Qengine LLC (d.b.a. Inzata) is offering its services on an international basis. For this reason we implemented the rules stipulated in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, better known as “GDPR”.
This policy covers the following topics:
- Which information we collect and how we collect it
- How we use the collected information
- Retention of Information
- Disclosure of Information to third parties
- When you visit our website
- Processing of data of our customers, licensees, or users
- your rights to the collected information and how to exercise
GDPR was signed into law on May 25th, 2018. It defines two main categories for data use:
Data Processor – are entities processing data provided by a data controller. Inzata is business analytics software and services company. Customers use the Inzata software to analyze and create dashboards and reports from their data. Inzata sells these services to Licensees of our software, and we provide Inzata Cloud to Customers who host their instance of the Inzata software in the Cloud. For the purposes of compliance with the European Union’s General Data Protection Regulation (GDPR), when we have access or process your Personal Information on benalf of our Customer, it is that Customer’s responsibility to protect your privacy.
Data Controller – Inzata is data controller for the information provided to us through our website, marketing, including any Personal Information contained in such data.
What is a Personal Data? It is any information through which we can identify you, directly or indirectly. We can identify you directly by your name, surname, social security number and other similar data or Indirectly thereafter through information in conjunction with other information.
- WHICH INFORMATION WE COLLECT AND HOW WE COLLECT IT
- Information you provide to us in connection with services. This includes personal data you disclose to us when you contact us, request support or show interest in our services. As a rule, you provide this information to us in connection with a contract, services or a request for support. This data may include name, signature, e-mail address, telephone number, name of organization, position or website, billing information, user ID, password and any other information you provided us. If you have requested support from us, we have information on your individual requirements.
- Information about your customers, licensees, or users. This personal data, which may vary in term which services we provide (finance, marketing, healthcare), we process only as a data processor not as data controller. For more information see the Section 7 of this Policy.
- HOW WE USE THE COLLECTED INFORMATION
We use the collected information to ensure that we can provide our services to you, to maintain, protect and further improve the services, and to develop or modify our services regarding your preferences. We also collect information to provide Inzata Cloud functions requested by you as a customer.
We also use your information to manage the business relationship with you, such as providing service notices and billing. The contract and billing address may be used to send you offers and promotional information.
We use your data in our internal records to track whether your data has been erased and, if so, who erased it when, to be able to document our compliance with the legal requirements for personal data protection.
We process your personal data based on the performance of our mutual contract or your requirement, based on the performance of our statutory duties or based on our legitimate interest.
Any deviation of this data use is subject to a specific request by you and will be documented accordingly.
- RETENTION OF INFORMATION
We may retain your data (including your Personal Information) for any lawfully permitted length of time, as necessary to comply with our legal and contractual obligations, enforce our agreements and investigate events and resolve disputes.
- DISCLOSURE OF INFORMATION TO THIRD PARTIES
We do not disclose your Personal Information to third parties except under the following circumstances and conditions:
- To public and legal authorities when required by law to respond to subpoenas, court orders, or other legal claims, including disclosures required by national security or law enforcement agencies;
- your data may be provided to QENGINE, LLC odštěpný závod CZ, with its registered seat at Brno, Czech Republic, for the purpose of delivering services. However, your data is stored in the United States of America and our CZ Branch Office will access it through secure means of connection.
- To other entities when we need to establish or exercise our legal rights, or to defend against legal claims, or when we believe it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, data breaches, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required by law;
We may host our Cloud environments on third-party cloud platforms. We may also use outsourced personnel to perform technical and support functions that may involve access to customer data. Our service providers do not have permission to use your personal data for any purpose other than to provide us the services we require to provide you our services.
- WHEN YOU VISIT OUR WEBSITE
Cookies are small text files saved by a website on your computer or mobile device when you start using the website. For a certain period of time, the website will remember your preferences and steps you have taken (e.g. login, language, font size and other display preferences), so that you do not have to enter the data again when changing pages.
- Operate our website as you would expect;
- Speed up and better secure our website;
- Enable you to follow us on social networks;
- Constantly improve our website;
- Collecting sensitive data;
- Transferring personal data to third parties; or
- Obtaining any commission on sales.
- PROCESSING OF DATA OF OUR CUSTOMERS, LICENSEES, OR USERS
We provide Inzata services and Inzata Cloud which you may use to store, process, and distribute data belonging to your customers, licensees, or users. This data may vary according to the purpose for which you may use the Inzata Cloud and other services.
We are not responsible for disclosures of information made by you through the Inzata Cloud or the use of Inzata software on a customer’s system. When we have access or process personal data on behalf of our customer, it is responsibility of our customer to protect your privacy. Also, our customer has to comply with all rules according to privacy regulation as the Data Controller.
Our customers use the Inzata software for a wide range of business analytics purposes, and we do not preview, screen, or review their data. Therefore, we do not know what categories of personal data our customers may collect. However, generally this data includes:
- Healthcare: first, middle name, last name, address, email address(es), telephone number(s), insurance product, dependents, disease management program data, detail treatment data.
- Finance: first, middle name, last name, address, email address(es), telephone numbers, historical income, spending amounts, family members, spending patterns.
- Marketing: first, middle name, last name, address, email address(es), telephone number(s), historical and future income, spending amounts and patterns, family members, individual property analysis.
We may have access to your data for example in this situation:
- When a Customer shares a screen showing their data on a business consulting call to help it evaluate or use the Inzata Software, your Personal Information may be revealed to us.
- When a Customer submits a file containing its data to our support help desk to resolve a Software issue, your data may be included in such data.
- YOUR RIGHTS TO THE COLLECTED INFORMATION AND HOW TO EXERCISE
You have the following rights to your personal data:
a) Right of access
b) Right to rectification
c) Right to erasure
d) Right to restriction of data processing
e) Right to data portability
f) Right to object to processing
Your rights are explained below in more detail.
For Personal Data available to Inzata in its function as a Data Processor on behalf of our Customer, it is the Customer’s responsibility to protect your privacy.
For Personal Data collected by Inzata in its function as a Data Controller, you can exercise your rights by contacting us at the following e-mail address: Compliance@Inzata.com
The right of access means that you can ask us at any time to confirm whether or not personal data concerning you are being processed and, if it is, you have the right to access the data and to information for what purposes, to what extent and to whom it is disclosed, whether you have the right to rectification, erasure, restriction of processing or to object; we will also inform you from which source we obtained the personal data, and whether automated decision-making, including any profiling, occurs on the basis of processing of your personal data.
The right to rectification means that you may request from us to rectify or supplement your personal data if is inaccurate or incomplete.
The right to erasure means that we must erase your personal data if (i) it is no longer necessary for the purposes for which it was collected or otherwise processed; (ii) the processing is unlawful; (iii) you object to the processing and there is no overriding legitimate grounds for processing; or (iv) this is not required of us based on a legal duty.
The right to restriction of processing means that until any disputable issues concerning the processing of your personal data is resolved, we must restrict the processing of your personal data.
The right to data portability means that you have the right to obtain personal data that concern you, which you have provided to us and which is processed in an automated manner and on the basis of consent or contract, in a structured, commonly used and machine-readable format, and the right to have this personal data transferred directly to another controller.
The right to object means that you may object to the processing of your personal data that we process for the purposes of our legitimate interests.