Quest Software Inc. (“Quest,” “we,” or “us”) complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from European Union and Switzerland to the United States, respectively. Quest Software has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.
Scope
Quest commits to comply with the Privacy Shield Principles in our processing of all Personal Information we receive from our Customers or their Users in the EEA and Switzerland in connection with the Quest On Demand Migration for Email software-as-a-service application (“ODME” or the “Application”) and related support services (“Services”). This Privacy Shield Policy outlines our policy and practices for implementing the Principles, including the types of information we gather, how we use it and the notice and choice individuals may have regarding our processing and/or use of their Personal Information. Quest is subject to the regulatory and enforcement jurisdiction of the U.S. Federal Trade Commission (FTC).
Types of Personal Information Collected
Quest processes Customer Data including any Personal Information contained therein at the direction of and pursuant to the instructions of Quest’s Customers. Quest also collects several types of information from our Customers, including:
In addition, Quest collects general information about its Customers, including a Customer’s company name and address, credit card information, and the Customer representative’s contact information (“General Information”) for billing and contracting purposes.
Purposes of Collection and Use
Quest may use Personal Information submitted by our Customers and Users as necessary to provide the Application and Services including updating, enhancing, securing and maintaining the Application and to carry out Quest’s contractual obligations to our Customers.
The Privacy Shield Principles
Notice
Quest will collect and process certain Personal Information for the purposes outlined herein in connection with our ODME application and related Services. Where Quest receives transfers of Personal Information from the EU or Switzerland to the United States, Quest requires contractual provisions from the EU or Swiss Data Controller (our Customer) that the Personal Information has been provided to us by our Customer in accordance with the applicable EU Member State or Swiss data protection laws.
Choice
In connection with Customers’ and their Users’ use of ODME Quest receives Personal Information from our Customers who have obtained that Personal Information from individuals in accordance with the applicable EU Member State or Swiss data protection laws.
In accordance with the Principles, Quest will offer Customers and Users choice to the extent we (i) disclose their Personal Information to third party Data Controllers and/or Processors, or (ii) use Personal Information for a purpose that is materially different from the purposes for which the Personal Information was originally collected or subsequently authorized by the Customer or User. Unless Quest offers Customers and Users an appropriate choice, Quest uses Personal Information only for purposes that are materially the same as those indicated in this Policy. Customers and Users can opt out of any disclosure of personal data to a third party or the use of data for a purpose other than the one for which it was initially collected by using Quest’s “opt-out” feature. Requests to opt out of such uses or disclosures of Personal Information should be sent to: quest.odme@quest.com.
Third Party Disclosures
We may disclose Personal Information from our Customers to the extent needed to deliver the Application and/or the Service or respond to requests for information on products or services or otherwise support the customers’ business needs:
Liability for Onward Transfers
Quest complies with Privacy Shield’s Principle regarding accountability for onward transfers. Quest remains liable under the Principles if its onward transfer recipients process Personal Information in a manner inconsistent with the Principles, unless Quest proves that it was not responsible for the event giving rise to non-compliance or damage.
Data Security
Quest shall take reasonable steps to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Quest has put in place appropriate physical, electronic and managerial procedures to safeguard and secure Personal Information from loss, misuse, unauthorized access or disclosure, alteration or destruction. Quest cannot guarantee the security of Personal Information on or transmitted via the Internet. Quest may be required to reveal an individual’s Personal Information in response to a legal request from public authorities including, but not limited to, the need to meet national security and/or law enforcement requirements.
Data Integrity
Quest shall only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, Quest shall take reasonable steps to ensure that Personal Information which it processes is accurate, complete, current and reliable for its intended use.
Access
Individuals in the EEA and Switzerland generally have the right to access their Personal Information. As an agent processing Personal Information on behalf of its Customers, Quest does not own or control the Personal Information that it processes on behalf of its Customers or their Users and does not have a direct relationship with the Users whose Personal Information may be processed in connection with providing ODME or related Services. Since each of our Customers is in control of what information, including any Personal Information, it collects from its Users, how that information is used and disclosed, and how that information can be changed, Users of ODME should contact the applicable Customer administrator with any inquiries about how to access or correct Personal Information contained in Customer Data, as defined below. To the extent a User makes an access or correction request to Quest, we will refer the request to the appropriate Quest Customer and will support such Customer as needed in responding to any request.
To access or correct any general information Customer has provided, the Customer should contact their Quest account representative directly or by using the contact information indicated below.
Enforcement
Quest uses a self-assessment approach to assure compliance with this Privacy Shield Policy and periodically verifies that the Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Principles. We encourage interested persons to raise any concerns using the contact information provided and we will investigate and attempt to reasonably resolve any complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles.
Dispute Resolution
In compliance with the EU-US and Swiss-US Privacy Shield Principles, Quest Software commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Quest Software at:
Quest Software Inc.
Attn: Brad Kirby
4 Polaris Way
Aliso Viejo, CA 92656
Or emailed to: brad.kirby@quest.com
Quest Software has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.
Note that as a last resort and under limited circumstances EU and Swiss individuals with unresolved complaints may invoke a binding arbitration option before the Privacy Shield Panel.
Definitions
“Customer” means any entity that purchases ODME and/or the related Services.
“Customer Data” means the electronic data transferred to Quest by or for a Customer or its Users.
“Personal Information” or “Information” means information that (1) is transferred from the EU and Switzerland to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.
“Sensitive Personal Information” means Personal Information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.
“User” means an individual authorized by Customer to access and use the Application.
Personal Information that is transferred by clients to Quest in the United States from the European Union or Switzerland falls under one of the following two situations:
Amendments or Changes to this Policy
This Privacy Shield Policy may be amended or changed from time to time consistent with the requirements of the Privacy Shield. Quest will post any revised Policy on this website.
Contact Information
Questions, comments or complaints regarding Quest’s Privacy Shield Policy or data collection and processing practices must be mailed to:
Quest Software Inc.
Attn: Brad Kirby
4 Polaris Way
Aliso Viejo, CA 92656
Or emailed to: brad.kirby@quest.com