Skip to main content

Introducing Quorum Copilot, AI for Public Affairs. Make hard things easy, and make new things possible

Learn More

Quorum Privacy Policy


Microsoft Word – Privacy-Policy-v9.docx

Quorum is committed to maintaining your privacy. This privacy policy (“Privacy Policy”) describes how Quorum Analytics Inc. (together with its affiliates, “Quorum") will collect, use, disclose and otherwise process personal information we receive or process through our websites (including at quorum.us and quorumeu.com). together with any mobile apps or other online or offline services we offer (collectively, the “Services”). This policy also describes your choices about the collection and processing of your information.

Please read our Terms of Use (“Terms”) and this Privacy Policy carefully before you start to use our Services. By using the Services, you agree to be bound and abide by our posted Terms and Privacy Policy, to the extent permitted by law. Please see Sections 12-14 of our Terms regarding your legal rights in any dispute involving our Services.

IF YOU HAVE ENTERED INTO A SUBSCRIPTION OR OTHER EXECUTED AGREEMENT WITH US, THE TERMS OF THAT AGREEMENT WILL CONTROL TO THE EXTENT THERE IS ANY CONFLICT WITH THESE TERMS OR THE PRIVACY POLICY.

Our Privacy Policy applies to all individuals whose personal information may be processed through our Services, including guest users of our Services ("Visitors"), registered users who have signed a subscription agreement with us ("Subscribers"), registered users participating in a free trial of certain Services ("Trial Users"), or public officials, legislators and third parties in the public interest (“Public Individuals”).

  1. How We Collect Information. We may collect information about you by various means, including:

    1. Directly from you, both online (e.g., our website, email) and offline (e.g., mail);

    2. Through your use of our Services;

    3. From publicly-available sources such as public records, legislative histories and other governmental websites and services; and

    4. From other third party sources and social media platforms, as well as from our affiliates or third parties for the purposes provided below, and/or to supplement information we already possess.

  2. The Types Of Information We May Collect. Information you may provide or that we may collect falls into three broad categories: (i) Personal Information, (ii) Anonymous Information and (iii) Self- Managed Information.

    1. We use the term “Personal Information” to mean any information that could reasonably be used to identify an individual directly or indirectly (in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person), including name, address, e-mail address, telephone number or any combination of information that could reasonably be used to identify an individual. Personal Information we collect may including the following categories of information:

      1. Profile and subscription information, such as a username and password, your name, mailing address, e-mail address, phone number, and usage and subscription preferences, which may include signing up to some of our Services or communications from us;

      2. Transactional information including payment information and history for subscriptions to the Services;

      3. Survey information in response to questions we may send you through the Services, including for feedback and research purposes;

      4. Communications between you and us, such as via e-mail, mail, phone or other channels;

      5. Offline activity you directly engage in with us, if any; and

      6. Online User Activity described in Section 5.

    2. Anonymous Information” is information that does not identify an individual, and may include statistical information concerning, for example, use of our Services or the pages on our website that were visited most frequently.

    3. Self-Managed Information” is any information, document or personal information uploaded to and stored on our Services by you and which is managed by you.

  3. Our Uses Of Personal Information (Purposes). We have structured our Services so that you may visit our website and review selected information about our Services without providing any Personal Information. We will only share Personal Information you choose to provide to us via the Services with third parties as expressly disclosed in Section 6. We collect information from you at different points through our Services, and use this information as follows, to the extent permitted by applicable laws:

    1. Provide our Services to you, including to provide our website, maintain your account, manage any purchases or transactions;

    2. Provide information regarding Public Individuals to users of our Services;

    3. Respond to your requests, questions and comments and provide customer support;

    4. Monitor the performance of our Services;

    5. Tailor the content we display to you in our Services and communications, including advertising, and offer products and services that we believe may be of interest to you;

    6. Operate, evaluate and improve our programs, our websites and other products and services we offer (including to develop new services), and diagnose or fix technology problems;

    7. Analyze and enhance our communications and strategies (including by identifying when emails sent to you have been received and read);

    8. Inform you about changes to this Privacy Policy and our Terms of Use and other policies; and

    9. Comply with and enforce as needed applicable legal requirements, industry standards, our policies and our contractual rights.

