His pertains to personal information collected, processed, and managed on behalf of our business customers (“Customers”). It encompasses data submitted to the QAlify cloud-based test management platform, as well as the associated desktop applications, integrations, add-ons, and extensions services provided by QAlify (collectively referred to as the “Platform”). We handle this Customer Data as a “data processor” as per the instructions of our Customers, as detailed in our Data Processing Addendum. Further information can be found in Section 9 below.
Hence, this Privacy Policy, which elucidates QAlify’s privacy and data processing practices as a “data controller,” does not extend to the processing of Customer Data. For inquiries or requests concerning Customer Data, kindly contact your account administrator(s) directly.
This category encompasses the personal information of individuals who interact with Qalify on behalf of our Customers. This includes Account Admins, procurement and billing contacts, authorized signatories, and authorized users of the Platform (collectively referred to as “Users”).
This pertains to data related to visitors of our websites (including www.QAlify.ai), participants in our events, and other potential customers, users, or partners (collectively referred to as “Prospects”) who access or engage with our websites, digital ads, and content, emails, integrations, or communications under our jurisdiction (“Sites,” along with the Platform, collectively known as the “Services”).
For Customers, Users, or Prospects, we recommend a thorough reading and understanding of this Privacy Policy.
You are under no legal obligation to furnish us with your personal information, and you retain the choice of whether to do so. If you opt not to provide us with your personal data or have it processed by us or our service providers, you can refrain from visiting or interacting with our Sites and utilizing our Services.
Furthermore, you can choose not to provide us with “optional” personal data (fields typically marked as “not required” on forms). Please bear in mind that without this information, we may not be able to offer you the full range of our Services or provide you with the best user experience.
Any capitalized term utilized in this Privacy Policy but not defined here will carry the meaning attributed to it in our Terms of Service (“Terms”).
Whenever we mention “personal data” or “personal information” within this Privacy Policy, we are referring to information that can be used to identify, characterize, or reasonably associate with an individual. This encompasses information directly or indirectly related to an individual. However, it does not include aggregated or anonymized information that cannot be reasonably linked to a specific person.
This encompasses connectivity, technical, and usage data such as IP addresses and approximate geographical locations derived from those IP addresses, device and application data (like device type, operating system, mobile device or app ID, browser version, location, and language settings), system logs of actions and events tied to IP addresses, devices, and applications, cookies, and pixels installed or utilized on your device, and recorded activity (sessions, clicks, feature usage, logged activities, and other interactions) of Prospects and Users concerning our Services.
We automatically collect and generate this information using analytics and system monitoring tools (including cookies and pixels). These tools gather insights into how frequently Prospects visit or use our Sites, which pages they access and when, the source of their visit (like a website, ad, or email), how Users interact with and employ the Platform and its features, and technical data related to the performance, functionality, and stability of the Platform.
This includes names, email addresses, phone numbers, job positions, workplace particulars, profile pictures, login credentials, contractual and billing details, and any additional information supplied by Account Admins and Users when registering or logging into the Platform. This data may be submitted directly or via social media or organizational Single-Sign-On accounts. We source this data from various origins, including you, our Customer (your employer), Users and colleagues associated with your QAlify account, event organizers, and professional networking platforms such as LinkedIn.
We obtain personal data from forms and inquiries submitted to us, such as support requests, interactions on social media, professional networking platforms, messaging apps, event registrations, and involvement in our communities and activities. This may encompass surveys, feedback, testimonials, expressed or inferred preferences and requirements, and sensory information such as phone calls and video conference recordings. Written communications, screen captures, screenshots, and related data may also be captured and analyzed for purposes like analytics, quality assurance, training, and record-keeping.
We collect and utilize personal data for various purposes.
PRIMARILY, we use it to fulfill our contractual commitments and provide you with our Services (Performance of Contract).
SECONDLY, we process personal data to adhere to legal obligations (Legal Obligations).
THIRDLY, Thirdly, we leverage personal data to support our legitimate interests, including enhancing our Services, understanding usage patterns, conducting marketing endeavors, delivering customer support, and ensuring the security of our platform (Legitimate Interests).
If you reside in or use our Services in a jurisdiction where consent constitutes the sole or most suitable legal basis for processing personal data, your acceptance of our Terms and this Privacy Policy will serve as your consent for the processing of your personal data, unless a different form of consent is legally mandated. To revoke your consent, kindly contact us at info@qalify.ai.
