Legal
This Privacy Policy ("Policy") is issued by NorthQuinn Inc., a Delaware corporation ("NorthQuinn," "we," "us," or "our"). It governs the collection, use, disclosure, retention, and protection of personal data obtained through www.northquinn.com (the "Site") and through any communications or pre-engagement activities connected to the Site. By accessing or using the Site, you acknowledge that you have read this Policy and understand its terms. If you do not agree, you should not use the Site or submit information through it.
This Policy applies to all personal data processed by NorthQuinn in connection with the Site, including data submitted through contact forms, data collected automatically through web server infrastructure and analytics tools, and data received through electronic communications initiated through or in connection with the Site.
This Policy does not apply to:
This Policy is incorporated by reference into NorthQuinn's Terms and Conditions. Capitalized terms not defined herein have the meaning ascribed to them in the Terms and Conditions.
| Term | Meaning |
|---|---|
| "Personal Data" | Any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) with a particular natural person or household. |
| "Processing" | Any operation or set of operations performed on Personal Data, whether automated or manual, including collection, recording, organization, storage, adaptation, retrieval, use, disclosure, transmission, deletion, or destruction. |
| "Data Controller" | The entity that determines the purposes and means of Processing Personal Data. NorthQuinn is the Data Controller for Personal Data collected through the Site. |
| "Data Processor" | A party that Processes Personal Data on behalf of a Data Controller pursuant to written instructions. |
| "Service Provider" | A third party that Processes Personal Data on NorthQuinn's behalf solely for the purposes described in this Policy and under contractual restrictions prohibiting independent use or disclosure. |
| "Sensitive Personal Data" | Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, sex life or sexual orientation, or data related to criminal convictions or offenses. |
When you submit an inquiry through the Site's contact form, you may provide the following categories of Personal Data:
Submission of the contact form is entirely voluntary. You are not required to provide Personal Data to browse informational content on the Site.
Important Notice: You must not submit classified information, controlled unclassified information (CUI), personally identifiable information of third parties, financial account numbers, Social Security numbers, protected health information, or any other Sensitive Personal Data through the contact form. NorthQuinn's contact form infrastructure is not designed, approved, or authorized for the transmission of such information.
When you access the Site, certain technical information is collected automatically through standard web server infrastructure and analytics tools:
This data is collected in aggregate form to understand how the Site is used, identify technical issues, and improve Site content and performance. NorthQuinn does not use automatically collected data to identify individual users, build behavioral advertising profiles, or share such data with data brokers.
NorthQuinn does not collect Sensitive Personal Data through the Site. NorthQuinn does not collect biometric identifiers, precise geolocation data, or data concerning children under the age of thirteen (13). If you believe you have inadvertently submitted Sensitive Personal Data, contact us immediately using the information in Section 16.
NorthQuinn may create aggregate, anonymized, or de-identified data derived from Personal Data by removing or altering identifying information. Such de-identified data is no longer Personal Data under this Policy and may be used for any lawful business purpose without restriction.
NorthQuinn Processes Personal Data only for the lawful purposes set forth below. Where applicable law requires a legal basis, we rely on the following:
| Purpose | Data Categories | Legal Basis |
|---|---|---|
| Responding to inquiries submitted through the contact form and taking pre-contractual steps at your request | Identity, Contact, Professional, Communications | Pre-contractual steps at the data subject's request (Art. 6(1)(b) GDPR); Legitimate interests (Art. 6(1)(f) GDPR) |
| Providing requested information about NorthQuinn's services | Identity, Contact, Professional | Legitimate interests (Art. 6(1)(f) GDPR); Pre-contractual steps where applicable |
| Scheduling demonstrations or consultations at your request | Identity, Contact, Professional | Pre-contractual steps at the data subject's request (Art. 6(1)(b) GDPR) |
| Maintaining records for legal and compliance purposes | Identity, Contact, Communications | Legitimate interests; Legal obligation |
| Analyzing Site usage in aggregate to improve performance | Device, Network, Usage, Session | Legitimate interests |
| Detecting, preventing, and investigating security incidents or fraud | All categories | Legitimate interests; Legal obligation |
| Complying with applicable law, court orders, or regulatory demands | All categories as required | Legal obligation |
NorthQuinn does not sell your Personal Data. NorthQuinn does not share your Personal Data with third parties for cross-context behavioral advertising. NorthQuinn does not receive monetary or other valuable consideration in exchange for disclosing your Personal Data to advertisers, data brokers, or any analogous commercial intermediary.
NorthQuinn does not disclose Personal Data to third parties except as described in this Section.
