Business Privacy Statement v3 [29 Aug 2024]

This Business Privacy Statement from Quill Learning Pte Ltd was last updated on date of publishing.

In the course of providing the services that Quill Learning Pte Ltd ("Quill") delivers through the Quill Learning platform (the "Platform”) and related services (the "Services") to its corporate customers (“Client”), Quill will receive and have access to the personal data of individual users to whom Clients grant access (“Users”). For the purposes of this privacy statement, Clients are data controllers and Quill is a data processor. Quill’s processing of User data and the security measures implemented to protect such data are detailed in and governed by a written agreement between Quill and each of its Clients. Client accounts are supported and administered by a Quill Super-Administrator ("Superadmin") and Quill Administrators ("Quill Administrators"), and such Quill personnel may have access to the personal data of individual users, and relevant Client information and data.

As a data processor, Quill will access, store and use the personal data of individual Users solely for the purpose of providing the Services via the Platform to its Clients and will process the data as instructed by its Clients. Quill as a data processor may also use anonymised data for purposes of machine learning.

As data controllers, the Clients decide which of their employees or other authorised personnel are given access to the Services. They do this by designating one or more Client Account Administrators or group administrators (“Client-Admin”) who act on behalf of the Clients, and have the ability to customise the Client's account, manage individual User accounts, access the Client-Admin tools, and populate the Client's account with their own provided content. Clients are solely responsible for establishing policies for, and ensuring compliance with, all applicable laws and regulations relating to the collection of personal information relating to individual Users selected by Clients for accessing the Services. Quill has no direct relationship with individual Users registered by Clients. Hence they should contact their Client-Admin (or a representative of their employer) for assistance with any requests or questions relating to the processing of their personal information.

For avoidance of doubt, this Privacy Statement does not apply to any processing of data to market the Services to prospective Clients or any separate Services that Quill offers that would be covered by the Privacy Policy or its own separate privacy policy or statement.

If Quill makes any substantial changes to the way it processes User data to provide the Services to Clients, Quill will notify Clients and Users.

General

1. Information that Quill collects and stores about Users

When a User is given access to the Services by the Administrator, a User may set up an individual User account and Quill will collect information provided by the User or the Client. Some data requested is necessary for Quill to create the account, but the Client may customise some of the data requested to create an account, which may include the following:

• Full Name (Necessary)
• Email Address (Necessary)
• Date of Birth
• Passport Number or National ID (May be necessary for certain features, such as the issuance of Verifiable Credentials and/or Academic Certificates)
• Prior Academic and Professional Educational History and Transcripts, and related Credentials, including enrollment, graduation dates and Certificates
• Prior Career and Job History, and related Credentials, including start and end dates of jobs and any Certificates related to their status as Qualified persons to do their jobs
• Student's selfie image for profile photos, and may be used in the authentication of their identity via a eKYC utility.

A unique identifying number is assigned by Quill upon the creation of a User account.

User profile pages may be viewable by other Users in the same Clients organisation. User Profile pages may also be viewable by individuals outside of the organisation.

Clients may be provided the option to integrate the Platform with a Single Sign On (SSO) identity provider to enable Users to log in to the Platform and access the Services. This allows Users to access their accounts without the need to disclose hashed passwords to us. Users may log in by providing their individual SSO credentials to the SSO identity provider, which will authenticate them and allow or deny access to the Client account. SSO identity providers share with us a unique cookie ID and authentication “token” information to recognise the User as an authorised user of Client.

Clients may choose whether Client-Admin and Users can interact with others (including with instructors, teaching assistants, and other users within and outside their organisations) by messaging or chatting, posting questions or answers, or posting other content. Posted content is stored by us and may be publicly available or viewable by others, including Client-Admins, Users, or instructors and teaching assistants, depending on where the content is posted.

At the option of the Client, users may have the ability to share on work platforms including Slack and Microsoft teams and other external social media platforms including LinkedIn and Facebook. This feature allows Users to manually post a message to the Client's own instance of the Slack, Microsoft Teams messaging service or other similar applications, via a public link that the User shares. This ability is dependent on the functionality of the browser or system that the User is utilising and not within the control of Quill. Users that share any data and content publicly or to through their work platforms are responsible for the information that they share. Quill is not liable for any information shared directly by Users.

The Platform and Services store course or catalogue and other related information relating to the activities of Users as they use and interact with, such as content viewed, searched for, or accessed (and information relating to that content); interactions with instructors, teaching assistants, Client-Admins, and other Users; as well as answers, essays, and any other items submitted or uploaded by Users to satisfy the educational content requirements. This information is linked to a User’s unique account ID.

Users may contact the Quill Support Team for assistance or to report a problem, concern, potential abuse, or other issues regarding the Services or other users. In order to do so, Quill may collect and store the User’s name, email address, location, operating system, IP address as well as the User’s activity on the Services and communications with the Quill Support Team. Quill may also request additional information from Users in order to resolve any issue reported by a User or by another user. IP addresses received from browsers or devices of Users may be used to determine the approximate location of Users.

In the case that a User or Client makes purchases via credit card (the "Payer"), Quill may collect certain data on behalf of the 3rd party payment gateway about the purchase (such as name and postal code) as necessary to process the order, and the Payer must provide certain payment and billing data directly to Quill’s payment processing partners, including name, credit card information, billing address and postal code. Quill may also receive limited information, like the fact that the Payer has a new card and the last four digits of that card, from 3rd party payment service providers to facilitate payments. For security, Quill does not collect or store sensitive cardholder data, such as full credit card numbers or card authentication data.

2. Purpose of User data processing and retention period

Quill processes the information collected about Users and Client-Admins for the purpose of providing the Services to its Clients, specifically:

• Providing, administering, and facilitating access to the Platform and/or the Services, for Clients and Users, and managing Client or User account preferences
• Fulfilling Client’s instructions with respect to personal data of Users
• Communicating with Users, including via email, for the purpose of:
  • Responding to User questions or concerns
  • Making notifications to Users at the request of the Client
  • Sending Users administrative messages and information, including confirmation of account creation, enrolment and progress in courses and related content, and notifications of responses from instructors to User questions
  • Providing information to Users about available content, new Services service features and personalised content recommendations, which Users can opt out of at any time
• Enabling communications among Users
• Incorporating feedback into and improving the Services
• Resolving User support requests or claims

If Quill is not able to collect and process your personal information, you may be unable to access the Platform, and some or all of the Services.

Users can individually opt out of receiving non-transactional emails by: (i) following the unsubscribe instructions provided in the email communication; or (ii) managing User account email preferences. A Client can also instruct Quill to configure email preference settings for all Users of a Client.

Retention of personal data

Quill will retain the data of Users for as long as instructed by the Clients or necessary to provide the Services, and access to the Platform that the Clients require. Quill cannot delete certain or personal data in relation to User upon request of the Client. Quill may retain aggregated or anonymised data about Users to improve our services.

Use of aggregated or anonymised data

User data is aggregated with other Services user data or anonymised to enable Quill to improve its products and services and develop new products and services, including:

• Reviewing and analysing user browser, operating system and other relevant device technical information
• Reviewing user activity across Services
• Facilitating the technical functioning of Services, including to troubleshoot and resolve issues, secure the Services, and prevent fraud and abuse
• Developing a personalised content recommendation engine

When User data is used for the above purposes, it is aggregated and/or anonymised so that no personal data of Users is processed. This non-personal data may be retained for as long as it is needed to serve the purposes identified above.

