Quest Relocation Group Privacy Policy

This Quest Relocation Group Privacy Policy (this “Privacy Policy”) describes the practices of Quest Relocation Group (“Quest” or “we”) with respect to the collection and handling of Personal Data. Quest Relocation Group provides a suite of services related to relocation services to its corporate clients, including home purchase and property rental assistance, school search assistance and similar services (collectively, the “Services”). This Privacy Policy covers the information practices of Quest including its practices with respect to collection of data from its corporate clients contracting for relocation of their personnel, the purposes of use of such Personal Data, and the sharing of such data with third parties.

GENERAL PROVISIONS

Definitions

As used in this Privacy Policy, unless otherwise defined:

“Client” means Quest’s corporate clients who contract for the Services in order to relocate their employees or other personnel. For purposes of applicable Data Protection Laws, the Client is generally the Controller of the data relating to Data Subjects being relocated.

“Data Subject” or “you” refers to an individual whose Personal Data is being collected and processed.

“Data Protection Laws” means (i) the General Data Protection Regulation (Regulation 2016/679); (ii) the EU e-Privacy Directive (Directive 2002/58/EC); (iii) any national data protection laws in the Member States of the EEA made under or pursuant to (i), (ii) or (iii); and (iv) the analogous laws enacted in Switzerland.

“EEA” means the European Economic Area.

“Personal Data” means data that may be used to identify a living individual or that is about a specific individual, such as name, email address or phone number.

“Subcontractor” means an independent contractor engaged by Quest in order carry out part of the Services for the benefit of the Data Subject.

“UK” means the United Kingdom.

Transfer of Personal Data to U.S.

Quest is located in the United States. If you are located in a jurisdiction with comprehensive laws regulating Personal Data, please be aware that Personal Data you provide to us is being transferred to and stored in a jurisdiction that may not provide the same level of protection for such data as those of your own jurisdiction.

1. GENERAL PROVISIONS

Personal Data Collected and Purposes for Use

In carrying out the Services, we may collect Personal Data about Data Subjects being relocated or receiving other Services either from our Clients or directly from Data Subjects, in either case using questionnaires, conversations or similar processes. Other than review of Data Subjects’ LinkedIn or other relevant social media profiles to inform our provision of the Services, we do not collect Personal Data of such Data Subjects other than as provided to us by Clients or directly by the Data Subjects themselves. Quest collects Personal Data described below for the purposes described below:

1. Provision of Services. We and our Clients agree on Services to be rendered to particular Data Subjects in connection with the relocation of such Data Subjects. As part of this process for Clients, Quest collects data about the Data Subjects from the controller (Quest’s Clients), or from the Data Subjects themselves through telephone consultations or other methods of communication. Additional Personal Data may be requested electronically, in person or by phone in the course of providing the Services where necessary to carry out the requested Services

We collect the following basic information for each Service project: name, telephone number, email address, current address, city of destination, timing of relocation, and upcoming travel to destination. We collect the following information optionally, depending on which Services are being requested: preference for housing in city of destination (purchase or rental), salary, ages of Data Subjects within family unit, hobbies and interests of Data Subjects within family unit, preferences for schools for school age children, languages spoken and needs for local assistance with documentation requirements such as drivers’ licenses. We may also review and add the social media profiles (LinkedIn, etc.) to our file for each Data Subject in order to better tailor our Services to the needs of the particular individuals being relocated.

2. Data from Business Relationships. Quest collects and stores certain Personal Data in the course of maintaining its business relationships, such as with its Clients, partners and Subcontractors. Data collected may include corporate name, address and phone number (where applicable), as well as the name, email address, mailing address, and phone number of the individual representatives of such Clients, partners or Subcontractors with whom Quest transacts business. This data is collected and processed in order to carry out business transactions requested by such Clients or partners, in order to receive and make payment on such business transactions, and to communicate with such persons about Quest’s Services or other information we believe of interest. Please see “Your Choices and Opt-Out” below for information on how Data Subjects associated with our Clients, partners and Subcontractors may direct how we use their Personal Data.

3. Website Data. If you submit Personal Data to us via our website, we will use the information in order to respond to your requests.

4. We may use the Personal Data of Data Subjects who have received relocation Services to send out surveys inquiring about satisfaction with our Services. We use the data collected from survey responses to improve our Services and to report back to Clients (using only aggregate, non-personal data) on satisfaction levels.

5. General Uses. We may also use Personal Data in order to analyze and improve our products and services, to better understand our Clients, their needs and the needs of their personnel being relocated, to investigate or settle any disputes, to collect amounts due to us, and to meet our legal obligations such as providing Personal Data requested under subpoena or other mandatory legal process or by a government authority.

How We Share Your Data

We will not share your Personal Data with third parties without your permission, other than (i) as necessary or appropriate to carry out the Quest Services, (ii) comply with applicable law, court order or other judicial process, (iii) enforce or apply agreements with you, (iv) protect the rights, property, or safety of us, other users or third parties, (v) as noted in the two paragraphs immediately following below, or (vi) as otherwise required or permitted under applicable law.

