Qreli LLC (“Qreli” or “we” and its derivatives) is committed to safeguarding your privacy. This Privacy and Cookie Policy (the “Policy”) describes our policies and procedures regarding the collection, use and disclosure of information we obtain through the webapp at https://Qreli.com, apps created by users and hosted by Qreli (“Qreli Apps”), the store we operate for the convenience of our users that lets them license apps and assets from each other for use with Qreli Apps (“User Components”), and any other online or mobile services we may provide (all the above, collectively, the “Qreli Service”). Please read the following information carefully to understand our views and practices regarding your personal data and how we will treat it.

To use the Qreli Service, you must consent to the terms of this Policy and the Qreli Terms of Service, which is incorporated by reference, by clicking the checkbox “I agree” to accept the Qreli Terms of Service and Privacy Policy below.


1. DEFINITIONS

As used in this Policy, a “Direct User” is an individual who has an account with Qreli and can build a Qreli App, and an “End User” is an individual who accesses a Qreli App, but who has not registered with Qreli. Except where specified below, this Policy applies equally to both Direct and End Users.


2. IMPORTANT INFORMATION

WHO WE ARE. For the purpose of applicable data protection legislation, the data controller of your personal data is Qreli LLC of 8 The Green, Suite A Dover, DE 19901. 

MUST READ SECTIONS: We draw your attention in particular to the sections entitled “INTERNATIONAL DATA TRANSFER” and “YOUR RIGHTS.”

CHANGES TO THIS POLICY: We will post any modifications or changes to the Policy on the Qreli Service. We reserve the right to modify the Policy at any time, so we encourage you to review it frequently. The “Last Updated” legend above indicates when this Policy was last changed. If we make any material change(s) to the Policy, we will notify you via email or post a notice on Qreli.com prior to such change(s) taking effect.


3. LEGAL BASES FOR PROCESSING EU PERSONAL DATA

We use your personal information only as permitted by law. Our legal bases for processing the personal data described in this Policy are as follows:

• Legal compliance: We may need to collect, use, and otherwise process your personal data to comply with our legal obligations, such as regulatory monitoring and reporting obligations.

• Legitimate interests: We may process your personal data where we have a legitimate interest in doing so, provided that our interests are not outweighed by any potential impact of the processing on you, or your fundamental rights and freedoms.

• Contract: We may need to process your personal data to perform a contract with you or to take steps that you have requested prior to entering into the contract.

• Necessity: We may need to process your personal data to protect your vital interests, or those of another person.

• Consent: In some cases, we may rely on your consent to process your personal data. Where we rely on your consent, you have the right to withdraw it at any time in the manner indicated when we requested the consent or by contacting us as described in this Policy.


4. ARTICLE 27 REPRESENTATIVE

Please contact legal @ qreli . com for details.

5. NOTICE ON EU-US DATA PRIVACY FRAMEWORK; UK EXTENSION AND SWISS-US DATA PRIVACY FRAMEWORK

Qreli complies with (i) the EU-U.S. Data Privacy Framework (EU-U.S. DPF), (ii) the UK Extension to the EU-U.S. DPF, and (iii) the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) (collectively, the ”Data Privacy Framework”)* as set forth by the U.S. Department of Commerce. Qreli has certified to the U.S. Department of Commerce that Qreli adheres to (i) the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the EU in reliance on the EU-U.S. DPF, and (ii) from the UK (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF, and (iii) the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF (collectively, the “DPF Principles”). If there is any conflict between the terms in this Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF), and to view our certification, please visit https://www.dataprivacyframework.gov/.

As described in the Privacy Shield Principles (https://www.privacyshield.gov/article?id=Requirements-of-Participation), Qreli is accountable for personal data that it receives and subsequently transfers to third parties. If third parties that process personal data on our behalf do so in a manner that does not comply with the Privacy Shield Principles, we are accountable, unless we prove that we are not responsible for the event giving rise to the damage. The types of third parties with which we may share your personal data are set out in the section of this Policy entitled “HOW QRELI MAY SHARE YOUR INFORMATION.” The categories of personal data Qreli may receive, as well as the purposes for which Qreli collects and uses the personal data, are set out in other sections of this Policy, including in those entitled “HOW WE COLLECT YOUR INFORMATION” and “HOW QRELI USES YOUR INFORMATION.”

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Qreli is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Qreli may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

You may have the right to access your personal data and request that we correct, amend, delete it if it is inaccurate or processed in violation of the Privacy Shield Framework. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of a third party. To request access to, correction, amendment, or deletion of your personal data, submit a written request to the contact information provided below. We may request specific information from you to confirm your identity.

You may also choose to change personal data or deactivate your account by contacting us using the contact details below. You can also unsubscribe from our marketing communications by following the instructions or unsubscribe mechanism in our marketing e-mails.

In compliance with the Privacy Shield Principles, Qreli commits to resolve complaints about our collection or use of your personal data. EEA, UK and Swiss users with inquiries or complaints regarding this Policy should first contact us by email at legal @ Qreli . com, or please write to the following address:

Qreli LLC
8 The Green, Suite A
Dover, DE 19901
ATTN: Legal

Qreli has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning non-human resource data transferred from the EU and Switzerland.

Additionally, under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. These conditions are more fully described on the Privacy Shield webapp: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2

We may amend this Notice on EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield from time to time consistent with Privacy Shield requirements.

*We will not rely on the Swiss-U.S. Data Privacy Framework until it enters into force, but we adhere to their required commitments in anticipation of their doing so.


6. HOW WE COLLECT YOUR INFORMATION

Information You Provide. 

We collect personal data from Direct Users when they register to use the Qreli Service, post content on the Qreli Service (such as in forums), or communicate with us (e.g., through the “Contact” page on our app, or when requesting customer service or technical support), make purchases through the Qreli Service, or provide us with feedback about the Qreli Service.

We may also collect personal data at other points in the Qreli Service when clearly identified.
 

We do not collect personal data directly from End Users unless they contact us (i.e., through the “Contact” page on our app or to provide feedback about the Qreli Service). Each individual operator of a Qreli App determines what End User information is required to operate their Qreli App, is required to comply with all applicable laws respecting the treatment of such information and is responsible for all use of such information. However, because Qreli Apps run on our infrastructure, the “Information Collected via Technology” section below applies equally to End Users and Direct Users.

Registration. To create an account, Direct Users need to provide an email address and password. Direct Users may provide other optional information, such as profile photos, their location, or job title, and, if signing up for a paid account, will have to provide payment information to our third party payment provider, subject to the terms below. Direct Users may always go to the Profile section of the Qreli Service to update, change, or remove their information.
Qreli Apps. We do not collect or use End User personal data, except to provide customer support, respond to direct requests, or as automatically collected through technical means as set forth below. As noted above, the operators of Qreli Apps may collect and use the information of End Users of their apps, including personal data and content posted to Qreli Apps. Qreli does not control or monitor such collection and usage.

Qreli Store. We do not collect any personal data in the course of operating the Qreli Store, but in order to make available or license User Components on the Qreli Store, you must be a Direct User who has submitted payment information to our third party payment processor. Certain Direct User account information (including account name or other personal data) may be made available to the buyer and seller involved in a Qreli Store transaction. Qreli does not control or monitor the use of such information by participants in a Qreli Store transaction.


Information Collected via Technology

Information Collected by Our Servers. To make the Qreli Service more useful to you, our servers (which may be hosted by a third party service provider) collect information from you, which may include your browser type, operating system, Internet Protocol (“IP”) address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session), domain name, geographic location, and/or a date/time stamp for your visit. 

Log Files. As is true of most webapps, we gather certain information automatically and store it in log files. This information may include IP addresses, browser type, Internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, data typed into the app, and clickstream data. We use this information to analyze trends, administer the Qreli Service, track users’ movements around the Qreli Service, gather demographic information about our user base as a whole, and better tailor the Qreli Service to our users’ needs. For example, certain information may be collected so that when you visit the Qreli Service again, it will recognize you and remember preferences (such as previous User Components viewed or licensed from the Qreli Store). Except as noted in this Policy, we do not link this automatically-collected data to personal data.

