The policy covers both Quest and One Identity and is effective for all sites, portals or properties owned or managed by either Quest or One Identity or associated with Products designated with either a “powered by Quest” or “powered by One Identity” logo. References to Quest in this policy document should be read to include One Identity unless the context requires otherwise.
When you use our Website we may seek your explicit consent to process Personal Data we collect or that you voluntarily provide. In case you do not grant the requested consent for the processing of your Personal Data or if you later inform Quest (in accordance with the “Contact Us” section below) that you do not want Quest to further process your Personal Data, any further use of certain offerings or services of Quest may be either prevented or limited in scope.
When do we collect Personal Data?
We may ask you to provide your Personal Data when you:
Personal Data We Collect
Quest collects and processes Personal Data in multiple ways from visitors to this Website whether or not they subscribe to our products. For example, when someone subscribes to an online product or service we collect that person’s (“Subscriber’s”) first and last name as well as their company’s name, email, and phone number. Once registration is complete we collect similar information from the person designated by the Subscriber as the designated administrator for the subscription. That administrator may share additional end user information in order to enable Subscriber’s end users to use the subscribed service. In all of this, however, it is the Subscriber who is responsible for notifying their end users that their information may be collected and shared with Quest as part of their use of the Service.
Mobile: When you download and use Quest services (including SaaS services) we automatically collect information on the type of device you use, the frequency of usage, application version, operating system version, the time it been used, and the device location.
Recruiting and hiring: We process your Personal Data, such as contact, job applicant data and biographical data, to assess your application and to evaluate and improve our recruitment system, our application tracking and our recruitment activities. You may also provide us with sensitive information like your Social Security Number or government identifier and other Personal Data in connection with your job application. We may use your Personal Data to communicate with you regarding your application for employment in connection with opportunities at Quest that appear over time that we believe may be of interest to you. We also use your Personal Data to send you new hire and employee experience information. We may verify your information, including through reference checks and, where allowed, background checks. Quest and our third party utility-tracking partners gather certain information automatically and store it in log files. This information includes Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data.
How We Use Personal Data
We use your Personal Data to:
Quest uses Google Analytics and services like AdRoll to advertise online. Third-party vendors, including Google, show our ads on sites across the Internet. Quest and third-party vendors, including Google, use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimize, and serve ads based on your past visits to our website. You may opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using Google’s Ads Preferences Manager.
Sharing Your Information
We may share Personal Data with our affiliated and subsidiary companies or Business Partners to carry out transactions you request, to make our business more responsive to your needs, to provide you with information about our products and services, or for research and analysis. In addition, we or our affiliates may share your information with our Business Partners for the purposes of credit card processing when you register for subscription plans.
Our credit card processing intermediary is not permitted to store, retain or use your billing information except for the limited purpose of credit card processing on our behalf. We may transmit Personal Data to third party vendors and hosting partners that provide the necessary hardware, software, networking, storage, and other technology and maintenance services required to operate and maintain this Website and any services, including SaaS that we provide. Transfers to any third parties are covered under the provisions in this Policy and the service agreements with our clients.
We may also share Personal Data with Business Partners that help us customize, analyze and/or improve our communications or business relationship with you. These communications may include requests relating to our products or services, including SaaS services. As an example, we may share Personal Data to a payment processor who will bill you for services or an email service provider to send out emails on our behalf. In these (and other similar) instances, we will only share Personal Data with Business Partners who share our commitment of protecting your Personal Data and who have agreed in writing to provide protection to your Personal Data that is both in compliance with legal requirements and commensurate with the protections we ourselves provide. We will not disclose Personal Data to third parties for their own marketing purposes in absence of your consent.
Except as described in this Policy, Quest will not give, sell, rent, share or loan any personal information to any third party other than as outlined in this Policy. More specifically, here are the reasons and circumstances where we share your Personal Data:
Quest takes its responsibility for managing security and compliance very seriously and has established policies, processes and controls designed to ensure the protection of your Personal Data, including a variety of security strategies intended to prevent unauthorized access to your Personal Data. These policy statements and security strategies are explained and described on our website at: www.quest.com/legal.
Quest evaluates and responds to reports of incidents that might involve unauthorized access to Personal Data. If we become aware that Personal Data has been compromised or mishandled, we report any such action or activity to you in accordance with prevailing legal and/or contractual requirements.
We may aggregate or de-identify information (including Personal Data) so that it does not identify you and then share that de-identified (and therefore no longer personal) data with third parties, either on its own or with other non-personal data.
Selecting Your Communication and Marketing Preferences
You may choose to receive or not receive marketing communications from us by indicating your preferences on this Website. If you would prefer not to receive future marketing communications or wish to change or modify information previously provided or delete inaccuracies, please contact us at email@example.com. Upon receipt of your request, your information will be updated as soon as possible, but no later than ten (10) days after our receipt of your request. We will respond to all requests for access to your Personal Data within 30 days.
