Effective Date: 09 January 2019
Welcome, and thank you for your interest in the Qubole Data Service (‘QDS’ or ‘Services’).
Qubole USA has appointed Qubole UK as its EU Representative for the purposes of the EU General Data Protection Regulation or “GDPR”.
When you use our Services, we act as a processor of any personal data you provide to us, or we collect, through your use of the Services, including:
You have the right to not share your personal data with us, in which case you will not be able to sign up to use our Services.
We will also collect your personal data when you sign-up for our newsletters, interact with our social media accounts or otherwise communicate with Qubole. For the purposes of the GDPR, we will be the controller of this data and the legal basis for processing will be your consent or our legitimate interests in marketing our Services.
We use your personal data for our legitimate business purposes including to fulfil our obligations as a data processor such as:
Under the GDPR, the legal basis for this processing is necessity for performance of a contract.
As a data controller, we use your information
Under the GDPR, the legal bases for this processing are contract, and legitimate interests as stated above.
We disclose your personal data in a variety of circumstances in connection with providing the Services and the operation of our business.
Any information, including personal data, that you voluntarily choose to include in a publicly accessible area of the Service will be available to anyone who has access to that content, including other users.
We work with third party service providers (such as cloud service and storage providers) to provide website, application development, hosting, maintenance, and other services for us. To the extent it is necessary for these third-party service providers to complete their contractual obligations to us, these third parties (sub-processors) may have access to or process your personal data. Such processing will always be done under a written processing agreement containing appropriate safeguards to protect your personal data, including obligations of security and that the processors are limited to using the information the purpose for which it was provided and on our instructions.
We may also disclose your information if required to do so by law or to comply with international, state and federal laws (such as U.S. Copyright law), in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement activity.
We also reserve the right to disclose your information that we believe, in good faith, is appropriate or necessary to take precautions against liability; to protect Qubole, Inc. and others from fraudulent, abusive, or unlawful uses or activity; to investigate and defend ourselves against any third party claims or allegations; to assist government enforcement agencies; to protect the security or integrity of the Service; or to protect the rights, property, or personal safety of Qubole, Inc. our users, or others.
In the event that all or a portion of Qubole, Inc. or its assets is negotiating to be acquired by or merged with a third-party entity, we reserve the right to disclose the personally-identifiable information that we have collected from users for the purposes of such merger, acquisition, sale, or other change of control provided that we will always put in place contractual obligations of confidentiality and restrictions on use.
We make certain automatically collected and other non-personally-identifiable information available to third parties, to: (i) comply with various reporting obligations; (ii) for marketing purposes; or (iii) to assist such parties in understanding our users’ interests and usage patterns for certain programs, content, services, advertisements, promotions, and/or functionality available through the Service.
The Service is primarily hosted in the United States. If you choose to use the Service from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your personal data outside of those regions to the United States for storage and processing, and by providing your personal data on the Service you consent to that transfer, storage, and processing. Qubole provides separate optional international processing environments to support European Union and rest of the world. These processing environment options are available upon request.
Qubole is a global organization that has presence in multiple geographies and we share business processes, management structures, and technical systems across borders with the Qubole entities listed above. See here for a full list of our global presence.
Qubole and its US subsidiaries participate in and have certified their compliance with the EU-U.S. Privacy Shield Framework for the receipt and processing of personal data covered by the GDPR. Qubole is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. [https://www.privacyshield.gov/list.]
Qubole is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf.
Qubole complies with the Privacy Shield Principles as well as to all the applicable principles of the General Data Protection Regulation (GDPR) for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Qubole is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Qubole may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Personal data covered by the GDPR may be transferred to countries outside the European Union (“EU”) and to countries that do not have laws that provide specific protection for personal data. Qubole has taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the EU are done lawfully and securely. We have contractual clauses embedded in our customer data processing addendum to meet the adequacy and security requirements for our customers who work with EU national’s personal data.
We keep your information for as long as required by any legal obligation and, if longer, any period necessary for the specified purposes above, including that your account is active on QDS or as needed for providing services to you.
For optimizing the performance of our service, we may store metadata like the result of commands run by customers in our temporary cache storage for a period of 7 days, since the date of last access. If a customer does not wish to have their data stored in our cache and temporary storage, please write to us at [email protected].
Even after your contract is terminated with Qubole, we may retain some of your information for statistical analysis, to comply with our legal obligations, to enforce our agreements or for resolving disputes. Such information that is retained to pursue legitimate business interests, may not be personally identifiable.
Qubole provides services to business organizations and we do not intentionally collect, store or process data belonging to children under the age of 16 using our service or on our website.
We use technical and organizational measures that are designed to safeguard the integrity and security of your personal data, so that your information is protected from loss, misuse, unauthorized access or disclosure. We cannot, however, ensure or warrant the security of any information you transmit to us over the internet or store on the Service and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If you have any questions about the security of your personal information, you can contact us at [email protected].
If we learn of a security systems breach, then we may attempt to notify you electronically so that you can take appropriate protective steps. We may post a notice through the Service if a security breach occurs. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. To receive a free written notice of a security breach you should notify us at [email protected].
Although we may allow you to adjust your privacy settings to limit access to your information, please be aware that no security measures are perfect or impenetrable. We cannot control the actions of other users with whom you may choose to share your information. Therefore, we cannot and do not guarantee that information you post on the Service will not be viewed by unauthorized persons. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
Where we process any of your personally-identifiable information as a controller, and any processing is based on your consent, you have the right to withdraw that consent at any time.
You also have the right to object to our processing your personal data for direct marketing at any time.
(If you withdraw your consent or object top direct marketing, you will still receive transactional emails from us about our Services, such as reports of your usage and invoices.)
If the GDPR applies to our processing of your personally-identifiable information, you may also ask for access to it, to rectify it, restrict its processing, object to its processing and port it to another provider.
If you are an end user of the QDS Services, we will be acting as processor to the customer (you or your employer) who has signed-up to use our service. You should direct any exercise of your data subject rights under the GDPR to the customer on whose account you use the Services.
Please note that while any change or deletion is reflected promptly in active user databases, it may take 30 days to effect and we may retain some of your information for the purposes mentioned in this policy.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, you can contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
EU nationals who have an unresolved concern related to data privacy can lodge a complaint with your local data protection authority or the UK Information commissioner’s office (ICO), which is Qubole’s lead supervisory authority in the European Union.
Click on this link to know who is our local data protection supervisory authority http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
If you would like to reach Qubole’s Data Protection Officer you can contact them by phone at +1 (855) 423-6674, by e mail at [email protected], or by post to:
469 El Camino Real, Suite 205
Santa Clara, CA 95050