NorthQuinn engages third-party Service Providers to support Site operations. These Service Providers receive Personal Data only to the extent necessary to perform their contracted functions and are contractually prohibited from using Personal Data for any other purpose. Current Service Providers relevant to Site operations include:
NorthQuinn may disclose Personal Data to governmental authorities, law enforcement, regulators, courts, or other authorized parties where NorthQuinn determines in good faith that disclosure is required or reasonably necessary to:
Where legally permitted, NorthQuinn will endeavor to notify affected individuals prior to disclosing Personal Data pursuant to legal process.
In the event of a merger, acquisition, reorganization, bankruptcy, asset sale, financing, or other change in corporate control, Personal Data held by NorthQuinn may be among the assets transferred to or evaluated by a successor or acquiror. NorthQuinn will use commercially reasonable efforts to provide prior notice and ensure that any successor entity is bound by data handling terms no less protective than those set forth in this Policy. If a successor entity's practices differ materially, affected individuals will be provided the opportunity to exercise applicable rights under Section 10 or Section 11 prior to such change becoming effective.
NorthQuinn may disclose Personal Data to additional third parties where you have provided explicit, informed consent prior to such disclosure. You may withdraw consent at any time without affecting the lawfulness of Processing prior to withdrawal.
NorthQuinn is based in the United States. If you access the Site from outside the United States, your Personal Data may be transferred to, stored, and Processed in the United States, where privacy laws may not provide equivalent protection to the laws of your jurisdiction.
For Personal Data transferred from the European Economic Area ("EEA"), the United Kingdom ("UK"), or Switzerland to the United States, NorthQuinn relies on the following transfer mechanisms as applicable:
Where NorthQuinn's TIA identifies elevated risk in the destination jurisdiction — including risk of government access to data in transit or at rest — NorthQuinn implements supplementary technical measures, including end-to-end encryption of Personal Data in transit using TLS 1.2 or higher, access controls limiting personnel access to Personal Data on a strict need-to-know basis, and data minimization practices limiting the categories and volume of Personal Data transferred. Supplementary measures are assessed on a transfer-by-transfer basis and documented in TIA records.
Under Article 27 of the GDPR, controllers established outside the EEA that process EEA Personal Data are required to designate an EU-based representative, unless the processing is occasional, does not include large-scale processing of Special Categories of Personal Data, and is unlikely to result in a risk to the rights and freedoms of natural persons. NorthQuinn's current Site operations involve only occasional contact form submissions and web analytics from EEA residents and do not involve systematic or large-scale processing. NorthQuinn therefore relies on the "occasional processing" exemption in Article 27(2)(a) GDPR for current Site operations.
Forward-looking obligation: When NorthQuinn's AVERY platform becomes operational at production scale in customer environments that may include EEA residents' Personal Data, the "occasional processing" exemption will no longer apply. NorthQuinn will designate an EU Representative pursuant to Article 27 GDPR before initiating such processing. The identity and contact information of the designated EU Representative will be published in this Section at that time.
Requests regarding transfer mechanisms, TIA documentation, or supplementary measures may be directed to privacy@northquinn.com.
| Category | Retention Period | Basis |
|---|---|---|
| Contact form submissions and related correspondence | Three (3) years from last contact, or longer if required by law or legal hold | Applicable statutes of limitations; legitimate business records interests |
| Web server logs and network-level data | Up to ninety (90) days, extended if required for a security investigation | Legitimate interests in security and system integrity |
| Aggregate analytics data | Up to twenty-four (24) months | Legitimate interests in Site improvement |
| Legal hold material | Duration of the relevant legal matter plus any applicable post-resolution retention period | Legal obligation; legitimate interests in dispute resolution |
Upon expiration of the applicable retention period, NorthQuinn will securely delete or anonymize Personal Data consistent with its internal data lifecycle procedures. Where complete deletion is technically impracticable (such as data present in encrypted backup archives), NorthQuinn will isolate and protect such data from further Processing until deletion becomes feasible.
You may request deletion of your Personal Data at any time pursuant to Section 10 or Section 11, as applicable. NorthQuinn will honor valid deletion requests to the extent required or permitted by applicable law, including exceptions for legal holds, regulatory compliance, and fraud prevention.
NorthQuinn implements administrative, technical, and physical safeguards designed to protect Personal Data against unauthorized access, acquisition, disclosure, alteration, or destruction. These measures include, without limitation:
No information security program is impenetrable. NorthQuinn cannot guarantee absolute security against all possible threats. In the event of a security incident resulting in unauthorized access to Personal Data that triggers notification obligations under applicable law, NorthQuinn will comply with all such obligations.
If you believe your interaction with the Site is no longer secure or you suspect unauthorized access to your Personal Data, contact NorthQuinn immediately using the information in Section 16.
In the event of a Personal Data breach that is likely to result in a risk to the rights and freedoms of natural persons, NorthQuinn will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR. Where a breach is likely to result in a high risk to affected individuals, NorthQuinn will also notify those individuals without undue delay under Article 34 GDPR, unless a statutory exemption applies (such as where appropriate technical measures render the Personal Data unintelligible).