In more specific terms, we employ personal data for the following objectives (along with the relevant legal bases for processing mentioned alongside):
- To facilitate, operate, enhance, and deliver our Services; (Performance of Contract; Legitimate Interests)
- To offer assistance and support to our Prospects, Users, and Customers, conduct testing and monitoring of the Services, diagnose and resolve technical issues, and train our Customers and their staff (Performance of Contract; Legitimate Interests)
- To generate invoices and process payments (Performance of Contract; Legitimate Interests)
- To personalize our Services, including recognizing individuals and remembering their information for future use, and providing localization and personalization features (Performance of Contract; Legitimate Interests)
- To gain insights into how Users and Prospects assess, use, and engage with our Services to consistently enhance performance, user experience, and overall value. This data is automatically collected through their interaction with the Services (Legitimate Interests).
- To generate aggregated, statistical, non-personal, inferred, anonymized, or pseudonymized data that can be employed by us or others to enhance our respective Services or for other business purposes such as business intelligence (Legitimate Interests).
- To optimize marketing campaigns, ad management, and sales operations, and deliver more impactful advertisements for our Services, including on external websites and applications. These endeavors aim to showcase the advantages of our Services and enhance engagement and overall satisfaction. This may involve contextual, behavioral, and interest-based advertising based on User and Prospect activities, preferences, or other available data (Legitimate Interests; Consent).
- To send general or personalized messages related to our Services and promotional content to our Customers, Users, and Prospects that may align with their interests (Performance of Contract; Legitimate Interests; Consent).
- To send data security protocols, including the prevention and mitigation of risks associated with fraud, error, or any unlawful or prohibited activities (Performance of Contract; Legitimate Interests; Legal Obligation).
- To grow opportunities through partnerships with local distributors, resellers, business collaborators, and service providers associated with our Services (Legitimate Interests).
- To organize and offer events, webinars, contests, and promotions (Legitimate Interests).
- To publish feedback and submissions on our Sites, public forums, and blogs (Performance of Contract; Legitimate Interests).
- To comply with contractual and legal obligations, and uphold adherence to applicable laws, regulations, and standards (Performance of Contract; Legitimate Interests; Legal Obligation).
- For any other lawful purpose or purpose that you consent to in connection with providing our Services (Legal Obligation; Consent).
Regarding the personal data we gather through the Google OAuth API Scopes, utilized in our integration with specific Google Services – Google Analytics and Google Tag Manager (referred to as “Integrated Google Services”), we limit the utilization of this personal data and any aggregated, anonymized, or derived data generated from it (referred to as “Restricted personal data”) to the subsequent purposes. These objectives align with the guidelines set forth in the Google API Services Data Policy (as of September 3, 2020), which outline the boundaries on data usage:
- Enabling, operating, supporting, delivering, and enhancing user-centric features that are prominent in the Integrated Google Services (fulfilling contractual obligations; serving legitimate interests).
- Addressing troubleshooting or security requirements, such as investigating bugs or instances of misuse, with the prior consent of users, as far as accessing Restricted personal data is necessary for resolving support issues (fulfilling contractual obligations; serving legitimate interests).
- Ensuring compliance with applicable laws and regulations (legal obligation).
- Using the Restricted personal data (including derived data) in aggregated and anonymized forms for internal operations (serving legitimate interests).
- Transferring the Restricted personal data to third parties:
(1) As outlined in this Privacy Policy, solely to the extent necessary for providing or improving the Integrated Google Services
(2) To comply with applicable laws and regulations
(3) In connection with any change in control, such as a merger, acquisition, or substantial purchase of QAlify’s assets (fulfilling contractual obligations; serving legitimate interests; legal obligation).
- Alternatively, in strict accordance with your explicit agreement.
Our website and products use Google reCAPTCHA to check and prevent automated servers (“bots”) from accessing and interacting with our website. This service allows Google to determine from which website your request has been sent and from which IP address the reCAPTCHA input box has been used. In addition to your IP address, Google may collect other information necessary to provide and guarantee this service.
We also utilize the Inspectlet software to record your interactions while visiting our website. This service is provided by “Inspectlet, Inc.”, hereinafter referred to as “Inspectlet”. Our legitimate interest in this lies in analyzing your preferences, making suggestions, devising plans for optimization, and enhancing the quality of our website content.
We and our authorized Service Providers (defined below) store, process, and maintain personal data in various locations to ensure the effective performance and delivery of our Services, as required by relevant laws.
