QRIIB SPACE Privacy Policy

This policy (the “Special Policy”) is a privacy policy specifically applicable to the Qriib Space product provided by Tawteen Tech and its affiliates (collectively referred to in this policy as the “Company”, “we”, “us”, or “our”). References to “you”, “your”, “Customer”, “User”, or “individual or entity” mean the person, organization, institution, or other entity that uses the Services or administers an account or workspace within Qriib Space.

This Special Policy supplements and forms an integral part of the general privacy policy https://qriib.com/en/homeapplicable to the Qriib platform. In the event of any inconsistency between the general privacy policy and this Special Policy, the provisions of this Special Policy shall prevail solely with respect to the Qriib Space product.

By accessing, registering for, using, or activating Qriib Space within your institutional or corporate account, you acknowledge and agree to be bound by this Special Policy in addition to the general privacy policy. If you do not agree, you must not access or use Qriib Space.

This Special Policy has been prepared to explain how personal data is collected, processed, used, disclosed, retained, and protected when you use Qriib Space. This policy applies only to Qriib Space and does not extend to other products or services that are governed by separate privacy policies or by the platform’s general privacy policy.

By accepting this policy, you acknowledge and agree that, when you use Qriib Space, we may, where necessary for the provision, operation, support, improvement, and security of our Services and features, collect and process different categories of data and information required to operate the product effectively and securely, depending on the nature of your use, your account settings, and the services enabled by you or on your behalf.

1. Categories of Data We May Receive or Process

1.1 Account and Subscription Data

We may collect data provided by the User or Customer when creating an account or administering a subscription, including, for example: name, email address, phone number, organization or entity name, login credentials, profile photo (if any), subscription and licensing information, permissions, and records of communications with support.

1.2 Usage and Operational Data

We may collect information relating to how you use the product, including: dates and times of service use, duration of sessions and meetings, activity logs within the platform, user settings and preferences, and information relating to interaction with the product’s features and functions. Such data is used for operating the product, improving performance, and maintaining service stability.

1.3 Meeting, Session, and Content Data

Depending on the nature of your use of the product and the settings selected by the Customer or User, we may process certain data or content associated with meetings, sessions, or virtual classrooms, including: messages and chats exchanged during sessions, files or documents shared, audio and video recordings (where recording is enabled), participant-related data, email addresses, join and leave times, session duration, and screen-sharing content. The scope of such processing varies depending on service settings and the permissions granted by you or by the system administrator.

Where recording is enabled, audio, video, text recordings, and any related outputs may be processed. Subject to the applicable settings, the meeting organizer or enterprise Customer controls the initiation, suspension, availability, access, and deletion of recordings. The Customer or meeting organizer is responsible for notifying participants of any recording and obtaining any consent required by applicable law or institutional policy.

1.4 Technical and Device Data

We may automatically collect certain technical data necessary to operate and secure the Services, including: IP address, device type, operating system, browser type and version, network and connectivity information, device identifiers, crash and performance logs, and diagnostic or technical data. Such data is used for security, protection, performance enhancement, troubleshooting, and misuse prevention.

1.5 Cookies and Similar Technologies

The product may use cookies and similar technologies to improve the user experience, enable certain technical functionality, and analyze performance. For further information, please refer to the “Tracking Data and Cookies” section of Qriib’s general privacy policy.

1.6 Integrations and Third-Party Services Data

If you connect the product to third-party services or systems, we may process data related to such integrations to the extent necessary to provide the requested integration and associated functionality, in accordance with the nature and settings of the connected service. Third-party services may be subject to their own independent privacy policies and terms.

1.7 Data Provided by the Customer or Organization

Where the product is used within an institutional, educational, or commercial environment, we may process data that you or your system administrator enter, manage, upload, or otherwise make available within the product, in accordance with the nature of the service used and the permissions granted within the Customer environment.

1.8 Data We Do Not Intentionally Collect

We do not intentionally collect or process sensitive personal data unless such processing is necessary for the provision of the Service, required by law, or carried out pursuant to Customer decisions and settings in compliance with applicable law.