How We Respond to Do Not Track Signals.  We do not currently respond to “do not track” signals or other mechanisms that might enable you to opt out of tracking on our app. To find out more about “do not track,” please visit http://www.allaboutdnt.com.

Mobile Services. We may also collect non-personal data from your mobile device if you access the Qreli Service from your mobile device. This information is generally used to help us deliver the most relevant information to you. Examples of information that may be collected and used include your geographic location and information about the type of device you use. In addition, if the Qreli Service crashes on your mobile device, we may receive information about your mobile device model software version and device carrier, which allows us to identify and fix bugs and otherwise improve the performance of the service. This information is sent to us as aggregated information and cannot be used to identify an individual. 

Analytics Services. In addition to the tracking technologies we place, other companies may set their own Cookies or similar tools when you use the Qreli Service. This includes third party analytics services, such as Google Analytics (“Analytics Services”), that we engage to help analyze how users use the Qreli Service, as well as third parties that deliver content or offers. We may receive reports based on these parties’ use of these tools on an individual or aggregate basis. We use the information we get from Analytics Services only to improve the Qreli Service. The information generated by the Cookies or other technologies about your use of the service (the “Analytics Information”) is transmitted to the Analytics Services. The Analytics Services use Analytics Information to compile reports on user activity. The Analytics Services may also transfer information to third parties where required to do so by law, or where such third parties process Analytics Information on their behalf. Each Analytics Services’ ability to use and share Analytics Information is restricted by such Analytics Services’ Terms of Use and Privacy Policy. By using the Qreli Service, you consent to the processing of data about you by Analytics Services in the manner and for the purposes set out above. See https://Qreli.com/terms Subprocessors tab for a full list of Analytics Services. We may also partner with ad companies to support our marketing efforts, including by serving you ads better tailored to your likely interests. If you don’t want to take advantage of these services, you can opt-out by visiting http://www.aboutads.info/ or http://networkadvertising.org/choices/, or if you are located in the EU, http://www.youronlinechoices.eu/. 

SNS Log In. Direct Users may use certain social media app (“SNS”) credentials to log into the Qreli Service. In such case, we collect personal data from the social media webapp. For example, when you log in with your Google credentials, we may collect the personal data you have made publicly available in Google, such as your email address, name, and profile picture or logo. You agree that you are solely responsible for your use of an SNS and that it is your responsibility to review the terms of use and privacy policy of such SNS. Any information that we collect from an SNS account will depend on the privacy settings you have with that SNS, so please consult the SNS’ privacy and data practices. We will not be responsible or liable for: (a) the availability or accuracy of such SNS; (b) the content, products or services on or availability of such SNS; or (c) your use of any such SNS. You can revoke our access to this information anytime by amending the appropriate settings from within your account settings on the applicable SNS.


Cookies

Like many online services, we use Cookies to collect information. “Cookies” are small pieces of information that a webapp sends to your computer’s hard drive while you are viewing the webapp. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them).

We use two broad categories of Cookies: (1) first party Cookies, served directly by us to your computer or mobile device, which are used only by us to recognize your computer or mobile device when it revisits the Qreli Service; and (2) third party Cookies, which are served by service providers on the Qreli Service, and can be used by such service providers to recognize your computer or mobile device when it visits other webapps.

Qreli uses Cookies to verify that you are properly signed in, to display information for your primary location, and to provide information about your Qreli Apps (if applicable). We may also use Cookies from time to time to measure your response to new aspects of the Qreli Service and/or emails in an effort to continually improve customer service and the Qreli Service. Please be aware that a Cookie cannot spread computer viruses, retrieve any other data from your hard drive, or capture your email address.

Cookies we use. The Qreli Service uses the following types of Cookies for the purposes set out below.

a. Essential Cookies. These Cookies are essential to provide you with services available through our Services and to enable you to use some of its features. For example, they allow you to log in to secure areas of our Services and help the content of the pages you request load quickly. Without these Cookies, the services that you have asked for cannot be provided, and we only use these Cookies to provide you with those services.

b. Functionality Cookies. These Cookies allow our Services to remember choices you make when you use our Services, such as remembering your language preferences, remembering your login details and remembering the changes you make to other parts of Services which you can customize. The purpose of these Cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Services.

c. Analytics and Performance Cookies. These Cookies are used to collect information about traffic to Services and how users use our Services. The information gathered does not identify any individual visitor. The information is aggregated and anonymous. It includes the number of visitors to our Services, the webapps that referred them to our Services, the pages they visited on our Services, what time of day they visited our Services, whether they have visited our Services before, and other similar information. We use this information to help operate our Services more efficiently, to gather broad demographic information and to monitor the level of activity on our Services.
We use Google Analytics, June, and other third party analytics services for this purpose. Google Analytics and June use their own cookies. They are only used to improve how our Services works. You can find out more information about Google Analytics Cookies here: https://developers.google.com/analytics/resources/concepts/gaConceptsCookies. You can find out more about how Google protects your data here: www.google.com/analytics/learn/privacy.html.
You can find out more information about June cookies and how they protect your data here: https://help.june.so/en/articles/6823521-privacy-policy.
You can prevent the use of Google Analytics relating to your use of our Services by downloading and installing the browser plugin available via this link: http://tools.google.com/dlpage/gaoptout?hl=en-GB.
June does not appear to provide an opt-out link for its cookies.

d. Social Media Cookies. These Cookies are used when you share information using a social media sharing button or “like” button on our Services or you link your account or engage with our content on or through a social networking webapp such as Facebook, Twitter, or Google+. The social network will record that you have done this.

Disabling Cookies. You can typically remove or reject Cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings,” “help” “tools” or “edit” facility). Many browsers are set to accept Cookies until you change your settings. 
Further information about Cookies, including how to see what Cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org and www.youronlinechoices.com.uk.

Direct Users must accept Cookies in order to access certain features of the Qreli Service. You can erase or block Cookies from your computer if you wish to do so (your internet browser help screen or manual will thoroughly explain this process), but certain parts of the Qreli Service will not work correctly or at all if your browser is set to not to accept Cookies.


Pixels

We may also use pixel tags (which are also known as web beacons and clear GIFs) on the Qreli Service to track the actions of users on our Services. Unlike Cookies, which are stored on the hard drive of your computer or mobile device by a webapp, pixel tags are embedded invisibly on webpages. Pixel tags measure the success of our marketing campaigns and compile statistics about usage of the Qreli Service, so that we can manage our content more effectively. With the exception of the Facebook Pixel (see below), the information we collect using pixel tags is not linked to our users’ personal data.
Qreli may use the Facebook Pixel to gather information about your activities on the Qreli Service in order to provide you with tailored Qreli ads. For example, if you sign up for Qreli, you may see a Qreli ad on your Facebook newsfeed. Facebook’s use of information collected is set forth in its Privacy Policy (https://www.facebook.com/policy.php). You may opt out of Facebook’s interest-based ads here (https://www.facebook.com/about/ads/#568137493302217).


Automated decision-making or profiling

We do not use your personal data for the purposes of automated decision-making. However, we may do so in order to fulfill obligations imposed by law, in which case we will inform you of any such processing and provide you with an opportunity to object.


7. HOW QRELI USES YOUR INFORMATION

Personal Data. In general, we use personal data either to deliver the Qreli Service or respond to requests that you make. We use your personal data in the following ways: 
• facilitate the creation and securing of your account (Direct Users only);
• identify you as a user of the Qreli Service;
• operate, maintain, and provide improved administration of the Qreli Service;
• improve the quality of experience when you interact with the Qreli Service;
• manage your account, including to send you administrative e-mail notifications, such as security or support and maintenance advisories (Direct Users only);
• respond to your comments and inquiries related to employment opportunities or other requests and to provide customer service; and with your consent, send newsletters, surveys, offers, including information about products and services offered by us and our affiliates, and other promotional materials related to the Qreli Service and for other marketing purposes of Qreli to Direct Users. You may opt-out of receiving such information at any time: such marketing emails tell you how to opt-out. Please note, even if you opt-out of receiving marketing emails, we may still send you non-marketing emails. Non-marketing emails include emails about your account with us (Direct Users only) and our business dealings with you.
• process payments you make via the Qreli Service
• as we believe necessary or appropriate (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities; (c) to enforce our Policy; and (d) to protect our rights, privacy, safety or property, and/or that of you or others; and
• as described in the Section entitled “HOW QRELI MAY SHARE YOUR INFORMATION” below.