Although privacy regulations may differ across jurisdictions, QAlify, its affiliates, and Service Providers are dedicated to safeguarding personal data in line with this Privacy Policy, industry standards, and applicable legal mechanisms and contractual terms that necessitate robust data protection. We uphold these standards regardless of any lower legal requirements in the jurisdiction to which data is transferred.
However, when QAlify processes personal data on behalf of a Customer, the processing of such data (included in Customer Data) is confined to locations permitted in our Data Processing Addendum and other commercial agreements with the Customer, detailed in Section 8 below.
We will keep your personal data for a reasonable duration necessary to maintain our relationship, provide Services, and fulfill legal and contractual obligations. This includes compliance with laws and regulations, as well as safeguarding against potential disputes. Retaining your personal data may also be essential for record-keeping, bookkeeping needs, and having evidence of our relationship in case of legal matters post-ceasing use of our Services. The retention time frame is determined by considering factors like data type, sensitivity, potential risks of unauthorized use or disclosure, processing objectives, and legal requirements. Our data retention policy is applied with reasonable discretion. For inquiries about our data retention policy, kindly contact us at info@qalify.ai.
We may disclose personal data in the following circumstances:
We collaborate with carefully chosen third-party entities and individuals, known as “Service Providers,” who offer services either on our behalf or in conjunction with our own offerings. These Service Providers encompass providers of Third Party Services (as defined in the Terms), such as hosting and server co-location services, communication and content delivery networks (CDNs), data and cybersecurity services, billing and payment processing services, fraud detection and prevention services, web and mobile analytics, email and communication distribution and monitoring services, session or activity recording services, call recording, analytics and transcription services, event production and hosting services, remote access services, performance measurement, data optimization, and marketing services, social and advertising networks, content providers, lead generation and data enrichment providers, email, voicemail, video conferencing solutions, support, and customer relationship management systems, third-party customer support providers, and our legal, compliance, financial advisors, and auditors.
Our Service Providers may have access to personal data based on their specific roles and responsibilities in facilitating and enhancing our Services or other activities, and they are bound to use the data as stipulated in our agreements with them.
We collaborate with carefully selected business and channel partners, resellers, distributors, and professional service providers related to our Services. This collaboration allows us to explore growth opportunities and bolster our local presence to offer tailored experiences for existing and potential Customers and Users. In these instances, we may share pertinent contact, business, and usage information with our partners, enabling them to engage with Customers and Users for specific purposes. It’s essential to note that interactions with our partners not related to our Services and not directed by QAlify are governed by the partner’s terms and privacy policy, not ours.
If you or your Account Admin authorize or permit us to do so, we might share your personal data, including your User Profile, contact details, and relevant usage data, with third-party application providers or integrations added to your Account. Similarly, if you register for an event hosted, organized, or sponsored by us, we may share your registration details with event hosts, organizers, speakers, service providers, and sponsors, with your consent. This enables them to contact you with relevant information, offers, or promotions linked to the event.
Your personal data might be shared with the Customer who owns the Account to which you’re subscribed as a User. This includes data and communications linked to your User Profile. Other Users within the same Account could also access your personal data. Furthermore, the Account Admin has the authority to monitor, process, and analyze your personal data and activities within the Services. This extends to situations where you seek our assistance in resolving an issue specific to a team managed by the same Customer.
In cases where your personal data appears on private or restricted-view boards within that Account, the Account Admin(s) might still be able to access it on behalf of the Customer.
Any content you contribute to private boards remains accessible, replicable, and processable by the Account Admin(s). Your User Profile and personal data may also be visible to other authorized Users with access to the same board(s) as you. Notably, QAlify is not liable for and does not control any further disclosure, use, or monitoring of your data by the Customer. The Customer functions as the “Data Controller” for such data, as detailed in Section 9 of our policy.
If you register or access the Services using an email address provided by your employer or organization (our Customer), and another team within the same organization intends to create a Services account, certain information about you, such as your name, profile picture details, and general account usage, could become accessible to the Account Admin and other Users.
You or your Account Admin have the choice to integrate your Account on the Services with third-party services, as long as such integration is supported by our Services. When you integrate with a third-party service, the provider of that service may obtain relevant data from your Services Account or share pertinent data from their service with our Services, based on the integration’s nature and purpose. Please note that we don’t receive or store your passwords for these third-party services, although we may need your API key for facilitating the integration. To avoid sharing your data with third-party services, please communicate with your Account Admin.
