Quixess Commerce
Quixess Data Protection Policy

Data Protection Policy

Effective Date: August 31, 2024 (SUBJECT TO CHANGE)

This Data Protection Policy explains how QUIXESS LLC (“Quixess,” “we,” “our,” or “us”) protects, manages, and secures personal and business data collected through our platform, APIs, and related services. This policy complements our Privacy Policy and Terms of Service and applies to all users, partners, vendors, and employees who interact with Quixess systems.

Scope and Purpose

This policy establishes the principles and measures Quixess uses to ensure that personal data is:

  • Collected and processed lawfully, fairly, and transparently
  • Used only for legitimate and specified business purposes
  • Adequate, relevant, and limited to what is necessary
  • Accurate and kept up to date
  • Stored securely and retained only as long as required
Data Controller

For the purposes of applicable data protection laws, QUIXESS LLC acts as the data controller for personal data collected and processed through its platform, except where Quixess acts as a data processor on behalf of its users.

Types of Data Protected
  • Personal identification information (name, email, phone)
  • Business and account information
  • Order, supplier, and inventory data
  • Payment-related metadata (excluding full card details)
  • Technical data such as IP address and device information
Lawful Basis for Processing

Quixess processes data based on one or more of the following lawful grounds:

  • Performance of a contract
  • Legal and regulatory obligations
  • Legitimate business interests
  • User consent, where required
Data Security Measures

Quixess implements appropriate technical and organizational safeguards to protect data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Strict access control and authentication mechanisms
  • Regular security reviews and monitoring
  • Secure hosting and infrastructure management
Data Retention and Deletion

Personal data is retained only for as long as necessary to fulfill business, legal, or contractual requirements. When data is no longer required, it is securely deleted or anonymized.

Data Breach Management

In the event of a data breach that poses a risk to user data, Quixess will take prompt action to contain, investigate, and remediate the incident. Where required by law, affected users and authorities will be notified without undue delay.

International Data Transfers

Data processed by Quixess may be transferred to and stored in the United States or other jurisdictions where our infrastructure or service providers operate. Appropriate safeguards are applied to protect such transfers.

User Rights

Users may exercise rights related to their personal data, including access, correction, deletion, or restriction of processing, subject to applicable laws.

Contact Information

For questions or concerns regarding this Data Protection Policy, please contact:

QUIXESS LLC
Email: [email protected]