Anonymous Data. We may create anonymous data about both Direct Users and End User by excluding information (such as your name) that makes the data personally identifiable to you. We use this anonymous data to analyze request and usage patterns so that we may enhance the content of the Qreli Service. We may use anonymous data and aggregated and other de-identified information for any purpose and disclose anonymous data to third parties in our sole discretion.


8. HOW QRELI MAY SHARE YOUR INFORMATION

With Third Parties designated by you. We may share your personal data with third parties where you have provided your consent to do so. 

With Third Parties. We may share your personal data with third party service providers (“Subprocessors”) to provide you with the Qreli Service, to conduct quality assurance testing, to facilitate creation of accounts, to provide technical support, to conduct data analysis, to process payments, to provide information technology and related infrastructure provision, customer service, email delivery, and/or to provide other services. These Subprocessors are only permitted to use your personal data to the extent necessary to enable them to provide their services to us. They are required to follow our express instructions and to comply with appropriate security measures to protect your personal data. Click here for a full list of Subprocessors: https://Qreli.com/terms (Subprocessors tab).

We use Stripe, a third party payment processor, to process payments made through the Qreli Service and Qreli Store. In connection with the processing of such payments, we do not retain any personally identifiable information or any financial information such as credit card numbers. Rather, all such information is provided directly to Stripe, whose use of your personal data is governed by their privacy policy, which may be viewed at https://stripe.com/us/privacy.

Posting on the Qreli Service. You may share personal data with us when you submit user generated content to the Qreli Service, including via reviews of User Components within the Qreli Store. Please note that any information you post or disclose on the Qreli Service will become public information, and will be available to other users of the Qreli Service and to the general public.

We urge you to be very careful when deciding to disclose your personal data, or any other information, on the Qreli Service. Such personal data and other information will not be private or confidential once it is published on the Qreli Service. Qreli is not responsible for how others use such information. If you post personal data, even if you later remove it, other individuals who saw that personal data may retain copies of it through other means than the Qreli Service. We or our Direct Users may occasionally reproduce, publish, and distribute content from reviews in the Qreli Store in any forum. 

If you provide feedback to us, we may use and disclose such feedback on the Qreli Service, provided we do not associate such feedback with your personal data. If you have provided your consent to do so, we may post your first and last name along with your feedback on the Qreli Service. We will collect any information contained in such feedback and will treat the personal data in it in accordance with this Policy.

With SNS. The Qreli Service or a Qreli App may also enable you to post content to an SNS. If you choose to do this, we will provide information to such SNS in accordance with your elections. You agree that you are solely responsible for your use of an SNS and that it is your responsibility to review the terms of use and privacy policy of such SNS.

As Required by Law. We may access, preserve, and disclose your personal data, other account information, and content if we believe doing so is required by law or if those actions are reasonably necessary to:
  • comply with legal process, such as a court order or subpoena;
  • enforce this Policy or our Terms of Service;
  • respond to claims that any content violates the rights of third parties;
  • respond to law enforcement;
  • investigate and prevent unauthorized transactions or other illegal activities; or
  • protect our or others’ rights, property, or personal safety.

Corporate Events. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction. We cannot control how such entities may use or disclose such information.

Other Disclosures. We may share personal data as we believe necessary or appropriate: (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities; (c) to enforce our Policy; and (d) to protect our rights, privacy, safety or property, and/or that of you or others.
We may also disclose your personal data with your permission.


9. THIRD PARTY APPS

The Qreli Service may contain links to third party webapps and features. This Policy does not cover the privacy practices of such third parties. These third parties have their own privacy policies and we do not accept any responsibility or liability for their webapps, features or policies. Please read their privacy policies before you submit any data to them.


10. SECURITY OF YOUR INFORMATION

We seek to use reasonable organizational, technical and administrative measures to protect personal data within our organization. Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us using the details in the Section entitled “CONTACT INFORMATION.” By using the Qreli Service or providing personal data to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Qreli Service. If we learn of a breach of personal data, we may attempt to notify you electronically by posting a notice on the Qreli Service or sending an email to you. You may have a legal right to receive this notice in writing. To receive free written notice of a security breach (or to withdraw your consent from receiving electronic notice), please notify us using the details in the Section entitled “CONTACT INFORMATION.”


11. RETENTION

We will only retain your personal data as long as reasonably required for you to use the Qreli Service and/or to provide you with the Qreli Service unless a longer retention period is required or permitted by law (for example, for regulatory purposes).


12. INFORMATION ABOUT CHILDREN

We do not knowingly collect, maintain, or use personal data from children under 13 years of age, and no part of the Qreli Service is directed to children under the age of 13. If you learn that a child has provided us with personal data without your consent, you should alert us using the details in the Section entitled “CONTACT INFORMATION.” If we learn that we have collected any personal data about children under 13, we will delete such information as soon as reasonably practicable.

 
13. INTERNATIONAL DATA TRANSFER

If you are a non-U.S. user of the Qreli Service or if you access any Qreli App, by providing us with data, you acknowledge and agree that your personal data may be processed for the purposes identified in this Policy. Your information, including personal data that we collect from you, may be transferred to, stored at and processed by us and other third parties outside the country in which you reside, including, but not limited to the United States, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world. By using the Qreli Service, you agree to this transfer, storing or processing.


14. SENSITIVE PERSONAL DATA

Subject to the following paragraph, we ask that you not send us, and you not disclose, any sensitive personal data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, biometrics or genetic characteristics, criminal background or trade union membership) (“Sensitive Personal Data”) on or through the Qreli Service or otherwise to us.

If you send or disclose any Sensitive Personal Data to us when you submit user-generated content to the Qreli Service, you consent to our processing and use of such Sensitive Personal Data in accordance with this policy. If you do not consent to our processing and use of such Sensitive Personal Data, you must not submit such user generated content to our Services.


15. YOUR RIGHTS

The following rights may be available to you:

• Opt-out. You may contact us anytime to request to opt-out of: (i) direct marketing communications; (ii) automated decision-making and/or profiling; (iii) our collection of Sensitive Personal Data; (iv) any new processing of your personal data that we may carry out beyond the original purpose, where we have requested your consent prior to such processing; or (v) the transfer of your personal data outside the EEA, where we rely on your consent for such transfer. Please note that your use of some of the Qreli Service may be ineffective upon opt-out.
• Access. You may request to access the information we hold about you at any time via your account page or by contacting us directly.
• Amend. You can also contact us to request to update or correct any inaccuracies in your personal data.
• Move. You may contact us to request that we move your data to other service providers as you wish.
• Erase and forget. In certain situations, for example when the information we hold about you is no longer relevant or is incorrect, you can request that we erase your data.

If you wish to exercise any of these rights, please contact us using the details in Section entitled “CONTACT INFORMATION” below. In your request, please make clear: (i) what personal data is concerned; and (ii) which of the above rights you would like to request to enforce. We may deny your request where permitted by applicable law. For your protection, we may only implement requests with respect to the personal data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and in any event, within one month of your request. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion.


16. COMPLAINTS

We are committed to resolve any complaints about our collection or use of your personal data. If you would like to make a complaint regarding this Policy or our practices in relation to your personal data, please contact us at: legal @ Qreli . com. We will reply to your complaint as soon as we can and in any event, within 45 days. We hope to resolve any complaint brought to our attention, however if you feel that your complaint has not been adequately resolved, you reserve the right to contact your local data protection supervisory authority.


17. CHANGES TO THIS POLICY

Any changes to this Policy will always be posted to this section of the website, along with the effective date of the updated Policy. You should check this page periodically to stay up-to-date of any such changes. For any material changes to the Policy, we will notify Direct Users via email or by placing a prominent notice on the homepage of our website.


