Privacy policy

Last updated: January 15, 2021

Hello there! Welcome to QuoteMachine!

At QuoteMachine, we understand that your personal data is important to you. In this privacy policy (the “Privacy Policy”), we explain to you what we do with personal data that Atelier35 Inc. (dba as QuoteMachine Solutions) (hereafter referred to as “QuoteMachine”, or “we” or “us” or “our”) processes.

If the above data changes, this means we have updated our Policy. We encourage you to keep an eye on the latest update date either way! If you need to reach out to us for any questions or concerns regarding this Privacy Policy, or if you want to exercise your privacy rights, you can contact us by using the following contact details information:

Attention: Privacy Officer
privacy@quotemachine.com

 

However, if your request is about how any of our business Clients process your personal data, we recommend that you reach out to this client directly

In addition, this Policy covers the use of your personal data for interest-based advertising (“IBA”). For more information about this topic, jump to section 5 of this Privacy Policy .

 

1.     When Does this Privacy Policy Apply?

This Privacy Policy explains how we process your personal data:

      When you use our software-as-a-service platform available at https://qmach.in (“Software Service”);

      When you access our public website at https://www.quotemachine.com (“Website”);

      Through our use of cookies and other tracking technologies on the Software Service and our Website;

      For our marketing activities; and

      When you communicate with us or interact with our social media accounts.

(together, the “Services”)

In this Privacy Policy, we use the term “Client” to refer to any organization, entity or company that subscribed to the Software Services through a free or paid subscription or a free trial. By comparison, the term “Users” refers to individuals who are using or accessing the microsites created by Clients using our Software Service. 

As mentioned above, this Privacy Policy applies to our Services, which are used by our Clients. We try our best to describe the processing of personal data that occurs in the context of our Services, but please keep in mind that our Clients may use it differently. That being said, this Privacy Policy does not apply to how personal data is processed outside our Services. Please see section 10 to learn more about what information we share with them, our relationship with them as well as their and our respective roles relative to the handling of your personal data.

This Privacy Policy does not apply to websites, applications, or other services of third parties, nor does it apply to integration partners which can be accessed through plug-ins or APIs..  Those third parties are responsible for providing you with their own privacy policies on how they handle your personal data. We are therefore not responsible for their privacy policies, procedures and practices, and we encourage you to review their privacy policies before using these external services.

This Privacy Policy is for transparency purposes and some of the data that we identify in this Privacy Policy as personal data may not be protected as personal data under applicable laws. For instance, business contact information is often excluded, and you may not have the same rights over such data than other users, depending on the laws that apply to you.

2.     What is “Personal Data”? What about “Cookies”?

When we use the term “personal data”, we mean any information that relates to an identified or identifiable natural person. This includes the obvious data such as a name, home address, email address and phone number, birth date, but it also includes IP-addresses and data specific to the physical, physiological, genetic, economic, cultural or social identity of natural persons. We also include cookies and other tracking technologies in our definition of personal data.

A “cookie” is a file that a website puts on a computer’s hard disk so that the website can remember something about individuals at a later time. In this Privacy Policy, when we refer to “cookies”, we also include other technologies with similar purposes such as pixels, tags and beacons. For more information on cookies, you can refer to websites such as http://www.cookiecentral.com/ and https://www.allaboutcookies.org/.

In this Privacy Policy, when we use the term cookies, we also imply similar tracking technologies such as tracking pixels (or pixels tags), web beacons and browser fingerprinting.

Cookies can be installed by us, in which case, they are called “first party cookies”. They can also be installed by third parties, such as Google Analytics, these are called “third party cookies” and result in the sharing of your personal data, such as IP addresses, with these third parties.

3.     What personal data do we process, and why?

We collect personal data to (1) provide our Clients and our Users with our Website and our Software Services, (2) allow you to create a client account on our Website, if you decide to do so (3) respond to your inquiries, should you e-mail us, (4) conduct our marketing activities, including through re-targeting cookies, (5) to obtain analytics and performance data on how our Services are performing, including our ads, and (6) to process job applications.

Under the European Union General Data Protection Regulation (“GDPR”) (if applicable), we use different legal basis to justify our processing of personal data, such as consent, the performance of a contract and your legitimate interests. However, these legal bases may not be valid under all jurisdictions and are indicative. For instance, in Canada, where such legal bases are not applicable except for consent, we collect, use and disclose such personal data with your consent, which may be explicit or implied. You can withdraw your consent at any time. We process personal data on behalf of our Clients.

Under the GDPR, where applicable, we are considered a data processor, and our Clients are responsible for ensuring that they have an appropriate lawful basis for processing your personal data. We do not have control over how our Clients process personal data, and if you have any questions about how they process your personal data, we invite you to contact them directly.