    10. We may also use or share information in an anonymized or aggregate manner.

      You may wish to provide us with comments and feedback concerning our Services generally. By communicating with us for these purposes, you may provide us with your email address and other

      Personal Information. In these instances, we endeavor to use any such information strictly for the purposes for which you submit the information.

      Periodically, we may send news, bulletins, marketing materials, or other information to individuals who signed up to our email list. If you sign up to our email list, you must submit an email address for us to send communications. You will always have the ability to opt out of receiving most communications as provided below in Section 9.

  4. Anonymous, Aggregate Information. We use Anonymous Information for many purposes such as research, analysis, modeling, marketing, and to improve our Services. In addition, from time to time, we may undertake or commission statistical and other summary analyses of the general behavior and characteristics of users participating in our Services and the characteristics of visitors at our Services. We may collect Anonymous Information through the software that supports our Services, including through cookies and other means described below.

  5. Online User Activity, Cookies and Information Collected by Automated Means.

    1. IP Addresses; Logs. We may automatically receive and record information in our server logs from your browser, including your IP address (the Internet address of your computer), your computer's name, the type and version of your web browser, referrer addresses and other generally-accepted log information. We may also record page views (hit counts) and other general statistical and tracking information, which will be aggregated with that of other users in order to understand how our Services are being used, and for security and monitoring purposes.

    2. Cookies. A cookie is a small amount of data, which often includes a unique identifier, which is sent to your browser from a website's computers and stored on your computer's hard drive. Cookies can be used to provide you with a tailored user experience and to make it easier for you to use a website upon a future visit. We may include cookies on our Website and use them to recognize you when you return to our Website. We may use one or more of the following types of cookies:

      1. Necessary cookies. Necessary cookies are required for the operation of the Services. These cookies are essential to make the Services work correctly. They include cookies that remember previous actions (e.g. entered text) when navigating back to a page in the same session. These cookies do not identify you as an individual. If you do not accept necessary cookies, it may affect the performance of the Services or parts of it.

      2. Functionality cookies. Functionality cookies are used to recognize you when you return to the Services and to remember the choices you made to enable us to personalize its content to you. The information the functionality cookies collect may include Personal Information that you have disclosed. If you do not accept functionality cookies, it may affect the performance and functionality of the Services and may restrict access to its contents.

      3. Analytical/Performance cookies. Analytical/performance cookies allow us to recognize and count the number of visitors and help us understand how visitors interact with the Services by providing information about, among others, the areas visited, the time spent on the Services and any issues encountered. This helps us improve the way the Services work. Performance cookies do not directly identify you as an individual.

      4. Advertising/targeting cookies. Advertising/targeting cookies record your visit to the Services, the pages you have visited and the links you have followed. We use this information to make the Services and the advertising displayed on these sites more relevant to you and your interests. The advertising cookies may be used to deliver targeted advertising and to help us measure the effectiveness of advertising campaigns. We may also share this information with third parties (including advertisers) for this purpose. Most advertising cookies track users via their IP address or a unique identifier and may potentially collect Personal Information.

        Quorum uses different sets of cookies across its different types websites. The below list of cookies encompasses all cookies used across all different websites; but not all cookies will be present on each website.

        Strictly Necessary Cookies

        Host

        Cookie Name

        Description

        Expiry Duration (days)

        www.quorum.us

        qsesid

        Quorum’s first-party session cookie. This cookie identifies your browser to our servers and is required for securely logging in.

        179

        www.quorum.us

        session_expires

        This cookie is generated as part of the sign-in process and used to defend against Cross Site Request Forgery (CSRF)

        0

        www.quorum.us

        current_regions

        This cookie stores which region the user is currently

        0

        info.mail.quorum.us

        BIGipServerab57web- nginx-app_https

        This cookie name is associated with the BIG-IP product suite from company F5. Usually associated with managing sessions on load balanced servers, to ensure user requests are routed consistently to the correct server. The common root is BIGipServer most commonly followed by a domain name, usually the one

        that it is hosted on, but not always.

        0

        info.mail.quorum.us

        cf_bm

        The  cf_bm cookie is a cookie necessary to support Cloudflare Bot Management, currently in private beta. As part of our bot management service, this cookie helps manage incoming traffic that matches criteria associated with bots.