For U.S.-based individuals, NorthQuinn will provide notification of security incidents affecting Personal Data in accordance with the applicable state breach notification law or laws, which vary by jurisdiction as to timing, content, and delivery requirements. NorthQuinn maintains internal procedures to identify applicable notification obligations and respond accordingly.
NorthQuinn uses a minimal set of cookies and similar technologies solely for site security and aggregate, anonymized analytics. NorthQuinn does not use advertising cookies, behavioral tracking technologies, or any cookie-based cross-site profiling.
| Category | Purpose | Operator | Basis |
|---|---|---|---|
| Strictly Necessary | DDoS protection, bot mitigation, and TLS session management. Required for Site security and integrity. Cannot be disabled without impairing Site function. | Cloudflare, Inc. | Legitimate interests; exempt from consent requirement under ePrivacy Directive recital 66 |
| Analytics (cookieless) | Aggregate, anonymized measurement of page views and traffic sources for Site performance analysis. No persistent identifiers or cross-site tracking. Data is not linked to individual users. | Cloudflare Web Analytics | Legitimate interests; no consent required as no persistent cross-site identifiers are used |
NorthQuinn does not deploy: advertising or retargeting cookies; third-party tracking pixels; social media tracking widgets that report back to social platforms; session replay tools; or any other technology that tracks your behavior across websites or builds advertising profiles.
You may configure your browser to block or delete cookies. Blocking strictly necessary Cloudflare security cookies may impair the Site's ability to serve content securely. Browser-specific cookie management instructions are available in your browser's help documentation. Cookie opt-out preferences are typically stored in a cookie; clearing cookies may reset your preferences.
NorthQuinn honors the intent of browser-based Do Not Track ("DNT") signals. Because NorthQuinn does not engage in cross-site behavioral tracking or serve targeted advertising, NorthQuinn's practices are consistent with DNT signal intent regardless of whether a DNT header is received. NorthQuinn does not sell or share Personal Data as defined under the CCPA/CPRA.
NorthQuinn recognizes privacy rights afforded to residents of U.S. states that have enacted comprehensive consumer privacy legislation. Enacted statutes include, without limitation: the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA); the Virginia Consumer Data Protection Act (VCDPA); the Colorado Privacy Act (CPA, effective July 1, 2023); the Connecticut Data Privacy Act (CTDPA, effective July 1, 2023); the Utah Consumer Privacy Act (UCPA); the Texas Data Privacy and Security Act (TDPSA, effective July 1, 2024); the Oregon Consumer Privacy Act (OCPA, effective July 1, 2024); the Montana Consumer Data Privacy Act (MCDPA, effective October 1, 2024); the Delaware Personal Data Privacy Act (DPDPA, effective January 1, 2025); the Iowa Consumer Data Protection Act (ICDPA); the Indiana Consumer Data Protection Act; the Tennessee Information Protection Act; the Florida Digital Bill of Rights; and similar statutes enacted or taking effect following this Policy's last amendment date. NorthQuinn monitors legislative developments and will apply applicable rights as statutes take effect. The following rights may be available to you depending on your state of residence, subject to the thresholds, exemptions, and definitions in each applicable statute.
In the preceding twelve (12) months, NorthQuinn has collected the following categories of Personal Information as defined under the CCPA: Identifiers (name, email address, IP address); Internet or Electronic Network Activity Information (browsing activity on the Site); and Professional or Employment-Related Information (company name, if provided). NorthQuinn has not sold or shared any such categories for cross-context behavioral advertising. California residents may submit requests under Section 10.3 and may direct unresolved complaints to the California Privacy Protection Agency or the California Attorney General.
To exercise any rights under this Section, submit a verifiable request to privacy@northquinn.com with the subject line "Privacy Rights Request." Your request must include: (i) identification of the specific right(s) you wish to exercise; (ii) sufficient information to enable NorthQuinn to verify your identity as required under applicable law; and (iii) your state of residence. NorthQuinn will acknowledge receipt within ten (10) business days and respond substantively within the period required by applicable law (generally forty-five (45) calendar days, subject to permitted extensions). NorthQuinn may request additional information to complete verification. You may designate an authorized agent by providing written authorization or evidence of power of attorney; NorthQuinn may independently verify your identity before honoring agent-submitted requests.
If NorthQuinn declines to take action on a request, you will be notified of the reason and your right to appeal. Appeals should be submitted to privacy@northquinn.com with the subject line "Privacy Request Appeal." NorthQuinn will respond within the period required by applicable law and inform you of the outcome and any available remedies, including the right to lodge a complaint with the applicable state supervisory or enforcement authority.