Security Measures

Quill implements industry-standard security measures to protect User data, including:

• Encryption of data during transmission and storage.
• Access controls to limit data access to authorised personnel only
• Regular security assessments and audits.

Third-Party Services and Data Retention

The Services provided may integrate with or incorporate third-party systems to provide certain services or features. In order to provide the Services to its Clients, Quill shares data regarding Users with a number of third-party service providers. These third parties are contractually required to use User data solely as directed by Quill for the purpose of providing services to the Services. While these systems are seamlessly integrated into our Service and presented under our brand, please note the following:

Data Retention and Liability:

• Any personal data processed through these third-party systems is subject to the data retention practices of those systems.
• Quill does not control the data retention policies of these third-party systems. As such, we are not responsible for how your data is stored, managed, or retained by these third parties.
• By using our Services, you acknowledge and agree that Quill is not liable for any data retention issues, data breaches, or other liabilities arising from the use of these third-party systems.
• If you have concerns about how your data is handled within our Services, please contact us directly (feedback form) for more information.

We are committed to ensuring that your data is handled with care and in compliance with applicable laws, even when using third-party systems. Such third parties are bound by contractual obligations to protect personal data and are not permitted to use personal data for any other purposes.

Cookies and other Tracking Technologies

To enhance your experience on our Platform, we use cookies and similar tracking technologies, including server log files and automated data collection tools, such as browser cookies and scripts. Cookies are small text files placed onto a computer or device while browsing the Internet. Cookies are used to collect, store, and share bits of information about User activities. Quill uses both session cookies and persistent cookies to deliver and secure the Quill service; provide functionality, like customising a user’s view or remembering a user’s preferences; and measure site, service, or feature usage. Quill may tie the information collected by these means to the unique account ID of Users.

To view a complete list of cookies and your options, Users may click the “Cookie settings” link on the footer of the Platform.

User preferences with respect to cookies and other tracking technologies

Users have control over cookies. Most web browsers allow users to manage cookie settings through their privacy settings. Users can choose to accept or block cookies, or to be notified when a cookie is set. Please note that blocking cookies may affect your ability to use certain features of our Platform, some or all of the features of the Services effectively (for example, may not be able to log in).

Various browsers may offer their own management tools for removing HTML5 LSOs.

Types of Cookies We May Use

1. Essential Cookies (Necessary): These cookies are necessary for the operation of our Platform. They enable core functionalities such as user authentication and security. Without these cookies, some parts of our Platform may not function properly.
2. Performance Cookies (Necessary): These cookies collect information about how users interact with our Platform. They help us understand which pages are visited most often, and whether users receive error messages. This information is used to improve the performance of our Platform.
3. Functionality Cookies: At this moment, we do not have or use these cookies. These cookies allow our Platform to remember choices you make, such as your language or region, and provide enhanced, more personalized features.
4. Targeting or Advertising Cookies: At this moment, we do not have or use these cookies. These cookies are typically used to deliver advertisements more relevant to you and your interests. They may also limit the number of times you see an advertisement and help measure the effectiveness of advertising campaigns.

Third-Party Cookies

We may also use third-party cookies provided by our partners and service providers. For example, cookies may be used by our analytics providers to collect information about your interactions with our Platform. These third parties have their own privacy policies and we encourage you to review them.

Cookie Consent

By using our Platform, you consent to the use of cookies as described in this Privacy Statement. If we make any substantial changes to our use of cookies, we will update this section and provide notice through the Platform.

Additional Information

For more information on how we use cookies and your options for managing them, please refer to the ICO's guidance on cookies.

Instructors who upload content on the Quill Service, as well as their teaching assistants, may receive names of enrolled Users, to enable them to respond to user questions and feedback.

To perform its services, Quill leases servers from data centres and uses cloud hosting services on which certain content and User data relating to the Services is hosted.

Quill’s Support Team hosts and stores all communications between Quill Administrators, Client-Admins or Users and the Quill Support Team. The team may need to store and process User related data solely for the purpose of providing support services to the Client, Client-Admin or User. This may include the full and temporary access to an account for the purpose of rectifying any issues, of which any personal data is removed from the Quill Support Team thereafter.

Most modern web browsers give you the option to send a Do Not Track signal to the websites you visit, indicating that you do not wish to be tracked. However, there is no accepted standard for how a website should respond to this signal, and the Services does not take any action in response to this signal. Instead, in addition to publicly available third-party tools, you may be offered choices described in this policy to manage the collection and use of information about you.

Quill shares User information with third-party companies that perform email services to enable Quill to send email communications to Users and to manage email preference settings of Users. Any other sharing of User data is subject to the consent and instructions of the Client.

Data Subject Rights

Under applicable data protection laws, Users have rights regarding their personal data, including:

• Right to Access: Users may request a copy of their personal data held by Quill.
• Right to Correction: Users may request correction of inaccurate or incomplete personal data.
• Right to Deletion: Users may request deletion of their personal data, subject to certain conditions.
• Right to Restrict Processing: Users may request restriction of processing under certain circumstances.
• Right to Data Portability: Users may request to receive their personal data in a structured, commonly used format.

To exercise these rights, Users should contact their Client-Admin or Quill Support Team as applicable. Quill may not be able to fulfil any requests without prior approval of the Client.

5. Processing of User Data outside of the EEA

Our servers and sub-processors are located in Singapore, Hong Kong and Virginia US. In order to provide the Services to you, the Services may transfer and process your data in our Servers in Singapore, Hong Kong and/or Virginia US. If personal data processed by Quill originates from a User or Client-Admin in the EEA, Quill will ensure that such processing will only take place if the non-EEA country in question ensures an adequate level of data protection the transfer is made pursuant to a Data Processing Agreement (“DPA”) executed between Quill and the Client and subject to the standard contractual clauses, designed to facilitate transfers of personal data from the EEA to all third countries, that have been adopted by the European Commission, which have been incorporated into the DPA.

User data may be processed in various jurisdictions including Singapore, Hong Kong, and the United States. Quill ensures that such transfers comply with applicable data protection laws. Data protection agreements are in place with third parties to ensure that data is handled in accordance with relevant data protection regulations.

6. Miscellaneous legal terms

Language Versions: In the event that a Client has been provided a translated version of this Business Privacy Statement in a language other than English, that translation is provided for convenience purposes only. In the event of a conflict between the English version of this Business Privacy Statement and any translated version, the English version will prevail.

Compliance with Local Laws: Quill complies with applicable data protection laws including GDPR, PDPA Singapore 2012, and other relevant local laws. This includes providing Users with rights to access, correct, or delete their personal data, where applicable.

7. Updates to this Policy

Quill may update these Policy from time to time. Quill reserves the right to modify and make changes to this Policy at its sole discretion at any time. If Quill makes any significant changes, it will notify through appropriate means such as an email notice sent to the email associated with your account or through a notice posted on the Platform. Any amendments to the Terms will become effective on the day they are posted unless stated otherwise.

By continuing to use the Platform and/or the Services after any changes to this Policy, you accept those changes. Any amended version of the Policy will supersede all previous versions of the Policy.

