Effective Date: 17 February 2020
Welcome, and thank you for your interest in the Qubole Data Service [and related services offered by Qubole, including professional services and support services] (“QDS” or “Services”).
Pursuant to Article 27 of the EU General Data Protection Regulation (GDPR), Qubole Inc. has appointed European Data Protection Office (EDPO) as its representative in the EU and in the United Kingdom.
When you use our Services, we act as a processor of any personal data you provide to us, or we collect, through your use of the Services, including:
You have the right to not share your personal data with us, in which case you will not be able to sign up to use our Services.
We will also collect your personal data like name, email address, physical address, phone number, company and job title when you sign-up for our newsletters, interact with our social media accounts, participate in online surveys and marketing initiatives or otherwise communicate with Qubole. For the purposes of GDPR, we will be the controller of this data and the legal basis for processing will be your consent or our legitimate interests in marketing our Services.
We do not collect special categories of sensitive data (e.g. data concerning ethnic origin, political beliefs, sexual orientation, biometric or genetic data, religious beliefs, trade union membership, criminal convictions or health data) through the website or using the service.
We do not collect additional categories of personal information or use the personal information we collected from you for a different, unrelated purpose, without providing you prior notice.
We use your personal data for our legitimate business purposes including to fulfil our obligations as a data processor such as:
Under GDPR, the legal basis for this processing is necessary for performance of a contract.
As a data controller, we use your information
Under GDPR, the legal bases for this processing are contract, and legitimate interests as stated above.
We disclose your personal data in a variety of circumstances in connection with providing the Services and the operation of our business.
Any information, including personal data that you voluntarily choose to include in a publicly accessible area of the Services will be available to anyone who has access to that content, including other users.
In addition, we may disclose your personal information to the following categories of third parties:
We work with third party service providers (such as cloud service and storage providers) to provide website, application development, hosting, maintenance, and other services for us.
To help us improve the performance of our service, we may work with third-party data analysis service providers to collect data about how you use the Services – including the pages visited, features used, type and nature of commands run – to measure service usage trends and patterns.
We work with third party solutions partners (such as co-marketing partners, system integrators and value-added resellers) that use or incorporate the Services to support their own services.
To the extent it is necessary for these third-party service providers and solutions partners to complete their contractual obligations to us, these third parties may have access to or process your personal data. Such processing will always be done under a written processing agreement containing appropriate safeguards to protect your personal data, including obligations of security and that the processors are limited to using the information the purpose for which it was provided and on our instructions.
We may also disclose your information if required to do so by international, state or federal laws (such as U.S. copyright law), in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement activity.
We also reserve the right to disclose your information that we believe, in good faith, is appropriate or necessary to take precautions against liability; to protect Qubole and others from fraudulent, abusive, or unlawful uses or activity; to investigate and defend ourselves against any third party claims or allegations; to assist government enforcement agencies; to protect the security or integrity of the Services; or to protect the rights, property, or personal safety of Qubole our users, or others.
In the event that all or a portion of Qubole or its assets are acquired by or merged with a third-party entity, we reserve the right to disclose the personal data that we have collected from users for the purposes of such merger, acquisition, sale, or other change of control provided that we will always put in place contractual obligations of confidentiality and restrictions on use.
We make certain automatically collected and other non-personally-identifiable information available to third parties: (i) to comply with various reporting obligations; (ii) for marketing purposes; and/or (iii) to assist such parties in understanding our users’ interests and usage patterns for certain programs, content, services, advertisements, promotions, and/or functionality available through the Services.
We do not sell your personal information, nor do we disclose, disseminate, share, transfer or otherwise make available your personal data to any third party for monetary benefit.
The Services are primarily hosted in the United States. If you choose to use the Services from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your personal data outside of those regions to the United States for storage and processing, and by providing your personal data on the Services you consent to that transfer, storage, and processing. Qubole provides separate optional international processing environments to support European Union and rest of the world. These processing environment options are available upon request.
Qubole is a global organization that has presence in multiple geographies and we share business processes, management structures, and technical systems across borders with the Qubole entities listed above. See here for a full list of our global presence.
Qubole and its US subsidiaries participate in and have certified their compliance with the EU-U.S. Privacy Shield Framework for the receipt and processing of personal data covered by GDPR. Qubole is committed to subjecting all personal data received from EU member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. [https://www.privacyshield.gov/list.]
Qubole is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf.
Qubole complies with the Privacy Shield Principles as well as to all the applicable principles of the General Data Protection Regulation (GDPR) for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Qubole is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Qubole may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Personal data covered by GDPR may be transferred to countries outside the EU and to countries that do not have laws that provide specific protection for personal data. Qubole has taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the EU are done lawfully and securely. We have contractual clauses embedded in our customer data processing addendum to meet the adequacy and security requirements for our customers who work with EU national’s personal data.