18. CONTACT INFORMATION

We welcome your comments or questions about this Policy. Please use the “Contact us” link of the Qreli Service or contact us in writing at:

Qreli LLC
8 The Green, Suite A
Dover, DE 19901
ATTN: Legal
legal @ Qreli . com

Last revised: DEC 30, 2023

When you use the Qreli Platform to build your app, there are certain things that you can and cannot do. In particular, using Qreli for illegal operations may lead to the suspension or termination of your account. Please read our policy below carefully. This policy is part of our Terms of Service that you agree to when you sign up for Qreli.

This Acceptable Use Policy (this “Policy”) describes prohibited uses of the services offered by Qreli LLC and its affiliates (“Qreli”). The cases described in this Policy are not exhaustive. Qreli may modify this Policy at any time by posting a revised version on this page. By using Qreli, you agree to the latest version of this Policy. If you violate the Policy or authorize or help others to do so, we may suspend or terminate your use of Qreli, suspend or delete your applications, and cancel your account with Qreli.

If you are aware of any violation to this policy, please contact us at legal @ qreli . com.


1. Things You Must Do:

A. You must comply with our Terms and Policies located at https://qreli.com/terms.

B. You must comply with all applicable laws, including, without limitation, privacy laws, intellectual property laws, anti-spam laws, export control laws, and regulatory requirements.

C. You must provide account information to Qreli.

D. You must use the Platform in a professional manner.

E. If you are collecting data from the Platform, you must comply with the Qreli Privacy Policy (https://qreli.com/terms Privacy tab). If you collect any personal information from the Platform, you agree that you will only use that personal information for the purpose for which that user has authorized it. You agree that you will reasonably secure any personal information you have gathered from the Platform, and you will respond promptly to complaints, removal requests, and "do not contact" requests from us or other users.


2. Things You May Not Do:

A. You may not make unauthorized copies, modify, adapt, translate, reverse engineer, disassemble, decompile or create any derivative works of the Platform or any content included therein, including any files, documents, postings, or documentation provided by Qreli or any other user of the Qreli Platform (or any portion thereof).

B. You may not determine or attempt to determine any source code, algorithms, methods or techniques embodied by the Platform.

C. You may not use, or encourage, promote, facilitate or instruct others to use Qreli for any illegal, harmful, fraudulent, infringing or offensive use. Prohibited activities or content include, but are not limited to:

1. Illegal, Harmful or Fraudulent Activities. Any activities that are illegal, that violate the rights of others, or that may be harmful to others, our operations or reputation, including disseminating, promoting or facilitating child pornography, offering or disseminating fraudulent goods, services, schemes, or promotions, make-money-fast schemes, ponzi and pyramid schemes, phishing, or pharming;
2. Infringing Content. Content that infringes or misappropriates the intellectual property or proprietary rights of other;
3. Offensive Content. Content that is defamatory, obscene, abusive, invasive of privacy, or otherwise objectionable, including content that constitutes child pornography, relates to bestiality, or depicts non-consensual sex acts; and
4. Harmful Content. Content or other computer technology that may damage, interfere with, surreptitiously intercept, or expropriate any system, program, or data, including viruses, Trojan horses, worms, time bombs, or cancelbots.
   
   

D. You may not copy, use, disclose or distribute any information obtained from the Platform, whether directly or through third parties, without the consent of Qreli.

 

E. You may not develop, support or use software, devices, scripts, robots or any other means or processes (including crawlers, browser plugins and add-ons or any other technology) to scrape the Platform or otherwise copy profiles, request for proposal descriptions, and any other data from the Platform.

F. You may not impersonate any person or entity, or falsely state or otherwise misrepresent your affiliation with any person or entity, including without limitation:

1. By giving the impression that any content of Qreli or any other user of Qreli (such as job postings, request for proposal postings, etc.) emanates from you; or
2. By using or attempting to use another’s account or email address, or posting content under another’s email address.
   
   

G. You may not engage in “framing,” “mirroring,” or otherwise simulating the appearance or function of the Platform.

H. You may not use any private information of any third party, including addresses, phone numbers, and email addresses.

I. You may not disclose information on the Platform that you do not have the consent to disclose (such as confidential information of others (including your employer)).

J. You may not use information from the Platform for spamming purposes, including for the purposes of sending unsolicited emails to users or selling personal information, such as to recruiters, headhunters, and job boards.

K. You may not violate the intellectual property rights of others, including copyrights, patents, trademarks, trade secrets or other proprietary rights. For example, do not copy or distribute the posts or other content of others without their permission.

L. You may not use Qreli to violate the security or integrity of any network, computer or communications system, software application, or network or computing device (each, a “System”). Prohibited activities include, but are not limited to:

1. Unauthorized Access. Accessing or using any System without permission, including attempting to probe, scan, or test the vulnerability of a System or to breach any security or authentication measures used by a System;
2. Interception. Monitoring of data or traffic on a System without permission; and
3. Falsification of Origin. Forging TCP-IP packet headers, e-mail headers, or any part of a message describing its origin or route. The legitimate use of aliases and anonymous remailers is not prohibited by this provision.
   
   

M. You may not make network connections to any users, hosts, or networks unless you have permission to communicate with them. Prohibited activities include:

1. Monitoring or Crawling. Monitoring or crawling of a System that impairs or disrupts the System being monitored or crawled.
2. Denial of Service (DoS). Inundating a target with communications requests so the target either cannot respond to legitimate traffic or responds so slowly that it becomes ineffective.
3. Intentional Interference. Interfering with the proper functioning of any System, including any deliberate attempt to overload a system by mail bombing, news bombing, broadcast attacks, or flooding techniques.
4. Operation of Certain Network Services. Operating network services like open proxies, open mail relays, or open recursive domain name servers.
5. Avoiding System Restrictions. Using manual or electronic means to avoid any use limitations placed on a System, such as access and storage restrictions.

 

N. You will not distribute, publish, send, or facilitate the sending of unsolicited mass e-mail or other messages, promotions, advertising, or solicitations (like “spam”), including commercial advertising and informational announcements. You will not collect replies to messages sent from another internet service provider if those messages violate this Policy or the acceptable use policy of that provider.



3. Our Monitoring and Enforcement:

We reserve the right, but we do not assume the obligation, to investigate any violation of this Policy or misuse of Qreli. We may:

• investigate violations of this Policy or misuse of Qreli;
• remove, disable access to, or modify any content or resource that violates this Policy or Qreli's Terms of Service.

We may report any activity that we suspect violates any law or regulation to appropriate law enforcement officials, regulators, or other appropriate third parties. Our reporting may include disclosing appropriate customer information. We also may cooperate with appropriate law enforcement agencies, regulators, or other appropriate third parties to help with the investigation and prosecution of illegal conduct by providing network and systems information related to alleged violations of this Policy.


4. Indemnification:

You agree to indemnify, defense, hold harmless and release Qreli, its officers, directors, employees, and agents from any and all claims, suits, actions, proceedings, liabilities, damages, losses, or expenses (including legal fees) arising from or relating to any violation of this Acceptable Use Policy.


5. Reporting of Violations of this Policy

If you become aware of any violation of this Policy, you will immediately notify us and provide us with assistance to stop the violation. To report any violation of this Policy, please contact us at legal @ qreli . com.

 

Last revised: DEC 30, 2023

When you are active on Qreli's store, either as a Buyer or as a Seller, you have to abide by certain policies, in particular about the licenses for the items you can buy and our commission structure.


1. Qreli's store licenses

App Subscription License. Buyer may access and use the app in the single account it was bought for. Buyer pays a recurring subscription fee for the license, which is collected along with Buyer’s regular payments to Qreli and remitted to Seller in accordance with Qreli’s Store Pricing and Payment Policies. Buyer must have an active application subscription in order to obtain this license.

Lifetime App License. Buyer may access and use the app in the single account it was bought for. Buyer pays a one-time fee for the license which is remitted to Seller in accordance with Qreli’s Store Pricing and Payment Policies.


2. Qreli’s store pricing and payment policies

You are free to set the desired price for the app or asset you make available in the store.