DRAFT: Business Privacy Statement v2 [19 Aug 2024]

This Quill Learning Pte Ltd Business Privacy Statement was last updated on date of publishing

In the course of providing the services that Quill Learning Pte Ltd ("Quill") delivers through the Quill Learning platform (“the Services”) and related services to its corporate customers (“Client”), Quill will receive and have access to the personal data of individual users to whom Clients grant access (“Users”). For the purposes of this privacy statement, Clients are data controllers and Quill is a data processor. Quill’s processing of User data and the security measures implemented to protect such data are detailed in and governed by a written agreement between Quill and each of its Clients. Client accounts are supported and administered by a Quill Super-Administrator ("Superadmin") and Quill Administrators ("Administrators"), and such Quill personnel may have access to the personal data of individual users, Client-Admin and relevant Client information and data.

As a data processor, Quill will access, store and use the personal data of individual Users solely for the purpose of providing the Services to its Clients and will process the data as instructed by its Clients. Quill as a data processor may also use anonymised data for purposes of machine learning.

As data controllers, the Clients decide which of their employees or other authorised personnel are given access to the Services. They do this by designating one or more Client Account Administrators or group administrators (“Client-Admin”) who act on behalf of the Clients, and have the ability to customise the Client's account, manage individual User accounts, access the Client-Admin tools, and populate the Client's account with their own provided content. Clients are solely responsible for establishing policies for, and ensuring compliance with, all applicable laws and regulations relating to the collection of personal information relating to individual Users selected by Clients for accessing the Services. Quill has no direct relationship with individual Users, who should contact Clients (their employer) for assistance with any requests or questions relating to the processing of their personal information.

For avoidance of doubt, this Privacy Statement does not apply to any processing of data to market the Services to prospective Clients or any separate Services that Quill offers that would be covered by the Privacy Policy or its own separate privacy policy or statement.

If Quill makes any substantial changes to the way it processes User data to provide the Services to Clients, Quill will notify Clients and Users.

General

1. Information that Quill collects and stores about Users

When a User is given access to the Services by the Administrator, a User may set up an individual User account and Quill will collect information provided by the User or the Client. The Client may customise some of the data requested to create an account, which may include the following:

• Full Name (Compulsory)
• Email Address (Compulsory)
• Date of Birth
• Passport Number or National ID (May be required for certain features, such as the issuance of Verifiable Credentials and/or Academic Certificates)
• Prior Educational History and Transcripts, and related Credentials
• Prior Career and Job History, and related Credentials
• Student's selfie image

A unique identifying number is assigned by Quill upon the creation of a User account.

User profile pages may be viewable by other Users in the same Clients organisation. User Profile pages may also be viewable by individuals outside of the organisation.

Client-Admins may assign a User to a group membership.

Clients may choose to integrate Quill Services with a Single Sign On (SSO) identity provider to enable Users to log in to the portal. User accounts without the need to disclose hashed passwords to us. Users may log in by providing their individual SSO credentials to the SSO identity provider, which will authenticate them and allow or deny access to the Customer account. SSO identity providers share with us a unique cookie ID and authentication “token” information to recognize the User as an authorised user of Customer.

Clients may choose whether Client-Admin and Users can interact with others (including with instructors, teaching assistants, and other users within and outside their organisations) by messaging or chatting, posting questions or answers, or posting other content. Posted content is stored by us and may be publicly available or viewable by others, including Client-Admins, Users, or instructors and teaching assistants, depending on where the content is posted.

At the option of the Client, users may have the ability to share on work platforms including Slack and Microsoft teams and other external social media platforms including LinkedIn and Facebook. This feature allows Users to manually post a message to the Client's own instance of the Slack or Microsoft Teams messaging service, via a public link that the User shares. This ability is dependent on the functionality of the browser or system that the User is utilising and not within the control of Quill.

The Service stores course and other related information relating to the activities of Users as they use and interact with the Services, such as content viewed, searched for, or accessed (and information relating to that content); interactions with instructors, teaching assistants, Client-Admin, and other Users; as well as answers, essays, and any other items submitted or uploaded by Users to satisfy the educational content requirements. This information is linked to a User’s unique account ID.

Users may contact the Quill Support Team for assistance or to report a problem, concern, potential abuse, or other issues regarding the Services or other users. In order to do so, Quill may collect and store the User’s name, email address, location, operating system, IP address as well as the User’s activity on the Services and communications with the Quill Support Team. Quill may also request additional information from Users in order to resolve any issue reported by a User or by another user. IP addresses received from browsers or devices of Users may be used to determine the approximate location of Users.

In the case that a User or Client makes purchases via credit card (the "Payer"), Quill may collect certain data on behalf of the 3rd party payment gateway about the purchase (such as name and postal code) as necessary to process the order, and the Payer must provide certain payment and billing data directly to Quill’s payment processing partners, including name, credit card information, billing address and postal code. Quill may also receive limited information, like the fact that the Payer has a new card and the last four digits of that card, from 3rd party payment service providers to facilitate payments. For security, Quill does not collect or store sensitive cardholder data, such as full credit card numbers or card authentication data.

2. Purpose of User data processing and retention period

Quill processes the information collected about Users and Client-Admins for the purpose of providing the Services to its Clients, specifically:

• Providing, administering, and facilitating access to the Services, for Clients and Users, and managing Client or User account preferences
• Fulfilling Client’s instructions with respect to personal data of Users
• Communicating with Users, including via email, for the purpose of:
  • Responding to User questions or concerns
  • Making notifications to Users at the request of the Client
  • Sending Users administrative messages and information, including confirmation of account creation, enrolment and progress in courses and related content, and notifications of responses from instructors to User questions
  • Providing information to Users about available content, new Services service features and personalised content recommendations, which Users can opt out of at any time
• Enabling communications among Users
• Incorporating feedback into and improving the Services
• Resolving User support requests or claims

If Quill is not able to collect and process your personal information, you may be unable to access some or all of the Services.

Users can individually opt out of receiving non-transactional emails by: (i) following the unsubscribe instructions provided in the email communication; or (ii) managing User account email preferences. A Client can also instruct Quill to configure email preference settings for all Users of a Client.

Retention of personal data

Quill will retain the data of Users for as long as instructed by the Clients or necessary to provide the Services that the Clients require. Quill cannot delete certain or personal data in relation to User upon request of the Client. Quill may retain aggregated or anonymized data about Users.

Use of aggregated or anonymized data

User data is aggregated with other Services user data or anonymised to enable Quill to improve its products and services and develop new products and services, including:

• Reviewing and analysing user browser and wireless device technical information
• Reviewing user activity across Services
• Facilitating the technical functioning of Services, including to troubleshoot and resolve issues, secure the Services, and prevent fraud and abuse
• Developing a personalized content recommendation engine

When User data is used for the above purposes, it is aggregated and/or anonymised so that no personal data of Users is processed. This non-personal data may be retained for as long as it is needed to serve the purposes identified above.

Third-Party Services and Data Retention

The Services provided may integrate with or incorporate third-party systems to provide certain services or features. While these systems are seamlessly integrated into our Service and presented under our brand, please note the following:

Data Retention and Liability:

• Any personal data processed through these third-party systems is subject to the data retention practices of those systems.
• Quill does not control the data retention policies of these third-party systems. As such, we are not responsible for how your data is stored, managed, or retained by these third parties.
• By using our Services, you acknowledge and agree that Quill is not liable for any data retention issues, data breaches, or other liabilities arising from the use of these third-party systems.
• If you have concerns about how your data is handled within our Services, please contact us directly for more information.

We are committed to ensuring that your data is handled with care and in compliance with applicable laws, even when using third-party systems.

