QA Sphere

Privacy Policy

Last updated: 27 September 2024

Hypersequent DMCC (“Company”, “we”, “us”, “our”) is a UAE-registered company operating this Website https://qasphere.com/ (“the Website”).

We are committed to protecting your privacy. Below, you can find information about the collection, processing and use of your personal data by us. This Privacy Policy was designed in compliance with the EU General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (“CCPA”) and the UAE’s Personal Data Protection Law (“PDPL”).

ABOUT US

Hypersequent DMCC is a limited liability company registered under the laws of the UAE (company number DMCC191475).

When processing your personal data as indicated in this Privacy Policy, we can play different roles under the GDPR and other data protection laws, for example, a controller or data processor.

We have designated Privacity GmbH as our EU representative in compliance with GDPR requirements:

DEFINITIONS

In this Privacy Policy, we use the following definitions with regard to GDPR, CCPA and PDPL:

  • “personal data” means any information relating to you and helping directly or indirectly identify you, such as a name, email, IP address, cookie files, etc.;
  • “personal data processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • “controller” means the natural or legal person who alone or jointly with others, determines the purposes and means of the processing of personal data;
  • “processor” means a natural or legal person who processes personal data on behalf of the controller;
  • “data subject” is an identified or identifiable natural person about whom we hold personal data;
  • “services” means access to and/or use of our software quality assurance services described in the Terms of Service;
  • “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
  • “CCPA” means the California Consumer Privacy Act of 2018. This Privacy Policy also accounts for the California Privacy Rights Act of 2020 (“CPRA”), which changed and expanded certain CCPA provisions;
  • “PDPL” means the UAE’s Federal Decree-Law No. 45/2021 on the Protection of Personal Data.

DATA COLLECTION

In our relationship with you, you can be our website visitor, client, potential client, or job applicant.

  • You are a website visitor when you merely browse this Website and provide us with your data via cookies or other tracking technologies;
  • You are a potential client when you contact us via email, phone, our social media accounts (X, LinkedIn) or messengers, fill out online forms on this Website or subscribe to newsletters, contact us in person, by mail, or other available means of communication;
  • You are a client when you use our services as described in the Terms of Service, make a purchase of our products or services, and contact us via available options for assistance;
  • You are a job applicant when you apply for a job via our social media (for example, our LinkedIn advertisements), send your applications directly to us via email or via website form, and contact us via available options regarding our vacancies.

As a data controller, we collect your personal data when you:

  • visit our Website;
  • contact us via email, phone or our social media accounts;
  • fill out the forms on this Website;
  • register an account to use our services and pay for them;
  • send us your CV, cover letter or job-related messages;
  • subscribe to our newsletter;
  • voluntarily provide your data, including any other instances on the Website where you knowingly choose to share your personal data.

When acting as a data controller:

  • we DO NOT collect or process your sensitive data unless we must collect it to comply with the applicable laws (such as labour laws);
  • we DO NOT use automated decision-making, including profiling, which produces legal effects concerning a data subject or similarly significantly affects a data subject;
  • we DO NOT sell your data.

We may collect and process four basic types of information about you in connection with our services: client data, website visitor data, potential client data, and applicant data, which relate to clients, website visitors, potential clients, and job applicants, respectively. In particular, we collect:

Type of dataDescriptionCollected personal dataData subject
(a) Cookies InformationWe may use cookie files on our Website for analytics and marketing activities, to remember your preferences, to ensure the functionality of our Website, and for other purposes.We may collect usage information (pages you have viewed on our Website and other information about your use of the Website) for analytics purposes. We may also use marketing, preferences and necessary cookies.Website Visitor, Potential Client, Client
(b) Automatically Collected InformationWe may automatically collect and process some information about you and your device when you access our Website (for example, through logs or other similar technologies).This information may include the domain name and IP address of your device, the type of browser you are using, technical information, geographical location, and information about your visit to our Website (length of visit, page response time, navigation paths, as well as information about the timing, frequency, and pattern of your service use, etc.).Website Visitor, Client, Potential Client
(c) Contact InformationWhen you contact us via email, social media, or other available means of communication, we may collect and process some information about you. You can also voluntarily leave your personal data in the contact form on the Website for your inquiries and other future communication with us.It may include your name and surname (and/or nickname), email address, and other information contained in an email or message on social media that you decide to share with us. When you leave your personal data in the contact form on the Website, you can share your name and surname, email address, and any other details you provide to us via available contact options.Website Visitor, Client, Potential Client, Job Applicant
(d) Registration InformationWe may collect and process your information when you register an account to use our services. We may use this information to create and maintain your account.It may include your email, name, surname, information about your employer/business (company name), email address, phone number, and password (hashed). It may also include any information contained in communications between us.Client
(e) Adding users to the productWe may collect and process information on the users you add for your software testing activities after you register the account and start using our services.It may include email, name, surname, and phone number.Client
(f) Transactions and Payment InformationIf you order services from us, you will need to provide certain personal details, including payment information, so that the order can be fulfilled. To obtain payment from you, we will use or direct you to a third-party payment processor who will collect this information from you and process your payment. Please note that a third-party payment processor is responsible for all collection, processing, and storage of your financial information, and we do not have direct access to or possession of your payment card information or banking information.It may include your name, surname, company/business name and billing information.Client
(g) Potential Customer InformationWhen you contact us via email, phone, our social media accounts, fill out online forms on the Website or subscribe to newsletters, contact us in person or by mail with an inquiry about our service, we may collect some information about you.We may process this information to promote our products and services and communicate with potential customers. It may include your name, email, phone number, your company name, and any other information in communications between you and us, including content of such communications.Potential Customer
(h) Job Applicant InformationWe will process the information relating to your job application for our recruitment processes.It may include your name, place of residence, contact details (phone, email), data about your previous employment(s), education, and other information relevant to recruitment purposes.Job Applicant
(i) Authentication Token InformationWe may collect and process some information when you sign up with your Google account to our Platform.We may process your Google Account information.Client
(j) Due diligence informationWe may collect and process certain information when signing agreements with you for using our service.It may include your name, surname, position, nationality, your company-employer or name of your business, document authorising you to represent the company.Client

INFORMATION ABOUT COOKIES

Please see our Cookie Policy for information about the cookies and how we use them on our Website.

LEGAL BASES FOR PROCESSING

We process your personal data in accordance with the GDPR, CCPA/CPRA and PDPL. The GDPR provides an exhaustive list of lawful bases for processing. We rely only on four of them:

  • Article 6.1(a): consent. We process the personal data you choose to provide us with your consent. You may withdraw your consent at any time. Please remember that the withdrawal of consent does NOT automatically mean that the processing before the withdrawal is considered unlawful. You may withdraw your consent by sending us an email at [email protected].
  • Article 6.1(f): legitimate interest. We process your personal data to protect our legitimate interests, such as preventing fraud; ensuring the security and functionality of our Website; contacting you as a Potential Client or Client to promote our services and/or relevant new offerings, in case you have not opted out from such communication. We only collect and use the data necessary to achieve these purposes and do not override your fundamental rights and freedoms.
  • Article 6.1(b): performance of a contract. When you provide us with personal data to purchase our services, this can be considered as a request to form a contract or to perform a contract between you and us.
  • Article 6.1(c): legal obligation. We process your personal data to fulfil our legal obligations, such as complying with tax or regulatory requirements. In case you send us a request to exercise your rights under the GDPR, we may ask you for some personal data we already have to identify you and comply with the applicable law.

USE OF YOUR PERSONAL DATA

When acting as a data controller, we use your personal data for the purposes listed in the table below, where we also detail the type of personal data processed and the legal bases we rely on to do so.

