We at myQuest Ltd. ("myQuest", "us", "we", or "our") recognize and respect the importance of maintaining the privacy of our customers and their employees. This Privacy Notice describes the types of information we collect from you when you use our Connect Bot ("Connect Bot") on the Microsoft Teams Platform and/or use the services provided thereon ("Services") as an employee of one of our customers ("Employee" and "Customer", respectively). This Privacy Notice also explains how we process, transfer, store and disclose the information collected, as well as your ability to control certain uses of the collected information. If not otherwise defined herein, capitalized terms have the meaning given to them in the Terms of Service, available at https://www.myquest.co/connect/terms-of-service ("Terms"). "You" means any Employee using the Connect Bot and/or Services.
When we collect and process your data, we do so solely for the purpose of providing services to our Customers. The applicable Customer serves as a data controller with respect to such Personal Data and we act as a data processor on its behalf. Our processing activities are solely at the applicable Customer's instructions and under its control.
"Personal Data" means any information that refers, is related to, or is associated with an identified or identifiable individual or as otherwise may be defined by applicable law. This Privacy Notice details which Personal Data is collected by us in connection with provision of the Connect Bot and the Services.
The key points listed below are presented in further detail throughout this Privacy Notice. These key points do not substitute the full Privacy Notice.
1. Personal Data We Collect for System Administrator, Uses and Legal Basis. Depending on your usage, we collect different types of data and we and any of our third-party sub-contractors and service providers use the data we collect for the purpose of providing services to our Customers and performing our contract with them. For more information about the uses and legal bases determined by the Customer, please contact the Customer directly. You are under no legal obligation to provide us with any Personal Data. It is your voluntary decision whether to provide us with certain Personal Data, but if you refuse to provide such Personal Data we may not be able to register you to use the Connect Bot and/or provide you with the Services or part thereof.
1.1 Account Data - In order to use our Connect Bot and/or receive the Services, we will collect the following details related to your Microsoft accounts: you name, email address, manager, department, language, location, working hours, as well as your ID in the active directory. We also collect tags related to your area of expertise.
How we use this data: (1) to provide you and the Customer with the Connect Bot and Services, to respond to your inquiries and requests, and to contact and communicate with you; and (2) to prevent fraud, protect the security of and address any problems with the Connect Bot.
1.2 Usage and Materials – We collect the questions and answers that are sent through the Connect Bot.
How we use this data. To provide you and the Customer with the Services.
1.3 Automatically Collected Data - When you use the Admin of the Connect Bot, we automatically collect information about your computer or mobile device, such as IP address, device ID, as well as your browsing and viewing history. For more information about the cookies and similar technologies we use and how to adjust your preferences, please see the section "Cookies and Similar Technologies" below.
How we use this data. (1) to allow the Customer to remember sessions and (2) to prevent fraud, protect the security of our Connect Bot and Services, and address any problems with the Connect Bot and/or Services.
How we use this data: (1) to provide you with the System and/or Services and to respond to your inquiries and requests and to contact and communicate with you; and (2) to prevent fraud, protect the security of and address any problems with the System.
1.2 Contact Information - When you request information from us or contact us for any other reason, we will collect any data you provide, such as your email address and the content of your inquiry.
How we use this data: To respond to your request or inquiry.
Legal Basis: We process this Personal Data based on performance of a contract when we respond to your inquiry.
2. Additional Uses - Statistical Information. We compile statistical information based on your use of the Services, such as how many questions were sent, how many responses were sent, and how successful the process has been. We do so in on behalf of the Customer in order to help them understand how the Connect Bot is being used. The Company does not collect information about the users asking the questions.
3. Sharing the Personal Data We Collect. We share your information, including Personal Data, as follows
3.1 Customers. We share your information with the Customer on whose behalf it is being collected. We will not share the identity of the user who asks a question through the Connect Bot to the Company, but this will be shared with the user to whom the question is asked.