Private

Like many online platforms, Quill uses server log files and automated data collection tools, such as browser cookies and scripts. Cookies are small text files placed onto a computer or device while browsing the Internet. Cookies are used to collect, store, and share bits of information about User activities. Quill uses both session cookies and persistent cookies to deliver and secure the Quill service; provide functionality, like customising a user’s view or remembering a user’s preferences; and measure site, service, or feature usage. Quill may tie the information collected by these means to the unique account ID of Users.

To view a complete list of cookies and your options, Users may click the “Cookie settings” link on the footer of the Services.

User preferences with respect to cookies and other tracking technologies

Users can adjust their cookie settings by clicking the “Cookie settings” link on the footer of the Services, or they may set their web browser to notify them about the placement of new cookies, limit the type of cookies or reject cookies altogether. If a browser is set to block cookies, Users may not be able to use some or all of the features of the Services (for example, may not be able to log in).

Various browsers may offer their own management tools for removing HTML5 LSOs.

Sharing User Information

In order to provide the Services to its Clients, Quill shares data regarding Users with a number of third-party service providers. These third parties are contractually required to use User data solely as directed by Quill for the purpose of providing services to the Services. Client-Admins of existing Clients are able to access our list of current sub-processors on the left sidebar of this page while logged in to the service.

Instructors who upload content on the Quill Service, as well as their teaching assistants, may receive names of enrolled Users, to enable them to respond to user questions and feedback.

To perform its services, Quill leases servers from data centres and uses cloud hosting services on which certain content and User data relating to the Services is hosted.

Quill’s Support Team hosts and stores all communications between Quill Administrators, Client-Admins or Users and the Quill Support Team. The team may need to store and process User related data solely for the purpose of providing support services to the Client, Client-Admin or User. This may include the full and temporary access to an account for the purpose of rectifying any issues, of which any personal data is removed from the Quill Support Team thereafter.

Most modern web browsers give you the option to send a Do Not Track signal to the websites you visit, indicating that you do not wish to be tracked. However, there is no accepted standard for how a website should respond to this signal, and the Services does not take any action in response to this signal. Instead, in addition to publicly available third-party tools, you may be offered choices described in this policy to manage the collection and use of information about you.

Quill shares User information with third-party companies that perform email services to enable Quill to send email communications to Users and to manage email preference settings of Users. Any other sharing of User data is subject to the consent and instructions of the Client.

Processing of User Data outside of the EEA

Our servers and sub-processors are located in Singapore, Hong Kong and Virginia US. In order to provide the Services to you, the Services will transfer and process your data in Singapore. If personal data processed by Quill originates from a User or Client-Admin in the EEA, Quill will ensure that such processing will only take place if the non-EEA country in question ensures an adequate level of data protection the transfer is made pursuant to a Data Processing Agreement (“DPA”) executed between Quill and the Client and subject to the standard contractual clauses, designed to facilitate transfers of personal data from the EEA to all third countries, that have been adopted by the European Commission, which have been incorporated into the DPA.

General

In the event that a Client has been provided a translated version of this Business Privacy Statement in a language other than English, that translation is provided for convenience purposes only. In the event of a conflict between the English version of this Business Privacy Statement and any translated version, the English version will prevail.

DRAFT: Business Privacy Statement v1.0 [4 May 2024]

Quill Learning Business Privacy Statement

This Quill Learning Business Privacy Statement was last updated on Date.

In the course of providing the services that Quill Learning Pte Ltd ("Quill") delivers through the Quill Learning platform (“the Services”) and related services to its corporate customers (“Clients”), Quill will receive and have access to the personal data of individual users to whom clients grant access (“Users”). For the purposes of this privacy statement, Clients are data controllers and Quill is a data processor. Quill’s processing of User data and the security measures implemented to protect such data are detailed in and governed by a written agreement between Quill and each of its Clients.

As a data processor, Quill will access, store and use the personal data of individual Users solely for the purpose of providing the Services to its Clients and will process the data as instructed by its Clients. Quill as data processor may also use anonymised data including collected for the purpose of machine learning.

As data controllers, Clients decide which of their employees or other authorized personnel are given access to the Services. They do this by designating one or more Client Account Administrators or group administrators (“Client-Admin”) who act on behalf of the Clients, and have the ability to customize the Client's account, manage individual User accounts, access the Client-Admin tools, and populate the Client's account with their own provided content. Clients are solely responsible for establishing policies for, and ensuring compliance with, all applicable laws and regulations relating to the collection of personal information relating to individual Users selected by Clients for accessing the Services. Quill has no direct relationship with individual Users, who should contact Clients (their employer) for assistance with any requests or questions relating to the processing of their personal information.

For avoidance of doubt, this Privacy Statement does not apply to any processing of data to market the Services to prospective Clients or any separate Services that Quill offers that would be covered by the Privacy Policy or its own separate privacy policy or statement.

If Quill makes any substantial changes to the way it processes User data to provide the Services to Clients, Quill will notify Clients.

General

1. Information that Quill collects and stores about Users

When a User is given access to the Services by the Administrator, a User may set up an individual User account and Quill will collect information provided by the User or the Administrator. The Client may customize some of the data requested to create an account, which may include the following:

• Date of Birth
• Full Name
• Email Address
• Passport Number
• National ID
• Enrolment date time
• Graduation date time
• Transcript
• Student's related document
• Student's selfie image

A unique identifying number is assigned by Quill upon the creation of a User account.

User profile pages may be viewable by other Users in the same Clients organization. User Profile pages may also be viewable by individuals outside of the organization.

Administrators may assign a User to a group membership.

Clients may choose to integrate Quill Platform with a Single Sign On (SSO) identity provider to enable Users to log in to the portal. User accounts without the need to disclose hashed passwords to us. Users may log in by providing their individual SSO credentials to the SSO identity provider, which will authenticate them and allow or deny access to the Client account. SSO identity providers share with us a unique cookie ID and authentication “token” information to recognize the User as an authorized user of Client.

Clients may choose whether Administrators and Users can interact with others (including with instructors, teaching assistants, and other students) by posting reviews about educational content, messaging or chatting, posting questions or answers, or posting other content. Posted content is stored by us and may be publicly available or viewable by others, including Administrators, Users, or instructors and teaching assistants, depending on where the content is posted.

At the option of the Client, Administrators may enable the ability to share on work platforms including Slack and Microsoft teams and other external social media platforms including LinkedIn and Facebook. This feature allows Users to manually or automatically post a message to the Client's own instance of the Slack messaging service. To enable this optional functionality, Client's Slack administrators must grant Quill the ability to read the full list of public channels, private channels, and users in the Client's Slack instance. These lists may include individuals in Client's Slack instance who are not Quill Users. Slack user lists and channels are briefly cached before being automatically purged from Quill's systems.

This information is linked to a User’s unique account ID and is shared with Clients via the Client's Account reporting tools or upon request of the Client.

The Quill service enables Users to contact our Support Team for assistance or to report a problem, concern, potential abuse, or other issues regarding the Services or other users. We may request additional information from Users in order to resolve any issue reported by a User or by another user.

IP addresses received from browsers or devices of Users may be used to determine the approximate location of Users.

In the case that a User or Client makes purchases via credit card (the "Payer"), Quill collects certain data about the purchase (such as name and postal code) as necessary to process the order, and the Payer must provide certain payment and billing data directly to Quill’s payment processing partners, including name, credit card information, billing address and postal code. Quill may also receive limited information, like the fact that Clients have a new card and the last four digits of that card, from 3rd party payment service providers to facilitate payments. For security, Quill does not collect or store sensitive cardholder data, such as full credit card numbers or card authentication data.