However, in limited cases, such as for marketing activities, we may be a data controller, which means that under the GDPR (as applicable), we are responsible for determining the lawful basis for processing your personal data under the GDPR. If so, we have identified the applicable lawful basis in this Privacy Policy.

 

Category of Personal Data

Examples

Purposes and examples of use

Legal basis under the GDPR

Electronic Data

IP address, mobile identifier, device type, operating system and Internet browser type.

This data is collected automatically through our Services in order for them to function effectively, to fix bugs or to improve the security of our Website. These may be collected through cookies (click here to jump to section 4 to learn more about cookies we use).

Legitimate interests

Usage and Performance Data

Time spent on the Services, pages visited, links clicked, language preferences, pages that led or referred you to the Website.

We collect this information for analytics purposes, to help us  know more about your use of our Services and to improve such Services. These may be collected through cookies (click here to jump to section 4 to learn more about cookies we use).

 

Consent

Communication Data

First and last names, email address, content of communications.

When you connect with to obtain support as a User of our Software Services , such as through the support live chat function in the “Support” section of our Website, through social media or through other means, we collect your personal data to respond to your inquiries.

Explicit Consent or Legitimate Interests.

Registration Data; Credentials

Company name, first name, last name, email address, phone number, password

When a User signs in, we collect this information to create their account.

 

N/A

User Data

 Offers that have been made, or purchases made through the Software Services, interactions with Clients’ sales associates through their microsite (i.e. live chat functionalities ).

This personal data is collected through our Software Services in order for us and our Clients to provide Users and Clients with our core services, i.e. giving them the opportunity to sell/purchase goods and services online through our Clients’ microsites.

 

Career Data

First and last names, email address, phone number, content of cover letters and resumes, links to LinkedIn profile.

We collect this personal data to process your job application if you apply on the “Careers section of our Website. 

Consent

Social Media Data

Publicly available information on your social media profiles and other personal pages, such as LinkedIn, Facebook and YouTube.

If you follow us or interact with us on social media, we may process your personal data for marketing or advertising purposes, subject to applicable laws, including those on consent.

Legitimate Interests

 

4.     What cookies and similar tracking technologies do we use?

We collect essential, functional, performance and targeting cookies. We only collect functional, performance and targeting cookies with your consent. QuoteMachine uses both first-party and third-party cookies:

  • First-Party Cookies – First-party cookies are those that are issued by us, and they can only be set or retrieved by us. They are used for purposes specific to us, such as to personalize the website.
  • Third-Party Cookies – Third-party cookies are placed on our website by other entities, such as to create new functionalities or conduct advertising.

We use the following types of cookies as part of our Website:

Type of Cookie

Description

Legal basis under the GDPR

Essential

These cookies are required for the Services to function as intended and be secured. For instance, essential cookies are used to remember your cookie preference if you are prompted to accept or refuse certain cookies. We are not required to obtain your consent for these cookies.

Legitimate interests

Performance

These cookies, also called analytics cookies, are used to monitor usage and performance, such as what pages are visited often, whether there are any bugs, and which sites where visitors come from. Analytics cookies are used to generate aggregated statistical data about traffic and behavior of users when using our Services. We use Google analytics to keep track of how our Services are used.  

Consent

Functional

Functional cookies are used to provide you with some functionalities and to remember preferences, consents and configurations.

Consent

Targeting Cookies

These cookies are used to deliver advertising more relevant to you and your interests. They are also used to limit the number of times you see an ad as well as to help measure the effectiveness of a campaign.

We use Facebook, Google AdWords and LinkedIn to measure the effectiveness of our advertising and to show you relevant advertising.

Consent

 

5.     Do we conduct interest-based advertising?

We conduct interest-based advertising (“IBA”), also referred to as targeted advertising or behavioural advertising. We do not conduct interest-based advertising within our Software Services. We only conduct interest-based advertising through our Website and social media.

Interest-based advertising is also referred to as targeted advertising (re-targeting) or behavioural advertising. Re-targeting means that the ads that you are being served are personalized based on your behaviour when browsing online. Retargeting means that the ads that you are being served are personalized based on your behaviour when browsing online. This is enabled through cookies and requires the processing of electronic data that is considered personal data under certain laws. 

For instance, we may display interest-based ads to you when you are using Facebook through a tool offered by Facebook called the Custom Audience Tool.  This tool allows us to personalize our ads based on your behaviour. We do not share any of your personal information, including your behaviour, with Facebook.  The tool lets us convert your email address to a unique number that Facebook uses to match to unique numbers it generates from email addresses of its users as part of real-time bidding.