        This is a CloudFoundry cookie

        0

        info.quorum.us

        cfruid

        Cookie associated with sites using CloudFlare, used to identify trusted web traffic.

        0

        info.quorum.us

        cf_bm

        The  cf_bm cookie is a cookie necessary to support Cloudflare Bot Management, currently in private beta. As part of our bot management service, this cookie helps manage incoming traffic that matches criteria associated with bots.

        This is a CloudFoundry cookie

        0

        www.quorum.us

        PHPSESSID

        PHP session cookie associated with embedded content from this domain.

        0

        www.quorum.us

        AWSALBCORS

        This cookie is managed by AWS and is used for

        load balancing.

        6

        www.quorum.us

        AWSALB

        AWS ELB application load balancer

        6

        www.quorum.us

        PHPSESSID

        PHP session cookie associated with embedded content from this domain.

        0

        www.quorum.us

        AWSALB

        AWS ELB application load balancer

        6

        www.quorum.us

        csrftoken

        This cookie is associated with the Django web development platform for Python. It is designed to help protect a site against at particular type of software attack on web forms.

        363

        Performance Cookies

        Host

        Cookie Name

        Description

        Expiry Duration (days)

        quorum.us

        _ga

        This cookie name is associated with Google Universal Analytics – which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics

        reports. By default it is set to expire after 2 years, although this is customisable by website

        owners.

        729

        quorum.us

        _hjAbsoluteSessionInProgr ess

        This cookie is used by HotJar to detect the first pageview session of a user. This is a True/False flag set by the cookie.

        0

        quorum.us

        _hjSession_xxxxxx

        A cookie that holds the current session data. This ensues that subsequent requests within the session window will be attributed to the

        same Hotjar session.

        0

        quorum.us

        _hjFirstSeen

        Identifies a new user's first session on a website, indicating whether or not Hotjar's seeing this user for the first time.

        0

        quorum.us

        hssrc

        This cookie name is associated with websites built on the HubSpot platform. It is reported by them as being used for website analytics.

        0

        quorum.us

        hssc

        This cookie name is associated with websites built on the HubSpot platform. It is reported by them as being used for website analytics.

        0

        www.quorum.us

        _clsk

        Used by Microsoft Clarity to connect multiple page views by a user into a single Clarity

        session recording.

        0

        quorum.us

        _gid

        This cookie name is associated with Google Universal Analytics. This appears to be a new cookie and as of Spring 2017 no information is available from Google. It appears to store and

        0

        update a unique value for each page

        visited._gid

        quorum.us

        _hjTLDTest

        When the Hotjar script executes we try to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we try to store the _hjTLDTest cookie for different URL substring alternatives until it

        fails. After this check, the cookie is removed.

        0

        quorum.us

        _hjSessionUser_xxxxxx

        Hotjar cookie that is set when a user first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.

        364

        quorum.us

        _clsk

        Used by Microsoft Clarity to connect multiple page views by a user into a single Clarity

        session recording.

        0

        quorum.us

        hstc

        This cookie name is associated with websites built on the HubSpot platform. It is reported by them as being used for website analytics.

        179

        quorum.us

        _ga_xxxxxxx

        This cookie name is associated with Google Analytics. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is

        customisable by website owners.

        729

        quorum.us

        _ga

        This cookie name is associated with Google Universal Analytics – which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics

        reports. By default it is set to expire after 2 years, although this is customisable by website owners.

        729

        www.quorum.us

        _mkto_trk

        This cookie is associated with an email marketing service provided by Marketo. This tracking cookie allows a website to link visitor behaviour to the recipient of an email marketing campaign, to measure campaign

        effectiveness.

        729

        quorum.us

        _gid

        This cookie name is associated with Google Universal Analytics. This appears to be a new cookie and as of Spring 2017 no information is available from Google. It appears to store and

        0

        update a unique value for each page

        visited._gid

        quorum.us

        _gclxxxx

        Google conversion tracking cookie

        89

        quorum.us

        _uetvid

        This is a cookie utilised by Microsoft Bing Ads and is a tracking cookie. It allows us to engage with a user that has previously visited our website.

