Privacy notice

This privacy notice (“Privacy Notice”) explains how your personal data is collected, used and shared in the course of your engagement with the Quantum Economic Development Consortium (“QED-C”).

This Privacy Notice sets out when, why and how any personal data that is collected from you, or provided by you, will be processed. Please read this Privacy Notice carefully, and ensure you understand it fully. When reference is made in this Privacy Notice to “personal data”, this means information, which can identify you either directly or indirectly as an individual, and “processing” personal data can include (but is not limited to) obtaining, recording, holding, using, disclosing or erasing it.

About us

The Quantum Economic Development Consortium is a consortium of stakeholders in the quantum information science and technology ecosystem which has been brought together by SRI International (“SRI”), in connection with the United States Government’s National Institute of Standards and Technology (“NIST”).

QED-C is administered, operated and managed by SRI with the direction and advice of the QED-C Steering Committee, which is made up of representatives from QED-C participants. SRI is a non-profit organisation that performs research and development activities for a broad range of clients. SRI is headquartered at 333 Ravenswood Avenue, Menlo Park, California, CA 94025-3493, USA. As SRI is primarily responsible for the management of QED-C, SRI is considered the controller of personal data that is processed in connection with QED-C. References in this Privacy Notice to “we”, “us” or “our” should therefore be read to mean QED-C as administered, operated and managed by SRI.

We are committed to protecting and respecting your privacy in accordance with applicable law in this area, such as the General Data Protection Regulation (EU) 2016/679, including as it applies in the UK by virtue of the European Union (Withdrawal) Act 2018 (“GDPR”) and the UK Data Protection Act 2018 (each as amended from time to time).

Please send any questions about this policy, or our data processing activities, to privacy@sri.com, or by post at the address stated above.

About this privacy notice

This Privacy Notice applies to the personal data of individuals located in the EU or UK that we collect in the course of our ordinary activities and which is subject to the GDPR, for example:

  • When you visit and use our website https://quantumconsortium.org/ (“Website”) including when you submit personal data to our Website;
  • When you, or an organisation that you are affiliated, with applies to join the consortium;
  • When you engage with the consortium, e.g., about our purpose or opportunities. This could be during a virtual event, over the phone, by email, via the contact forms on our Website, by post, or in person at an event we attend or host;
  • Where you subscribe for our newsletter;
  • When we engage with you (or your employer) for you to provide us with products or services; and
  • When your personal data is provided to us by third parties in the course of our interactions with them (e.g., the companies we work with, an associate, or participants at events (including virtual events)).

Our Website may, from time to time, contain links to and from the websites of consortium participants, and others associated with us. For example, our Website advertises job opportunities at consortium members. If you follow a link to any of these websites, please note that these websites have their own privacy and cookie notices. We accept no responsibility or liability for these policies or for the data processing practices of such third parties. Please check these policies before submitting any personal data.

This Privacy Notice may be updated from time to time. We therefore advise you to consult it on a regular basis. The last line of this Privacy Notice below indicates when the Privacy Notice was last updated.

Personal data we may collect from you

The specific personal data we may collect from you will depend on the precise nature of your relationship with us, however we will limit the personal data that we collect to that which is necessary for the purpose of collection.

You are not obliged to provide us with any personal data, however if you do not provide the information that we have requested, we may not be able to respond to your communications, allow you to join the consortium, or interact with you about our activities.

Some categories of personal data are given additional protection under the GDPR (“Special Category Personal Data”). Examples of Special Category Personal Data include information about your: health (such as any disabilities), racial or ethnic origin, political opinions and religious or philosophical beliefs, and sex life or sexual orientation. We do not anticipate routinely processing Special Category Personal Data, although we may in some circumstances. For example, if you include Special Category Personal Data in any emails that you send to us or if we require information about any disabilities to make reasonable adjustments at events we may host. Where we process Special Category Personal Data, we do so on the basis that you have explicitly consented to this processing, by freely providing us with the information. You may withdraw this consent at any time.

Common types of personal data that we collect and process includes:

1. Technical information

We collect information related to your access to and use of the Website. Such information is included, but not limited to, IP address, traffic data, location data, device information (such as device type, operating system, browser information), and pages you visit.

