GDPR

Last Updated: 14 January 2022

This page outlines our GDPR commitment to safeguarding your information.

GDPR Overview

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union.

The GDPR replaces the Data Protection Directive 95/46/EC and is designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.

GDPR Commitment

QuIRC Inc. (“QuIRC”, “we” or “the Company”; doing business as 'PeopleInsight') is committed to protecting the privacy of all information we collect from our clients (“Customer Data”), visitors to our corporate website (“Visitors”) and employees (“Employees”) - regardless of location.

Since our first release of PeopleInsight, we have adopted Privacy by Design and implemented stringent privacy and data security capabilities. We will continue to strengthen them in response to global best practices, Canadian law (PIPEDA), and international law including GDPR.

When PeopleInsight Customers load EU-citizen data into PeopleInsight, data privacy is governed by GDPR.

In response to GDPR, PeopleInsight has implemented the following:

  • Expanding the role of our Chief Privacy Officer to also act as Data Protection Officer
  • Company-wide training for PeopleInsight employees
  • Updates to our contractual terms and conditions
  • Ongoing process control to ensure GDPR Data Processing requirements can be met

Is PeopleInsight a Data Controller or Data Processor - and what does that mean?

Based on our business model, service performed and the GDPR regulation, PeopleInsight is engaged in the role of Data Processor with our Customers, governed by a Data Processing Agreement (DPA). Our Customers are considered Data Controllers.

Therefore:

  1. In Cases When An EU Citizen Makes A Direct Request to PeopleInsight: Given our role specifically as Data Processor, we will escalate and transfer any request received by PeopleInsight for an EU Citizen’s Right to Access, Right to be Forgotten and Data Portability directly to our key customer contact.
  2. In Case of Data Breach: “Without undue delay”, after first becoming aware of any data breach, PeopleInsight will notify our Customers, the Controllers.

Our Service

The PeopleInsight Workforce Analytics solution is built to help Customers analyze, visualize and share large amounts of people data which can be used for decision-making by Customer executives, managers and team-members.

PeopleInsight is not an automated decision-making platform.

Therefore, given GDPR:

  1. Every Customer, as Data Controller for their organization, has the right and ability to suppress any people data they wish - which may or may not include “special categories of personal data”, or to pseudonymise your data prior to secure transmission into PeopleInsight.
  2. Every Customer, as Data Controller for their organization, has the right and ability to inform PeopleInsight how they would like their data processed within PeopleInsight. PeopleInsight does not pool your data for any other purpose other than your exclusive use, nor provide any access to your data to any other party.
  3. Every Customer, as Data Controller for their organization, has the right and ability to inform PeopleInsight of User Access Authorizations and adopts principles of ‘least privilege’ and ‘need to know’ to ensure that only authorised individuals are permitted to process your data.

Security Commitment

Security of our Technical Operations is of the utmost importance for PeopleInsight, and includes ongoing ATA 101 SOC 2 Type 2 Certification, ongoing vulnerability management, data encryption activities and classified security clearances for employees. Please see our Security Statement for more details.

We will review our security measures and Privacy Policy on a regular basis, and we may modify our policies as the Company deems appropriate. We may also change or update our Privacy Policy if we add new services or features and will post these changes in this policy. We encourage you to review our Privacy Policy on a regular basis.

Contact Us Regarding GDPR

For more information please contact us at the following:  

Email: privacy@quirc.ca

Mail: QuIRC Inc. Chief Privacy Officer / Data Protection Officer 100 Argyle Avenue, Suite LL100, Ottawa, ON, K2P 1B6 CANADA