Purpose of processingType of personal dataLegal grounds under the GDPRThird parties recipientsSource
Account Registration(b) Automatically collected information (d) Registration information (e) Adding users to the product (i)Authentication Token InformationPerformance of a contract (Article 6(1)(b)) GDPRAWS, ContractorsClient
Account Maintenance(c) Contact information (d) Registration information (e) Adding users to the product (f) Transactions and payment information (i)Authentication Token InformationPerformance of a contract (Article 6(1)(b)) GDPRAWS, ContractorsClient
Processing of payments(d) Registration information (f) Transactions and payment informationPerformance of a contract (Article 6(1)(b)) GDPRFastSpringClient
Communication (including responding to queries and requests, customer support, investigating complaints and assisting with the service functionality, and other notifications)(b) Automatically collected information (c) Contact information (d) Registration information (g) Potential customer information (h) Job applicant informationPerformance of a contract (Article 6(1)(b)) GDPR Your consent (Article 6(1)(a)) GDPRAWS, Linked In, X, Google Workspace, Postmark, ContractorsClient, Potential Client, Website Visitor, Job Applicant
Analytics & Development of the Website and the Platform(a) Cookies information (b) Automatically collected information (c) Contact information (d) Registration informationYour consent (Article 6(1)(a)) GDPR Our legitimate interest (Article 6(1)(f)) GDPR Google Analytics, BetterStack, Sentry.io, ContractorsClient, Potential Client, Website Visitor
Marketing activities(a) Cookies information (b) Automatically collected information (c) Contact information (d) Registration information (g) Potential customer informationYour consent (Article 6(1)(a)) GDPR Google Analytics, LinkedIn, X, ContractorsClient, Potential Client, Website Visitor
Due diligence and signing service agreements(j) Due diligence informationPerformance of a contract (Article 6(1)(b)) GDPR ContractorsClient
Security and fraud prevention(a) Cookies information (b) Automatically collected information (c) Contact information (d) Registration information (f) Transactions and payment information (j) Due diligence informationOur legitimate interest (Article 6(1)(f)) GDPRAWS, FastSpring, Cloudflare, ContractorsClient, Potential Client, Website Visitor, Job Applicant
Legal Compliance(a) Cookies information (b) Automatically collected information (c) Contact information (d) Registration information (e) Adding users to the product (f) Transactions and payment information (g) Potential customer information (h) Job applicant information (i)Authentication Token Information (j) Due diligence informationLegal obligation (Article 6(1)(c)) GDPRAWS, FastSpring, Sentry.io, BetterStack, Google Analytics, Google Workspace, Postmark, ContractorsWebsite Visitor, Client, Potential Client, Job Applicant

When providing our services, we may process certain personal data at the request and pursuant to the instructions given by you as a Client. In such a case, we will act as a data processor, and you, as a Client, will be considered data controller. When you, as a Client, provide us with third-party data, the Data Processing Addendum (DPA) shall be applicable to you. In such a case, we may process the following personal data:

Purpose of processingType of personal dataLegal groundsThird parties recipientsSource
Provision of Services(e) Adding users to the productPerformance of a contract (Article 6(1)(b))AWS, Postmark, Sentry.io, OpenAI, ContractorsClient

DATA SHARING AND DISCLOSURE

We may share your personal data as a data controller with other data controllers and processors. We may also share your personal data with our contractors to provide services, technical and customer support. We may share your personal data with data processors who act on our behalf according to our instructions (“service providers”) to manage risks and deliver services effectively. In particular, we may share and disclose your personal data to our service providers:

  • Google Analytics (Google LLC, USA) for analytics purposes and Google Workspace for business operations. You may read its privacy policy here;
  • LinkedIn (LinkedIn Inc., USA): for communication and marketing purposes. You may read its privacy policy here;
  • X (X Corp., USA): for communication and marketing purposes. You may read its privacy policy here;
  • Amazon Web Services, AWS (Amazon.com, Inc., USA): for website hosting and secure storage of personal data on the servers. You may read its privacy policy here;
  • Cloudflare (Cloudflare, Inc., USA): for website hosting (qasphere.com page), security and performance. You may read its privacy policy here;
  • Postmark (AC PM LLC, USA): for sending transactional emails. You may read its privacy policy here;
  • FastSpring (Bright Market, LLC, UK, USA and the Netherlands): to process payments. You may read its privacy statement here;
  • Sentry.io (Functional Software, Inc., USA): to monitor our systems for errors. You may read its privacy policy here;
  • OpenAI (OpenAI LLC, USA): to provide the clients with the AI features. You may read its usage policies here and privacy policy here;
  • BetterStack (BetterStack, Inc., USA): to provide the clients with the AI features. You may read its privacy policy here.

