QTurn Privacy Shield Privacy Policy​ DRAFT

[Pending Certification]

I. Notice Principle.

QTurn management, staff, and consultants are committed to complying with the EU-US Privacy Shield Framework and corresponding Privacy Shield Principles ([pending certification]), administered by the International Trade Administration (ITA) in the U.S. Department of Commerce, as well as with the EU Data Protection Authority panel and the General Data Protection Regulation (GDPR), regarding the collection, use, and retention of personal information transferred to QTurn from the European Union, the United Kingdom, or anywhere else in the world. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

QTurn participates [pending certification] in the Privacy Shield framework ([pending certification]), which can be verified by consulting the Privacy Shield List ([pending certification]).

II. Choice Principle.

Individuals who have provided data used by QTurn have the right to choose whether or not their personal data (a) is disclosed to a third party for uses other than the purpose(s) for which it was originally collected (e.g., program evaluation) or (b) used for a purpose that is materially different from the purpose(s) for which it was originally collected. QTurn never uses, or discloses to a third party for their use, any individual’s data for purposes (e.g., marketing) other than for which it was originally collected.

III. Onward Transfer Principle.

We do not disclose PII to third parties, and third parties (e.g., data analytic consultants) who may process de-identified (aka, anonymized) program evaluation data are required and contracted to commit and adhere to the same Privacy Shield principles used by all QTurn management, staff, and consultants. In the event that QTurn transfers any personal information onward to third-party consultants, QTurn retains responsibility and liability for that third-party’s compliance with all Privacy Shield principles.

IV. Security Principle.

We do not collect personal information from people who visit our website. Any personal information we collect or process pertains only to the organizations or people who participate in the research or continuous quality improvement processes involving educational activities related to schooling, out-of-school time programs, or home health and education services. These data generally include information about the continuous quality improvement behavior of program staff (e.g., reviewing program policies and planning with data) and the socio-emotional behavioral skills (e.g., emotion management and teamwork) of children and youth who participate in these programs that are typically used for purposes of program evaluation. All such data are stored in electronic files saved to QTurn’s password-protected server and processed on password-protected computers.

QTurn reserves the right to disclose personally identifiable information in response to lawful requests by public authorities, as required by law (e.g., where complying with a court order or other legal proceeding served on QTurn).

V. Data Integrity and Purpose Limitation Principle.

As standard practice, we require incoming datasets to be void of personally identifiable information (pii) and, otherwise, remove all pii prior to analyzing the data. In cases where tracking organizations or people over time is required, we ask data controllers to assign unique identification codes to organizations and people and retain in a secure location any pii related to these organizations and people that are necessary for subsequently matching organizations or people to their corresponding identification codes. If the data controller fails to complete this process for data received by QTurn, we complete this process and store the matching information in a password-protected file, in a password-protected folder, on a password-protected server, each of which is accessible only to QTurn management.

We process all data only for the purposes for which the data were collected (e.g., program evaluation) and retain these data only for as long as required to complete a given project.

VI. Access Principle.

Individuals who have provided data used by QTurn have the right to access, correct, amend, or delete information controlled or processed by QTurn that is inaccurate or has been processed in violation of the Privacy Principles. Individuals who wish to access, correct, amend, or delete their data from files controlled or processed by QTurn should send such requests to QTurn via the following contact page: www.qturngroup.com/contact-us/

VII. Recourse, Enforcement and Liability Principle.

Inquiries or complaints about our use of any personal data should be directed to our Independent Recourse Mechanism service: https://www.jamsadr.com/eu-us-privacy-shield. This service is an independent dispute resolution provider based in the United States and is free of charge. Our business, consulting, and research operations are subject to the investigatory and enforcement powers of the FTC (Federal Trade Commission). Individuals whose personal data is controlled or processed by QTurn have, under certain conditions, the right to invoke binding arbitration for complaints regarding Privacy Shield compliance that were not resolved by any of the other Privacy Shield mechanisms described in this privacy policy (see Annex I of the Privacy Shield Framework for additional information: https://www.privacyshield.gov/article?id=ANNEX-I-introduction).