In addition, with your permission we utilise cookies or similar technologies to track how you interact with our Website. For more information on cookies and your choices regarding these, please visit our Cookie Notice.

2. Information about members

If you or an organisation that you are affiliated with (such as a company that you work for or your university) enquires about membership of the QED-C then we may be provided with some basic personal data. If you or the relevant organisation then joins the QED-C, we may be provided with further information. Information we may hold about our members (and their employees, shareholders, and directors) includes but is not limited to:

  • Basic personal details such as your name, email address, and contact telephone number (including alternative contact details).
  • Details regarding executive officers and directors such as name, country of birth, and citizenship.
  • Shareholder information regarding those with a controlling interest in members such as name, address, nationality, location, and interest held.
  • Information about your employer or affiliated organisation such as the organisation name, organisation type, location, and your position.
  • Details of your involvement in the quantum information science and technology ecosystem including your connections.
  • Account information used to access the members only section of the Website such as your username and password.
  • If you contact us, or we contact you, we may keep a record of the contact and any personal data included in the correspondence or call.

Most of the personal data is obtained directly from you or your affiliated organisation. We may however collect personal data about you from third parties, e.g., where one of your connections gives us your details.

3. Information about students

Our Website allows students in relevant fields to submit information about themselves. Information that is collected about students who wish to submit their details includes but is not limited to:

  • Basic personal details such as your name, email address and right to work information.
  • Information about your current studies including your academic institution, the degree you are seeking, relevant specialisms, and your expected graduation date.
  • Details of your future intentions such as whether you are seeking internships or employment.
  • Further information that may be relevant such as your research topics and skills or experience.
  • Additional information that you may choose to include such as your LinkedIn profile (and any information thereon), any references, and any other comments that you submit.

Information is obtained directly from you or from another student that has submitted your information (e.g., if a peer has provided your details, or if you have agreed to act as a reference) or from publicly available sources (such as LinkedIn).

4. Information obtained when you interact with QED-C

If you interact with QED-C, by submitting a message or query via the contact forms on our website, by subscribing to our newsletter, by engaging with us at events, or by any other means then we may collect and process your personal data. Such information may include:

  • Information submitted via the “Contact us” or similar forms on our Website such as your name, contact details, organisation and role, and your comment or query.
  • Information submitted to Quantum Marketplace Participants via the “Get in touch” forms, such as your name and message, which we will process before sharing with the relevant third party that you are seeking to get in touch with.
  • Information you may provide when subscribing to our newsletter such as your name, email address, and organisation.
  • Any information you may provide at events that are attended or hosted by QED-C such as your name, organisation, interests, and attendance history.
  • Any other personal data that you willingly provide to us in the course of our activities.

Such information will be collected from you directly.

5. Suppliers, service providers and other third parties

We may also collect personal information relating to suppliers, service providers or other third parties and their employees. Owing to the nature and structure of QED-C, we do not consider this to be a routine activity. Most arrangements in place between suppliers and service providers will likely be in place between SRI (or one of the participants of QED-C) and the relevant third party. However, where we do collect personal data from third parties that is subject to the GDPR we will treat such personal data accordingly.

Uses made of your personal data and the legal basis for this

We will only collect, use and share personal data where we are satisfied that we have an appropriate legal basis to do so.

This may be because the processing is necessary:

  • For our legitimate business interests (or those of a third party) provided that such interests are not outweighed by your fundamental rights and freedoms. For example:
    • To conduct surveys, often in conjunction with our members and other third party partners;
    • To promote and pursue the mission and objectives of QED-C;
    • To facilitate collaboration among QED-C participants by sharing knowledge and connections;
    • To enter into and administer agreements with our corporate and institutional participants;
    • To ensure that content from our Website is presented in the most effective manner for you and for your computer;
    • To comply with lawful requests made by authorities, and to otherwise voluntarily co-operate with regulatory bodies at our discretion; and
    • To internally administer QED-C and ensure its continued operation.
  • To perform a contract entered into between you and us, or to take steps at your request before entering into such a contract. For example:
    • To enter into and administer agreements with our individual participants;
    • To maintain the accounts or our participants and their employees and respond to account related queries or complaints; and
    • To carry out our obligations or enforce our rights under any contracts entered into between individuals and us.
  • To comply with a legal obligation to which we are subject. For example:
    • Where we are obligated to provide information, or assistance, to courts, government authorities, or other regulatory bodies; and
    • To demonstrate compliance with our obligations relating to fraud, anti-money laundering, anti-bribery, and other such laws.
  • Where you have consented to our processing.
    • Where individuals subscribe to our newsletter, we will send communications (which may include direct marketing communications) to the contact details provided when subscribing (see Direct Marketing below).
    • If we are processing your personal data on the basis of your consent, this can be withdrawn at any time.