We also do not collect data beyond what is reasonably necessary to operate, improve, secure, and provide the product and its Services effectively.

1.9 Data in Self-Hosted Environments

If the Customer chooses to deploy or operate Qriib Space on its own servers or infrastructure, we may not have direct access to the data hosted within the Customer’s environment, except to the extent necessary to provide technical support, maintenance, troubleshooting, fulfill Customer requests, or otherwise perform agreed services, and only through the permissions or access mechanisms made available by the Customer.

2. Purposes of Data Use

By accepting this policy and the other applicable platform policies available through the Trust Center, you acknowledge and agree that we may use data and information collected through Qriib Space for operational, technical, legal, security, and service-related purposes associated with providing, improving, maintaining, and protecting the Services, in accordance with this policy, the Terms of Service, and applicable laws. Such purposes include, without limitation, the following:

2.1 Service Provision and Product Operation

We use data to provide the product and operate its various functions, including: creating and managing accounts, enabling meetings, sessions, and virtual classrooms, administering user permissions, enabling communication and collaboration features, and synchronizing data and settings across connected services.

2.2 Performance Improvement and User Experience

We may use data to analyze product performance and improve service quality and user experience, including by developing new features and functionalities, improving system and infrastructure stability, diagnosing technical issues, detecting faults, measuring performance, and improving the speed and efficiency of the Services.

2.3 Security, Protection, and Misuse Prevention

We use data to protect the product, users, and technical infrastructure, including to: detect unauthorized activity, prevent misuse or unauthorized access, monitor security threats and attacks, protect accounts, systems, and data, and verify compliance with the Terms of Service.

2.4 Technical Support and Customer Service

We may use data to provide technical support and respond to requests or inquiries, including by: responding to support requests, diagnosing technical problems, following up on reports and complaints, and communicating with users regarding the Service or their accounts.

2.5 Legal and Regulatory Compliance

We may use or process certain data to comply with legal and regulatory obligations, including: compliance with applicable laws and regulations, responding to judicial or regulatory requirements, protecting the legal rights of the Company, users, or third parties, and responding to lawful requests from competent authorities.

2.6 Communications and Notifications

We may use user contact details to send service-related notices, security alerts, technical or operational updates, and account- or subscription-related notifications.

Certain communications may also include marketing or informational content regarding our services, to the extent permitted by law and subject to available opt-out or preference controls where applicable.

2.7 Operation of Integrations and Related Services

Where integrations or third-party services are used in connection with the product, we may process the data necessary to operate such integrations and perform the functions requested by you.

2.8 Processing in Accordance with Customer Instructions

In institutional, educational, or commercial environments, certain data may be processed in accordance with your instructions or the instructions of your system administrator, and in line with the service settings and permissions configured within the product.

3. Legal Basis for Processing

Tawteen Tech processes data relating to Qriib Space on the basis of one or more lawful grounds, depending on the nature of the Service, the manner in which it is used, and the nature of the relationship with the Customer or User, all in accordance with applicable laws and regulations.

Such legal bases may include the following, as applicable:

3.1 Performance of the Service and Contractual Necessity

We may process data where necessary to:

provide and operate Qriib Space;

perform subscriptions, contracts, or agreements entered into with the Customer;

administer accounts, permissions, and technical support; and

implement requests, configurations, or integrations requested by the Customer.

3.2 Consent

In certain cases, we may process data on the basis of your explicit consent, including for:

certain optional messaging or notification services;

the use of certain non-essential cookies or similar technologies; and

any other processing that legally requires consent under applicable law.

You may withdraw your consent where such withdrawal is legally and technically possible; however, withdrawal of consent may affect your ability to use certain features or functionalities of the Service.

3.3 Legal and Regulatory Obligations

We may process data where necessary to comply with:

applicable laws and regulations;

judicial, regulatory, or governmental orders or requests issued by competent authorities; and

requirements relating to cybersecurity, compliance, anti-abuse measures, or cybercrime prevention and response.

