PRIVACY POLICY

QuiverVision Limited (“QuiverVision”, “Our”, “Us” or “We”) understands and respects your concerns about privacy. This notice describes QuiverVision’s privacy policy as it pertains to the website at www.quivervision.com (the “Website”) and any mobile applications of any kind distributed by QuiverVision (the “Applications,” and together with the Website, the “QuiverVision Products”). We may from time-to-time revise this privacy policy, and the date of last revision will be available at the top of this page, so please make sure that you check back periodically. By visiting the QuiverVision Products, you are acknowledging and accepting this Privacy Policy. Your continued use of the QuiverVision Products after changes have been posted to the Privacy Policy will constitute your acceptance of such changes.

Our Policy Towards Children

QuiverVision is committed to complying with all applicable laws and regulations regarding the collection, storage and use of personally identifiable information concerning children under the age of 13, including the Children’s Online Privacy Protection Act in the United States and applicable local legislation in other territories.

If you are a parent or guardian that has become aware that your child has provided us with personal information without your consent, you should contact us immediately by way of the contact details provided in the “Contacts” section. We do not knowingly collect personally identifiable information from children under the age of 13. If we become aware that a child under the age of 13 has provided us with personally identifiable information, we will delete such information from our system. Parents can also make written request to QuiverVision for the deletion of particular student data.

What information we collect

QuiverVision may ask for and collect from you personally identifiable information at certain points throughout the QuiverVision Products. Depending on the information and/or services you request, you may be asked to provide your name, email address and other personal information. Once you provide your personal information, you are not anonymous to QuiverVision. This data is retained solely for education purposes.

In addition to the information you knowingly provide, QuiverVision collects information such as the domain names and IP addresses of its visitors, as well as information about the device you use to access the QuiverVision Products, including but not limited to unique device identifiers, browser type, browser language, your system and application software, and peripherals. QuiverVision may also track, archive, use, disclose and transfer information regarding your use of the QuiverVision Products as provided herein, including information about level of usage and particular features used. This data is used to more efficiently operate QuiverVision’s business, promote QuiverVision products and services and administer the QuiverVision Products. QuiverVision ensures that the student’s data is encrypted in transit or at rest at all times.

QuiverVision may combine information it collects from you with information it obtains about you from third parties and affiliates.

How QuiverVision uses your information:

QuiverVision may use your information:

1. To provide you with personalized content.
2. To process and respond to inquiries.
3. For the purposes for which you provided the information.
4. To improve the content, interactivity, usability, and navigability of the QuiverVision Products.
5. To alert you to new QuiverVision Products including new features, special events, products and services, and to deliver newsletters from which you may opt out.
6. To enforce QuiverVision’s Terms of Service.

In the future, QuiverVision may sell some or all or our assets. In such transactions, customer information generally is one of the transferred business assets. In the event of a merger or sale of our assets including our database, customer information will be transferred. We will require buyers to honor this Privacy Policy or notify you before making any material changes to the practices outlined in this Policy.

Information Sharing with Affiliated Companies

We may share your personally identifiable information with other companies in the QuiverVision family, co-branding partners and network partners, and will require any such recipient to comply with the provisions of this Privacy Policy.

Transfer of your information internationally

The QuiverVision Products and services are available to users around the world. Your information will be processed, stored and transferred for the purposes set forth above in the section titled “How QuiverVision uses your information” to countries outside your country of residence, including New Zealand, which is where QuiverVision is legally located/registered. Your information will be processed by staff operating outside your country of residence who work for QuiverVision or for one of our service providers and may be seen by such staff in those countries. Data protection and privacy laws in these countries may not offer the same level of protection as your country of residence and you may have fewer legal rights in relation to your information.

By using the QuiverVision Products, you consent to these transfers taking place. If you do not consent to the transfer of your information, you should not use the QuiverVision Products.

Sharing and use of de-identified information

Information that is de-identified (stripped of any information that could be used to identify you) may be used by QuiverVision for any reason and shared freely with affiliates, partners and other third parties. This information is usually aggregated (combined with information from many other users), and may include information such as traffic patterns, trends in connection with various types of inquiries, and other information.

How we collect information

In addition to the methods described above, we may also collect information using:

1. cookies, locally stored Flash objects (sometimes referred to as “Flash cookies”);
2. web beacons or similar technologies; and
3. analytic software embedded in the QuiverVision Products.

The above methods permit us to collect various types of information, including, but not limited to, the pages you visit, which of our email messages you read, your specific geolocation (with your permission) and other information.

Opting out of geolocation

If you have previously allowed us to access your geolocation data, you can stop making geolocation available to us by visiting your mobile device’s settings.

How we protect information

Although QuiverVision strives to protect your information by implementing reasonable security control measures and safeguards, we are unable to guarantee or warrant the security of any information transmitted to us through the QuiverVision Products or that we store on our systems or that is stored on our third party contractors’ systems.

Links

The QuiverVision Products may contain links to third-party websites. QuiverVision is not responsible for the privacy practices or the content of such websites.