3.2 Affiliates. We share information, including your Personal Data, with our affiliated company, myQuest Inc., where this is necessary to provide you with our products and Services, and for the purpose of management of our business.
3.3 Service Providers. We disclose information, including Personal Data we collect from and/or about you, to our trusted service provider, who have agreed to confidentiality restrictions and who use such information solely on our behalf in order to help us provide you with the Connect Bot and/or Services on behalf of the Customer.
Such service providers and subcontractors provide us with IT and system administration services, data backup, security, and storage services.
3.4 Business Transfers. Your Personal Data may be disclosed as part of, or during negotiations of, any merger, sale of company assets or acquisition (including in cases of liquidation). In such case, your Personal Data shall continue being subject to the provisions of this Privacy Notice.
3.5 Law Enforcement Related Disclosure. We may share your Personal Data with third parties: (i) if we believe in good faith that disclosure is appropriate to protect our or a third party's rights, property or safety (including the enforcement of the Terms and this Privacy Notice); (ii) when required by law, regulation subpoena, court order or other law enforcement related issues, agencies and/or authorities; or (iii) as is necessary to comply with any legal and/or regulatory obligation.
3.6 Legal Uses. We may use your Personal Data as required or permitted by any applicable law, for example, to comply with audit and other legal requirements.
4. International Transfer.
4.1 We use subcontractors and service providers and have affiliates who are located in countries other than your own, such as the US and Israel and send them information we receive (including Personal Data). We conduct such international transfers in fulfillment of our contract with the applicable Customer.
4.2 Whenever we transfer your Personal Data to third parties based outside of the European Economic Area ("EEA") and when required under applicable law, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
4.2.1 We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission.
4.2.2 Where we use certain service providers not located in countries with an adequate level of protection as determined by the European Commission, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in the EEA.
5. Security. We have implemented and maintain appropriate technical and organization security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to Personal Data appropriate to the nature of such data. The measures we take include:
5.1 Safeguards – The physical, electronic, and procedural safeguards we employ to protect your Personal Data include secure servers, firewalls, antivirus, and SSL encryption of data.
5.2 Access Control – We dedicate efforts for a proper management of system entries and limit access only to authorized personnel on a need to know basis of least privilege rules, review permissions quarterly, and revoke access immediately after employee termination.
5.3 Internal Policies – We maintain and regularly review and update our privacy related and information security policies.
5.4 Personnel – We require new employees to sign non-disclosure agreements according to applicable law and industry customary practice.
5.5 Encryption – We encrypt the data in transit using secure HTTPS protocols.
5.6 Database Backup – Our databases are backed up on a periodic basis for certain data and are verified regularly. Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity, are tested regularly to ensure availability, and are accessible only by authorized personnel.
5.7 However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
5.8 As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect user IDs and passwords, please take appropriate measures to protect this information.
6. Your Rights - How to Access and Limit Our Use of Certain Personal Data. Subject to applicable law and certain exemptions, you have certain rights in relation to the Personal Data that we hold about you on behalf of the Customer. To exercise any of the rights listed below, please contact the applicable Customer. We are committed to assisting our Customers in complying with their obligations to honor your wish to exercise your rights and will forward any requests to exercise rights directly to the applicable Customer and will follow their directions regarding how to respond.
6.1. Right of Access. You have a right to know what Personal Data we collect about you and, in some cases, to have such Personal Data communicated to you. Subject to applicable law, this may be subject to a fee. Please note that we may not be able to provide you with all the information you request.
6.2. Right to Data Portability. If the processing is based on your consent or performance of a contract with you and processing is being carried out by automated means, you may be entitled to request a copy of the Personal Data you provided in a structured, commonly-used, and machine-readable format.
6.3. Right to Correct Personal Data. Subject to the limitations in applicable law, you may request the update, completion, correction or deletion of inaccurate, incomplete, or outdated Personal Data.