3.4 Legitimate Interests

We may process certain data on the basis of our legitimate interests, provided such interests do not override the rights and freedoms of Users, including for:

protecting the security and stability of the Service;

preventing fraud or misuse;

developing and improving technical performance and features;

risk management and technical support; and

establishing, exercising, or defending legal rights or claims.

3.5 Processing Conducted by the Customer

Where the Customer uses Qriib Space to process data relating to its own users, customers, employees, or other third parties, the Customer shall, depending on the applicable legal framework and the nature of the relationship, be responsible for determining the lawful basis for such processing and for complying with the related legal obligations, including providing notices and obtaining consents where required.

3.6 Self-Hosted Environments

In self-hosted deployments, you acknowledge and agree that you are solely responsible for compliance with all legal and regulatory requirements applicable to the data hosted within your infrastructure, including the lawfulness of processing, data security, access governance, and record retention, unless otherwise expressly agreed in writing.

4. Role of the Enterprise Customer and Responsibility for User Data

Where the Customer uses Qriib Space to process data relating to its employees, customers, suppliers, students, or other third parties, the Customer is responsible for determining the lawfulness of collecting and processing such data, and for providing any required notices and obtaining any consents or other lawful basis required under the laws and policies applicable to it.

The Customer is also responsible for managing users, permissions, integrations, recording settings, sharing settings, deletion settings, and related controls within its environment, and for ensuring that its use of Qriib Space complies with its obligations toward data subjects.

5. Data Sharing and Disclosure

We do not sell or rent personal data to third parties. Data relating to Qriib Space will not be shared or disclosed except to the extent necessary to provide or operate the Service, comply with legal or regulatory obligations, or as otherwise permitted under this policy or applicable law. By accepting this policy, you acknowledge and agree that data may be shared or disclosed in the following circumstances:

5.1 Service Providers and Supporting Technical Vendors

We may engage third parties or technical service providers to support and operate certain functions of Qriib Space or the related infrastructure, including, for example: hosting providers and data centers, cloud storage providers, cybersecurity and protection providers, technical monitoring and incident analysis providers, email or notification service providers, and integration or API-related vendors.

Data is disclosed to such providers only to the extent necessary for them to perform the required services and subject to appropriate contractual, technical, and organizational safeguards for data protection.

5.2 Affiliates & Subsidiaries

Certain data may be shared within the Tawteen Tech group of companies where necessary to:

provide services or support;

manage technical or operational activities;

fulfill compliance, protection, or development needs; or

standardize, improve, or support the services provided within our technical ecosystem.

5.3 Compliance with Laws and Official Requests

We may disclose data where required:

under applicable laws or regulations;

in response to judicial, regulatory, governmental, or security-related orders or requests from competent authorities;

to protect or defend legal rights; or

to prevent, investigate, or address unlawful activity, misuse, or security threats.

5.4 Sharing Based on Customer Configuration or User Permissions

Data may also be shared or processed based on:

Customer settings;

integrations enabled by the Customer;

permissions granted by users; and

support requests or technical services requested by the Customer.

By accepting this policy, you acknowledge that you are responsible for reviewing and managing permissions, integrations, and the parties to whom access to data is granted within your Qriib Space environment.

5.5 Limits of Sharing in Self-Hosted Environments

Where Qriib Space is operated in a self-hosted environment, our access to or involvement with the data is limited to the extent permitted by you and/or required for agreed support, maintenance, or technical processing services. In such cases, data administration and effective control remain under your sole responsibility and within your own infrastructure.

6. Data Retention

By accepting this policy, you agree that we may retain data associated with Qriib Space only for as long as necessary to fulfill the purposes described in this policy, or for such longer period as may be required by legal, regulatory, operational, or contractual obligations, depending on the nature of the data and the manner in which the Service is used.

6.1 Retention Periods

Retention periods may vary depending on factors such as: the type of data, the nature of the Service or subscription, Customer settings, regulatory requirements, and security, operational, or technical needs.