If you submit public reviews or feedback, we may opt to store and publicly display them on our Sites and Services. To remove a public review, contact us at info@qalify.ai. If you decide to invite others via email or message to use our Services, we may use the contact details you provide to send the invitation on your behalf. The invitation email or message may include your name and email address.
Our Sites feature public blogs or forums, and we actively participate in social channels and communities on external platforms. Information you submit on these forums, blogs, and communities, including profile details linked to your User Profile, might be accessed, gathered, and utilized by other individuals with access to these Sites. Due to the public nature of these forums, your posts and certain profile information could remain visible even if you terminate your User Profile. To request the removal of your information from publicly accessible Sites operated by us, contact us using the details in Section 10 below, and specify the Sites for removal. In some instances, we may be unable to fulfill your removal request, in which case we will notify you and provide an explanation.
In extraordinary circumstances, we may disclose your personal data or grant access to government and law enforcement officials in response to a subpoena, search warrant, court order, or similar legal mandate, or as necessitated by applicable laws and regulations. Such disclosure or access may occur if we genuinely believe that: legal obligations require it; disclosure is essential for investigations, prevention, or action against actual or suspected illegal activities, fraud, or other misconduct; or disclosure is crucial to protect the security or integrity of our products and Services.
We may share your personal data with others if we genuinely believe that such sharing will help safeguard the rights, property, or safety of QAlify, our Users, Customers, or members of the public.
We might offer paid products and/or services through the platform. If you choose such options, we utilize third-party services for processing payments, like payment processors.
Please note that we won’t retain or gather your payment card specifics. These details are submitted directly to our third-party payment processors. Their utilization of your personal data is governed by their Privacy Policy. These payment processors follow the standards established by PCI-DSS, managed by the PCI Security Standards Council. This collaboration involves brands such as Visa, Mastercard, American Express, and Discover. PCI-DSS requirements are designed to guarantee the secure handling of payment information.
In order to effectively provide and monitor our Sites and Services, we employ a range of technologies like cookies, anonymous identifiers, pixels, and container tags. These technologies serve to ensure proper functionality, assess performance and marketing activities, and personalize your experience. Certain cookies and files might be temporarily stored on your device. Some of these technologies may contain personal data, including an IP address, as indicated by a Prospect or User. For comprehensive insights into our use of cookies and tracking technologies, kindly consult our Cookie Policy. Depending on your location and interactions with our Services, you may access the “Cookie Settings” feature to manage your preferences. Opting out of specific cookies typically generates a new cookie that retains your choice, preventing the use of opted-out cookies during your subsequent visits. You can also handle your cookie preferences, accept, remove, or block cookies entirely via your browser settings.
In certain circumstances, our website and products might utilize cookies from collaborating or Third-party companies to enhance advertising efforts, conduct analysis, or refine the functionalities of our website and products. For comprehensive insights into the specifics, particularly regarding the legal foundation and intent behind the collection and processing of data via third-party cookies, we encourage you to review the following information.
Although certain web browsers transmit “Do Not Track” signals to websites, the interpretation and response to these signals vary among browsers, and there is no standardization. As a result, our practices remain unaffected by “Do Not Track” signals. Nevertheless, most browsers offer cookie control, enabling you to accept or reject them, as well as delete them. Your browser settings can be configured to alert you upon receiving a cookie or to block or eliminate cookies altogether.
Communications about Services: Our engagement with you encompasses services and promotional communications, and we may employ various channels like Social Channels, email, phone, SMS, and notifications.
We uphold an active presence on prevalent social media networks like Facebook and professional networks such as Linkedin. This approach facilitates engagement and the receipt of feedback from the community, fostering an environment dedicated to the dissemination of beneficial and wholesome information.
We may reach out to you to convey crucial information regarding our Services. This includes notifications about Service alterations or updates, billing concerns, login attempts, password reset alerts, and more. Additionally, other Users within the same Account may send you notifications, messages, and updates pertaining to their or your usage of the Services. You have the capability to manage your communication and notification preferences through your User Profile settings or by following the instructions provided in the communications you receive. However, please be aware that specific essential service communications, such as password resets or billing notices, cannot be opted out of.