We keep your information for as long as required by any legal obligation and, if longer, any period necessary for the specified purposes above, including that your account is active on QDS or as needed for providing services to you.
For optimizing the performance of the Services, we may store metadata like the result of commands run by customers in our temporary cache storage for a period of 7 days following the date of last access. If a customer does not wish to have their data stored in our cache and temporary storage, please write to us at [email protected].
Even after your contract is terminated with Qubole, we may retain some of your information for statistical analysis, to comply with our legal obligations, to enforce our agreements or for resolving disputes. Such information that is retained to pursue legitimate business interests, may not be personally identifiable.
Qubole provides services to business organizations and we do not intentionally collect, store or process data belonging to children under the age of 16 using our service or on our website.
We use technical and organizational measures that are designed to safeguard the integrity and security of your personal data, so that your information is protected from loss, misuse, unauthorized access or disclosure. We cannot, however, ensure or warrant the security of any information you transmit to us over the internet or store on the Services and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If you have any questions about the security of your personal information, you can contact us at [email protected].
If we learn of a security systems breach, then we may attempt to notify you electronically so that you can take appropriate protective steps. We may post a notice through the Services if a security breach occurs. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. To receive a free written notice of a security breach you should notify us at [email protected].
Although we may allow you to adjust your privacy settings to limit access to your information, please be aware that no security measures are perfect or impenetrable. We cannot control the actions of other users with whom you may choose to share your information. Therefore, we cannot and do not guarantee that information you post on the Services will not be viewed by unauthorized persons. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
Where we process any of your personally identifiable information as a controller, and any processing is based on your consent, you have the right to withdraw that consent at any time.
You also have the right to object to our processing your personal data for direct marketing at any time.
(If you withdraw your consent or object top direct marketing, you will still receive transactional emails from us about our Services, such as reports of your usage and invoices.)
In cases where Qubole is the data controller, you are entitled to receive a transcript copy of your personal data held by us in accordance with the California Consumer Privacy Act (“CCPA”), GDPR and guidelines issued by the applicable national supervisory authorities.
Data access requests may be made on our toll free number or by contacting the Qubole privacy team (email: [email protected]) with a clear description of the information you seek. Once we receive a request, you will be required to provide your full name, registered email ID and company name to verify your identity. If your identity is successfully verified by us, your request will be processed, and we will respond within 10 business days.
If GDPR applies to our processing of your personally identifiable information, you may also ask for access to it, to rectify it, restrict its processing, object to its processing and port it to another provider.
If you are a California resident, under CCPA, you have the right to request that we delete any of the personal information we collected from you as a data controller. Your request for data deletion may be denied by us if (1) your identity could not be verified successfully or (2) if the data is required to:
a) perform and honor the contract that we have with you (or our customers),
b) detect and respond to security incidents and breaches,
c) debug errors and ensure intended functionality is provided,
d) exercise free speech and to ensure the right of another consumer to exercise their free speech rights,
e) comply with the California Electronic Communications Privacy Act and with any other legal obligation,
f) engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent,
g) enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us, or
h) use internally, in a lawful manner, that is compatible with the context in which you provided the information.
To exercise your rights under GDPR or CCPA, please submit a verifiable request to us on either one of the two options given below:
You may make a request to access your personal information twice within a 12-month period. Any disclosures we provide will only cover the 12-month period preceding the receipt of the request.
You can exercise your rights either directly or through an authorised agent, if you have provided written permission to the agent, and if the agent’s identity can be verified by us.
We will not discriminate against you by charging different rates or providing different levels of service for exercising any of your rights, nor do we provide financial incentives for the use or retention of your personal information.
Qubole’s goal is to only share and or disclose your personal data to provide Qubole services, support legitimate business uses (such as sales and marketing communications), and fulfil regulatory/legal requests. In the event you wish to further limit your personal data use and disclosure, you must submit a written request detailing your concerns to our privacy team at [email protected]. We will respond within 10 business days.
If you are an end user of the Services, we will be acting as processor to the customer (you or your employer) who has signed-up to use our service. You should direct any exercise of your data subject rights under CCPA or GDPR to the customer on whose account you use the Services.
Please note that while any change or deletion requested by you is reflected promptly in active user databases, it may take 30 days to effect and we may retain some of your information for the purposes mentioned in this policy.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, you can contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website (https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint), you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
EU nationals who have an unresolved concern related to data privacy can lodge a complaint with your local data protection authority or the UK Information Commissioner’s Office (ICO), which is Qubole’s lead supervisory authority in the EU.
Click on this link to know who is our local data protection supervisory authority http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
You can contact our EU representative EDPO regarding matters pertaining to the GDPR by:
If you would like to reach Qubole’s Data Protection Officer you can contact them by phone at +1 (855) 423-6674, by email at [email protected], or by post to:
469 El Camino Real, Suite 205
Santa Clara, CA 95050