request unless prohibited by law.
Investigation, dispute resolution and enforcement
Qubit is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission and any other statutory body empowered to enforce compliance with the Principles. Qubit also is committed to cooperating with the European and UK Data Protection Authorities (“DPAs”).
In compliance with the Privacy Shield Principles, Qubit commits to resolve complaints about our collection or use of your personal information. Individuals in the EEA or UK with inquiries or complaints regarding our privacy practices should first contact Qubit at: firstname.lastname@example.org.
If you are located in the EEA or UK and Qubit has not been able to satisfactorily resolve your question or complaint regarding its privacy practices, you may raise your concern to the attention of your local DPA. Qubit will comply with the advice given by DPAs and take necessary steps to remedy any non-compliance with the Principles.
If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, you may seek resolution via binding arbitration. Qubit is registered with JAMS as its alternative dispute resolution (“ADR”) provider based in the US. Accordingly, JAMS is the independent dispute resolution body designated by Qubit to address complaints and provide appropriate recourse without cost to the individual. Please use the JAMS complaint form found here. The services of JAMS are provided at no cost to you. As a last resort, privacy complaints that remain unresolved after pursuing these and other channels may be subject to binding arbitration before the Privacy Shield Panel as described in the Privacy Shield Agreement, Annex I, to be created jointly by the US Department of Commerce and the European Commission.
Further information about filing a claim with JAMS can be found here: https://www.jamsadr.com/eu-us-privacy-shield
For additional information about the arbitration process please visit the Privacy Shield website: www.privacyshield.gov.
Liability for onward transfers
Qubit shall ensure that a contract is in place between it and any entity that participates in an onward transfer. Any such contract will provide adequate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and will take into account the nature of data processing and assist with resolution of individuals exercising their rights under the Privacy Shield and its Principles.
If any third party processes Collected Personal Data on Qubit’s behalf in a manner inconsistent with the Principles, Qubit will be liable unless we can prove that we are not responsible for the event giving rise to the damages.
Qubit has appointed a Data Privacy Officer responsible for overseeing the implementation of the privacy program at Qubit. If you have further questions related to this Notice, please ask contact our customer support team or email email@example.com. Alternatively, you may contact us by regular mail addressed to: Qubit, Inc. Attn: Data Privacy Officer, 245 8th Ave #1005 New York NY, 10011.
You can contact our UK-based subsidiary, Qubit Digital Limited, by regular mail addressed to: Qubit Digital Limited Attn: Data Privacy Officer, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FA, United Kingdom and our EEA-based subsidiary, by regular mail addressed to: Qubit France S.A.S Attn: Data Privacy Officer, 38 rue de Berri, Paris 75008, France.