As part of our business operations, we may engage specialists who may receive your personal data, including technical, sales, legal and marketing professionals, to provide you with better client service and ensure the accuracy and transparency of our business. These specialists together with partner websites are referred to as Contractors.

Links to Third-Party Websites

This Privacy Policy applies only to this Website. We strongly recommend you review the privacy documents of any websites you may reach by following the hyperlinks presented on our Website. We are not responsible for the other websites’ content and data practices.

Social Media Accounts and Messengers

We manage our official pages on X and LinkedIn. We may collect the information for marketing purposes when you interact with us via our social media accounts by following our official pages, posting comments, or reacting to our content. We also may communicate with you through direct messaging service available on these social media. When you contact us via our social media accounts for assistance or leave us feedback regarding our services, we can collect this information for further communication purposes.

Please note that we are not responsible for social media data practices and advise checking their privacy documents regarding the processing of your personal data on their side.

DATA TRANSFERS TO THIRD COUNTRIES

We may transfer your personal data to countries outside the European Union (EU) and the European Economic Area (EEA) that are not deemed to provide an adequate level of data protection under Article 45 of the GDPR (adequacy decision), as well as outside the US or the UAE. To protect your personal data, we will ensure that appropriate safeguards are implemented, for example, the standard contractual clauses adopted by the European Commission. Besides, we take additional technical and organizational measures when transferring data, such as assessing the reliability and personal data protection practices of the service provider, promptly responding to any threats to confidentiality, integrity, and availability of personal data, etc.

Where possible, we enter into Data Processing Agreements (DPAs) and Non-Disclosure Agreements (NDAs) with such third parties to ensure an adequate level of protection for your personal data.

DATA RETENTION

When we act as a data controller, we store and process your personal data until we do not need it for any of the purposes defined in this Privacy Policy unless a longer retention period is required or expressly permitted by applicable law. Regarding data stored in the customer’s account, we will delete your personal data if you request the deletion of the account. Please contact your company or employer organisation to learn more about the retention periods of inactive accounts: we do not limit the retention of corporate accounts to enable organisations to manage their employees’ accounts in compliance with their data protection programs.

We may not delete or anonymize your data if there is a requirement to retain it to comply with the law or legal process. You may contact us at [email protected] to exercise your right to erasure (deletion) of your personal data.

SECURITY AND INTEGRITY OF THE DATA

We have implemented appropriate organizational, technical, administrative, and physical security measures to ensure the ongoing confidentiality, integrity, availability, and resiliency of systems and services that process personal information and will restore the availability and access to information on time in case of a physical or technical incident. In particular, we have enacted several organisational measures, such as an internal Information Security and Access Control Policy, as well as onboarding and offboarding checklists. As for the technical measures, we use two-factor authorization for system access and our critical resources like business emails. We also implement cryptography in transit, data encryption at rest, stateful firewall in cloud systems, network address whitelisting, and scheduled backups and snapshots for our production database.

RIGHTS OF THE DATA SUBJECT

In this Section, we summarised the rights that you have under the GDPR, CCPA/CPRA and PDPL. Not all of the details have been included in our summaries. Please address the relevant laws and guidance from the regulatory authorities for a full explanation of these rights. You may exercise the following rights under GDPR, CCPA and PDPL by submitting a data subject request to [email protected].