We will retain your Personal Data for as long as your account is active or as needed to provide you services and as necessary to comply with our legal, regulatory or compliance obligations. Even if you opt out of receiving marketing communications, we may still communicate with you in connection with servicing any existing account you may have, fulfilling a request from you, or administering any promotion or any program in which you may have elected to participate.
Targeted Email Marketing
Some marketing you receive, including email marketing, may also be personalized to you based on your visits to this Website and your browsing and purchase history with us. In addition, when you click on some links in email marketing our email service provider may place a cookie on your browser. This cookie would be linked to your email address and used to gather information about the products and services you view on this Website. Information gathered in this way may be used to personalize and customize future email marketing messages you receive. You may opt out of this use by clicking on the unsubscribe link provided in every personalized email marketing message you receive from us.
Collection and Use of Children's Personal Data
We take children's privacy seriously. We do not knowingly collect Personal Data from children under the age of 13 through this Website. If you are under 13 years of age, please do not submit any Personal Data through this Website without the express consent and participation of a parent or guardian.
Targeted Display Advertising
Third Party Advertising
Adobe: Information regarding the privacy and data collection practices for Omniture.com (offered by Adobe) is located at https://www.omniture.com/en/privacy/policy.
AppNexus: Information regarding the privacy and data collection practices for AppNexus is located at https://www.appnexus.com/privacy-policy.
Demandbase: Information regarding the privacy and data collection practices for Demandbase is located at https://www.demandbase.com/privacy-policy/.
ELOQUA: Information regarding the privacy and data collection practices for Eloqua is located at https://www.eloqua.com/trust/Privacy_Policy.html.
Facebook: Information regarding the privacy and data collection practices for Facebook is located at https://www.facebook.com/policy.php.
Gainsight Information regarding the privacy and data collection practices for Gainsight is located at https://www.gainsight.com/policy/privacy/.
Google & DoubleClick: Information regarding the privacy and data collection practices for DoubleClick (offered by Google) is located at https://www.google.com/privacy/privacy-policy.html.
LeadLander: Information regarding the privacy and data collection practices for LeadLander is located at https://www.leadlander.com/privacy.html.
Marketo: Information regarding the privacy and data collection practices for Marketo is located at https://www.marketo.com/privacy.php.
MediaMath: Information regarding the privacy and data collection practices for MediaMath is located at https://www.mediamath.com/privacy-policy/.
New Relic: Information regarding the privacy and data collection practices for New Relic is located at https://newrelic.com/termsandconditions/privacy.
Quantcast: Information regarding the privacy and data collection practices for Quantcast is located at https://www.quantcast.com/how-we-do-it/consumer-choice/privacy-policy.
Spiceworks: Information regarding the privacy and data collection practices for Spiceworks is located at https://www.spiceworks.com/privacy/.
theTradeDesk: Information regarding the privacy and data collection practices for theTradeDesk is located at https://www.thetradedesk.com/privacy-policy/
“Do Not Track” Signals
Cookies and Web Beacons
You have the ability to accept or decline cookies. Many web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies, if you prefer. If you choose to decline cookies, you may not be able to sign in or use other interactive features of this Website and services that depend on cookies. The Help portion of your web browser, most likely found on the toolbar, typically tells you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.
How We Use Web Beacons
We or our Business Partners may use web beacons on this Website, in our email messages, in our advertisements on other websites, or in our advertisements in others' email messages. Similarly, third parties whose content or advertisements appear on this Website may also place web beacons in their ads or emails for the purposes of measuring the effectiveness of the content, advertisements or email messages.
A web beacon is an electronic image that can be used to recognize a cookie on your computer when you view a web page or email message. Web beacons help us measure the effectiveness of this Website and our advertising in various ways. For example, web beacons may count the number of individuals who visit this Website from a particular advertisement or who make a purchase from this Website after viewing a particular advertisement or they may tell us when a web page is viewed and provide a description of the page where the web beacon is placed. Web beacons may also measure the effectiveness of our email campaigns, by counting the number of individuals who open or act upon an email message, determining when an email message is opened and determining how many times an email message is forwarded.
The information we collect through web beacons may include some limited Personal Data, and web beacons allow us to recognize users by accessing our cookies. We may also combine the information that we collect through web beacons with other information we have collected from you. We use all of this information to better tailor our marketing communications to you and we may use this information for other purposes, such as to enable a shopping cart, customize content on this Website and undertake internal research.
We prohibit web beacons on this Website from being used by third parties to access Personal Data. We may allow Business Partners to compile individual information or aggregated (anonymous) statistics from the use of web beacons on this Website to determine the effectiveness of online marketing and to develop statistics related to purchase activity or any other action on the advertiser's site. Aggregate information may include demographic and usage information, but no Personal Data about you is shared with Business Partners for this research.
