Querlo Privacy Shield Policy

Last update: January 31, 2019

1. Introduction

Querlo LLC (“Querlo”) is a consultancy firm providing artificial intelligence solutions to Customers worldwide and whose main product is a chatbot (“the Chatbot”).

The Chatbot is hosted on the websites of the Customers (“the Websites”) and may artificially interact with Users asking and responding to various questions.

The conversations between the Chatbot and the User may involve the disclosure by the User of certain categories of Personal Data (as defined herein).

In addition, the Chatbot collects other categories of Personal Data such as online identifiers, as defined more in detail below.

Querlo is based in the United States of America (“the USA”) and its servers, where the Personal Data is hosted, are located in the USA. The Users may be based inside and outside the USA, and may be located in the European Economic Area (“EEA”).

Transfer of Personal Data from the EEA to the United States need to be under the safeguards of the EU-US Privacy Shield Framework (“the Privacy Shield”).

Querlo has certified that it adheres to the EU-US Privacy Shield Principles of Notice, Choice, Accountability for onward transfer, Security, Data integrity and purposes limitation, Access, Recourse, enforcement and liability as set out herein.

Querlo complies with Privacy Shield set forth by the United States Department of Commerce with respect to the collection, use and retention of Personal Data transferred from the EEA to the USA as further described in the Scope section below. This Privacy Shield Policy outlines our commitment to the Privacy Shield Principles (the “Principles”) and our practices for implementing the Principles. If there is any conflict between the terms in this Privacy Shield Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield Framework, please visit the Department of Commerce’s dedicated Privacy Shield website, located at: www.privacyshield.gov. Querlo remains subject to the investigatory and enforcement powers of the FTC, the Department of Transportation or any other U.S. authorized statutory body.

2. Scope

Querlo commits to comply with the Principles with respect to the Personal Data the company receives from its Users in the EEA in connection with the use of the Chatbot (“the Chatbot” or “the Service”).

3. Definitions

For the purposes of this Privacy Policy:
“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

“Customer” means any entity that purchases the Service.

“Personal Data” means any information, including Sensitive Data, that is (i) about an identified or identifiable individual and (ii) received by Querlo in the U.S. from the EEA in connection with the Chatbot. For the purposes of this Policy Personal Data includes the Data provided by the User and the Website data, as defined below.

“Processor” means any natural or legal person, public authority, agency or other body that processes Personal Data on behalf of a Controller.

“User” means an individual that may interact with the Chatbot.

4. Types of Personal Data Collected

4.1 Data provided by the User

Querlo may collect, process and retain the Personal Data that the User may voluntarily disclose by chatting and interacting with the Chatbot. Said Personal Data is never collected at Querlo’s initiative but is always given freely by the User.

As an example, Personal Data that is provided by the User may refer to their gender, age or location.

4.2 Website data

When the Users interact with the Chatbot, some types of Personal Data are automatically collected. Said types include: (i) IP Address;
(ii) Geolocation;
(iii) Cookies;
(iv) Client browser information (type, version, capabilities, screen size, OS type and version).

5. Purposes of Collection and Use

Querlo collects and uses the Personal Data submitted by the Users in order to operate the Chatbot, including updating, enhancing, securing and maintaining the Chatbot and to carry out Querlo’s contractual obligations to its Customers.

Personal Data is also collected and used in order to produce customers’ satisfaction reports and statistics that Querlo will made available to the Customers.

Personal Data is not used for any purpose other than those listed at this clause.

6. Data Integrity and Purpose Limitation

Querlo will only collect and retain Personal Data which is relevant to the purposes for which the information is collected, and will not use it in a way that is incompatible with such purposes unless such use has been subsequently authorized by the User. Querlo will take reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete and current. Querlo may occasionally contact the User to determine that the User’s data is still accurate and current.

7. Third Party Disclosures

Querlo may disclose Personal Data that its Users may provide to its Customers, contractors, business partners and service providers it uses to support the Chatbot. Personal Data may be also disclosed in the event that: (i) Querlo sells or transfers all or a portion of its business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution or liquidation), in which case Personal Data held by us about our Customers will be among the assets transferred to the buyer or acquirer;
(ii) Querlo is required to do so by law or legal process;
(iii) Querlo is required to do so in response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements.

In any case, Querlo will not transfer Personal Data originating in the EU to third parties unless such third parties have entered into an agreement in writing with Querlo requiring them to provide at least the same level of privacy protection to the Personal Data as required by the Principles of the EU-US Privacy Shield Framework.