We use Facebook, Google AdWords and LinkedIn cookies to conduct IBA. This means that Facebook and LinkedIn cookies use the information to show you relevant ads and to improve the advertising that you see.

You can opt-out of interest-based advertising by managing your cookies. Click here[5]  to jump to the section of the Privacy Policy that explains you how to do this. You can also use WebChoices which is a browser-based tool for opting out of interest-based advertising. Mobile users can also download the DAA Choice App in the Apple App Store, Google PlayStore or Amazon Store. AdChoices provides additional solutions and explanations to control block and control cookies, as well as plug-ins to retain opt-out cookie preferences, even if you delete your cookies.

6.     How can you modify your cookie preferences?

You can manage your cookie preferences through your browser using the instructions provided below by clicking on the browser that you are using. However, by blocking some  cookies that enable the functions of the Services, parts of the Services may not be available.

      Firefox

      Safari

      Internet Explorer

      Opera

      Google Chrome

You can also use WebChoices which is a browser-based tool for opting out of interest-based advertising. AdChoices provides additional solutions and explanations to control block and control cookies, as well as plug-ins to retain opt-out cookie preferences, even if you delete your cookies.

You can install the Google Analytics opt-out browser add-on, which prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy.

7.     Where do we store your personal data?

Our servers are hosted in the United States. Our service providers, however, may store your personal data in other countries. Some countries may not offer the same level of protection offered in your country for personal data. Prior to sharing your personal data with a service provider.,

If you are in the European Union, we are required to ensure that appropriate safeguards are in place prior for transferring your personal data out of the European Union.

8.     How long do we retain your personal data?

We keep your personal data for as long as required to achieve the purpose of the collection or as required by applicable laws, whichever is longer.

9.     How do we protect your personal data?

We strive to implement physical, organizational, contractual and technological security features that are proportional to the risks, taking into consideration factors such as the sensitivity of the personal data that we collect.

However, it is important to understand that we cannot guarantee the security of personal data on the Internet and that you must also take precautions, such as not sharing your credentials with anyone. No method of information transmission or information storage is 100% secure or error-free, so we unfortunately cannot guarantee absolute security. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately using the contact information provided at the beginning of this Policy.

We store personal data on Google Cloud SQL, Google Datastore, and Google Memorystore, which use several layers of encryption to protect customer data at rest in Google Cloud products (click here to jump to Google’s privacy policy). We also use Elastic Cloud, which secures connection with Basic Auth and SSL (click here to jump to their privacy policy. Our Software Services are using a strong data layer (Entity Manager, Object Relation Manager and Object Document Manager) to keep a clear separation between the business logic and the data access.

Our payment provider Stripe is certified PCI DSS compliant.

 

10.  With whom do we share your personal data?

Within our organization, only the persons who need to have access to your personal data because of their roles or functions are granted such access.

We share your personal data with the following categories of recipients: Clients, service providers, API providers and law enforcement authorities (if required under applicable law). We do not sell personal data and we do not share the personal data collected as part of the Services for other reasons than to provide the Services, except if required by the law or as set forth below.

When Users use our Clients’ microsites and, for instance, complete a submission to be provided with our Client’s services, all such information is made available to the relevant Client. Clients can use that information to create reports and business intelligence.

If Users order products from our Clients, Clients will also have access to such Users’ shipping address.

It’s important for us to let you know that Clients aren’t our suppliers; they’re distinct controllers of your personal data and may process and otherwise handle your personal data as they deem fit. Other third parties to which we share your personal data re listed in the table below:


Category

Explanations

Google
API

We use Google API to organize email
conversation and send email from your Gmail account and to schedule events on
your calendar.

QuoteMachine’s use and transfer to any other
app of information received from Google APIs will adhere to 
Google API Services User Data Policy, including the Limited Use requirements.


Learn more about how QuoteMachine uses Google APIs

 

Cloud
providers

We use service providers to provide
you with the Services. These include such as Google Cloud SQL and Elastic
Cloud. You can read Google Cloud’s privacy policy
here and Elastic Cloud’s privacy policy here.

We use Convertapi for PDF document
generation. You can read their privacy policy
here.

We use Pipedrive for our sales. You
can read their privacy policy
here.

Email
service providers

We use providers to send you emails.
These include Postmark and Mailchimp. You can consult Postmark’s privacy
policy
here and Mailchimp’s privacy policy here.

Marketing
service providers 

We use marketing providers like
LinkedIn, Google and Facebook to conduct IBA and marketing campaigns.

You can read their privacy policies
here:

      LinkedIn

      Google Ads

      Facebook

Payment
service providers

We integrate with Stripe and Paysafe
for payment services. You can read Stripe’s privacy policy
here and Paysafe’s here. 