California Privacy Rights

As of 1st January 2005, California Civil Code Section 1798.83 (the “Code”) permits users who are California residents to request certain information regarding the disclosure of personal information to third parties which is used for their direct marketing purposes. To make such a request, to which QuiverVision shall respond to the extent required by the Code, contact us at [email protected], specifying that you seek your “California Customer Choice Notice.” Please allow thirty (30) days for a response.

GDPR Data Privacy Compliance

In this GDPR Data Privacy Compliance Clause, the terms “personal data”, “process” or “processing”, “data controller”, “data processor” shall bear the meanings attributed to such terms under the Data Protection Law (as defined below). In this GDPR Data Privacy Compliance Clause, the term “Data Protection Law” means the Data Protection Act 1998, the Privacy and Electronic Communications Regulations 2003, and all other applicable laws, enactments, regulations, orders, standards and other similar instruments, each as may be amended or superseded from time to time (including the General Data Protection Regulation, which shall supersede the Data Protection Act with effect from 25 May 2018, and any legislation which amends, re enacts or replaces it in England and Wales);

If the Data Processor processes any personal data (as defined in the Data Protection Law) on the Data Controller’s behalf when performing its obligations under this agreement, the parties record their intention that the Data Controller shall be the data controller (as defined in the Data Protection Law) and the Data Processor shall be a data processor (also as defined in the Data Protection Law) and in any such case the Data Processor shall:

1. maintain at all times an appropriate notification under the Data Protection Law (where required);
2. only carry out processing of any such personal data on the Data Controller’s instructions from time to time;
3. take and/or implement all appropriate technical and organisational measures against unauthorised or unlawful processing of such personal data, and against accidental loss, alteration or destruction of, or damage to, such personal data, and ensure the security of such data at all times (and the Data Processor shall promptly inform the Data Controller if any personal data are lost, altered or destroyed or becomes damaged, corrupted or unusable and shall (at its own expense) take such steps as the Data Controller may reasonably require to restore the personal data to its original condition);
4. not modify, amend or alter the contents of such personal data other than as strictly necessary for the purposes of providing the Services;
5. not disclose or permit the disclosure of any such personal data to any third party (including a data subject) unless specifically authorised in writing by the Data Controller;
6. only use and process such personal data in accordance with the terms of this agreement and in compliance with the provisions of the Data Protection Law, and only then to the extent absolutely necessary for and in connection with the provision of the Service to the Data Controller, and for no other purpose whatsoever;
7. only transfer such personal data to countries outside the European Economic Area that ensure an adequate level of protection for the personal data and the rights of the data subject and in any event only with the express prior written authorisation of the Data Controller which may be granted subject to such conditions as the Data Controller deems necessary in its sole discretion;
8. not do anything, nor permit anything to be done, which might jeopardise or contravene the terms of any data protection notification of the Data Controller’s; and
9. on termination of this agreement or any earlier termination of the Data Processor’s right or obligation to process personal data, and as otherwise directed by the Data Controller, the Data Processor shall either:
   1. destroy the personal data and all copies thereof;
   2. transfer the personal data to the Data Controller or such other third party as the Data Controller may direct; or
   3. archive the personal data subject to agreement on terms of archiving including costs.

If The Data Processor receives any complaint, notice or communication which relates directly or indirectly to the processing of personal data or to compliance by it or the Data Controller with the Data Protection Law (including requests from data subjects for the exercising of their statutory rights), it shall promptly notify the Data Controller and shall provide the Data Controller with full co-operation and assistance in relation to any such complaint, notice or communication.

The Data Processor shall provide all reasonable assistance to the Data Controller, having regard to the nature of processing and the information available to the Data Processor, in order to assist the Data Controller to comply with its obligations under the Data Protection Law (including the notification of a personal data breach to the Information Commissioner and to the data subject(s) affected, and the preparation of data protection impact assessments, where appropriate).

The Data Processor shall keep and provide to the Data Controller on request a record of the Data Processor’s use of the personal data and processing activities and shall make available to the Data Controller all information necessary to demonstrate compliance with the Data Processor’s data processing obligations set out in this agreement.

The Data Processor shall take reasonable steps to ensure the reliability of all its employees or other representatives who have access to the personal data and shall ensure that all such persons:

1. are informed of the confidential nature of the personal data before they gain access to it;
2. have committed themselves to confidentiality obligations or are under an appropriate statutory obligation of confidentiality; and
3. have undertaken training in the requirements of the Data Protection Law

The Data Processor agrees to indemnify (and keep indemnified) the Data Controller against all costs, expenses and liabilities arising from the Data Processor’s breach of its obligations under this GDPR Data Privacy Compliance Clause.

The Data Controller shall ensure that it is entitled to make the relevant personal data available to the Data Processor so that the Data Processor may lawfully use and process such personal data in accordance with this agreement on the Data Controller’s behalf.

Changes to this Privacy Policy

This Privacy Policy may be updated from time to time and without prior notice to you to reflect changes in our personal information practices. We will post the revised version with an updated revision date, at http://www.quivervision.com/us/legal/privacy/.

Contacts: If you have any questions, concerns, or suggestions regarding this privacy policy, please contact us at [email protected].

Copyright © 2020 QuiverVision Ltd. All rights reserved.