Though this is not likely, if Quest is ever sold (in whole or in part) or reorganized in terms of corporate structure, we may disclose and/or transfer Personal Data to the potential purchaser of our business. In such case, we will take reasonable efforts to be sure the Personal Data remains subject to the undertakings set forth in this Privacy Policy. In addition, we will not transfer or sell the Personal Data other than in connection with a sale or reorganization of the company.

We may also hire Subcontractors to provide some Services to our Clients. In such cases, we transfer to such Subcontractors the Personal Data about the individuals being relocated as necessary to enable the Subcontractors to carry out their contracted Services. All such Subcontractors are required under agreements to maintain all Personal Data in confidence and to use the Personal Data only in order to provide the requested services.

Your Choices and Opt-Outs

Optional Services: where an optional Service has been requested, but is no longer desired by the Client, the optional Service can be cancelled and any Personal Data collected by us for this optional Service will be deleted on request. Please note that fees for optional Services already rendered may still be due despite such a request

Quest may communicate with you regarding Quest Services, planned events or other subjects using emails. You may choose to discontinue receiving any promotional emails by following the opt-out instructions contained in the email or otherwise by contacting us as described below under “Contact Us.” Please allow at least ten (10) days for us to process any such request.

Children Under 1

Our website is not directed to children under the age of 16. If you are a child under the age of 16, please do not use the website.

Security

Quest has implemented reasonable organizational, technical and administrative security measures in place to protect the loss, misuse and alteration of the Personal Data under our control. We also require our Subcontractors to take similar measures. Within our organization, only our employees who need to access the information to perform a specific task have access to your Personal Data. However, in the course of providing the Quest Services, some Personal Data is being transmitted via email over the Internet. No electronic data transmission can be guaranteed as 100% secure. As a result, while we strive to protect your Personal Data during transmission, we cannot ensure or warrant the security of any Personal Data you transmit to us or receive from us.

Third Party Websites and Social Media Websites

We are not responsible for and have no liability for the privacy or other practices of any third party social media platforms or other sites linked on our website. We recommend that you review the privacy policies of each third-party website or social media platform that you visit or provide data to before providing any Personal Data to such website or social media platform.

Suggestions

Suggestions, materials or other intellectual property sent to us are the property of Quest, and you hereby relinquish any claim to such items, or for remuneration for the same. All such items are deemed non-confidential and we shall have no obligation of any kind with respect to such items and shall be free to use and distribute them to others, including making products or services using or incorporating them.

1. PROVISIONS APPLICABLE TO INDIVIDUALS LOCATED IN THE EU/EEA/UK AND SWITZERLAND

The provisions of the below portion of the Privacy Policy are applicable between Quest and individuals located in the EU/EEA/UK and Switzerland.

‘Consent’ or ‘Agree’ means your freely given, specific, informed and unambiguous expression of your wishes through a statement or other clear affirmative action such as checking a box or signing a consent form which indicates your agreement to our Processing of Personal Data relating to you.

‘Data Subject’ means you or another individual to which Personal Data pertains.

‘European Jurisdictions’ means, collectively, the EU, EEA, UK and Switzerland.

‘Personal Data’ means any data relating to you from which you can be identified, directly or indirectly, including name, identification number, location, online identifier such as your IP address or device ID, or one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity.

‘Privacy Shield Framework’ means the former EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, each as administered by the U.S. Department of Commerce, regarding the collection, use, and retention of Personal Data transferred from the European Union and Switzerland to the United States, which framework was invalidated by the EU in 2020.

‘Process or Processing’ means any use of Personal Data including collecting, recording, organizing, structuring, storing, adapting or altering, amending, retrieving, consulting, sharing, disclosing, making available, aligning or combining, restricting, transferring outside the European Jurisdictions or erasing or destroying it.

‘Special Categories of Personal Data’ means Personal Data about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, ideological views or activities, information on social security measures, trade union membership, health, sex life, sexual orientation and biometric data, or any past administrative or criminal proceedings and sanctions.

‘Third Party’ includes our Subcontractors who we authorize to process your Personal Data or other information to help us with the activities described in this Privacy Policy. It may include government bodies and public agencies and authorities.

Clients and Individuals in the European Jurisdictions

Quest Update as 2020-2021 Regarding the Privacy Shield Framework

While Quest was formerly certified as complying with the Privacy Shield Framework, Quest has withdrawn from the Privacy Shield Framework; however, we will continue to apply the Privacy Shield Principles (as defined in the Privacy Shield Framework) to the Personal Data that we received while participating in the Privacy Shield. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov/.

Your Consent to Transfer Personal Data to the US

If you are located in the European Jurisdictions, you should be aware that services require the transfer of your Personal Data to the United States (or other jurisdictions as applicable to your relocation). Those other countries may have different privacy laws that may or may not be as comprehensive as your own. By submitting personal information to Quest, to the fullest extent permitted under applicable Data Protection Laws, you consent to this transfer and the other Processing by us described in this Privacy Policy.