Integration
Partners

You can choose to use integration
partners while using the Services. They are not our suppliers, but
independent third parties. For instance, integration partners we use include
Lightspeed Retail and Quickbooks. You can access their privacy policies here:

      Lightspeed Retail

      Quickbooks

Law
enforcement authorities

We may receive requests from law
enforcement or the authorities to access personal data. Whenever permitted by
law, we advise our Users or Clients beforehand. We also validate that the
request is legitimate before responding.

Business
transactions

We may share your personal data in
connection with, or during negotiations of, any merger, sale of assets,
financing, or acquisition of all or a portion of our business by another
entity or investors.

11.  What rights do you have over your personal data?

Your rights differ depending on where you are located in the world.

In most locations, you can access and rectify your personal data, as well as withdraw your consent to the processing of your personal data.

In other jurisdictions, such as in the European Union (if applicable), you have additional rights, such as the right to object to the processing of your personal data, the right to data portability, the right to erasure and the right to restrict the processing of your personal data.

Under the GDPR (if applicable), you are entitled to these additional rights:

      The right of access: under the right of access, you have the right to gain access to your data free of charge in a commonly used format – such as an electronic format if the request is made electronically.

      The right to rectification: you are entitled to have your personal data rectified if inaccurate or incomplete and we will respond to such request within one month if not deemed complex.

      The right to erasure: ‘the right to be forgotten’, or right to erasure, means you have the right to request that your data be deleted easily and securely where there is no compelling reason for possession and continued processing.

      The right to restrict processing: you have the right to ‘block’ or restrict processing of personal data, in certain circumstances.

      The right to data portability: you also have the right to data portability, which allows you to obtain and reuse your personal data across different services for your own purposes.

      The right to object: the right to object means you have the right to object to direct marketing (including profiling), processing based on legitimate interest, and purposes of scientific/historical research and statistics, in which case we must stop processing personal data immediately and at any time, with no exemptions or grounds to refuse, free of charge.

If you would like to learn more about these rights, please click here for a more detailed explanation.

All of these rights are subject to limitations within the law, so if we cannot comply, we will respond to you and let you know why. We will respond to any of your requests within 30 days. In some cases, we may need additional information to validate your identity, in which case, we will use it only for this reason and delete it afterwards. We do not charge any fees for you to exercise your rights.

You always have the right to lodge a complaint to the local authorities if you disagree with how we handle your personal data. Please see below to know how to do so.

 

12.  How can you invoke your rights?

You can exercise your rights at any time by contacting us with the contact information provided at the beginning of this Privacy Policy.

Once we receive your request, we will get back to you within 30 days. It’s possible that we cannot comply with your request, for instance, if it’s not applicable under the law. If we can’t process your request, we will provide you with explanations.

When you exercise your rights, we may have to request personal data to validate your identity.

If your request is lengthy and difficult, and if we are allowed to do so by law, we may charge you a reasonable fee to assist you. If you are not satisfied with how we process your request, you can communicate with your local data protection authorities or privacy commissioners, and lodge a complaint. We will provide you with explanations on how to do so in our response to your request, based on your location.

If you are in the European Union, you can contact your local data protection authority. The list of data protection authorities can be found here.

If you are located in Canada, note that the Office of the Privacy Commissioner of Canada drafted this FAQ to help you access your personal data when it is held by a business. You can also contact the Office of the Privacy Commissioner of Canada’s Information Center:

Telephone

9:00 am to 4:00 pm EST
Toll-free: 1-800-282-1376

Mailing address

Office of the Privacy Commissioner

30 Victoria Street

Gatineau, Québec

K1A 1H3

You can also use this online form.

If you have any issue with how we collect, use or disclose your personal data, or how we responded to your request, please let us know. We will do our best to improve our processes to make certain that it does not happen again. We will also provide you with additional information about our practices if you would like us to do so.


13.  Can I opt-out of marketing communications?

Yes, you can do so directly in the e-mails you receive by clicking the “unsubscribe” link at the bottom. You can also contact us directly or manage your preferences within our Services where available.

14.  Do you respond to “Do Not Track” signals?

If you are a resident of California, you have the right to ask companies to stop tracking you on the Internet. Please note that we do not respond to Do Not Track signals.  However, if you have a legitimate request about your personal data, be sure that we will try our best to assist you!

 

15.  Can we change this Privacy Policy?

Yes, we might modify this Privacy Policy from time to time, such as to reflect new processing activities, adapt to new laws and regulations or reflect technological changes or corporate changes, such as a result of a merger and acquisition. You can refer to the latest update date above to know the moment at which this version has been published.