2. Purpose of User data processing and retention period

Quill processes the information collected about Users and Administrators for the purpose of providing the Services to its Clients, specifically:

• Providing, administering, and facilitating access to the Services, for Clients and Users, and managing Client or User account preferences
• Fulfilling Client’s instructions with respect to personal data of Users
• Communicating with Users, including via email, for the purpose of:
  • Responding to User questions or concerns
  • Making notifications to Users at the request of the Client
  • Sending Users administrative messages and information, including confirmation of account creation, enrolment and progress in courses and related content, and notifications of responses from instructors to User questions
  • Providing information to Users about available content, new Quill Learning service features and personalized content recommendations, which Users can opt out of at any time
• Enabling communications among Users
• Incorporating feedback into and improving the Services
• Resolving User support requests or claims

If we are not able to collect and process your personal information, we may be unable to provide some or all of the Services to you.

Quill will retain the data of Users for as long as instructed by the Clients and no longer than required to serve the purposes of processing. Quill is not able to delete certain or all personal data relating to Users upon request of the Clients. Quill may retain aggregated or anonymized data about Users.

Use of aggregated or anonymized data

User data is aggregated with other Quill Learning user data or anonymized to enable Quill to improve its products and services and develop new products and services, including:

• Reviewing and analyzing User browser and wireless device technical information
• Reviewing user activity across Quill Learning
• Facilitating the technical functioning of Quill Learning, including to troubleshoot and resolve issues, secure the Services, and prevent fraud and abuse
• Developing a personalized content recommendation engine

When User data is used for the above purposes, it is aggregated and/or anonymized so that no personal data of Users is processed. This non-personal data may be retained for as long as it is needed to serve the purposes identified above.

Like many online platforms, Quill uses server log files and automated data collection tools, such as browser cookies and scripts. Cookies are small text files placed onto a computer or device while browsing the Internet. Cookies are used to collect, store, and share bits of information about User activities. Quill uses both session cookies and persistent cookies to deliver and secure the Quill service; provide functionality, like customizing a user’s view or remembering a user’s preferences; and measure site, service, or feature usage. Quill may tie the information collected by these means to the unique account ID of Users.

To view a complete list of cookies and your options, Users may click the “Cookie settings” link on the footer of the Quill site.

User preferences with respect to cookies and other tracking technologies

Users can adjust their cookie settings by clicking the “Cookie settings” link on the footer of the Quill site, or they may set their web browser to notify them about the placement of new cookies, limit the type of cookies or reject cookies altogether. If a browser is set to block cookies, Users may not be able to use some or all of the features of the Services (for example, may not be able to log in). General information about cookies and how to disable them can be found at https://cookiepedia.co.uk/all-about-cookies.

Various browsers may offer their own management tools for removing HTML5 LSOs.

Most modern web browsers give you the option to send a Do Not Track signal to the websites you visit, indicating that you do not wish to be tracked. However, there is no accepted standard for how a website should respond to this signal, and we do not take any action in response to this signal. Instead, in addition to publicly available third-party tools, we offer you the choices described in this policy to manage the collection and use of information about you.

Quill shares User information with third-party companies that perform email services to enable Quill to send email communications to Users and to manage email preference settings of Users. Any other sharing of User data is subject to the consent and instructions of the Customer.

Processing of User Data outside of the EEA

Our servers and subprocessors are located in Singapore, Hong Kong and Virginia US. In order to provide the Services to you, we transfer and process your data in Singapore. If personal data processed by Quill originates from a User or Administrator in the EEA, Quill will ensure that such processing will only take place if the non-EEA country in question ensures an adequate level of data protection the transfer is made pursuant to a Data Processing Agreement (“DPA”) executed between Quill and the Customer and subject to the standard contractual clauses, designed to facilitate transfers of personal data from the EEA to all third countries, that have been adopted by the European Commission, which have been incorporated into the DPA.

General

In the event that a Customer has been provided a translated version of the Quill Learning Business Privacy Statement in a language other than English, that translation is provided for convenience purposes only. In the event of a conflict between the English version of this Business Privacy Statement and any translated version, the English version will prevail.

Please check this reflects how Quill actually works.

Customise depending on what must/can be input into Quill.

I need this to be reviewed by someone on the Quill side for applicability before I can edit it.

I would imagine Quill will also not directly store credit card information but please confirm.

Needs to be checked for accuracy with Quill team.

Needs to be required on Quill side before I can edit.

I haven’t had time to review this but most of this is very specific and needs to be reviewed on the Quill side anyway.

End user privacy policy

PRIVACY POLICY

Thank you for joining Quill. We at Quill Learning Pte Ltd (“Quill”, “we”, “us”) respect your privacy and want you to understand how we collect, use, and share data about you. This Privacy Policy covers our data collection practices and describes your rights regarding your personal data.

Unless we link to a different policy or state otherwise, this Privacy Policy applies when you visit or use Quill’s Platform (the "Platform") and related services (the “Services”). It also applies to prospective Users of our business and enterprise products.

By assessing the Platform and using the Services, you agree to the terms of this Privacy Policy. You shouldn’t use the Services if you don’t agree with this Privacy Policy or any other agreement that governs your use of the Services.

Table of Contents

• 1. What Data We Get
• 2. How We Get Data About You
• 3. What We Use Your Data For
• 4. Who We Share Your Data With
• 5. Security
• 6. Your Rights
• 7. Jurisdiction-Specific Rules
• 8. Updates & Contact Info

1. Information that Quill collects and stores about Users?

We collect certain data from you directly, like information you enter yourself, data about your consumption of content, and data from third-party platforms you connect with Quill Platform. We also collect some data automatically, like information about your device and what parts of our Services you interact with or spend time using. All data listed in this section is subject to the following processing activities: collecting, recording, structuring, storing, altering, retrieving, encrypting, pseudonymizing, erasing, combining, and transmitting.

1.1 Data You Provide to Us

The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

• Full Name (Necessary)
• Email Address (Necessary)
• Date of Birth
• Account Data
• Profile Data
• Shared content
• Learning Data
• Student Payment Data
• Instructor Payment Data
• Data About Your Accounts on Other Services
• Communications and Support
• Passport Number or National ID (May be necessary for certain features, such as the issuance of Verifiable Credentials and/or Academic Certificates)
• Prior Academic and Professional Educational History and Transcripts, and related Credentials, including enrolment, graduation dates and Certificates
• Prior Career and Job History, and related Credentials, including start and end dates of jobs and any Certificates related to their status as Qualified persons to do their jobs
• Student's selfie image for profile photos, and may be used in the authentication of their identity via a eKYC utility.

You may have been added to this Service by your Employer, School or other organisations. For more information please contact your representative.

1.2 Information automatically collected

When you access the Services (including browsing content), we collect certain data by automated means, including:

• System Data
• Usage Data
• Approximate Geographic Data

The data listed above is collected through the use of server log files and tracking technologies, as detailed in the “Cookies and Data Collection Tools” section below. It is stored by us and associated with your account.

1.3 Information collected from Third Parties

If you are a Quill' Business enterprise or corporate prospect, in addition to information you submit to us, we may collect certain business contact information from third-party commercial sources.