        389

        Targeting Cookies

        Host

        Cookie Name

        Description

        Expiry Duration (days)

        quorum.us

        _uetsid

        This cookie is used by Bing to determine what ads should be shown that may be relevant to the end user perusing the site.

        0

        quorum.us

        _gat_gtag_xxxxxxxxxxxxxxx

        xxxxxxxxxxxx

        Google Analytics

        0

        www.quorum.us

        ln_or

        This is a LinkedIn cookie used to determine if Oribi analytics can be carried out on a specific domain

        0

        quorum.us

        pt_

        NA

        0

        quorum.us

        _fbp

        Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers

        89

        quorum.us

        _gat_UA-XXXXXX-X

        Google Analytics Cookies

        0

        www.linkedin.com

        bscookie

        This domain is owned by LinkedIn, the business networking platform. It typically acts as a third party host where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways.

        Although such buttons add functionality to the website they are on, cookies are set regardless of whether or not the visitor has an active Linkedin profile, or agreed to their terms and conditions. For this reason it is classified as a

        primarily tracking/targeting domain.

        730

        company- target.com

        tuuid

        This domain is owned by USA based company Demandbase, which provides technology for

        B2B marketing.

        730

        bing.com

        MUID

        This domain is owned by Mircosoft – it is the site for the search engine Bing.

        390

        youtube.com

        VISITOR_INFO1_LIVE

        This cookie is used as a unique identifier to track viewing of videos

        365

        hubspot.com

        cf_bm

        This is a CloudFoundry cookie

        0

        linkedin.com

        UserMatchHistory

        This domain is owned by LinkedIn, the business networking platform. It typically acts as a third party host where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways.

        Although such buttons add functionality to the

        30

        website they are on, cookies are set regardless of whether or not the visitor has an active Linkedin profile, or agreed to their terms and conditions. For this reason it is classified as a

        primarily tracking/targeting domain.

        twitter.com

        personalization_id

        This domain is owned by Twitter. The main business activity is: Social Networking Services. Where twitter acts as a third party host, it collects data through a range of plug- ins and integrations, that is primarily used for

        tracking and targeting.

        730

        linkedin.com

        AnalyticsSyncHistory

        This domain is owned by LinkedIn, the business networking platform. It typically acts as a third party host where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways.

        Although such buttons add functionality to the website they are on, cookies are set regardless of whether or not the visitor has an active Linkedin profile, or agreed to their terms and conditions. For this reason it is classified as a

        primarily tracking/targeting domain.

        30

        casalemedia.com

        CMPRO

        This domain is owned by Casale Media. The main business activity is: Advertising

        89

        c.bing.com

        MR

        This domain is owned by Microsoft – it is the

        site for the search engine Bing.

        6

        c.bing.com

        SRM_B

        This domain is owned by Mircosoft – it is the site for the search engine Bing.

        390

        linkedin.com

        lidc

        This domain is owned by LinkedIn, the business networking platform. It typically acts as a third party host where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways.

        Although such buttons add functionality to the website they are on, cookies are set regardless of whether or not the visitor has an active Linkedin profile, or agreed to their terms and conditions. For this reason it is classified as a

        primarily tracking/targeting domain.

        1

        casalemedia.com

        CMPS

        This domain is owned by Casale Media. The main business activity is: Advertising

        89

        tremorhub.com

        tvid

        This domain is owned by Tremor Video which provides a marketplace for online video based cross-device advertising.

        365

        linkedin.com

        li_sugr

        This domain is owned by LinkedIn, the business networking platform. It typically acts as a third party host where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways.

        Although such buttons add functionality to the

        89

        website they are on, cookies are set regardless of whether or not the visitor has an active Linkedin profile, or agreed to their terms and conditions. For this reason it is classified as a

        primarily tracking/targeting domain.

        linkedin.com

        bcookie

        This domain is owned by LinkedIn, the business networking platform. It typically acts as a third party host where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways.

        Although such buttons add functionality to the website they are on, cookies are set regardless of whether or not the visitor has an active Linkedin profile, or agreed to their terms and conditions. For this reason it is classified as a

        primarily tracking/targeting domain.