It is the user's responsibility to verify and confirm the ability of Stripe to process payments in their respective regions. Qreli cannot be held liable for any payment that cannot be processed by Stripe due to their system limitations. Qreli shall use its best efforts to execute payments, however, it is important to note that there is no guarantee of successful payment processing due to limitation of Stripe and Qreli shall be released from all payment obligations hereunder to the extent such payment cannot be processed by Stripe.


3. Commission structure

Qreli retains a 25% commission on all License payments. Qreli will accept payments on Seller’s behalf from Buyers in accordance with their billing period and will remit the remainder during the subsequent month.

 

4. Ratings and reviews

a. The Qreli store may allow a Buyer to submit or post materials such as comments, ratings and reviews (“Reviews”).  You understand that any Review posted by you may be publicly viewable in the Qreli store and on the internet. In posting, accessing or using any Reviews, you must comply with the Qreli Acceptable Use policy (https://qreli.com/terms Acceptable Use tab). Furthermore, you may not: (a) post, modify, or remove a Review in exchange for any kind of compensation; (b) post a dishonest, abusive, harmful, misleading, or bad-faith rating or Review, (c) post personal, private or confidential information in any Review; or (d) post spam or unauthorized advertising or promotional materials in any Review.

b. Buyer grants Qreli a worldwide, royalty-free, perpetual, nonexclusive license to use the Reviews you submit within the Qreli store for the purposes of marketing the Qreli store, Qreli products and services, as well as the Direct User Content associated with the Review. Qreli may also use the Reviews for other internal Qreli purposes. Qreli may monitor and decide to remove or edit any submitted material, including via automated content filters and/or human review.

c. Qreli reserves the right to monitor Reviews but does not have an obligation to do so. If Qreli becomes aware of any Review that violates the guidelines set forth in Section 1 above, Qreli may remove the Review. Qreli may also remove any Review at any time, for any reason or no reason, in its sole discretion, without notice or liability to you.

d. Sellers acknowledge that at Qreli’s sole discretion, all Reviews associated with a User Component may be removed from a User Component, and the User Component’s rating will be reset when a Seller: (a) changes the price of User Component (by way of example, any modification from no fee to paid, paid to no fee, or any other change in the price for the User Component); (b) makes a material modification to the User Component (such as a new version or name change); or (c) transfers ownership of the User Component to any third party.

e. Qreli may elect, in its sole discretion, to include Usage Statistics in the Qreli Store and to make such Usage Statistics publicly available.  “Usage Statistics” means information, statistics and analysis relating to the Qreli Store, User Components, and Qreli Sites, including without limitation, the number of times a User Component is downloaded, the number of times a Qreli Site is viewed, etc.  Qreli does not provide any warranty regarding the accuracy of any Usage Statistics, and all Usage Statistics are provided “As-Is”. Qreli may also elect to remove any or all Usage Statistics from any or all User Components at any time without liability.

f. Sellers may use the Usage Statistics associated with an applicable User Component in marketing materials provided it accurately reflects User Component’s current Usage Statistics (for the avoidance of doubt, Usage Statistics may not be used for marketing purposes if a User Component’s Usage Statistics have been reset. Reviews may not be used in marketing materials unless permission from the reviewer is expressly granted.

 

5. Important notes

Qreli may change the pricing guidelines, commission structure, and discounts and promotions at any time, subject to the notice provisions in our Terms and Conditions. Any such changes will be effective five (5) days after notice of such changes is provided for the Apps and assets already available in the Store.

Qreli is not responsible or liable for fees that Sellers do not receive because of promotions, discounts, or changes in commission or pricing structure of the Store.

Note that all Qreli Store licenses may be transferred in connection with a sale or change of control of Buyer. For the sake of clarity, this means that should a company using an App or asset purchased on the Qreli Store be acquired or IPO, the license will remain in effect for the surviving entity.

Qreli has the right to moderate submissions to the app and template stores to ensure they adhere to store guidelines.


Store guidelines

General guidelines

1. Store seller profile

Before submitting your work to the Store, please make sure you have completed your Seller Profile page in your Qreli account under the Store tab.


2. Customer support

As a contributor on the Qreli Store, it is your responsibility to offer assistance to users who have specific questions about your app or asset. Therefore, please make sure you have added a Support email to your Seller Profile page.


3. Submission name & logo

The name and logo for your submission are the first things users will see when searching for an app or asset. It should help users quickly understand what to expect from your app or asset and both the name and logo should be unique, clear, and in relevant to your submission content. When selecting a name and a logo, make sure to respect intellectual property; the logo should not resemble an existing logo, either of Qreli, another developer, or another entity.


4. Submission description

This description is an important factor for how potential purchasers determine whether or not this is the asset or app for them, so it should be exhaustive and clear, with instructions, in English. It should give an overview of the features that users can expect, all of which should work as you describe. Instructions may be added as a link.


5. Category selection

When users filter the available templates and apps with the category dropdown, your submission will appear for the categories you have chosen. You should select categories that are relevant to your submission so that interested users can find it.


6. Resolving errors

For your submission to be successful, it should fully function without any errors in your browser's console. If using Chrome, you can check for this by selecting "View" in your toolbar, "Developer," then "JavaScript Console." Any errors you see should be resolved prior to submitting.


7. Respecting intellectual property

As a store creator, you are responsible for making sure that your submission does not violate another party's intellectual party and/or that you have the correct approval for using IP for commercial purposes if you are charging for the store item. (This is especially relevant when connecting with 3rd party APIs.) If such a 3rd party later gives notice to Qreli of IP infringement, the store item will be taken down immediately, pending investigation or resolution.


App specific guidelines

1. Demonstration

When submitting your app, you'll be asked to include a "link for demonstration". Please note that it is required that this demonstration of the app is on a website that actually uses the app, or provide a direct Qreli link to your app. Apps should always be submitted with a fully functional demonstration application built on Qreli. This allows users to test the app's functionality. The demo application should include the following:

• All features listed in the app's description
• A clean and clear design
  
  

2. API Keys

When using third-party connections in your app, please make sure all API Private Keys are private and not exposed.

 

Last revised: DEC 30, 2023

THIS EUROPEAN DATA PROCESSING ADDENDUM (“European DPA”) is entered into as of the ________ by and between: (1) Qreli LLC, a Delaware corporation with its principal business address at 8 The Green, Suite A Dover, DE 19901 (“Qreli”); and (2) ________________________  the entity or other person who is a counterparty to the Agreement (as defined below) into which the European DPA is incorporated and forms a part (“Customer”), together the “Parties” and each a “Party”.

1. DEFINITIONS
Unless expressly stated otherwise, capitalized terms used in the European DPA have the meanings given below or, if not defined, have the meanings given in the Agreement.  References to “including” mean “including, without limitation”.

1.1 “Addendum Effective Date” means the effective date of the Agreement.

1.2 “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity, where “control” refers to the power to direct or cause the direction of the subject entity, whether through ownership of voting securities, by contract or otherwise.

1.3 “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.

1.4 “Data Subject” means the identified or identifiable natural person to whom European Customer Data relates.

1.5 “Data Subject Request” means the request of a Data Subject to exercise rights under European Data Protection Laws in respect of European Customer Data in Qreli’s possession, custody or control.

1.6 “EEA” means the European Economic Area.

1.7 “European Customer Data” means Personal Data of Data Subjects in the EEA, United Kingdom, or Switzerland Processed by Qreli or its Subprocessor(s) on behalf of Customer, or otherwise required to be Processed under and subject to European Data Protection Laws, to perform the Services under the Agreement.

1.8 “European Data Protection Laws” means the privacy, data protection and data security laws and regulations applicable to the Processing of European Customer Data in the EEA, United Kingdom and/or Switzerland under the Agreement, including the GDPR.

1.9 “FADP” means the Federal Act on Data Protection of 19 June 1992 and, as and when it enters into force on 1 January 2023, its revised version of 25 September 2020.

1.10 “FDPIC” means Swiss Federal Data Protection and Information Commissioner.

