Online Privacy Policy Agreement
1. Privacy Policy
This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.
We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.
1.1 Policy Statement
QID is committed to respecting and protecting the privacy of all individuals it interacts with: past, present, and future. As part of QID’s commitment, all Team Members must adhere to these data protection principles when they process Personal Data.
In every decision, we make when processing Personal Data, we consider the impact on individual privacy and seek to protect that information and preserve privacy.
2. Interpretation and Definitions
2.1 Interpretation
The words in which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
3. Definitions
For the purposes of this Privacy Policy:
- You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
- Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to QuantumID Technologies Inc, 1 Broadway, 14th floor, Cambridge, MA 02142.
- Application means the software program provided by the Company downloaded by You on any electronic device, named SmartKargo
- Affiliate means an entity that controls, is controlled by or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
- Account means a unique account created for You to access our Service or parts of our Service.
- Service refers to the Application.
- Country refers to: United States
- Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
- Third-party Social Media Service refers to any website or any social network website through which a User can log in or create an account to use the Service.
- Personal Data is any information that relates to an identified or identifiable individual.
- Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
- Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
4. Objective
Personal Information is collected, used, retained, disclosed and disposed of in conformity with the commitments in the company’s privacy notice and criteria set forth in Generally Accepted Privacy Principles. Personal information about the employee or others will be collected for the purpose of meeting with contractual obligations or legal regulatory compliance.
5. Collecting and Using Your Personal Data
5.1 Types of Data Collected
5.1.1 Personal Data
While using Our Service, you may update data regarding You / Your employees / parties involved in doing business with You and provide us with certain personally identifiable information. This data will not be to contact or identify You / Your employees / Your customers. Personally identifiable information may include, but is not limited to:
- Email address
- First name and last name
- Phone number
- Address, State, Province, ZIP/Postal code, City
5.1.2 Usage Data
Usage Data is collected automatically when using the Service.
Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.
We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.
5.2 Information Collected while Using the Application
While using Our Application, in order to provide features of Our Application, We may collect, with your prior permission:
- Information regarding your location
- Pictures and other information from your Device’s camera and photo library
We use this information to provide features of Our Service, to improve and customize Our Service. The information may be uploaded to your company specific Microsoft Azure cloud or it be simply stored on Your device.
You can enable or disable access to this information at any time, through Your Device settings.
5.3 Use of Your Personal Data
The Company may use Personal Data for the following purposes:
- To provide and maintain our Service, including to monitor the usage of our Service.
- To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
- For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.
- To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
- To manage Your requests: To attend and manage Your requests to Us. We may or may not share your personal information in the following situations:
- With Service Providers: We will not share Your personal information with other Service Providers to monitor and analyze the use of our Service, or to contact You.
- For Business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of our business to another company.
- With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
- With other users: When You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside. If You interact with other users or register through a Third-Party Social Media Service, Your contacts on the Third-Party Social Media Service may see Your name, profile, pictures and description of Your activity. Similarly, other users will be able to view descriptions of Your activity, communicate with You and view Your profile.
Consent for using your data in the SmartKargo application, for the needs of the project/service will be included as a part of a contract with you. We will abide by the clauses set forth in the contract and will not request any additional consent. You can request inclusion of additional controls/consent to review and assess any new uses of personal information, during negotiation of initial contract or renewal of the same.
6. Retention of Your Personal Data
The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a short period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.
The general retention data flow as per current policy is as shown below:
7. Transfer of Your Personal Data
Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to, and maintained on computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.
Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.
The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.
As part of data processing QID as processor may require to transfer some of your Personal Data to countries outside of your home jurisdiction, and to other countries where QID has operations but with data protection, laws not deemed adequate by local standards. In this case, QID will take steps to ensure that the Recipients, whether internal or external, observe the principles set out in this Policy and will ensure that such transfer is in accordance with the provisions of the applicable legislation. In case of European Union data subjects transfer of data will be subject to obtaining consent from the data subject by the data controller.
Some of your personal data may be “onward transferred” to third party providers like payroll and benefits administrators and hotline service providers. Some of these providers may be in India or elsewhere outside your home jurisdiction. Onward transfers will comply with applicable laws under contractual protections.
8. Disclosure of Your Personal Data
The company shall not disclose personal information to third parties, and if so only for the purposes identified in the notice.
8.1 Business Transactions
If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.
8.2 Law enforcement
Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
8.3 Other legal requirements
The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:
- Comply with a legal obligation
- Protect and defend the rights or property of the Company
- Prevent or investigate possible wrongdoing in connection with the Service
- Protect the personal safety of Users of the Service or the public
- Protect against legal liability
9. Security of Your Personal Data
The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data as per any contractual obligations, We cannot guarantee its absolute security.
10. Monitoring and Enforcement
The company shall monitor compliance with its privacy policies and procedures and has procedures to address privacy related inquiries, complaints and disputes
10.1 Data Privacy & ISMS Organization Structure
10.2 Roles & Responsibilities (CDPO)
10.2.1 Role
- Ensure set up of data governance policies to include data privacy & protection.
- Ensure set up of data retention policy as a part of data governance.
- Ensure compliance with policies.
- Conduct audits to ensure policy adherence it managed and maintained.
- Setting up internal and external communication of data privacy policies.
10.2.2 Responsibilities
- Ensure controls.
- Train and communicate policy.
- Identify and report violations to relevant parties.
- Take necessary action.
- Update / upgrade policies based on contractual needs of customers
10.3 Incident Reporting process
The company has put together an incident reporting process associated with any violation with the data privacy policy, using the above structure. The process flow is as shown below.
11. Your California Privacy Rights
(California’s Shine the Light law)
Under California Civil Code Section 1798 (California’s Shine the Light law), California residents with an established business relationship with us can request information once a year about sharing their Personal Data with third parties for the third parties’ direct marketing purposes.
If you’d like to request more information under the California Shine the Light law and if you are a California resident, You can contact Us using the contact information provided below.
11.1 California Privacy Rights for Minor Users (California Business and Professions Code Section 22581)
California Business and Professions Code section 22581 allow California residents under the age of 18 who are registered users of online sites, services or applications to request and obtain removal of content or information they have publicly posted.
To request removal of such data, and if you are a California resident, You can contact Us using the contact information provided below, and include the email address associated with Your account.
Be aware that Your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.
1. Your Privacy Rights Under GDPR:
(APPLICABLE TO EUROPEAN UNION CITIZENS AND DATA SUBJECTS)
QID will be transparent about how it processes your Personal Data. Please contact the office of QuantumID Technologies Group representative at Global Support team or designated DPO (data privacy officer) if you have any questions about Global Support to your Personal Data processing and protection.
Your rights under GDPR (General Data Protection Regulations) Regulation (EU) 2016/679
- Request a copy of your Personal Data that QID has collected or further processed.
- Object to processing that is likely to cause or is causing damage or distress.
- Raise concerns about any decisions perceived as taken by automatic means.
- Have demonstrably inaccurate Personal Data rectified, blocked, erased, or destroyed.
- Modify your consent to processing Sensitive Personal Data.
- Claim compensation for damages caused by a breach of this Policy or applicable law.
- Request to erase, delete and update the PII related stored data.
12. Changes to this Privacy Policy
We may update our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.
We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
13. Contact Us
If you have any questions about this Privacy Policy, You can contact us:
- By email: privacy@smartkargo.com; dpo@smartkargo.com