3. WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL INFORMATION
4. WHICH CATEGORIES AND SPECIFIC PIECES OF PERSONAL INFORMATION DO WE PROCESS
Personal information that can directly or indirectly identify you may include, for example:
Contact details: Name, email, phone number, mailing address, zip code;
Company and employment data: your employment with and role within a company, including information related to such company such as company name, size, location, as well as publicly available company information and activity;
Device information: Information related to a device interacting with Qommodity products, services, and websites including IP address, browser, device type, operating system, the presence or use of “apps”, screen resolution, preferred language;
Interactions with Qommodity services or products: Information related to the use of Qommodity services and products, such as products and services purchased, subscriptions, features used or platform preferences, or performance of Qommodity services or products;
Qommodity may also collect customer and systems operations data, which may incidentally contain personal information:
Customer data: Data provided by Qommodity customers (when agreed to by contract with the customer) such as transaction data, invoices or receipts, product inventory, and other customer-provided datasets;
Systems operations: Information related to the use, operation, and performance of Qommodity systems such as log files, event files, and other trace and diagnostic files.
5. FOR WHAT COMMERCIAL OR BUSINESS PURPOSE DO WE USE YOUR PERSONAL INFORMATION
In cases where the processing of personal information is not central to the purposes of processing for the below AI/ML activities, Qommodity will limit the use of personal information when technically possible or feasible. ‘Dataset’ refers to a set of data that may contain this limited personal information.
We use personal information for the following business purposes:
to analyze, develop, improve, and optimize the use, function and performance of Qommodity products and services to provide our customers with a more intelligent experience.
to manage the security of websites, networks and systems and the products and services Qommodity provides to our customers; and
to comply with applicable laws and regulations and to operate our business.
These purposes are described below in further detail.
to analyze, develop, improve, and optimize the use, function and performance of Qommodity products and services to provide our customers with a more intelligent experience
Qommodity will use these datasets for internal research for technological development and demonstration and to improve, upgrade, or enhance Qommodity products and services to provide more intelligent, automated and predictive functionalities.
to manage the security of our sites, networks and systems and the products and services Qommodity provides to our customers
Qommodity processes datasets to detect, prevent, or predict malicious, deceptive, fraudulent, or illegal activity on Qommodity sites, networks, and systems, as well as on Qommodity products and services used by our customers. AI/ML activities, subject to this policy, allow Qommodity to provide more intelligent and predictive functionalities to investigate, prevent, or predict malicious activity, fraud, or bad actors.
to comply with applicable laws and regulations and to operate our business
In some cases, we may process personal information to comply with applicable laws and regulations. For example, to respond to a request from a regulator or to defend a legal claim. We may also process personal information in the operation of our business.
Example: Qommodity may process the datasets to conduct audits and investigations, for finance and accounting, archiving and insurance purposes, or to process individual rights requests.
6. CATEGORIES OF SOURCES OF PERSONAL INFORMATION
7. FOR INFORMATION ABOUT YOU COLLECTED IN THE EU/EEA, WHAT IS OUR LEGAL BASIS
Qommodity will process information about you as may be necessary for internal research for technological development and demonstration and to improve, upgrade, or enhance Qommodity products and services based on our legitimate interests when such processing has a limited privacy impact on the individual. Qommodity will process information about you as may be necessary to detect, prevent, or predict malicious, deceptive, fraudulent, or illegal activity on Qommodity sites, networks, and systems based on our legitimate interests in order for Qommodity to safeguard such systems. Qommodity may also process personal information as necessary for compliance with our legal obligations.
8. FOR WHAT PERIOD DO WE RETAIN INFORMATION ABOUT YOU
9. WHEN AND HOW CAN WE SHARE YOUR PERSONAL INFORMATION
Sharing within Qommodity
As a global organisation, information about you can be shared with other Qommodity entities globally throughout Qommodity’s worldwide organization as needed for the purposes of processing. Qommodity employees are authorized to access personal information only to the extent necessary to serve the applicable purpose(s) and to perform their job functions.
Sharing with or selling with third parties
third-party service providers (for example, IT service providers, lawyers and auditors) in order for those service providers to perform business functions on behalf of Qommodity;
relevant third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings);
as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to government requests, including public and government authorities outside your country of residence, for national security and/or law enforcement purposes.
10. HOW IS PERSONAL INFORMATION PROTECTED GLOBALLY
Qommodity is a global corporation and personal information is processed globally as necessary in accordance with this policy. If personal information is transferred to an Qommodity recipient in a country that does not provide an adequate level of protection for personal information under applicable data protection law in the country where such information was collected, Qommodity will take adequate measures designed to protect the personal information, such as ensuring that such transfers are subject to EU Model Clauses or other adequate transfer mechanism as required under relevant data protection laws.
11. HOW IS INFORMATION ABOUT YOU SECURED
Qommodity has implemented appropriate technical, physical and organizational measures designed to protect personal information against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access, as well as all other forms of unlawful processing.
12. WHAT ARE YOUR PRIVACY RIGHTS
Pursuant to the E.U. General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Brazilian General Data Protection Law (LGPD) and other applicable laws and regulations, individuals in certain jurisdictions may have data subject rights enabling them to opt-out of third party sharing or selling, delete or remove, or request to access and receive a copy of their personal information in Qommodity’s possession or for which Qommodity is otherwise responsible.
Qommodity provides rights to individuals to access, amend, correct, or delete data for personal information that directly identifies such individuals, such as their name or email address.
13. WHAT ARE YOUR RIGHTS UNDER THE CALIFORNIA CONSUMER PRIVACY ACT (CCPA)
If you are a California resident, you may request that we:
1. disclose to you the following information:
the categories and specific pieces of personal information we collected about you and the categories of personal information we sold (see section 4);
the categories of sources from which we collected such personal information (see section 6);
the business or commercial purpose for collecting or selling personal information about you (see section 5); and
the categories of third parties to whom we sold or otherwise disclosed personal information, if applicable (see section 9).
3. opt-out of any future sale of personal information about you, if applicable (see section 12).
We will respond to your request consistent with applicable law. If you are an authorised agent making an access or deletion request on behalf of a Californian resident, please reach out to us and indicate that you are an authorised agent. We will provide you with instructions on how to submit a request as an authorised agent on behalf of a Californian resident.
14. DOES QOMMODITY PROCESS PERSONAL INFORMATION FROM CHILDREN OR OTHER SENSITIVE PERSONAL INFORMATION
We do not knowingly process personal information of children under 16 years of age or personal information that is sensitive or “special” under applicable data protection laws.
Qommodity will not use the personal information processed under this policy to make decisions related to an individual’s eligibility for employment, credit, healthcare, or insurance purposes or to make decisions solely by automatic means where the decision has a legal or significant effect on the individual, or in any way that may or does discriminate against any person or promote bigotry, racism or harm.