1.11 “GDPR” means, as and where applicable to Processing concerned (i) the General Data Protection Regulation (Regulation (EU) 2016/679) (“EU GDPR”), (ii) the EU GDPR as it forms part of UK law by virtue of section 3 of the European Union (Withdrawal) Act 2018 (as amended, including by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019) (“UK GDPR”), including, in each case (i) and (ii), any applicable national implementing or supplementary legislation (e.g., the UK Data Protection Act 2018), and any replacement, successor, amendment or re-enactment, to or of the foregoing. References to “Articles” and “Chapters” of, and other relevant defined terms in, the GDPR shall be construed accordingly.

1.12 “Personal Data” means information that relates to an identified or identifiable Data Subject.

1.13 “Personal Data Breach” means a breach of Qreli’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, European Customer Data in Qreli’s possession, custody or control.

1.14 “Process” and inflections thereof refer to any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure and destruction.

1.15 “Processor” means a natural or legal person, public authority, agency, or other body which Processes Personal Data on behalf of the Controller.
 
1.16 “Restricted Transfer” means any disclosure, grant of access, or other transfer of European Customer Data to any person located in (i) in the context of the EEA, any country or territory outside the EEA which does not benefit from an adequacy decision from the European Commission described in Chapter 45 of the GDPR (an “EU Restricted Transfer”), (ii) in the context of the UK, any country or territory outside the UK, which does not benefit from an adequacy decision from the UK Government (a “UK Restricted Transfer”), and (iii) in the context of Switzerland, a country or territory outside of Switzerland which does not benefit from an adequacy decision from the Swiss Government (a “Swiss Restricted Transfer”), in each case, which would be prohibited without a legal basis under the GDPR.
 
1.17 “SCCs” means the standard contractual clauses approved by the European Commission pursuant to implementing Decision (EU) 2021/914.

“Services” means those services performed for Customer by Qreli pursuant to the Agreement.

“Subprocessor” means any third party engaged directly or indirectly by or on behalf of Qreli to Process European Customer Data.
 
1.18 “Supervisory Authority” means (i) in the context of the EEA and the EU GDPR, “supervisory authority” as defined in the EU GDPR; (ii) in the context of the UK and the UK GDPR, means the UK Information Commissioner’s Office; and (iii) in the context of Switzerland and the FADP, means the FDPIC.
 
1.19 “Transfer Mechanism(s)” means the SCCs, UK Transfer Addendum, and/or Swiss transfer mechanism; as applicable to the relevant Restricted Transfer.

1.20 “UK Transfer Addendum” means the template Addendum B.1.0 issued by the ICO under s119A of the Data Protection Act 2018, in force from 21 March 2022, as it is revised under Section 18 of the Mandatory Clauses included in Part 2 thereof (the “UK Mandatory Clauses”).
 

2. SCOPE OF THIS DATA PROCESSING ADDENDUM
 
2.1 The Parties acknowledge and agree that the details of Qreli’s Processing of European Customer Data (including the respective roles of the Parties relating to such Processing) are as described in Annex 1 to the European DPA.
 
2.2 The European DPA applies to Qreli’s Processing of European Customer Data. For the avoidance of doubt, the European DPA does not apply to Qreli’s Processing of Personal Data that does not constitute European Customer Data, and/or any other Processing of Personal Data with respect to Customer and Customer’s users conducted by Qreli as a Controller, including business relationship administration and system security.
 

3. PROCESSING OF CUSTOMER PERSONAL DATA
 
3.1 Qreli shall not Process European Customer Data other than on Customer’s instructions or as required by applicable laws.  Customer instructs Qreli to Process European Customer Data to provide the Services and as authorized by the Agreement.  The Agreement is a complete expression of such instructions, and Customer’s additional instructions will be binding on Qreli only pursuant to an amendment to the European DPA signed by both parties. Where Qreli receives an instruction from Customer that, in its reasonable opinion, infringes European Data Protection Laws, Qreli shall notify Customer.
 
3.2 The Parties acknowledge that Qreli’s Processing of European Customer Data authorized by Customer’s instructions stated in the European DPA are integral to the Services and the business relationship between the Parties. Access to Personal Data does not form part of the consideration exchanged between the Parties in respect of the Agreement or any other business dealings.
 

4. QRELI PERSONNEL

Qreli shall ensure that all Qreli employees or other personnel who Process European Customer Data are subject to contractual or appropriate statutory obligations of confidentiality with respect to such European Customer Data.
 

5. SECURITY

Qreli shall implement and maintain technical, organizational and physical measures designed to protect the confidentiality, integrity and availability of European Customer Data and prevent Personal Data Breaches.  Such measures shall include the measures described in Annex 2 of the European DPA (the “Security Measures”) and such other measures as are required by European Data Protection Laws. Qreli may update the Security Measures from time to time, so long as the updated measures do not decrease in the aggregate the protection of Personal Data.
 

6. RESTRICTED TRANSFERS
 
6.1 General. Where Qreli is certified under a scheme (such as the EU–U.S. Data Privacy Framework, UK Extension and/or Swiss–U.S. Data Privacy Framework (as applicable)) that benefits from an adequacy decision of the EU Commission, UK Government and/or Swiss authorities (as applicable), Qreli will rely on such scheme and corresponding adequacy decision for transfers of European Customer Data. As soon as and as long as Qreli relies on such scheme and corresponding adequacy decision for transfers of Personal Data, the Transfer Mechanism(s) and corresponding obligations, such as the performance of a transfer impact assessment, shall not apply. In case Qreli withdraws from such scheme, the corresponding adequacy decision is invalidated, and/or such scheme does not otherwise apply to a transfer of European Customer Data, Customer and Qreli shall, only if and to the extent permitted and required under the GDPR and/or FADP (if and as applicable) to establish a valid basis under the GDPR and/or the FADP in respect of a Restricted Transfer, be deemed to have automatically (i) in case of an EU Restricted Transfer, entered into Module 2 and 3 (as applicable) of the SCCs by reference and shall comply with their respective obligations set out in the SCCs; and (ii) in case of a UK Restricted Transfer, entered into the SCCs varied to address the requirements of the UK GDPR in accordance with the UK Transfer Addendum; and (iii) in case of a Swiss Restricted Transfer, entered into the SCCs varied to address the requirements under the FADP. Where requested by Qreli, Customer shall provide executed versions of the relevant set(s) of SCCs and undertakes to agree in good faith on additional supplementary measures.
 
6.2 Where the SCCs apply to a Restricted Transfer in accordance with Section 6.1, the following shall apply to the SCCs and the Clauses thereof: (i) the optional ‘Docking Clause’ in Clause 7 is not used, (ii) in Clause 9, “option 2: general written authorisation” applies and shall be populated with the respective and corresponding information from section 9 of this European DPA, (iii) in Clause 11, the optional language is not used and is deleted, (iv) in Clause 13, all square brackets are removed and all text therein is retained and for the Annexes to the SCCs the supervisory authority shall be the competent supervisory authority that has supervision over the Customer in accordance with Clause 13, (v) in Clause 17, “option 1” applies, and for Clauses 17 and 18, the laws and courts of Ireland shall be selected, and (vi) the Annexes to the SCCs are populated with the respective and corresponding information detailed in Annex 1 (Data Processing Details) and Annex 2 (Security Measures) to this European DPA and the Subprocessor Site.
 
6.3 The SCCs as completed and populated as above shall be varied with respect to:

 (a) UK Restricted Transfers by the UK Transfer Addendum in the following manner: (i) Tables 1, 2 and 3 to the UK Transfer Addendum are deemed populated with the corresponding details set out in Section 6.2, (ii) Table 4 to the UK Transfer Addendum is completed by the box labelled ‘Data Importer’ being deemed to have been ticked, and (iii) in Part 2 to the UK Transfer Addendum, the Parties agree to be bound by the UK Mandatory Clauses of the UK Transfer Addendum; and

 (b) Swiss Restricted Transfers by the FADP in the following manner: (i) the Swiss Federal Data Protection and Information Commissioner shall be the sole Supervisory Authority for Swiss Restricted Transfers exclusively subject to the FADP, (ii) the terms “General Data Protection Regulation” or “Regulation (EU) 2016/679” as utilized in the SCCs shall be interpreted to include the FADP with respect to Swiss Restricted Transfers, (iii) references to Regulation (EU) 2018/1725 are removed, (iv) references to the “Union”, “EU” and “EU Member State” shall not be interpreted in such a way as to exclude Data Subjects in Switzerland from the possibility of exercising their rights in their place of habitual residence (Switzerland) in accordance with Clause 18(c) of the SCCs, (v) where Swiss Restricted Transfers are exclusively subject to the FADP, all references to the GDPR in the SCCs are to be understood to be references to the FADP, (v) where Swiss Restricted Transfers are subject to both the FDPA and the GDPR, all references to the GDPR in the SCCs are to be understood to be references to the FDPA insofar as the Swiss Restricted Transfers are subject to the FADP, (vi) the SCCs as amended by this DPA also protect the Personal Data of legal entities until the entry into force of the Revised FADP.
 