        730

        linkedin.com

        li_gc

        This domain is owned by LinkedIn, the business networking platform. It typically acts as a third party host where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways.

        Although such buttons add functionality to the website they are on, cookies are set regardless of whether or not the visitor has an active Linkedin profile, or agreed to their terms and conditions. For this reason it is classified as a

        primarily tracking/targeting domain.

        730

        youtube.com

        CONSENT

        YouTube is a Google owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a

        broad range of their own and other websites.

        6160

        youtube.com

        YSC

        YouTube is a Google owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a

        broad range of their own and other websites.

        0

        doubleclick.net

        IDE

        This domain is owned by Doubleclick (Google). The main business activity is: Doubleclick is Googles real time bidding advertising exchange

        390

        casalemedia.com

        CMID

        This domain is owned by Casale Media. The main business activity is: Advertising

        364

        doubleclick.net

        test_cookie

        This domain is owned by Doubleclick (Google). The main business activity is: Doubleclick is Googles real time bidding advertising

        exchange

        0

        srv.stackadapt.com

        sa-user-id-v2

        This domain is owned by Stackadapt. The company provides marketing and advertising

        services.

        364

        company- target.com

        tuuid_lu

        This domain is owned by USA based company Demandbase, which provides technology for B2B marketing.

        730

        tremorhub.com

        tv_UIDM

        This domain is owned by Tremor Video which provides a marketplace for online video based cross-device advertising.

        730

        quorum.us

        hubspotutk

        This cookie name is associated with websites built on the HubSpot platform. HubSpot report that its purpose is user authentication. As a persistent rather than a session cookie it

        cannot be classified as Strictly Necessary.

        179

        If you do not want the Services to store cookies in your browser, you have the option to:

        1. block cookies or to eliminate the cookies that have already been placed on your browser. Be aware, however, that when you deactivate the cookies a certain number of functionalities will no longer be available on the Services;

        2. configure your browser to accept or to refuse all cookies, to be alerted when a cookie is issued, to check its period of validity and its consent and to periodically remove your cookies, or

        3. select the option presented on our marketing website

    3. Tags. We may use so-called "pixel tags" — small graphic images (also known as "web beacons" or "single-pixel GIFS") — to tell us what parts of our website have been visited or to measure the effectiveness of searches customers perform on our Services. Pixel tags also enable us to send email messages in a format that customers can read, and they inform us whether emails have been opened, to help ensure that our messages are of interest to our recipients. You can "opt-out" of receiving these types of emails from us by following the directions provided in Section 9. If any Personal Information is collected using such tools, it will be subject to the terms of this Privacy Policy.

    4. Click-Throughs. If you have signed up for our email list, we may send you email messages which use a “click-through URL” linked to content on our Services. When you click one of these URLs, you pass through our web server before arriving at the destination web page. We track this click-through data to help determine interest in particular topics and measure the effectiveness of our customer communications. If you prefer not to be tracked, simply do not click text or graphic links in the email, or notify us in accordance with Section 9.

    5. Computer Configuration. In order to determine whether your computer is supported by our system, we may collect certain Anonymous Information. This information includes, but may not be limited to, your operating system and browser, as well as the presence of any software that our Services may require to operate with your computer, or other third party software on your computer. This information is kept strictly confidential and is not shared with third parties, except as provided for in this Privacy Policy.

      To enable us to better understand the characteristics of our users and/or to provide services tailored to your needs, we may link Personal Information with Anonymous Information and/or Self-Managed

      Information, in which case the combined information will be treated as Personal Information under this Privacy Policy.

  6. Limited Disclosures of Personal Information to Unaffiliated Third Parties. We will not disclose your Personal Information to unaffiliated third parties without your express consent, except in the following limited circumstances as permitted by applicable law:

    1. Information about Public Individuals. We may share publicly-known or ascertainable information regarding Public Individuals to users of our Services.

    2. Use of YouTube API Services. One of our data providers is YouTube API Services (“YouTube Services”). As part of our agreement on the use of YouTube Services, we are required to inform you that we use YouTube API Services and your access to the data and information provided through the YouTube API Services is governed by the Google Privacy Policy at http://www.google.com/policies/privacy. To the extent that you wish to revoke our access to data that is obtained by the YouTube Services, you may do so via the Google security settings page at https://security.google.com/settings/security/permissions, in addition to the other methods and mechanisms described elsewhere in this Privacy Policy.