In the case that a User or Client makes purchases via credit card (the "Payer"), Quill may collect certain data on behalf of the 3rd party payment gateway about the purchase (such as name and postal code) as necessary to process the order, and the Payer must provide certain payment and billing data directly to Quill’s payment processing partners, including name, credit card information, billing address and postal code. Quill may also receive limited information, like the fact that the Payer has a new card and the last four digits of that card, from 3rd party payment service providers to facilitate payments. For security, Quill does not collect or store sensitive cardholder data, such as full credit card numbers or card authentication data.

2. How We Get Data About You

We use tools like cookies, web beacons, and similar tracking technologies to gather the data listed above. Some of these tools offer you the ability to opt out of data collection.

2.1 Cookies and Data Collection Tools

To enhance your experience on our Platform, we use cookies and similar tracking technologies, including server log files and automated data collection tools, such as browser cookies and scripts. Cookies are small text files placed onto a computer or device while browsing the Internet. Cookies are used to collect, store, and share bits of information about User activities. Quill Platform uses both session cookies and persistent cookies to deliver and secure Quill' service; provide functionality, like customising a user’s view or remembering a user’s preferences; and measure site, service, or feature usage. Quill may tie the information collected by these means to the unique account ID of Users.

To view a complete list of cookies and your options, Users may click the “Cookie settings” link on the footer of the Platform.

User preferences with respect to cookies and other tracking technologies

Users have control over cookies. Most web browsers allow users to manage cookie settings through their privacy settings. Users can choose to accept or block cookies, or to be notified when a cookie is set. Please note that blocking cookies may affect your ability to use certain features of our Platform, some or all of the features of the Services effectively (for example, may not be able to log in).

Various browsers may offer their own management tools for removing HTML5 LSOs.

2.2 Why We Use Data Collection Tools

Quill Platform uses the following types of Data Collection Tools for the purposes described:

• Strictly Necessary: These Data Collection Tools enable you to access the site, provide basic functionality (like logging in or accessing content), secure the site, protect against fraudulent logins, and detect and prevent abuse or unauthorised use of your account. These are required for the Services to work properly, so if you disable them, parts of the site will break or be unavailable.
• Functional: These Data Collection Tools remember data about your browser and your preferences, provide additional site functionality, customize content to be more relevant to you, and remember settings affecting the appearance and behaviour of the Services (like your preferred language or volume level for video playback).
• Performance: These Data Collection Tools help measure and improve the Services by providing usage and performance data, visit counts, traffic sources, or where an application was downloaded from. These tools can help us test different versions of Quill Platform to see which features or content users prefer and determine which email messages are opened.
• Advertising: These Data Collection Tools are used to deliver relevant ads (on the site and/or other sites) based on things we know about you like your Usage and System Data (as detailed in Section 1), and things that the ad service providers know about you based on their tracking data. The ads can be based on your recent activity or activity over time and across other sites and services. To help deliver tailored advertising, we may provide these service providers with a hashed, anonymized version of your email address (in a non-human-readable form) and content that you share publicly on the Services.

You can individually opt out of receiving non-transactional emails by: (i) following the unsubscribe instructions provided in the email communication; or (ii) managing User account email preferences.

If Quill is not able to collect and process your personal information, you may be unable to access the Platform, and some or all of the Services.

Social Media

These Data Collection Tools enable social media functionality, like sharing on work platforms including Slack, Microsoft teams and other external social media platforms such as LinkedIn and Facebook. These cookies may track a user or device across other sites and build a profile of user interests for targeted advertising purposes.

You can set your web browser to alert you about attempts to place cookies on your computer, limit the types of cookies you allow, or refuse cookies altogether. If you do, you may not be able to use some or all features of the Services, and your experience may be different or less functional. To learn more about managing Data Collection Tools, refer to Section 6.1 (Your Choices About the Use of Your Data) below.

3. What We Use Your Data For

We use your data to do things like provide our Services, communicate with you, troubleshoot issues, secure against fraud and abuse, improve and update our Services, analyse how people use our Services, serve personalised advertising, and as required by law or necessary for safety and integrity. We retain your data for as long as it is needed to serve the purposes for which it was collected.

We use the data we collect through your use of the Services to:

• Provide and administer the Services, including to facilitate participation in educational content, issue completion certificates, display customized content, and facilitate communication with other users (Account Data; Shared Content; Learning Data; System Data; Usage Data; Approximate Geographic Data);
• Process payments to instructors and other third parties (Student Payment Data; Instructor Payment Data);
• Process your requests and orders for educational content, products, specific services, information, or features (Account Data; Learning Data; Student Payment Data; System Data; Communications and Support);
• Communicate with you about your account by (Account Data; Shared Content; Learning Data; Sweepstakes, Promotions, and Surveys; System Data; Communications and Support):
  • Responding to your questions and concerns;
  • Sending you administrative messages and information, including messages from instructors, students, and teaching assistants; notifications about changes to our Service; and updates to our agreements;
  • Sending you information, such as by email or text messages, about your progress in courses and related content, rewards programs, new services, new features, promotions, newsletters, and other available instructor-created content (which you can opt out of at any time);
  • Sending push notifications to your wireless device to provide updates and other relevant messages (which you can manage from the “options” or “settings” page of the mobile app);
• Manage your account and account preferences and personalize your experience (Account Data; Learning Data; Student Payment Data; Instructor Payment Data; System Data, Usage Data, Cookie Data);
• Facilitate the Services’ technical functioning, including troubleshooting and resolving issues, securing the Services, and preventing fraud and abuse (Account Data; Student Payment Data; Instructor Payment Data; Communications and Support; System Data; Approximate Geographic Location);
• Verify the identity of instructors (Account Data; Instructor Payment Data);
• Solicit feedback from users (Account Data; Communications and Support);
• Market products, services, surveys, and promotions (Account Data; Learning Data; Sweepstakes, Promotions, and Surveys; Usage Data; Cookie Data);
• Market Subscription Plans to prospective customers (Account Data; Learning Data; Cookie Data);
• Learn more about you by linking your data with additional data through third-party data providers and/or analyzing the data with the help of analytics service providers (Account Data; Data About Your Accounts on Other Services; Usage Data; Cookie Data);
• Identify unique users across devices (Account Data; System Data; Cookie Data);
• Tailor advertisements across devices (Cookie Data);
• Improve our Services and develop new products, services, and features (all data categories), including through the use of AI consistent with the Instructor GenAI Policy (Instructor Shared Content);
• Analyse trends and traffic, track purchases, and track usage data (Account Data; Learning Data; Student Payment Data; Communications and Support; System Data; Usage Data; Approximate Geographic Data; Cookie Data);
• Advertise the Services on third-party websites and applications (Account Data; Cookie Data);
• As required or permitted by law (all data categories); or
• As we, in our sole discretion, otherwise determine to be necessary to ensure the safety or integrity of our users, employees, third parties, the public, or our Services (all data categories).

4. Sharing User Information

To perform its services, Quill Platform leases servers from data centres and uses cloud hosting services on which certain content and User data relating to the Services is hosted.

Quill’s Support Team hosts and stores all communications between you and our Support Team. The team may need to store and process User related data solely for the purpose of providing support services to you. This may include the full and temporary access to an account for the purpose of rectifying any issues, of which any personal data is removed from the Quill Support Team thereafter.