7. DATA SUBJECT REQUESTS
 
7.1 Qreli, taking into account the nature of the Processing of European Customer Data, shall provide Customer with such assistance by appropriate technical and organizational measures as Customer may reasonably request to assist Customer in fulfilling its obligations under European Data Protection Laws to respond to Data Subject Requests.
 
7.2 Qreli shall promptly notify Customer if it receives a Data Subject Request and not respond to any Data Subject Request, other than to advise the Data Subject to submit the request to Customer, except as required by European Data Protection Laws.
 

8. PERSONAL DATA BREACHES
 
8.1 Qreli shall notify Customer of a Personal Data Breach without undue delay after becoming aware of the occurrence thereof. Qreli’s notification of or response to a Personal Data Breach will not be construed as Qreli’s acknowledgement of any fault or liability with respect to the Personal Data Breach.
 
8.2 If Customer determines that a Personal Data Breach must be notified to any Supervisory Authority or other governmental authority, any Data Subject(s), the public or others under European Data Protection Laws in a manner that directly or indirectly refers to or identifies Qreli, where permitted by applicable laws, Customer agrees to notify Qreli in advance and in good faith consult with Qreli and consider any clarifications or corrections Qreli may reasonably recommend or request to any such notification.
 

9. SUB-PROCESSING
 
9.1 Customer generally authorizes Qreli to appoint Subprocessors in accordance with this Section 9. Without limitation to the foregoing, Customer authorizes the engagement of the Subprocessors listed as of the effective date of the Agreement at the URL specified in Section 9.2.
 
9.2 Information about Subprocessors, including their functions and locations, is available at: https://Qreli.com/terms (Subprocessors tab, as may be updated by Qreli from time to time) or such other website address as Qreli may provide to Customer from time to time (the “Subprocessor Site”).
 
9.3 When engaging any Subprocessor, Qreli will enter into a written contract with such Subprocessor containing data protection obligations not less protective than those in the European DPA with respect to European Customer Data to the extent applicable to the nature of the services provided by such Subprocessor.  Qreli shall be liable for all obligations under the Agreement subcontracted to the Subprocessor or its actions and omissions related thereto.
 
9.4 When Qreli engages any Subprocessor after the effective date of the Agreement, Qreli will notify Customer of the engagement (including the name and location of the relevant Subprocessor and the activities it will perform) by updating the Subprocessor Site or by other written means at least thirty (30) days before such Subprocessor Processes European Customer Data.  If Customer objects to such engagement in a written notice to Qreli within ten (10) days after being notified of the engagement on reasonable grounds relating to the protection of Personal Data, Customer and Qreli will work together in good faith to consider a mutually acceptable resolution to such objection.  If the Parties are unable to reach a mutually acceptable resolution within a reasonable timeframe, Customer may, as its sole and exclusive remedy, terminate the Agreement and cancel the Services by providing written notice to Qreli and pay Qreli for all amounts due and owing under the Agreement as of the date of such termination.
 

10. COMPLIANCE ASSISTANCE; AUDITS
 
10.1 Qreli, taking into account the nature of the Processing and the information available to Qreli, shall provide such information and assistance as Customer may reasonably request (insofar as such information is available to Qreli and the sharing thereof does not compromise the security, confidentiality, integrity or availability of Personal Data Processed by Qreli) to help Customer meet its obligations under European Data Protection Laws, including in relation to the security of European Customer Data, the reporting and investigation of Personal Data Breaches, the demonstration of Customer’s compliance with such obligations, and the performance of any data protection assessments and consultations with Supervisory Authorities or other government authorities regarding such assessments in relation to Qreli’s Processing of European Customer Data, including those required under Articles 35 and 36 of the GDPR.
 
10.2 Qreli shall make available to Customer such information as Customer may reasonably request for Qreli to demonstrate compliance with European Data Protection Laws and the European DPA in relation to Qreli’s Processing of European Customer Data. Without limitation of the foregoing, Customer may conduct (in accordance with Section 10.3), at its sole cost and expense, and Qreli will reasonably cooperate with, reasonable audits (including inspections, manual reviews, and automated scans and other technical and operational testing that Customer is entitled to perform under European Data Protection Laws), in each case, whereby Customer or a qualified and independent auditor appointed by Customer using an appropriate and accepted audit control standard or framework may audit Qreli’s technical and organizational measures in support of such compliance and the auditor’s report is provided to Customer and Qreli upon Customer’s request.
 
10.3 Customer shall give Qreli reasonable advance notice of any such audits.  Qreli need not cooperate with any audit (a) performed by any individual or entity who has not entered into a non-disclosure agreement with Qreli on terms acceptable to Qreli in respect of information obtained in relation to the audit; (c) outside normal business hours; or (d) on more than one (1) occasion in any calendar year during the term of the Agreement, except for any additional audits that Customer is required to perform under European Data Protection Laws.  The audit must be conducted in accordance with Qreli’s safety, security or other relevant policies, must not impact the security, confidentiality, integrity or availability of any data Processed by Qreli and must not unreasonably interfere with Qreli’s business activities.  Customer shall not conduct any scans or technical or operational testing of Qreli’s applications, websites, Services, networks or systems without Qreli’s prior approval.
 
10.4 If the controls or measures to be assessed in the requested audit are assessed in a SOC 2 Type 2, ISO, NIST or similar audit report performed by a qualified and independent third-party auditor pursuant to a recognized industry standard audit framework within twelve (12) months of Customer’s audit request (“Audit Report”) and Qreli has confirmed in writing that there have been no known material changes to the controls audited and covered by such Audit Report(s), Customer agrees to accept provision of such Audit Report(s) in lieu of requesting an audit under Section 10.3. Qreli shall provide copies of any such Audit Reports to Customer upon request.
 
10.5 Such Audit Reports and any other information obtained by Customer in connection with an audit under this Section 10 shall constitute confidential information of Qreli, which Customer shall use only for the purposes of confirming compliance with the requirements of the European DPA or meeting Customer’s obligations under European Data Protection Laws. Nothing in this Section 10 shall be construed to obligate Qreli to breach any duty of confidentiality.
 

11. RETURN AND DELETION
 
11.1 Upon expiration or earlier termination of the Agreement, Qreli shall return and/or delete all European Customer Data in Qreli’s care, custody or control in accordance Customer’s instructions as to the post-termination return and deletion of Customer Data expressed in the Agreement, or subject to Section 12.5, Customer’s further instructions.
 
11.2 Notwithstanding the foregoing, Qreli may retain European Customer Data where required by applicable laws, provided that Qreli shall (a) maintain the confidentiality of all such European Customer Data and (b) Process the European Customer Data only as necessary for the purpose(s) and duration specified in the applicable law requiring such retention.
 

12. CUSTOMER RESPONSIBILITIES
 
12.1 Customer agrees that, without limiting Qreli’s obligations under Section 5, Customer is solely responsible for its use of the Services, including (a) making appropriate use of the Services to maintain a level of security appropriate to the risk in respect of the Customer Data; (b) securing the account authentication credentials, systems and devices Customer uses to access the Services; (c) securing Customer’s systems and devices that Qreli uses to provide the Services; and (d) backing up Customer Data.
 