    3. Vendors. We may employ other companies to perform functions on our behalf, such as hosting, developing or maintaining various aspects of the Services, payment processing, marketing partners, responding to and sending electronic mail, or other functions necessary to our business. We may need to share your Personal Information with these companies (collectively, “Vendors”) and provide them with only the information necessary to perform their functions on our behalf and for no other purpose.

    4. Suspected Harm. We may reveal Personal Information to attorneys, private investigator organizations or law enforcement agencies if we believe it is relevant to (a) a risk of harm to us or others, (b) suspected or actual fraudulent activity, or (c) violating (either intentionally or unintentionally) our Terms or legal rights.

    5. Legal Obligations. We may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We will reveal Personal Information to the extent we reasonably believe we are required to do so by law. If we receive legal process calling for the disclosure of your Personal Information we will attempt to notify you via email within a reasonable amount of time before we respond to the request, unless such notification is not permitted.

    6. Our Affiliates. We may choose to rely on and share information with our Affiliates as further detailed in Section 17.

    7. Transfer of our Business. We may transfer the information we maintain to a third party in connection with a sale of the relevant portion of our business or assets, but we will make reasonable efforts to direct the recipient to safeguard Personal Information consistent in all material respects with this Privacy Policy.

  7. Notice for Residents of the EU and other International Jurisdictions.

    1. Quorum’s Role. Quorum acts as data controller with regard to the processing of Personal Information pursuant to this Privacy Policy, except that you are the data controller with respect to: (i) your Self-Managed Information since, you determine and decide yourself on the purposes and means of the processing such of Self-Managed Information and in that

      circumstance we Quorum therefore act solely as a mere data processor; and likewise (ii) any communications that you send to Public Individuals through the Services.

    2. Our Legal Bases for Processing Personal Information. In some jurisdictions including the EU we are obligated to disclose our legal bases for processing. In such jurisdictions, our basis for processing Personal Information is as follows, and as described below it will depend on the nature of processing.

      1. Performance of a Contract. We may process your Personal Information as necessary for the performance of a contract to which you (or the organization you are affiliated with) are a party, such as to manage your subscription and access rights, or in order to take steps at your request prior to entering into a contract.

      2. Your Consent. By accessing and using our Services, you are acknowledging that you have read and understood this Privacy Policy and agree to the terms herein. Do not use our Services if you do not agree to the terms of this Privacy Policy. You have the right to withdraw your consent to processing at any time, however, without affecting the lawfulness of processing based on consent before its withdrawal, or processing that relies on other bases described here.

      3. Legitimate Interests. With respect to Public Individuals, we process Personal Information in connection with governmental and legislative activities that is of paramount interest to the public (such as name, surname, title, contact details, social media accounts, and governmental or legislative activities), including so our users can learn about such activities and contact those individuals through governmental communication channels made available for that purpose. In this respect, our legitimate interests do not infringe on, and are not overridden by, any interests or fundamental rights and freedoms of relevant data subjects since

        (i) there is clearly a strong public interest in such information, (ii) interested members of the public using the Services will be prejudiced if they are unable to easily locate and use this information, (iii) the personal information we process with respect to Public Individuals is otherwise public and not sensitive to the data subjects, (iv) the data subjects are governmental officials or otherwise public figures who reasonably expect the information we process would be available to the public, (v) the nature of our processing does not unduly impact the personal information in any unexpected or prejudicial manner, and (vi) the impact on the data subjects by the processing appears to be minimal, while the benefit to us and our users is both significant and important to the public.

      4. Other basis. Although rare, we may engage in processing that is necessary for compliance with a legal obligation to which we are subject, or where necessary in order to protect the vital interests of the data subject or of another natural person.

    3. Exercise your Rights. You may submit requests concerning your Personal Information such as (i) access to your Personal Information and/or a portable copy; (ii) rectification or erasure of your Personal Information, or (iii) an objection or restriction on our processing of your Personal Information. You also have the right to lodge a complaint with a supervisory authority. You may direct such requests to info@quorum.us. We will respond to all requests as required by applicable law (including with respect to response deadlines) and will otherwise respond in our reasonable discretion.