Certain data may be retained for longer periods where necessary, including, for example:

to comply with legal or regulatory obligations;

to establish, exercise, or defend legal rights;

for backup, disaster recovery, business continuity, or information security purposes; or

to resolve disputes, enforce agreements, or prevent misuse.

6.2 Deletion, Destruction, or Anonymization

Once the purpose of processing has ended or the contractual relationship has terminated, and unless legal or regulatory requirements require otherwise, we may securely delete, destroy, or irreversibly anonymize the relevant data so that it can no longer be associated with a particular individual.

Certain backups or technical records may remain stored for limited periods within systems used for protection, continuity, recovery, and resilience purposes.

6.3 Customer Retention Responsibilities

Where you are responsible for managing, storing, or hosting data, including in self-hosted environments, you are responsible, as applicable, for:

determining appropriate retention periods;

deleting or archiving data;

complying with legal and regulatory retention obligations; and

managing backups and deletion or recovery procedures.

6.4 Data After Service Termination

You acknowledge that the termination of a subscription or discontinuation of the Service may result in deletion of certain data or restriction of access to it after sixty (60) business days, or such other period as may be set out in the applicable agreements or contracts with you, unless you request otherwise or immediate deletion is not permitted due to legal obligations.

7. Information Security and Data Protection

We are committed to implementing reasonable and appropriate technical and organizational measures to protect data associated with Qriib Space against unauthorized access, unlawful use, loss, alteration, disclosure, or destruction, in a manner proportionate to the nature of the Service, the data involved, and the relevant technical risks.

7.1 Security Measures

Depending on the nature of the Service and the operating environment, security measures may include:

authentication, verification, and access management systems;

encryption in transit and/or at rest where appropriate;

monitoring of systems and infrastructure;

protection against attacks, intrusions, and malware;

backup management and continuity/recovery planning;

logging of security events and activities; and

access restrictions based on business need and assigned permissions.

7.2 No Absolute Security Guarantee

You acknowledge that, although appropriate safeguards are implemented, no technical system or internet-connected service can be guaranteed to be completely secure. Accordingly, we do not warrant that breaches, unauthorized access, loss events, or disruptions will never occur, particularly where caused by circumstances that cannot reasonably be controlled.

7.3 Customer and User Responsibilities

The Customer and User each bear a share of responsibility for protecting data and securing accounts, including by:

maintaining the confidentiality of login credentials and passwords;

managing users and permissions within the Service;

protecting devices and networks used to access the Service;

using appropriate security configurations; and

ensuring that any sharing of data or granting of access rights is lawful.

The Customer remains responsible for any use occurring through its accounts or technical environment that results from negligence or poor management of credentials or permissions.

7.4 Security in Self-Hosted Environments

If Qriib Space is operated in a self-hosted environment, you bear primary responsibility for:

securing servers, infrastructure, and networks;

managing updates, maintenance, and security protections;

protecting data stored within your environment;

managing backups and responding to security incidents; and

complying with applicable cybersecurity and local legal requirements.

In such cases, our responsibility is limited to the scope of the services, support, or commitments expressly agreed with you.

7.5 Security Incident Notifications

You authorize us, where appropriate and in accordance with the nature of the incident and applicable legal obligations, to notify you and/or affected users of any security incidents or breaches that may materially affect the Service or the data, within a reasonable period after verification and technical and organizational assessment of the incident.

8. Data Subject Rights

Subject to applicable laws, the nature of the relationship between Qriib, the Customer, and the User, and any relevant legal, contractual, technical, or security restrictions, data subjects may have certain rights in relation to their personal data, to the extent provided under applicable law.

8.1 Right of Access

You may request access to your personal data processed through Qriib Space and request information regarding the nature of that data, the purposes of processing, and the parties to whom it may be disclosed, subject to applicable law and the relevant contractual and policy framework.

8.2 Right to Rectification and Update

You may request correction, updating, or completion of any inaccurate or incomplete personal data, where technically and organizationally feasible and subject to applicable law.