12.2 Customer shall ensure that there is, throughout the term of the Agreement, a valid legal basis for Qreli’s Processing of European Customer Data in accordance with the Agreement for the purposes of European Data Protection Laws (including Article 6, Article 9(2) and/or Article 10 of the GDPR where applicable).  Customer shall ensure (and is solely responsible for ensuring) that all required notices have been given to, and all consents and permissions have been obtained from, Data Subjects and others as are required, including under European Data Protection laws, for Qreli to Process European Customer Data as contemplated by the Agreement.
 
12.3 Customer agrees that the Service, the Security Measures, and Qreli’s commitments under the European DPA are adequate to meet Customer’s needs, including with respect to any security obligations of Customer under European Data Protection Laws, and provide a level of security appropriate to the risk in respect of the European Customer Data.
 
12.4 Customer shall ensure that European Customer Data made available to Qreli for Processing does not contain any (a) Social Security numbers or other government-issued identification numbers; (b) biometric information; (c) passwords to any online accounts; (d) credentials to any financial accounts; (e) tax return data; (f) any payment card information subject to the Payment Card Industry Data Security Standard; (g) Personal Data of children under 16 years of age; (h) data relating to criminal convictions and offences or related security measures; or (i) information that constitutes special categories of personal data (as defined in the GDPR) or information of a similarly sensitive character regulated by European Data Protection Laws.
 
12.5 Except to the extent prohibited by applicable law, Customer shall compensate Qreli at Qreli’s then-current professional services rates for, and reimburse any costs reasonably incurred by Qreli in the course of providing, cooperation, information or assistance requested by Customer pursuant to Sections 6, 10 and 11.1 of the European DPA beyond Qreli’s provision of any self-service tools as part of the Services that Customer can use to obtain the requested cooperation, information or assistance.
 

13. PRECEDENCE

In the event of any conflict or inconsistency between (a) the European DPA and the Agreement, the European DPA shall prevail; (b) the European DPA and any other agreement made between the parties as relates to Personal Data, the European DPA shall prevail.

 

Annex 1 - Data Processing Details

CUSTOMER / ‘DATA EXPORTER’ DETAILS

Name:
Customer Activities: The use and receipt of Services under and in accordance with, and for the purposes anticipated and permitted in, the Agreement as part of its ongoing business operations
Role:
 (a) Controller – in respect of any Processing of Customer Personal Data in respect of which Customer is a Controller in its own right Module Two of the SCCs would apply; and
 (b) Processor – in respect of any Processing of Customer Personal Data in respect of which Customer is itself acting as a Processor on behalf of any other person (including its Affiliates if and where applicable) Module Three of the SCCs would apply.


QRELI / ‘DATA IMPORTER’ DETAILS

Name: Qreli LLC
Contact details for data protection: legal @ Qreli . com
Customer Activities: Application development and cloud platform
Role: Processor


DETAILS OF PROCESSING

Categories of Data Subjects: Any individuals whose Personal Data is comprised within data submitted to the Services by or on behalf of Customer under the Agreement, which will be as determined by Customer in its sole discretion through its use of the Services – but may include Customer’s and its Affiliates’:
 
1. “Staff”, namely:
 (a) employees and non-employee workers;
 (b) students, interns, apprentices and volunteers;
 (c) directors and officers;
 (d) advisers, consultants, independent contractors, agents and autonomous, temporary or casual workers.
 
2. Customers, clients, (sub-)licensees, users and end-users, website visitors and marketing prospects.
 
3. Suppliers, service providers, consultants, advisers and other providers of goods or services.
 
4. Distributors, resellers, sales agents, introducers, sales representatives, collaborators, joint-venturers and other commercial partners.
 
5. Shareholders, partners, members and supporters.
 
6. Advisers, consultants and other professionals and experts.

Where any of the above is a business or organization, it includes their Staff.

Each category includes current, past and prospective Data Subjects.

Categories of Personal Data: Any Personal Data comprised within data submitted to the Services by or on behalf of Customer under the Agreement, which will be as determined by Customer in its sole discretion through its use of the Services – but may include:
 
1. Personal details, including any information that identifies the Data Subject and their personal characteristics, including: name, address, contact details (including email address, telephone details and other contact information), age, date of birth, sex, and physical description.
 
2. Technological details, such as internet protocol (IP) addresses, unique identifiers and numbers (including unique identifier in tracking cookies or similar technology), pseudonymous identifiers, precise and imprecise location data, internet / application / program activity data, and device IDs and addresses.

Sensitive Categories of Data, and associated additional restrictions/safeguards:

Categories of sensitive data: None – as noted in Section 12.4 of the DPA, Customer agrees that Restricted Data, which includes ‘sensitive data’, must not be submitted to the Services.

Additional safeguards for sensitive data: N/A

Frequency of transfer: Ongoing – as initiated by Customer in and through its use, or use on its behalf, of the Services.

Nature of the Processing: Processing operations required in order to provide the Services in accordance with the Agreement.

Purpose of the Processing: European Customer Data will be Processed: (i) as necessary to provide the Services as initiated by Customer in its use thereof, and (ii) to comply with any other reasonable instructions provided by Customer in accordance with the terms of this DPA.

Duration of Processing / Retention Period: For the period determined in accordance with the Agreement and DPA.

Transfers to (sub)processors: Transfers to Subprocessors are as, and for the purposes, described from time to time in the Subprocessor Site (as may be updated from time to time in accordance with Section 9.4 of the DPA).

 

 

 

 

Annex 2 – Security Measures

Qreli agrees to implement and maintain the following Security Measures:
 
1. In the software development lifecycle, a code review process for all production code changes, prior to release; code analysis tools to detect security and vulnerability defects; automated and manual vulnerability testing including OWASP top ten testing; continuous monitoring; and automatic network vulnerability detection software to catch vulnerabilities in real time.
 
2. Encryption of all data sent across public networks.
 
3. Reliance on Amazon Web Services for physical security and physical handling of servers, to which Qreli employees do not have physical access.
 
4. An annual internal audit that includes identifying and prioritizing security, privacy, legal, and business continuity risks, as well as a review of our business processes and governance, conducted by company executives representing legal, IT security, IT operations and business continuity planning concerns.
 
5. Security incident response process defining procedures for notifying customers if an incident may have impacted their data.
 
6. Documented procedures for authenticating customer access.
 
7. Logical segmentation to ensure customers can only access their own data; there are no scenarios where customers are given general systems access beyond specifically granted access to their data.
 
8. Procedures governing use of production data, enforced by controls including auditing and technical safeguards; use of production data on a strictly as-needed basis for diagnosing issues as requested by clients; and policies governing the circumstances in which production data can be used in this manner.
 
9. Company policies in place around handling of employee laptops, including HR termination processes involving revoking all access and collecting all assets within 24 hours.
 
10. Training for all Qreli employees around their job duties and the security obligations inherent in those roles; and mandatory two-factor authentication for all Qreli employees.
 
11. Procedures to identify, assess and mitigate any reasonably foreseeable internal and external risks to the security, confidentiality, and/or integrity of systems or files containing European Customer Data and evaluate and improve safeguards as necessary.

 

Last revised: DEC 30, 2023

Effective date: DEC 30, 2023

 

Qreli uses certain Subprocessors to assist it in providing the Qreli Service as described in the Terms of Service available at https://Qreli.com/terms. 

Qreli may share your Personal Data with Subprocessors to provide you with the Qreli Service, to conduct quality assurance testing, to facilitate creation of accounts, to provide technical support, to conduct data analysis, to process payments, to provide information technology and related infrastructure provision, customer service, email delivery, to conduct A/B testing, usage analytics, and reporting, and/or to provide other services.

These Subprocessors are only permitted to use your Personal Data to the extent necessary to enable them to provide their services to us. They are required to follow our express instructions and to comply with appropriate security measures to protect your Personal Data.

• Amazon Web Services (infrastructure, hosting)
• Chargebee (recurring billing management and analytics)
• Stripe (payments)
• Google Workspace (team collaboration)
• Slack (team collaboration)
• Helpscout (knowledge base and user support)
• Hubspot (CRM)
• Postmark (platform emails)
• June (analytics)
• Sentry (code monitoring)
• Atlassian (issue management)
  
  

Last revised: DEC 30, 2023