YOUR RIGHTS UNDER GDPR

Right under the GDPRDescriptionHow to exercise this right
Right to withdraw consent (Art. 7 GDPR)You can withdraw your consent for data processing at any time.You can submit a request.
Right to be informed (Art. 13, 14 GDPR)You have the right to be informed about the collection and use of your personal data.All information about our collection and use of your personal data is described in this Privacy Policy and the Terms of Use.
Right of Access (Art. 15 GDPR)You have the right to confirm whether your personal data is being processed by us and access such data, along with specific information.You can submit a request.
Right to rectification (Art. 16 GDPR)You have the right to correct inaccurate personal data about you and to have incomplete personal data completed.You can submit a request.
Right to erasure (‘right to be forgotten’) (Art.17 GDPR)You have the right to have your personal data deleted without undue delay where one of the following grounds applies:
  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • you withdraw consent to consent-based processing;
  • you object to the processing under certain rules of applicable data protection law;
  • the personal data have to be erased for compliance with a legal obligation in the European Union or an EU Member State law;
  • the personal data have been collected in relation to the offer of information society services referred to in Article 8(1);
  • the personal data have been unlawfully processed.
You can submit a request.
Right to restriction of processing (Art. 18 GDPR)You can limit the way in which we use your data where one of the following applies:
  • you contest the accuracy of the personal data;
  • processing is unlawful, but you oppose erasure;
  • we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise, or defense of legal claims;
  • you have objected to processing, pending the verification of that objection.
You can submit a request. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise, or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
Right to data portability (Art. 20 GDPR)You have the right to receive your personal data in a structured, commonly accepted, and machine-readable format and have the right to request that we transmit this data directly to another controller to the extent that the legal basis for our processing of your personal data is your consent or performance of a contract and the processing is carried out by automated means.You can submit a request.
Right to object (Art. 21 GDPR)You have the right to object to our processing of your personal data at any time to the extent that the processing is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. Also, you have the right to object to our processing of your personal data for direct marketing purposes (including profiling).You can submit a request.
Right not to be subject to a decision based solely on automated processing, including profiling (Art. 22 GDPR)This right restricts us from making solely automated decisions, including those based on profiling, which produce legal or other significant effects for data subjects. We DO NOT use automated decision-making and profiling.-
Right to lodge a complaint (Art. 77 GDPR)You have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data violates the requirements of the GDPR.You can submit the complaint in the EU member state of your place of habitual residence or to the data protection authority stated in this Privacy Policy.
Right to compensation (Art. 82 GDPR)Any person who has suffered material or moral damage as a result of a violation of GDPR requirements has the right to receive compensation from the controller or processor for the caused damage.Court proceedings for exercising the right to receive compensation shall be brought before the courts competent under the law of the EU Member State referred to in Article 79(2).

We encourage you to contact us initially with any concerns you may have regarding the processing of your personal data. You may use the following email to address your concerns: [email protected].

Please note that we may need to confirm your identity to process your requests to exercise your rights under the GDPR. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.

In certain cases, you have the right to lodge a complaint about our use of your personal data with a data protection authority. For more information, please contact your national data protection authority. We will cooperate with the appropriate authorities to resolve any privacy-related complaints that cannot be amicably resolved. You can find a full list of EU supervisory authorities through this link.

YOUR RIGHTS UNDER CCPA/CPRA

RightDescription
Right to knowYou can request information about what personal information we collect about you and how it is used and shared.
Right to accessYou can request access to the collected personal information.
Right to correctYou can request us to correct the inaccurate personal information about you.
Right to deleteYou can request us to delete the personal information that we have collected from you.
Right to data portabilityYou can request obtaining a copy of your personal data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format.
Right to opt out of the saleYou can request opting out of the processing of personal data for the sale of personal information. We neither sell your personal information to anyone nor use your data as a business model.
Right to opt out of sharingYou may request to stop sharing your personal information.
Right to opt out of profilingYou can request opting out of the processing of personal data for profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. We neither sell nor use your personal data for profiling.
Right to initiate a private cause of action for data breachesThe right to bring an individual cause of action or a class action if nonencrypted or nonredacted personal information is subject to unauthorised access and exfiltration, theft or disclosure as a result of the business’s violation of the duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information.
Right to non-discriminationRight to be free from discrimination relating to the exercise of any of your privacy rights.
Right to limit the use and disclosure of sensitive personal informationThis right allows you to limit the use and disclosure of your sensitive personal information by the company. We don’t intentionally collect any sensitive personal information about you.