8.3 Right to Erasure or Destruction

You may request the deletion or destruction of your personal data in cases permitted by law, provided this does not conflict with:

legal or regulatory obligations;

mandatory retention requirements;

the rights of Qriib, the Customer, or third parties;

applicable policies, terms, and conditions; or

cybersecurity requirements, investigations, or ongoing disputes.

8.4 Right to Restriction of Processing

You may request restriction of the processing of your personal data in cases permitted by law, to the extent such restriction does not prevent Qriib or the Customer from fulfilling their legal, contractual, or operational obligations.

8.5 Right to Object

You may object to certain types of processing of your personal data where such right is recognized under applicable law, including objection to direct marketing processing where such processing is based on consent or otherwise permitted by law.

8.6 Right to Withdraw Consent

Where processing is based on the data subject’s consent, you may withdraw that consent at any time. Such withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal. However, you acknowledge that withdrawing consent may affect the availability of certain features or services that depend on such consent.

8.7 Right to Data Portability

Where technically feasible and legally required, you may request a copy of your personal data in a structured, commonly used, and electronically readable format, or request its transfer to another party, where available and permitted by law.

8.8 Where the Customer Is the Data Controller

In many Qriib Space use cases, the Customer acts as the controller of the personal data processed through the Service, while Qriib acts as a processor on the Customer’s behalf. In such cases:

requests to exercise data subject rights should be directed to the relevant Customer as controller;

we may refer incoming requests to the relevant Customer; and

where appropriate, we will provide reasonable assistance to the Customer to enable it to meet its legal obligations regarding data subject rights.

8.9 How to Exercise Rights

Privacy-related requests or inquiries, including requests to exercise the rights described in this policy, may be submitted through the communication channels made available by Qriib or the relevant Customer, depending on which party is responsible for the processing. We may request additional information or documentation to verify the identity of the requesting party before acting on any request relating to personal data.

8.10 Exceptions and Limitations

The rights described in this Section 8 may be subject to limitations or exceptions imposed by applicable laws, regulations, security requirements, contractual obligations, or technical constraints. Accordingly, a request may be refused, limited, or deferred to the extent permitted by applicable law.

9. General Information Security Commitment

We place significant importance on information security and the protection of personal data and other data stored or processed through our platforms, services, products, and applications. We are committed to implementing appropriate technical, organizational, and administrative measures to help protect data against unauthorized access, use, disclosure, alteration, destruction, or unlawful loss.

For this purpose, we apply a range of security controls and procedures which may include, depending on the nature of the Service and operating environment, access control management, infrastructure and communication security, monitoring of systems and services, backup procedures, business continuity measures, and other controls commonly adopted within the information technology sector.

We also seek to restrict access to data to those employees, contractors, and service providers whose roles require such access, and only to the extent necessary for the performance of their duties and subject to applicable confidentiality and security obligations.

Where we engage third-party providers to assist in operating the platform or providing related services, we seek to select providers that maintain appropriate levels of protection and security, and we implement reasonable contractual and organizational safeguards to ensure that data is processed in a manner consistent with this policy and applicable legal obligations.

Notwithstanding the foregoing, no electronic system or method of transmitting data over the internet can be guaranteed to be absolutely secure. Accordingly, you acknowledge and agree that we cannot guarantee the prevention of all security risks, incidents, unauthorized access attempts, or cyberattacks, and that certain risks are inherent in the use of digital technologies and electronic communications by their nature.

You, whether as Customer or User, are responsible for maintaining the confidentiality of your credentials, managing permissions granted to users within your workspaces, and implementing appropriate security measures within your technical environment where available or required in light of your use of the platform and/or the Services.

10. Children’s Privacy

Qriib Space is not directed to children or minors as a standalone consumer service, and the Services are not primarily designed for children to create accounts or use the platform independently, unless access occurs through, or under the supervision of, a responsible institution, organization, or parent/guardian and in accordance with applicable law.

