Last updated on October 10, 2022
1. Use of Data 🤖
1.1. Customer Data Safeguards
QuickAPI will not sell, rent, or lease Customer Data to any third party. QuickAPI will not share Customer Data with third parties, except when needed to provide, secure, and support the Services as mentioned in this privacy agreement.
1.2. Data Processing Agreement
The Data Processing Agreement constitutes the instructions given by the Customer to QuickAPI regarding the processing of Personal Data, in accordance with GDPR, Article 28. Acceptance of the Data Processing Agreement is a condition precedent to the conclusion of the Terms of Service between the Parties and its entry into force. The Customer, as controller, and QuickAPI, as processor, undertake to respect the Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) or other data privacy or data protection law or regulation that applies to the Processing of Personal Data under this DPA (such laws collectively with GDPR, “Applicable Data Protection Law”). To deliver the Services, QuickAPI collects, processes and produces Customer Data which may include, without limitation, any information relating to an identified or identifiable natural person (‘data subject') where an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to their physical, physiological, mental, economic, cultural or social identity of that natural person (such information, “Personal Data”)
1.3. Hosting and Processing.
Unless otherwise specifically agreed to by the Customer. Customer Data may be hosted by QuickAPI, or its respective authorized third-party service providers, in the European Union or other locations around the world. In providing the Services, QuickAPI will engage entities to process Customer Data, including and without limitation, any Personal Data within Customer Data pursuant to this privacy agreement, within the EU and in other countries and territories. The Services offered by QuickAPI are hosted on Amazon Web Services servers (via Vercel) located in the European Union.
1.3.1 Data ownership.
We understand and respect your ownership of the content you manage and store using our services. As a SaaS provider, we are committed to maintaining your control over your data. We do not take possession of your content, and it remains solely under your ownership. Our role is to provide the necessary infrastructure and tools for you to manage and access your data securely. We prioritize the privacy and security of your information and will not use, share, or access your content except as required to provide our services to you, or as authorized by you for troubleshooting or support purposes.
1.4. Marketing references
The Customer expressly authorizes QuickAPI to quote him and to use, if necessary, the reproduction of his brand or logo as a commercial reference, in particular during events, in its commercial documents, and on its website, in any form whatsoever.
2. Obligations ✅
2.1. Customer's obligations
The Customer is responsible for complying with its obligations as a controller under this DPA and Applicable Data Protection Law, including the lawfulness of disclosing personal information to QuickAPI. The Customer, who collects the Personal Data, remains responsible for informing the persons concerned of the transfer and processing of said data by QuickAPI, whose responsibility, as a subcontractor of the processing, can only be engaged within this limit.
3. QuickAPI's obligations
QuickAPI will do its best efforts to:
- ● process the personal data only on documented instructions from the Customer;
- ● ensure that employees and contractors authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
- ● considering the nature of the processing, assist the controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Customer's obligation to respond to requests for exercising the data subject's rights. QuickAPI acknowledges that it is solely the responsibility of the Customer to respond to the requests of the data subjects;
- ● assist reasonably the Customer in ensuring compliance with the obligations pursuant to security, personal data breach, data protection impact assessment and prior consultation, considering the nature of processing and the information available to QuickAPI
- ● at the choice of the Customer, communicated to QuickAPI in writing, delete or return all the personal data to the Customer after the end of the provision of services relating to processing, and delete existing copies unless Union or Member State law requires storage of the personal data;
- ● notify the Customer without undue delay after becoming aware of a personal data breach. QuickAPI acknowledges that it is solely the responsibility of the Customer to notify the personal data breach to the supervisory authority competent and communicate the personal data breach to the data subject.
QuickAPI is authorized by the Customer to use sub processors for the performance of his contractual obligations, including the processing of personal data, provided that QuickAPI has concluded a written or electronic agreement with the subcontractor guaranteeing a level of protection equivalent to the level provided for in the DPA and, at the Customer's request that main dispositions of this agreement be communicated to him. QuickAPI must inform the Customer of any intended changes concerning the addition or replacement of a sub-processor, it is understood that the Customer may object to such changes if this subcontractor does not comply with GDPR mandatory dispositions, within eight days of being informed.
The Customer will continue to retain its ownership rights to all Customer Data processed under the Terms of Service and QuickAPI will own all Usage Data.
6. QuickAPI's Use of Data
QuickAPI may receive, collect, store and process Customer Data based on the contract concluded by the Parties and on QuickAPI's legitimate interest in operating the Services. For example, QuickAPI may collect Personal Data (such as name, phone number, or credit card information) through the account activation process. QuickAPI may also use Customer Data in an anonymized manner, such as conversion to a numerical value, to train the machine learning models to support certain features and functionality within the Services.