We might also apprise you of new features, supplementary offerings, events, special opportunities, or any other pertinent information that we believe would be valuable to you as a Customer, User, or Prospect. These notifications could be transmitted through a range of channels, including phone, mobile, email, the Services themselves, or our marketing campaigns on external websites or platforms. If you choose not to receive such promotional communications, you can notify us at any time by sending an email to info@qalify.ai, adjusting your communication preferences in your User Profile settings, or adhering to the instructions provided in the promotional communications to unsubscribe, cease receiving messages, opt-out, or modify your email preferences.
We implement standard security measures, including physical, procedural, and technical safeguards, to protect the personal data stored with us. These measures incorporate encryption where applicable. It’s important to understand that despite our diligent efforts, we cannot guarantee absolute protection and security of your personal data stored with us or with third parties as outlined in Section 4.
If you wish to exercise your privacy rights granted by relevant laws (such as EU or UK GDPR, California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), or Colorado Privacy Act (CPA)), please reach out to us via email at info@qalify.ai.
These rights encompass requesting access to specific pieces of collected personal data, understanding categories of collected personal data, identifying sources of data collection, comprehending the purposes of data collection, recognizing categories of third parties with whom we share data, and the rights to rectify or delete your personal data held by QAlify. You might also have the right to limit or object to the processing of your personal data, including instructing us not to “sell” or “share” your personal data with third parties now or in the future. Additionally, you could be entitled to receive a copy of your personal data, transfer it, or avail equal services and prices without discrimination.
Please note that when you wish to exercise your rights under this Privacy Policy or applicable law, we may provide instructions on fulfilling your request through your User Profile settings, guide you to your Account Admin, or request additional information and documents, including personal data and credentials, for proper processing. This might involve verifying your identity to ensure we can pinpoint the relevant data in our systems and comprehend the nature and scope of your request. If your request pertains to personal data processed on behalf of our Customer as their “data processor” or “service provider” (as clarified in Section 9), we advise you to directly approach them for your request. They dictate how much data and requests are managed. We will only act on your request if you provide adequate information to reasonably verify your identity and confirm that the data is processed on behalf of our Customer, enabling us to forward your request to them. We will retain any additional information you provide for legal purposes, such as identity verification and handling of each request, as detailed in Section 3.
Be aware that any personal or confidential data related to others may be redacted from the data we provide to you.
Certain data protection laws, like GDPR or CCPA, distinguish between “data controller” and “data processor” roles in personal data processing. The data controller determines processing purposes and means, while the data processor processes data on the controller’s behalf. In the context of our Services, we explain how these roles apply and our responsibilities within them, to the extent that relevant laws and regulations are applicable.
For the personal data of Prospects, Users, and Customers, QAlify acts as the “data controller,” as described in Section 1 of this Privacy Policy. Thus, we assume data controller responsibilities as outlined in this policy, as required by law.
Regarding personal data within Customer Data, submitted by Customers and their Users to their Account’s content, QAlify functions as the “data processor.” We process this data on behalf of our Customers, who are the “data controllers.” We process according to our Customer’s instructions, in line with our Terms, Data Processing Addendum, and other commercial agreements with the Customer.
Customers are accountable for Service usage determination, ensuring proper notice and consent from Service users, and individuals whose data is part of Customer Data processed through the Services. Customers must adhere to legal obligations related to data collection, usage, or other processing via our Services. Also, Customers manage any requests about data subject rights under applicable law, made by their Users or individuals whose data is processed via the Services.
For requests or inquiries about personal data processed by us as a data processor for Customers, such as accessing, correcting, or deleting data, contact the Customer’s Account Admin directly.
Updates and Changes: We may update and modify this Privacy Policy periodically by publishing a revised version of our Services. The amended policy becomes effective on the publication date. Significant changes are notified prominently within the Services or via email. By continuing to use the Services after changes, you accept the updated policy.
ACCESSIBILITY: This Privacy Policy is accessible with screen readers upon request. For details, contact
THIRD-PARTY WEBSITES AND SERVICES: Our Services may link to third-party websites, services, and integrations with Third-Party Services (as defined in the Terms). Their terms, privacy practices, and policies govern those platforms, as well as information provided, submitted, or transmitted. This Privacy Policy does not cover such third-party entities. Review the terms and privacy policies of these platforms carefully.
NOT FOR CHILDREN UNDER 16: We don’t knowingly collect data from children under 16 and will block their access. If you think we collected data from a child, contact us at info@qalify.ai.
QUESTIONS, CONCERNS, OR COMPLAINTS: For privacy policy inquiries, concerns, complaints, or personal data processing issues, contact QAlify’s support at info@qalify.ai.