If you would like to find out more about the legal basis for which we process your personal data in specific circumstances, please contact us using the details in the About Us section above.

Direct marketing

We may process personal data for marketing reasons. QED-C produces and distributes a newsletter which individuals can subscribe to using the relevant form on our Website. While the newsletter is not likely to routinely constitute a direct marketing communication, some of the content may fall within scope. We only send the newsletter to individuals who have signed up to receive it and have therefore consented to receive such communications.

You can unsubscribe from our newsletter any time by contacting us by following the appropriate “unsubscribe” link in any newsletter email, or by emailing us at admin@quantumconsortium.org or writing to us at the address set out under About Us section, above. Please note, there may be a slight delay while we accommodate such requests.

If you tell us that you do not wish to receive marketing communications, we may still contact you, for example with information about your account or to respond to any communications that we receive from you.

How we share personal data within QED-C and with third parties

QED-C is a consortium of stakeholders in the quantum information science and technology ecosystem. Information processed in connection with your involvement in QED-C will therefore be shared between the consortium’s participants. Members of QED-C can be found at https://quantumconsortium.org/members/.

We may also share your personal data with relevant third parties, for example:

  • Service providers who help to manage our business and deliver services (e.g. SaaS providers and cloud-based storage solutions).
  • Our legal, financial, or other advisors in order to obtain professional services.
  • In order to prevent fraud, investigate crimes (or potential crimes), and ensure security.
  • Any other third party where you have provided your consent or we have an appropriate legal basis for doing so.

If you do not want your personal data to be shared in accordance with the above, please contact us using the details contained in this Privacy Notice.

Transfers of personal data

You should note that QED-C is primarily located in the USA and any personal information submitted to QED-C is therefore collected by parties located there. The USA has not been deemed by the EU Commission or the UK Government to provide an adequate level of protection of personal data.

Personal data that we collect from you may in some cases be further transferred to third parties that are also based outside the UK and the European Economic Area (“EEA”). Where necessary, we ensure appropriate safeguards are in place for transfers to such third parties to protect your personal data (such as the Standard Contractual Clauses approved for this purpose by the EU Commission and the UK Information Commissioner).

You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when it is transferred outside the UK or EEA. To obtain such information, please use the contact details listed under the About Us section above.

How we protect your personal data

We are committed to ensuring the security of your personal data and take all steps reasonably necessary to ensure that your data is adequately protected and treated in accordance with this Privacy Notice.

Where you have received (or set up) login details such as usernames and passwords
to access certain parts of our Website, you’re responsible for keeping these confidential. Please keep this information safe, and do not share it with others.

Unfortunately, sending information using the internet isn’t completely secure. Although we’ll do our best to protect your personal data, we can’t guarantee the security of the data you send to our Website.

How long we store your personal data for

We will store your personal data for as long as is reasonably necessary for the purposes for which it was collected. In some circumstances, we may store your personal data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements.

In specific circumstances we may store your personal data for an extended period so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or relationship with us.

Your rights

Subject to certain exemptions, and in some cases dependent on the processing activity we are undertaking, you have certain rights in relation to your personal data. In particular, you have the right to

  • access personal data that we hold about you;
  • rectify or erase personal data that is inaccurate;
  • restrict the processing of your personal data or object to our processing in certain circumstances;
  • ask us to transfer your personal data; and
  • lodge a complaint with a supervisory authority.

You can exercise your rights by contacting us using the details at the About Us section above.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with your request in a different way. We will always inform you if this is the case and explain why we are unable to fully comply with your request. Please note that we’ll need to confirm your identity before giving you details of any personal data we may hold about you.

Changes to this privacy notice

Any changes we may make to this Privacy Notice in the future will be posted on this page. You should check this page from time to time for any changes we made.

Date

This Privacy Policy is effective from March 30, 2022.