    4. Transfer outside of the European Economic Area. If you are in the EEA/EU, the UK, Switzerland or another jurisdiction that has imposed similar legal requirements regarding the lawful transfer of personal information from that jurisdiction to another country (e.g., the US), to the extent that we engage in such a transfer of your personal information (a “Cross-Border Transfer”) we will take steps to ensure that such Cross-Border Transfer satisfies known legal requirements. In particular: If we transfer personal information to a jurisdiction deemed by relevant regulatory authorities to provide adequate protection for personal information, we will rely on such adequacy decision, as applicable, and will otherwise take steps to conduct the Cross-Border Transfer using other legally-valid mechanisms, such as by entering into data transfer agreements with standard contractual clauses ("SCCs") among our affiliates and with relevant service providers, in any necessary supplementary safeguards. We currently rely on SCCs for Cross-Border Transfers to the US, and are monitoring evolving laws and regulatory developments to assess if and when alternative or supplemental measures are available or necessary. Individuals with inquiries or complaints regarding cross-border transfers under this privacy policy should contact us at info@quorum.us.

  8. State-Specific Privacy Rights.

    1. Exercise your Rights. Certain privacy laws in the U.S. (including for example, the California Consumer Privacy Act (CCPA)) may provide additional rights with respect to the collection and use of personal information collected by businesses. This may include the right to request that a business: (i) disclose personal information maintained about the individual (i.e., access request); (ii) correct or delete personal information maintained about the individual (subject to certain exceptions); or (iii) not sell personal information about the individual to a third party (excluding qualified service providers). It can be unlawful to discriminate against an individual for exercising such rights.

      For purposes of the CCPA, Quorum does not “sell” the Personal Information of California consumers.

      To submit a request under such laws, as applicable to you, please email us at info@quorum.us and indicate the type of request you are submitting in the subject line. You will need to provide your name and email address to enable us to verify your identify and respond to your request. We will endeavor to fulfill any obligations that are legally-required, otherwise we will respond to requests in our discretion. Where required, (i) We will aim to acknowledge receipt of each request within 10 days along with a description of what steps we take to verify and respond to your request, and (ii) substantively respond to such requests within 45 days of receipt, although we may take an additional 45 days if reasonably needed.

    2. Other California Disclosures.

      Pursuant to California’s “Shine The Light law” (California Statute § 1798.983), California residents are entitled, once a year and free of charge, to request the disclosure of certain categories of Personal Information to third parties for their own direct marketing purposes in the preceding calendar year, if any. You may request this information by contacting us at info@quorum.us and indicate in the email subject line, “California Shine The Light Request.” Please include your mailing address, state of residence and email address with your request.

      For California residents under the age of 18 and registered users of our Services, California law (Business and Professionals Code § 22581) provides that you can request the removal of content or information you posted on the Services. Any such request should be sent to us, along with a description of the posted content or other information to be removed, at info@quorum.us. Be advised, however, that applicable law may not permit us to completely or

      comprehensively remove your deleted content or for other reasons as set forth in this California law.

      Note that in regard to California’s required Do-Not-Track disclosure, our Services do not respond to Do-Not-Track headers or signals, and treat all information received by our Services consistent with this Privacy Policy.

  9. Additional Opt-Out Choices.

    1. Marketing Emails. If you sign up to receive communications from us via our email list, we will provide you with the ability to decline (i.e., “opt-out”) of marketing communications. Instructions for opting-out will be provided if and when we determine to send you such a communication. You will not be allowed to opt-out of administrative notices concerning our Services, your transaction, or legal and other related notices concerning your relationship to the Services. Quorum will also provide an individual opt-out or opt-in choice before we share their data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.

    2. User Account: You may terminate your user account (if any) by contacting us as provided below. We may retain any account information for internal purposes or as otherwise provided in this Privacy Policy and our Terms.

    3. Cookies: As notice above, web browsers may offer users the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our Services may not function correctly.

  10. Links to Other Websites and Third Party Content. Our Services may contain links to other websites or apps. This can include social media integrations. Please be aware that we are not responsible for the content or privacy practices of such other websites or apps, and we encourage you to be aware when you leave our Services and to read the privacy statements of any other website or app that collects personal information.

  11. Online Advertising. You may see us promoted by other organizations, on various websites, web pages, social media and other platforms. Please note that we do not always have complete information about where our organization may be displayed or promoted, and if you believe that we are featured in venues that are inappropriate or offensive, please contact us as directed below.

    We may serve advertisements, and allow third parties to serve advertisements, through our Services. Advertisements served through our Services may be targeted to users who fit a certain general profile category, which may be inferred from information that you provide to us or, based on your website usage patterns, or based on your activity on other websites or online services as may be available to the ad networks.

  12. Security. We have put in place commercially-reasonably security systems designed to prevent unauthorized access to or disclosure of Personal Information we maintain. For example, our Services’ password-protected sections require users to provide a unique username and password, we monitor network traffic for malicious activity, use encryption and have implemented other technical safeguards, employees are required to acknowledge and abide by security and privacy policies with respect to the confidentiality of Personal Information, and access to our systems containing non-public Personal Information is provided on a need-to-know basis. We also take steps to require that Affiliates and Vendors maintain security practices that are at least as protective of this Privacy Policy. However, due to the nature of Internet communications and evolving technologies, we cannot provide, and disclaim, assurance that any Personal Information we

    maintain will remain free from loss, misuse, or alteration by third parties who, despite our efforts, obtain unauthorized access.

  13. Notice of Security Incident. If we detect an intrusion or other unauthorized access to or use of Personal Information we maintain (an "Intrusion"), we will comply with applicable laws concerning notification, which may include notifying affected individuals of the Intrusion in a timely manner by means most efficient under the circumstances (such as, for example, first class mail or email).

  14. Storage. We endeavor to maintain Personal Information until one year after its last use, but more generally, we may maintain Personal Information as long as it is needed for our business purposes and legal needs, the purposes of collection, and in accordance with applicable laws.

    If you requested deletion of your Personal Information, please note that it may be impossible to remove the information completely from our systems due to backup practices in the ordinary course of business, deletion records and other exceptions recognized by applicable laws. You may not seek removal of de-identified, anonymous, or otherwise aggregate data from our Services.

  15. Advisory Regarding Children. Consistent with applicable laws (such as the Children's Online Privacy Protection Act), our Services are intended for a general audience that is of legal age to accept our Terms, and we do not allow individuals under 13 to use the Services. If we become aware that we collected information from a child under 13 through the Services we will endeavor to promptly delete it.

  16. Notification of Changes. From time to time, we may change this Privacy Policy, and if we make any changes regarding disclosure of Personal Information to third parties, we will attempt to contact you prior to the date the modified policy is scheduled to take effect. We will post notice of the new policy through the privacy link on our website. Use of our Services following any such change constitutes an agreement to follow and be bound by the updated Privacy Policy.

  17. Our Affiliates. We may choose to rely on and share information with companies closely related to us (our “Affiliates”) for certain purposes under this Privacy Policy. By “Affiliate,” we mean an entity that controls, is controlled by, or is under common control with Quorum, whether the control results from equity ownership, contract, overlapping management or otherwise. In this context, “control” means the ability to replace the officers or directors or otherwise materially influence or control management decisions. You agree that Quorum Affiliates will be entitled to enjoy our rights under this Policy and, in exchange, we agree that we will be responsible for our Affiliate’s conduct under this Policy, if our Affiliate fails to comply with any resulting obligations. In any event, we ensure that our Affiliates agree to protect Personal Information in a manner no less protective of your interests than the protections set out in this Policy.

  18. Contact Us. If you have any questions about this Privacy Policy, our privacy practices, or if you would like to exercise one of the abovementioned rights, please contact us at: (1) One Thomas Circle NW, 6th Floor, Washington, DC 20005, (202) 972-9980, info@quorum.us; or (2) Square de Meeûs 35, 1000 Brussels – Belgium, +32 2 335 12 18, info@quorumeu.com.

  19. Effective Date. This Privacy Policy was last updated 5 June, 2023.