Privacy policy

Privacy Policy

Quantum Quality Systems LLC

Last updated: January 1, 2025


1. Our Commitment to Privacy and Data Protection

Quantum Quality Systems LLC ("Company," "we," "us," or "our") is committed to protecting the privacy and confidentiality of personal information entrusted to us by our clients, customers, and website visitors. As a professional services company serving the medical device and life sciences industries, we maintain the highest standards of data protection consistent with applicable law and professional ethical obligations.

This Privacy Policy describes how we collect, use, process, disclose, and protect personal information in connection with our website, digital products, and professional consulting services (collectively, the "Services").

This policy is designed to comply with applicable privacy laws including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant data protection regulations.


2. Legal Basis for Processing Personal Information

For EU/UK Residents: We process personal information based on the following legal bases:

  • Contract Performance: Processing necessary to perform our contract with you
  • Legitimate Interests: Our legitimate business interests in providing services and operating our business
  • Legal Compliance: Processing required to comply with applicable laws and regulations
  • Consent: Where we have obtained your explicit consent for specific processing activities

For US Residents: We process personal information as permitted under applicable federal and state privacy laws, including for business purposes and commercial purposes as defined under the CCPA.


3. Information We Collect

3.1 Business Contact Information

  • Name, title, business email, phone number
  • Company name, address, and organizational details
  • Professional credentials and industry information

3.2 Account and Transaction Data

  • Account credentials and preferences
  • Purchase history and payment information
  • Digital product downloads and access records
  • Service agreements and project documentation

3.3 Professional Services Information

  • Consulting Project Data: Information shared during professional engagements
  • Quality System Information: Client QMS assessments and compliance data
  • Confidential Business Information: Proprietary data disclosed during services
  • Communication Records: Project correspondence and consultation notes

Confidentiality Standard: All consulting project information is treated as confidential business information subject to professional confidentiality obligations equivalent to attorney-client privilege standards within the scope of our professional services.

3.4 Technical and Usage Data

  • Website interaction data and navigation patterns
  • Device information, IP addresses, and browser details
  • Email engagement and communication metrics
  • System access logs and security information

4. How We Use Personal Information

4.1 Service Delivery

  • Process orders and deliver digital products
  • Provide consulting services and project management
  • Maintain customer accounts and service records
  • Process payments and manage billing

4.2 Business Communications

  • Respond to inquiries and provide customer support
  • Send service-related notifications and updates
  • Share industry and regulatory compliance information
  • Conduct business relationship management

4.3 Marketing and Business Development

  • Send promotional communications about our services
  • Conduct market research and business analytics
  • Develop new products and services
  • Participate in industry networking and referrals

CAN-SPAM Compliance: All commercial emails include clear identification, accurate subject lines, valid physical address, and easy opt-out mechanisms.

4.4 Legal and Regulatory Compliance

  • Maintain business records as required by law
  • Respond to legal process and regulatory inquiries
  • Conduct internal audits and compliance monitoring
  • Protect against fraud and security threats

5. Professional Confidentiality and Data Protection

5.1 Consulting Client Confidentiality

We maintain confidentiality of client information consistent with professional consulting ethics and applicable law, including:

  • Project Information: All consulting engagement details treated as confidential
  • Proprietary Data: Client-specific systems, processes, and business information protected
  • Professional Privilege: Information shared in professional consulting context protected to the maximum extent permitted by law
  • Access Controls: Strict need-to-know basis for client information access

5.2 Data Security Measures

  • Encryption: Data encrypted in transit and at rest using industry-standard methods
  • Access Controls: Multi-factor authentication and role-based access limitations
  • Security Training: Regular privacy and security training for all personnel
  • Incident Response: Documented procedures for security incident management
  • Professional Liability Insurance: Coverage for data protection and confidentiality breaches

5.3 Data Retention and Deletion

Retention Periods:

  • Customer Account Data: Duration of business relationship plus 7 years
  • Transaction Records: 7 years from completion for accounting and tax compliance
  • Consulting Project Data: Duration of engagement plus 7 years, or as specified in service agreements
  • Marketing Data: Until opt-out request or 5 years of inactivity
  • Legal Hold: Extended retention when reasonably anticipated litigation requires preservation

Secure Deletion: Personal information is securely deleted using industry-standard methods when retention periods expire, unless legal obligations require continued retention.


6. Information Sharing and Disclosure

6.1 Service Providers and Business Partners

We may share personal information with:

  • Shopify: E-commerce platform for website hosting and payment processing
  • Professional Service Providers: IT support, accounting, legal counsel (under confidentiality agreements)
  • Subcontractors: Qualified professionals assisting with consulting services (under written confidentiality agreements)

All service providers are bound by written agreements requiring appropriate data protection and confidentiality measures.

6.2 Business Transactions

Personal information may be transferred in connection with business transactions such as mergers, acquisitions, or asset sales, subject to confidentiality obligations and applicable law.

6.3 Legal Requirements

We may disclose personal information when required by law, including:

  • Compliance with court orders, subpoenas, or legal process
  • Response to government investigations or regulatory inquiries
  • Protection of our legal rights or those of others
  • Investigation of fraud or security threats

6.4 Prohibited Disclosures

We do NOT:

  • Sell personal information for monetary consideration
  • Share consulting project details with unauthorized third parties
  • Disclose proprietary client information without explicit authorization
  • Use confidential information for competing business purposes

7. International Data Transfers

Personal information may be transferred to and processed in countries outside your residence, including the United States. For transfers from the EU/UK, we rely on:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy Decisions for countries with adequate protection levels
  • Binding Corporate Rules where applicable

International transfers include appropriate safeguards such as contractual data protection obligations, security measures equivalent to origin country requirements, and regular compliance monitoring.


8. Your Privacy Rights

8.1 Universal Rights

Regardless of location, you have the right to:

  • Request information about our data processing activities
  • Access personal information we maintain about you
  • Correct inaccurate personal information
  • Request deletion of personal information (subject to legal limitations)
  • Opt out of marketing communications
  • Data portability for information you provided to us

8.2 EU/UK Specific Rights (GDPR)

Additional rights for EU/UK residents:

  • Right to object to processing based on legitimate interests
  • Right to restrict processing in certain circumstances
  • Right to lodge complaints with supervisory authorities
  • Right to withdraw consent where processing is based on consent

8.3 California Rights (CCPA)

California residents have additional rights including:

  • Right to know categories and specific personal information collected
  • Right to delete personal information (subject to exceptions)
  • Right to opt out of sale or sharing for targeted advertising
  • Right to non-discrimination for exercising privacy rights

8.4 Rights Exercise Procedures

To exercise privacy rights:

  1. Submit written request to support@quantumqs.io
  2. Provide verification information to confirm identity
  3. Specify the right you wish to exercise
  4. Response timeline: We will respond within applicable legal timeframes (typically 30 days)

You may designate an authorized agent to exercise rights on your behalf with proper documentation.


9. Data Breach Notification

We maintain documented incident response procedures including:

  • Immediate containment of security incidents
  • Risk assessment of potential harm to individuals
  • Regulatory notification within required timeframes
  • Individual notification when legally required or appropriate

Notification Timelines:

  • Regulatory Authorities: Within 72 hours of discovery (GDPR) or as required by applicable law
  • Affected Individuals: Without undue delay when high risk of adverse effects
  • Business Partners: As required by contractual obligations

10. Cookies and Tracking Technologies

Our website uses:

  • Essential Cookies: Required for website functionality
  • Analytics Cookies: Website performance and usage analysis
  • Marketing Cookies: Personalized advertising and remarketing
  • Preference Cookies: Remember your settings and preferences

You can manage cookies through browser settings to block or delete cookies, opt-out tools provided by advertising networks, and Global Privacy Control signals (honored where legally required).


11. Third-Party Services and Liability

We conduct due diligence on service providers including data protection assessments, contractual requirements, and regular compliance monitoring.

Liability Limitation: Our total liability for privacy-related claims is limited to the maximum extent permitted by applicable law, not to exceed $100,000 or the amount paid by you for services in the 12 months preceding the claim, whichever is greater.


12. Children's Privacy

The Services are intended for business use by adults. We do not knowingly collect personal information from children under 16 years of age. If we become aware we have collected children's information, we will take steps to delete it promptly.


13. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of Arizona, United States, except where superseded by applicable federal law or international obligations.

Privacy-related disputes are subject to informal resolution, arbitration as specified in our Terms of Service, regulatory complaints to appropriate authorities, and court jurisdiction in Maricopa County, Arizona for matters not subject to arbitration.


14. Policy Updates and Amendments

We may update this Privacy Policy to reflect changes in applicable law, modifications to our practices, enhancement of privacy protections, or business operational changes.

Material Changes: We will provide prominent notice through email notification to account holders, website banner notifications, and updated effective date with change summary.

Non-Material Changes: Administrative updates will be posted with updated effective date.


15. Contact Information

General Privacy Questions:

📧 Email: support@quantumqs.io
🏢 Address: 4500 E Ray Rd, 1156, Gilbert, AZ, 85296, US

Privacy Rights Requests:

📧 Email: support@quantumqs.io
Subject Line: "Privacy Rights Request"

Consulting Confidentiality Matters:

📧 Email: support@quantumqs.io
Subject Line: "Confidential - Client Matter"


16. Severability

If any provision of this Privacy Policy is deemed invalid or unenforceable, the remaining provisions will remain in full force and effect.


17. Acknowledgment and Agreement

By using our Services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your personal information as described herein.


This Privacy Policy reflects our commitment to protecting your personal information while delivering professional quality management and regulatory compliance services. We maintain the highest standards of data protection consistent with our role as trusted advisors to the medical device and life sciences industries.