If you are located in the European Economic Area or the United Kingdom, you have the following rights under Regulation (EU) 2016/679 (General Data Protection Regulation) or the UK GDPR, as applicable. NorthQuinn will respond to verifiable requests without undue delay and within one (1) calendar month, subject to permitted extensions of up to two (2) additional months for complex or multiple requests with prior written notice.
To exercise any of the foregoing rights, contact NorthQuinn at privacy@northquinn.com. NorthQuinn will respond to rights requests within one (1) calendar month of receipt. NorthQuinn may extend this period by up to two (2) additional months for complex or multiple requests; if an extension is required, NorthQuinn will notify you within the initial one-month period with reasons for the extension.
If you remain unsatisfied with NorthQuinn's response, you have the right to lodge a complaint with a supervisory authority. NorthQuinn, as a U.S.-based controller with no EU establishment, does not have a lead supervisory authority under Article 56 GDPR. The competent supervisory authority for your complaint is the authority of the EU Member State in which you habitually reside or work, or in which the alleged infringement occurred. UK residents may lodge complaints with the Information Commissioner's Office (ICO) at ico.org.uk. Swiss residents may contact the Federal Data Protection and Information Commissioner (FDPIC) at fdpic.ch.
The Site is directed exclusively to business and professional audiences and is not intended for use by, and does not knowingly collect Personal Data from, children under the age of thirteen (13). NorthQuinn does not knowingly solicit or receive Personal Data from children, and the Site is not designed for or directed at children under any applicable law, including the Children's Online Privacy Protection Act ("COPPA").
If NorthQuinn becomes aware that it has inadvertently collected Personal Data from a child under the age of thirteen without verifiable parental consent, NorthQuinn will take commercially reasonable steps to delete such information as promptly as practicable. If you are a parent or legal guardian and believe your child has submitted Personal Data to NorthQuinn without your consent, contact NorthQuinn immediately at privacy@northquinn.com.
NorthQuinn operates a Vulnerability Disclosure Program ("VDP") for security researchers who identify potential vulnerabilities in NorthQuinn-operated systems. The VDP is governed by NorthQuinn's Vulnerability Disclosure Policy, published at northquinn.com/security.html. Security research reports should be submitted to abuse@northquinn.com.
Personal data submitted through the VDP channel — including researcher contact information and technical proof-of-concept materials — is processed in accordance with NorthQuinn's Security Research Data Processing Notice, which supplements this Policy and provides GDPR Articles 13/14 disclosures specific to security research submissions.
Personal data generated by adversarial interactions with NorthQuinn's threat intelligence research infrastructure — including honeynets, deception technology deployments, and sensor telemetry collection systems — is processed in accordance with NorthQuinn's Threat Intelligence Operations Notice, which supplements this Policy with GDPR Article 6(1)(f) legitimate interest disclosures specific to threat intelligence infrastructure operations.
The Site may contain hyperlinks to third-party websites, tools, or resources not owned, operated, or controlled by NorthQuinn. This Policy applies solely to Personal Data collected by NorthQuinn through the Site and does not extend to information collected by third-party destinations accessed through such links.
NorthQuinn exercises no control over and assumes no responsibility for the content, privacy policies, or data practices of third-party websites. The inclusion of any link does not constitute an endorsement of the linked site or its operator. You access third-party websites at your own risk and are encouraged to review their privacy policies before submitting any Personal Data.
NorthQuinn reserves the right to modify, update, or otherwise amend this Policy at any time in its sole discretion to reflect: (i) changes in applicable law or regulatory guidance; (ii) changes in NorthQuinn's data Processing activities; (iii) changes in technology or security practices; or (iv) other legitimate business developments. NorthQuinn will not apply material changes to previously collected Personal Data in a manner materially less protective than the terms in effect at the time of collection without providing prior notice and, where required by applicable law, obtaining your consent.
Material changes will be communicated by updating the "Last Amended" date at the top of this Policy and, where appropriate, by posting a notice on the Site homepage or providing direct notice to individuals whose contact information is on file. Your continued use of the Site following the effective date of any amendment constitutes your acceptance of the updated Policy. Prior versions of this Policy are available upon request at privacy@northquinn.com.
NorthQuinn Inc. is the Data Controller for Personal Data collected through the Site. All privacy-related inquiries, requests, complaints, and correspondence should be directed to:
| Entity | NorthQuinn Inc. |
| Incorporation | Delaware, United States of America |
| Privacy Inquiries | privacy@northquinn.com |
| Legal Inquiries | legal@northquinn.com |
| Security / VDP | abuse@northquinn.com |
| General Contact | northquinn.com/contact |
| Acknowledgment | Within 10 business days of receipt |
| Substantive Response | Within the period required by applicable law |
NorthQuinn endeavors to resolve all privacy inquiries promptly and directly. If you are dissatisfied with NorthQuinn's response, you may have the right to escalate to the applicable data protection or consumer protection authority as described in Section 10 or Section 11.