We may share your data with third parties under the following circumstances or as otherwise described in this Privacy Policy:

With Your Instructors:

We share data that we have about you (except your email address) with instructors or teaching assistants for educational content you access or request information about, so they can improve their content for you and other students. This data may include things like your country, browser language, operating system, device settings, the site that brought you to Quill Platform, and certain activities on Quill Platform, like enrolled courses and course review. We will not share your email address with instructors or teaching assistants. (Account Data; System Data; Usage Data; Approximate Geographic Data)

With Other Students and Instructors:

Depending on your settings, your Shared Content and profile data may be publicly viewable, including to other students and instructors. If you ask a question to an instructor or teaching assistant, your information (including your name) may also be publicly viewable. (Account Data; Profile Data; Shared Content)

With Service Providers, Contractors, and Agents:

We share your data with third-party companies who perform services on our behalf, like payment processing, fraud and abuse prevention, data analysis, marketing and advertising services (including retargeted advertising), email and hosting services, and customer services and support. These service providers may access your personal data and are required to use it solely as we direct, to provide our requested service. (All data categories)

With Quill Affiliates:

We may share your data within our corporate family of companies that are related by common ownership or control to enable or support us in providing the Services. (All data categories)

With Business Partners:

We have agreements with other websites and platforms to distribute our Services and drive traffic to the Platform. Depending on your location, we may share your data with these trusted partners. (Account Data; Learning Data; Communications and Support; System Data)

With Credit-Granting Organisations for Continuing Education:

If you take a course to fulfil a continuing professional education requirement, we may share that information upon request of the organisation granting the continuing education credit. (Account Data; Learning Data)

With Analytics and Data Enrichment Services:

As part of our use of third-party analytics tools like Google Analytics and data enrichment services like ZoomInfo, we share certain contact information or de-identified data. De-identified data means data where we’ve removed things like your name and email address and replaced it with a token ID. This allows these providers to provide analytics services or match your data with publicly-available database information (including contact and social information from other sources). We do this to communicate with you in a more effective and customized manner. (Account Data; System Data; Usage Data; Cookie Data)

To Power Social Media Features:

The social media features in the Services may allow the third-party social media provider to collect things like your IP address and which page of the Services you’re visiting, and to set a cookie to enable the feature. Your interactions with these features are governed by the third-party company’s privacy policy. (System Data; Usage Data; Cookie Data)

To Administer Promotions and Surveys:

We may share your data as necessary to administer, market, or sponsor promotions and surveys you choose to participate in, as required by applicable law (like to provide a winners list or make required filings), or in accordance with the rules of the promotion or survey. (Account Data; Sweepstakes, Promotions, and Surveys)

For Advertising:

If we decide to use an advertising-supported revenue model in the future, we may use and share certain System Data and Usage Data with third-party advertisers and networks to show general demographic and preference information among our users. We may also allow advertisers to collect System Data through Data Collection Tools (as detailed in Section 2.1), to use this data to offer you targeted ad delivery to personalise your user experience (through behavioural advertising) and to undertake web analytics. Advertisers may also share with us the data they collect about you. To learn more or opt out from participating ad networks’ behavioural advertising, see Section 6.1 (Your Choices About the Use of Your Data) below. Note that if you opt out, you’ll continue to be served generic ads. (System Data)

For Security and Legal Compliance:

We may disclose your data (all data categories) to third parties if we (in our sole discretion) have a good faith belief that the disclosure is:

• Requested as part of a judicial, governmental, or legal inquiry, order, or proceeding;
• Reasonably necessary as part of a valid subpoena, warrant, or other legally-valid request;
• Reasonably necessary to enforce our Terms of Use, Privacy Policy, and other legal agreements;
• Required to detect, prevent, or address fraud, abuse, misuse, potential violations of law (or rule or regulation), or security or technical issues;
• Reasonably necessary in our discretion to protect against imminent harm to the rights, property, or safety of Quill, our users, employees, members of the public, or our Services;
• We may also disclose data about you to our auditors and legal advisors in order to assess our disclosure obligations and rights under this Privacy Policy; or
• Required or permitted by law.

During a Change in Control:

If Quill undergoes a business transaction like a merger, acquisition, corporate divestiture, or dissolution (including bankruptcy), or a sale of all or some of its assets, we may share, disclose, or transfer all of your data to the successor organization during such transition or in contemplation of a transition (including during due diligence). (All data categories)

After Aggregation/De-identification:

We may disclose or use aggregated or de-identified data for any purpose.

With Your Permission:

With your consent, we may share data to third parties outside the scope of this Privacy Policy. (All data categories)

If you click on any links to third-party sites, the collection, use, and disclosure of your personal data is governed by the third-party’s privacy policy.

Security

Quill Platform implements industry-standard security measures to protect your data, including:

• Encryption of data during transmission and storage.
• Access controls to limit data access to authorised personnel only
• Regular security assessments and audits.

We use appropriate security based on the type and sensitivity of data being stored.

As with any internet-enabled system, there is always a risk of unauthorised access, so it’s important to protect your password and to contact us if you suspect any unauthorised access to your account.

Quill takes appropriate security measures to protect against unauthorised access, alteration, disclosure, or destruction of your personal data that we collect and store. These measures vary based on the type and sensitivity of the data. Unfortunately, however, no system can be 100% secured, so we cannot guarantee that communications between you and Quill Platform, the Services, or any information provided to us in connection with the data we collect through the Services will be free from unauthorised access by third parties. Your password is an important part of our security system, and it is your responsibility to protect it. You should not share your password with any third party, and if you believe your password or account has been compromised, you should change it immediately and contact our Support Team with any concerns.

Your Rights

You have certain rights around the use of your data, including the ability to opt out of promotional emails, cookies, and collection of your data by certain third parties. You can update or terminate your account from within our Services, and can also contact us for individual rights requests about your personal data. Parents who believe we’ve unintentionally collected personal data about their underage child should contact us for help deleting that information.

7. Jurisdiction-Specific Rules

Any dispute relating to the construction and subject matter of the Terms shall be subject to the jurisdiction of the courts of Singapore. Any dispute arising out of or in connection with this Terms, including any question regarding its existence, validity or termination, shall be referred to and finally resolved by arbitration administered by the Singapore International Arbitration Centre (“SIAC”) in accordance with the Arbitration Rules of the Singapore International Arbitration Centre (“SIAC Rules”) for the time being in force, which rules are deemed to be incorporated by reference in this clause.

7.1 Data Privacy Framework

Data Protection Compliance: Users located in the following regions listed below are advised that third-party websites linked through the Platform and/or the Services may not comply with the corresponding laws listed below. Quill disclaims any liability for the processing of personal data by third-party websites. Users should review the privacy notices of such websites to understand how their personal data will be processed and protected, and familiarize themselves with applicable laws and the privacy practices of third-party websites.

• United Kingdom and European Union: General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)
• Singapore: Personal Data Protection Act 2012 (PDPA), Personal Data Protection (Amendment) Act 2020
• Countries within Africa: including but not limited to the African Union Convention on Cyber Security and Personal Data Protection 2014 (Malabo Convention), Zimbabwe’s Data Protection Act 2021. Specific laws may vary by country.

8. Updates & Contact Info

When we make a material change to this policy, we’ll notify users via email, in-product notice, or another mechanism required by law. Changes become effective the day they’re posted. Please contact us via email or postal mail with any questions, concerns, or disputes.

8.1 Modifications to This Privacy Policy

From time to time, we may update this Privacy Policy. If we make any material change to it, we will notify you via email, through a notification posted on the Services, or as required by applicable law. We will also include a summary of the key changes. Unless stated otherwise, modifications will become effective on the day they are posted.