Qriib Space does not knowingly collect personal data directly from children or minors in violation of applicable law. If we become aware that we have collected personal data relating to a child or minor in a manner inconsistent with applicable legal requirements, we may take appropriate steps to delete such data or restrict its processing where feasible and appropriate. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at support@qriib.com.

Where a Customer, institution, school, training provider, or other organization uses the platform to administer or provide services to children or minors, the Customer is responsible for ensuring the lawfulness of collecting and processing personal data and for obtaining any consents, permissions, authorizations, or other lawful basis required under applicable laws and regulations.

The Customer further acknowledges and agrees that it bears sole responsibility for managing user accounts within its workspace and for supervising data and content relating to minor users in compliance with the laws applicable to it.

11. Definitions

For the purposes of this Privacy Policy, the following terms shall have the meanings assigned to them below unless the context requires otherwise:

11.1 Platform or Service (Qriib Space)

Means the Qriib Space product, including its websites, applications, user interfaces, collaboration tools, workspaces, technical features, and related functionalities, as provided or operated by Tawteen Tech or its affiliates.

11.2 Customer

Means any natural or legal person that creates a workspace, subscribes to the Service, or obtains a license to use the platform for its own benefit or for the benefit of its organization.

11.3 Workspace (Qriib Workspace)

Means the standalone digital environment created within Qriib Space that enables Customers and Users to manage content, files, communications, activities, and data relating to their business or organization.

11.4 User

Means any natural person who is granted access to a workspace or any part of the platform’s Services, whether as an owner, administrator, member, employee, collaborator, guest, or in any similar capacity.

11.5 Personal Data

Means any information relating to an identified or identifiable natural person, whether directly or indirectly, whether alone or in combination with other information, as defined under applicable laws and regulations.

11.6 Workspace Data

Means all data, content, files, documents, messages, comments, attachments, records, and information created, uploaded, stored, or shared within a workspace by the Customer or Users.

11.7 Usage Data

Means the technical and operational information collected when the platform is used, such as activity logs, device information, IP addresses, access times, error logs, and performance or usage indicators.

11.8 Data Processing

Means any operation or set of operations performed on personal data or workspace data, whether by automated or non-automated means, including collection, recording, organization, storage, modification, retrieval, use, transmission, sharing, deletion, destruction, or any equivalent processing activity.

11.9 Third Parties

Means any person or entity other than the Customer, the User, or the Company, including technical service providers, hosting providers, analytics providers, integration partners, or any other parties engaged to support, provide, or improve the Service.

11.10 Service Providers

Means entities or companies that provide the Company with technical, operational, security, cloud, support, or related services or solutions that help operate, develop, protect, or enable certain functionalities of the platform.

11.11 Cloud Hosting

Means the operation of Qriib Space, or any of its components, on infrastructure or servers managed by the Company or by hosting providers approved by it.

11.12 Self-Hosted Deployment

Means the deployment and operation of the platform, or any part thereof, by the Customer on servers or infrastructure owned by the Customer or otherwise under its direct or indirect control or administration.

11.13 External Integrations

Means applications, systems, or services provided by third parties that may be linked to or integrated with Qriib Space at the choice of the Customer or User.

12. Changes to This Policy and Contact Details

We reserve the right to amend or update this policy from time to time in order to reflect technical, operational, legal, or regulatory developments relevant to the Services we provide.

Where we make material changes to this policy, we may take such steps as we deem appropriate to notify you through the platform, by email, or through any other communication channel available to us, where appropriate or where required by applicable law.

Your continued access to or use of our Services and/or products after any amendments or updates become effective constitutes your acceptance of the revised policy, to the extent permitted by law. We recommend that you review this policy periodically to remain informed of any updates or changes.

If you have any questions, inquiries, or requests relating to this policy, or to how your personal data is collected, used, or processed, or if you wish to exercise any rights available to you under applicable law, you may contact us through our official communication channels, our designated support channels, or by email at support@qriib.com. We will review and address privacy-related requests and inquiries within a reasonable period, taking into account the nature of the request and the applicable legal and regulatory requirements.