Notice to Individuals Located in the European Jurisdictions

Quest has appointed a Data Protection Officer (DPO) as the person with responsibility for our data protection compliance. Our DPO can be contacted at contact@questsocal.com. Questions about this policy, or requests for further information, should be directed to our DPO.

If you are located in a European Jurisdiction and our Client (the data “controller” under GDPR) is using the our Services to Process your Personal Data, you may contact our Client to object, restrict, access, correct or delete your Personal Data. If you need help finding contact information for a Client’s privacy office, please contact our DPO as outlined above.

Personal Data That We Collect from Data Subjects in European Jurisdictions

Personal Data that Quest collects includes name, telephone number, email address, current address, city of destination, timing of relocation, and upcoming travel to destination. We collect the following information optionally, depending on which Services are being requested: preference for housing in city of destination (purchase or rental), salary, ages of Data Subjects within family unit, hobbies and interests of Data Subjects within family unit, preferences for schools for school age children, languages spoken and needs for local assistance with documentation requirements such as drivers’ licenses. We may also review and add the social media profiles (LinkedIn, etc.) to our file for each Data Subject in order to better tailor our Services to the needs of the particular individuals being relocated.

Special Categories of Personal Data may be collected by Quest only where disclosed by the Data Subject during the Services or where discoverable from public sources such as social media files (LinkedIn, etc.)

Data Protection Principles & Best Practice Standards

Quest Processes Personal Data in accordance with the following data protection principles and intelligence industry best practice standards:

Quest Processes Personal Data lawfully, fairly and in a transparent manner consistent with Data Protection Law, and its obligations to its clients.

Quest collects Personal Data only for specified, explicit and legitimate purposes consistent with Data Protection Law, and its obligations to its clients.

Quest Processes Personal Data only where it is adequate, relevant and limited to what is necessary for the purposes of Processing consistent with Data Protection Law, and its obligations to its clients.

Quest keeps accurate Personal Data and takes reasonable steps to ensure that inaccurate Personal Data is rectified or deleted without delay consistent with Data Protection Law and its obligations to its clients.

Quest keeps Personal Data only for the period necessary for Processing consistent with Data Protection Law and its obligations to its clients.

Quest adopts appropriate measures to make sure that Personal Data is secure, and protected against unauthorized or unlawful processing, and accidental loss, destruction or damage.

Quest and/or its Client informs Data Subjects located in the European Jurisdictions the reasons for Processing their Personal Data, how it uses their Personal Data and the legal basis for Processing by providing them this Privacy Policy and related notices, disclosures, and consent forms at the time of intake.

Where applicable, Data Subjects will be given the choice to Consent to having their Personal Data collected by way of a disclosure and consent form provided to them by Quest or our Client prior to Quest beginning relocation services. Data Subjects can decline to include certain Personal Data in their intake forms, thereby stating they do not give their Consent to have that Personal Data collected or used. By Consenting to receive relocation Services using the submitted Personal Data, you as Data Subject are agreement to allow Quest to disclose Personal Data and other information about them to our Client and to our sharing that information with our Subcontractors.

All Data Subjects in the European Jurisdictions are asked to inform Quest’s relevant Client or us immediately about any changes in their Personal Data.

Quest will not Process Personal Data that qualifies as Special Categories of Personal Data for purposes other than to carry out the Services unless the Processing is:

(a) permitted by applicable European Jurisdiction laws;

(b) necessary for administering justice or for exercising statutory, governmental, or other public functions;

(d) in the vital interests of an individual in in the European Jurisdictions or another person;

(e) required to provide medical care or diagnosis; or

(f) necessary to carry out Quest’s legal obligations under applicable law.

Personal Data Transfers to Independent Third Parties

Quest will disclose Personal Data to Third Parties other than those identified above only if:

required by law or legal process (e.g., lawful requests by public authorities, including disclosures to law enforcement authorities in connection with their duties or to meet national security requirements);

to investigate, prevent or take actions against illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of use, or as otherwise required by law.

to protect and defend the legal rights, property/or and legitimate interests of Quest and/or its employees, Clients, Subcontractors and/or Third Parties; or

where necessary for Quest to perform a contractual obligation owed to a Client or for other lawful purposes.

How Long Quest Keeps Personal Data

Quest will hold Personal Data

for the duration legally required or permitted by applicable law; and

as long as it is necessary to comply with Quest’s legal obligations or to resolve disputes and/or enforce our agreements.

Individuals in the UK may also make data privacy and/or data use complaint about Quest to the UK Information Commissioner’s Office (ICO) here https://ico.org.uk/concerns/. Individuals in the EU/EEA can also make a complaint to the Data Protection Authority in the EU/EEA Member State where they live or work listed here: http://ec.europa.eu/justice/dataprotection/article-29/structure/data-protection-authorities/index_en.htm.

Contacting Us

Should you have any questions or concerns about the privacy of your Personal Data or this Privacy Policy, please contact us at the address below and we will strive to resolve them:

contact@questsocal.com

Effective Date of Privacy Policy: November 10, 2021