6.4. Deletion of Personal Data ("Right to Be Forgotten"). Subject to applicable law, you may have a right to request that deletion of your Personal Data if either: (i) it is no longer needed for the purpose for which it was collected, (ii) our processing was based on your consent and you have withdrawn your consent, (iii) you have successfully exercised your Right to Object (see below), (iv) processing was unlawful, or (iv) we are required to erase it for compliance with a legal obligation. We cannot restore information once it has been deleted. Please note that to ensure that we do not collect any further Personal Data, you should also delete our Connect Bot from your Microsoft Teams account. Data may be retained (including following your request to delete) for audit and record-keeping purposes, or as otherwise permitted and/or required under applicable law.
6.5. Right to Restrict Processing. Subject to applicable law, you can request limitation of the processing of your Personal Data if either: (i) you have contested its accuracy and wish to limit processing until this is verified; (ii) the processing is unlawful, but you do not wish to have the Personal Data erased; (iii) it is no longer needed for the purposes for which it was collected, but is still required to establish, exercise, or defend of a legal claim; (iv) you have exercised your Right to Object (below) and the legitimate grounds for processing is being verified. Personal Data may continue to be used after a restriction request under certain circumstances.
6.6. Right to Object. Subject to applicable law, you can object to any processing of your Personal Data which has legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh the legitimate interests.
6.7. Right to Lodge a Complaint with Your Local Supervisory Authority. Subject to applicable law, you may have the right to submit a complaint to the relevant supervisory data protection authority if you have any concerns about how we are processing your Personal Data.
7. Data Retention.
7.1. Subject to applicable law, we retain Personal Data as necessary for the purposes set forth above. We may delete information from our systems without notice to you once we deem it is no longer necessary for these purposes. Retention by any of our processors may vary in accordance with the processor's retention policy.
7.2. In some circumstances, we may store your Personal Data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, audit, accounting requirements and so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data, and whether those purposes can be achieved through other means, as well as applicable legal requirements.
7.3. Please contact us at email@example.com if you would like details regarding the retention periods for different types of your Personal Data.
8. Cookies and Similar Technologies.
8.1. What are cookies? A cookie is a small piece of text that is sent to a user's browser or device. The browser provides this piece of text to the device of the originating user when this user returns. "Persistent" cookies may be used to save your settings and customizations across visits and will remain on your device until you delete them. We may use the terms "cookies" to refer to all technologies that we may use to store data in your browser or device or that collect information or help us identify you in the manner described above, such as web beacons or "pixel tags".
8.3. How to Adjust Your Preferences. Most Web browsers are initially configured to accept cookies, but you can change this setting so your browser either refuses all cookies or informs you when a cookie is being sent. In addition, you are free to delete any existing cookies at any time. Please note that some features of the Services may not function properly when cookies are disabled or removed. For example, if you delete cookies that store your account information or preferences, you will be required to input these each time you visit.
9. Third-Party Applications and Services. All use of third-party applications or services is at your own risk and subject to such third party's terms and privacy policies.
10. Communications. We reserve the right to send you service-related communications, including service announcements and administrative messages, without offering you the opportunity to opt out of receiving them. Should you not wish to receive such communications, you may cancel your account.
11. Children. We do not knowingly collect Personal Data from children under the age of sixteen (16). In the event that you become aware that an individual under the age of sixteen (16) has enrolled without parental permission, please advise us immediately.
11. Changes to the Privacy Notice. We may update this Privacy Notice from time to time to keep it up to date with legal requirements and the way we operate our business, and we will place any updates on the Connect Bot. Please come back to this page every now and then to make sure you are familiar with the latest version. If we make material changes to this Privacy Notice, we will seek to inform you by notice on this page or by email.
12. Comments and Questions. If you have any comments or questions about this Privacy Notice or if you wish to exercise any of your legal rights as set out herein, please contact the applicable Customer or contact us at firstname.lastname@example.org.
Last updated: July 2021