As permitted by applicable law, if you continue to use the Services after the effective date of any change, then your access and/or use will be deemed an acceptance of (and agreement to follow and be bound by) the revised Privacy Policy. The revised Privacy Policy supersedes all previous Privacy Policies.

8.2 Interpretation

Any capitalized terms not defined in this policy are defined as specified in Quill's Terms of Use. Any version of this Privacy Policy in a language other than English is provided for convenience. If there is any conflict with a non-English version, you agree that the English language version will control.

8.3 Questions

If you have any questions, concerns, or disputes regarding our Privacy Policy, please feel free to contact our privacy team (including our Data Protection Officer) at (Website). You can also send postal mail to us at (address).

Data Subject Rights

Under applicable data protection laws, Users have rights regarding their personal data, including:

• Right to Access: Users may request a copy of their personal data held by Quill.
• Right to Correction: Users may request correction of inaccurate or incomplete personal data.
• Right to Deletion: Users may request deletion of their personal data, subject to certain conditions.
• Right to Restrict Processing: Users may request restriction of processing under certain circumstances.
• Right to Data Portability: Users may request to receive their personal data in a structured, commonly used format.

To exercise these rights, Users should contact their Client-Admin or Quill Support Team as applicable. Quill may not be able to fulfill any requests without prior approval of the Client.

6.1 Your Choices About the Use of Your Data

You can choose not to provide certain data to us, but you may not be able to use certain features of the Services.

To stop receiving promotional communications from us, you can opt out by using the unsubscribe mechanism in the promotional communication you receive or by changing the email preferences in your account. Note that regardless of your email preference settings, we will send you transactional and relationship messages regarding the Services, including administrative confirmations, order confirmations, important updates about the Services, and notices about our policies.

If you’re located in the European Economic Area, you may opt out of certain Data Collection Tools by clicking the “Cookie settings“ link at the bottom of any page.

The browser or device you use may allow you to control cookies and other types of local data storage. To learn more about managing cookies, visit https://cookiepedia.co.uk/how-to-manage-cookies. Your wireless device may also allow you to control whether location or other data is collected and shared.

To get information and control cookies used for tailored advertising from participating companies, see the consumer opt-out pages for the Network Advertising Initiative and Digital Advertising Alliance, or if you’re located in the European Economic Area, visit the Your Online Choices site. If you’re located in Japan, visit the Digital Advertising Consortium. To opt out of Google’s display advertising or customize Google Display Network ads, visit the Google Ads Settings page. To opt out of Taboola’s targeted ads, see the Opt-out Link in their Cookie Policy.

To opt out of allowing Google Analytics, Mixpanel, ZoomInfo, or Clearbit to use your data for analytics or enrichment, see the Google Analytics Opt-out Browser Add-on, Mixpanel Opt-Out Cookie, ZoomInfo’s policy, and Clearbit data claiming mechanism.

Apple iOS, Android OS, and Microsoft Windows each provide their own instructions on how to control in-app tailored advertising. For other devices and operating systems, you should review your privacy settings on that platform.

If you have any questions about your data, our use of it, or your rights, contact us at (Contact details).

6.2 Accessing, Updating, and Deleting Your Personal Data

You can access and update your personal data that Quill Platform collects and maintains as follows:

To update data you provide directly, log into your account and update your account at any time.

To terminate your account:

If you are a student, visit your profile settings page and follow the steps detailed here.

If you are an instructor, follow the steps detailed here.

If you have any issues terminating your account, please contact our Support Team.

Please note: even after your account is terminated, some or all of your data may still be visible to others, including without limitation any data that has been (a) copied, stored, or disseminated by other users (including comments on content); (b) shared or disseminated by you or others (including in your shared content); or (c) posted to a third-party platform. Even after your account is terminated, we retain your data for as long as we have a legitimate purpose to do so (and in accordance with applicable law), including to assist with legal obligations, resolve disputes, and enforce our agreements. We may retain and disclose such data pursuant to this Privacy Policy after your account has been terminated.

To request to access, correct, or delete your personal data, please use our online form here. You can also submit these requests by emailing (Email). Please allow up to 30 days for a response. For your protection, we may require that the request be sent through the email address associated with your account, and we may need to verify your identity before implementing your request. Please note that we retain certain data where we have a lawful basis to do so, including for mandatory record-keeping and to complete transactions.

6.3 Our Policy Concerning Children

We recognize the privacy interests of children and encourage parents and guardians to take an active role in their children’s online activities and interests. Individuals younger than 18 years of age, but of the required age for consent to use online services where they live (for example, 13 in the US or 16 in Ireland), may not set up an account, but may have a parent or guardian open an account and help them access appropriate content. Individuals younger than the required age for consent to use online services may not use the Services. If we learn that we’ve collected personal data from a child under those ages, we will take reasonable steps to delete it.

Parents who believe that the Platform may have collected personal data from a child under those ages can submit a request that it be removed to (Website).

7. Jurisdiction-Specific Rules

Any dispute relating to the construction and subject matter of the Terms shall be subject to the jurisdiction of the courts of Singapore. Any dispute arising out of or in connection with this Terms, including any question regarding its existence, validity or termination, shall be referred to and finally resolved by arbitration administered by the Singapore International Arbitration Centre (“SIAC”) in accordance with the Arbitration Rules of the Singapore International Arbitration Centre (“SIAC Rules”) for the time being in force, which rules are deemed to be incorporated by reference in this clause.

7.1 Data Privacy Framework

Data Protection Compliance: Users located in the following regions listed below are advised that third-party websites linked through the Platform and/or the Services may not comply with the corresponding laws listed below. Quill disclaims any liability for the processing of personal data by third-party websites. Users should review the privacy notices of such websites to understand how their personal data will be processed and protected, and familiarise themselves with applicable laws and the privacy practices of third-party websites.

• United Kingdom and European Union: General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)
• Singapore: Personal Data Protection Act 2012 (PDPA), Personal Data Protection (Amendment) Act 2020
• Countries within Africa: including but not limited to the African Union Convention on Cyber Security and Personal Data Protection 2014 (Malabo Convention), Zimbabwe’s Data Protection Act 2021. Specific laws may vary by country.

8. Updates & Contact Info

When we make a material change to this policy, we’ll notify users via email, in-product notice, or another mechanism required by law. Changes become effective the day they’re posted. Please contact us via email or postal mail with any questions, concerns, or disputes.

8.1 Modifications to This Privacy Policy

From time to time, we may update this Privacy Policy. If we make any material change to it, we will notify you via email, through a notification posted on the Services, or as required by applicable law. We will also include a summary of the key changes. Unless stated otherwise, modifications will become effective on the day they are posted.

As permitted by applicable law, if you continue to use the Services after the effective date of any change, then your access and/or use will be deemed an acceptance of (and agreement to follow and be bound by) the revised Privacy Policy. The revised Privacy Policy supersedes all previous Privacy Policies.

8.2 Interpretation

Any capitalised terms not defined in this policy are defined as specified in Quill's Terms of Use. Any version of this Privacy Policy in a language other than English is provided for convenience. If there is any conflict with a non-English version, you agree that the English language version will control.

8.3 Questions

If you have any questions, concerns, or disputes regarding our Privacy Policy, please feel free to contact our privacy team (including our Data Protection Officer) at (Website). You can also send postal mail to us at (address).