8. Access

Users based in the EEA generally have the right to access their Personal Data. Accordingly, to the extent Querlo acts as a Controller, where appropriate, Querlo provides the Users with reasonable access to the Personal Data Querlo maintains about them. Querlo also provides a reasonable opportunity for those Users to correct, amend or delete the information where it is inaccurate or has been processed in violation of the Privacy Shield Principles, as appropriate. Querlo may limit or deny access to Personal Data where the burden or expense of providing access would be disproportionate to the risks to the User’s privacy in the case in question, or where the rights of persons other than the User would be violated. Users may request access to their Personal Data by contacting Querlo as indicated at clause 13 below.

9. Choice

In accordance with the Principles, Querlo will offer Users choice to the extent it (i) discloses their Personal Data to third party Controllers, or (ii) uses their Personal Data for a purpose that is materially different from the purposes for which the Personal Data was originally collected or subsequently authorized by the Customer or User.

To the extent required by the Principles, Querlo also will obtain opt‑in consent if it engages in certain uses or disclosures of Sensitive Data. Unless Querlo offers Users an appropriate choice, Querlo uses Personal Data only for purposes that are materially the same as those indicated in this Policy.

Querlo may disclose Personal Data of Users without offering an opportunity to opt out, and may be required to disclose the Personal Data, (i) to third‑party Processors that Querlo has retained to perform services on its behalf and pursuant to its instructions, (ii) if it is required to do so by law or legal process, or (iii) in response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements. Querlo also reserves the right to transfer Personal Data in the event of an audit or if the company sells or transfers all or a portion of its business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution or liquidation).

10. Accountability for Onward Transfers

Querlo complies with the Privacy Shield’s Principle regarding accountability for onward transfers. Querlo remains liable under the Principles if its onward transfer recipients process Personal Data in a manner inconsistent with the Principles, unless Querlo proves that it was not responsible for the event giving rise to the damage.

If Querlo decides to transfer personal data to a third party acting as an agent, it will: (i) transfer such data only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the Querlo’s obligations under the Principles; (iv) require the agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department upon request.

11. Security

Querlo takes reasonable steps to protect Personal Data against loss, misuse, and unauthorized access, disclosure, alteration, or destruction. To achieve this, Querlo uses: i) industry-standard SSL (“Secure Socket Layer”);
ii) encryption technology;
iii) cryptographic hash algorithm for passwords sha256; iv) a secure server; and v) other physical and procedural safeguards to protect the security of such information.

12. Recourse, Enforcement and Liability

Since we are committed to protecting your privacy as set forth in this Policy, if you think we are not in compliance with our Policy, or if you have any question or if you wish to take any other action concerning this Policy or your Personal Information, we encourage you to contact us at fr@querlo.com or call us at +1 6466237688.

We will investigate your complaint, take appropriate action and report back to you within 45 days.

If the Personal Data in question was transferred from the EU to the USA, and you are not satisfied with our response, Querlo has agreed to participate in the dispute resolution procedures of the panel established by the EU data protection authorities (“the EU DPAs) to resolve disputes pursuant to the EU-US Privacy Shield Principles.

A resident of the European Union (EU) whose enquiry has not been satisfactorily addressed may contact the EU DPAs panel or individual EU DPAs using the information provided at http://ec.europa.eu/justice/data-protection/bodies/authorities/thirdcountries/index_en.htm to resolve disputes pursuant to the Privacy Shield Principles.

Querlo commits to cooperate with the EU DPAs and comply with the advice given by such authorities with regard to Personal Data transferred from the EU.

Finally, as a last resort and in limited situations, EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.

The services of the EU DPAs panel are provided at no cost to you.

13. How to contact Querlo

To ask questions or comment about this Privacy Shield Policy and our privacy practices or if you need to update, change or remove your information, contact us at: fr@querlo.com or by regular mail addressed to:
Attn. Chief Executive Officer Querlo LLC 80, Tuckahoe Ln Southampton, NY 11962, USA

Alternatively, Users based in the EEA may also reach out to Querlo’s EU-based Controller’s Representative by email at lm@querlo.com or by regular mail addressed to:
Digital Design by Lorenzo Meriggi Via Bernardo Daddi 19, 50143 - Florence, Italy

14. Changes in this Policy

Querlo reserves the right to change this privacy notice from time to time. If we do, we will update this page, together with the date of last update at the top of this document. Please check this page periodically for updates to our notice.