You can make some web beacons unusable by rejecting cookies in your web browser and you can always change your preferences in the Cookie Preference Center.
How We Secure Personal Data
We are committed to protecting the security of Personal Data. We use a variety of security technologies and procedures to help protect Personal Data from unauthorized access, use and disclosure. When you provide us with sensitive Personal Data (such as financial information) we encrypt that information via SSL. While we strive to protect your Personal Data, we cannot ensure or guarantee that the Personal Data or private communications you transmit to us will always remain confidential, and you do so at your own risk. If you have any questions regarding security you can contact us at firstname.lastname@example.org.
We and our affiliates maintain reasonable security measures to protect your information from loss, destruction, misuse, unauthorized access or disclosure. When you enter sensitive information (such as your login information) on our Website or connect to our Service, we may encrypt the transmission of that information. If you have any questions about security on our Website, you may contact us at email@example.com
When we use your Personal Data in connection with a SaaS product or service, the data will most often be encrypted both in transit and at rest. When we do engage third party providers for various services, including cloud hosting services for certain aspects of our offerings, we rely on the public policies and protections of those globally available services for the protections we apply to your Personal Data. For a breakdown of the policies of our primary cloud hosting service providers, please visit the Security Guide(s) for the products you are purchasing or using.
This Website offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your Personal Data from our blog or community forum, contact us at firstname.lastname@example.org. In some cases, we may not be able to remove your Personal Data, in which case we will let you know if we are unable to do so and why.
Transfer of Personal Data
Personal Data we collect may be stored and processed in the United States or any other country in which the entities represented by our affiliates and subsidiary companies or Business Partners maintain facilities. We provide appropriate levels of protection to safeguard your Personal Data including providing adequate protection for any transfer of Personal Data to a country outside the EU/EEA. These safeguards include data protection agreements, incorporating the new EU standard contractual clauses (standard contractual clauses between controllers and processors under Article 28(7), Article 6(1)(a) and Article 6(1)(f) of Regulation (EU) 2016/679 of the European Parliament and of the Council and Article 29(7) of Regulation (EU) 2018/1725 of the European Parliament and of the Council).
Right of access: You have the right to gain access to information about the personal data that we process about you. Should you have any questions regarding the processing or want more insight into the personal data we process from you, you are always welcome to contact us and we will provide you with further information.
Right to rectification: You have the right to get your personal data updated or corrected. Upon your request to us, we will promptly correct your information inaccurately stored by us and/or supplement incomplete personal data completed by including a supplementary statement provided by you.
Right to erasure/right to be forgotten: You have the right to request of us to permanently delete your personal information. You can make such a request if you for example believe that the personal data are no longer necessary in relation to the purpose for which the personal data were collected or otherwise processed.
Right to restrict the processing activities: You have the right to restrict our processing activities. If you choose to restrict our processing activities regarding certain personal data, note that you may not be able to use our Website properly.
Right to data portability: You have right to transfer your Personal Data, when possible.
Right to object: You have the right to object to the processing of your Personal Data that is carried out on the basis of legitimate interests, such as direct marketing.
Right Not to be Subject to Automated Decision-Making: You have the right not to be subject to automated decision-making, including profiling, which produces legal effects. We and our affiliates do not currently engage in the foregoing on our websites or in our products and services.
If you are unsatisfied with the way we treat your Personal Data, you may reach out to us at all times to discuss the issue. However, you always have the right to lodge a complaint to a supervisory authority.
Your California Privacy Rights
The California Consumer Privacy Act of 2018 (“CCPA”), gives California residents certain rights relating to the way we collect, disclose, and use your Personal Data. At Quest, we do not sell Personal Data.
We do, however support the following:
Any of these requests can be completed simply by visiting preferences.quest.com/privacy and submitting the request on that site.
Privacy Shield Frameworks
We participate in and are certified for compliance with both the EU-U.S. Privacy Shield Framework and the Swiss-US Privacy Shield Framework (collectively, the “Frameworks”) for our OneLogin-branded products. We are committed to subjecting all Personal Data received from European Union (EU) member countries, United Kingdom, and Switzerland, in reliance on the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework, respectively, to the Frameworks’ applicable Principles. To learn more about the Privacy Shield program, and view our certifications, visit the U.S. Department of Commerce’s Privacy Shield List, https://www.privacyshield.gov/list.
Under the Frameworks, we are responsible for the processing of Personal Data that we receive from our OneLogin customers and subsequently transfer to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU, United Kingdom (UK), and Switzerland, including the onward transfer liability provisions.
With respect to Personal Data received or transferred pursuant to the Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield Website, https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted. Privacy Shield is no longer valid as a data transfer mechanism under the current European law relating to privacy and the protection of Personal Data. Nonetheless, we retain the certification as evidence of our commitment to providing appropriate safeguards.
Page last reviewed March 22, 2022.