You can find a detailed description of the personal information that we may collect from you above in the “DATA COLLECTION” section of this Policy. The purposes of the collection and/or use of personal information are stated in the “USE OF YOUR PERSONAL DATA” section of this Policy. You can review the categories of third parties with whom we may share your personal information in the “DATA SHARING AND DISCLOSURE” section of this Policy.

We encourage you to contact us initially with any concerns you may have regarding the processing of your personal data. You may use the following email to address your concerns: [email protected].

Please note that we may need to confirm your identity to process your requests to exercise your rights. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request. In certain cases, you have the right to lodge a complaint about our use of your personal data with California Data Protection Agency (“CDPA”). We will cooperate with the appropriate authorities to resolve any privacy-related complaints that cannot be amicably resolved. You can file a complaint via this link.

YOUR RIGHTS UNDER THE PDPL

Under the PDPL, UAE residents have the following rights concerning their personal data (Articles 13-18):

RightDescription
Right of Access to InformationYou have the right to obtain information on the categories of personal data being processed, the purpose of the processing, the decisions made upon automated processing, entities with whom the personal data is shared.
Right to Request Personal Data PortabilityYou have the right to receive your personal data in a structured and machine-readable format.
Right to Rectification or Erasure of Personal DataYou have the right to rectify inaccurate personal data and the right to delete your personal data and be forgotten.
Right to Restriction of ProcessingYou have the right to restrict and stop the processing of your data where it is inaccurate, or you object to the purpose of the processing.
Right to Stop ProcessingYou have the right to object to the processing of your personal data and stop the processing where it is processed for direct marketing or statistical survey purposes or in contraversion of the personal data protection controls.
Right of Processing and Automated ProcessingYou have the right to object to automated decisions made by automated processing of your personal data. We do not do automated processing of your personal data.

You can find a detailed description of the personal information that we may collect from you above in the “DATA COLLECTION” section of this Policy. The purposes of the collection and/or use of personal information are stated in the “USE OF YOUR PERSONAL DATA” section of this Policy. You can review the categories of third parties with whom we may share your personal information in the “DATA SHARING AND DISCLOSURE” section of this Policy.

We encourage you to contact us initially with any concerns you may have regarding the processing of your personal data. You may use the following email to address your concerns: [email protected].

Please note that we may need to confirm your identity to process your requests to exercise your rights. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request. You also have the right to file a complaint with the UAE Data Office, a federal data regulator (once it is established), if you believe that the processing of your personal data infringes PDPL.

CHILDREN’S PERSONAL DATA UNDER GDPR AND COPPA

We do not provide our services to children under the age of 18. By submitting your personal data, you acknowledge that you have reached the age of 18, and under the laws of your country of residence, you have all rights to provide us with your personal data for processing. Under the GDPR, we do not knowingly collect any personal information from children under the age of 16 (or lower if stated by EU member state law, provided that such lower age is not below 13 years).

We do not knowingly collect any personal information from children under the age of 13 without required parental approval in accordance with applicable legal and regulatory obligations, such as the U.S. Children’s Online Privacy Protection Act (“COPPA”). If you know that a child has provided us with personal information without parental consent, please contact us at [email protected].

CHANGES TO PRIVACY POLICY

This Policy may be changed due to the implementation of new updates, technologies, laws’ requirements, or for other purposes. The notification about such changes will be shared with you on our Website, via email and other means of communication as applicable by applicable laws.

We encourage you to review this Policy for any changes regularly. Your continued use of our Website after the revised Policy has become effective constitutes your acceptance of these new terms. We will notify you in case of substantial changes, and where required by applicable laws, we will obtain your consent for further processing.

CONTACT

In case you have any inquiries about your rights and/or any other questions related to this Privacy Policy, please contact us at: