Privacy Shield Policy

Home » Privacy Shield Policy

Privacy Shield Framework Policy

Last Updated: October 06, 2021

MFXchange US, Inc. d/b/a QuessGTS (“QuessGTS”) complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union (EU) and Switzerland to the United States. MFXchange US, Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement, and Liability. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield Framework, and to view our certification, please visit

This Privacy Shield Framework Policy (this “Policy”) sets forth the privacy principles followed by QuessGTS in connection with the transfer and protection of European Personal Data (as defined below) received from countries in the EU or Switzerland. This Policy describes how QuessGTS handles European Personal Data from its customers in connection with the services provided by QuessGTS. This Policy may be changed at any time in accordance with the requirements of the Privacy Shield Framework. The policy is available at the following link on our website: QuessGTS also collects certain information from our Website visitors. More detail about what information we collect on our Website, how it is used, and each visitor’s rights and obligations may be found in QuessGTS’s Privacy Policy which is located at


This Statement governs European Personal Data transferred from countries in the EU or Switzerland to the United States on behalf of QuessGTS or its customers. It applies to European Personal Data in electronic and off-line formats. “European Personal Data” means information that can directly or indirectly lead to the identification of a living person, such as an individual’s name, address, e-mail, telephone number, license number, social security number, medical identification number, photograph, or other identifying characteristic. The identification can occur by reference to one or more factors specific to the individual’s physical, physiological, mental, economic, cultural or social identity. European Personal Data does not include information that has been anonymized, encoded or otherwise stripped of its identifiers, or information that is publicly available, unless combined with other non-public personal information.

QuessGTS may receive European Personal Data from its customers for purposes of providing services to its customers. In connection with providing the services, QuessGTS may collect passwords, user names, and other data from customer networks, which may incidentally include European Personal Data for the exclusive purposes of performing the services on behalf of its customers. At all times with respect to European Personal data collected on behalf of its customers, and not for any other purpose under US federal or state law, QuessGTS acts as a mere “data processor” (as that term is defined under applicable EU or Swiss law or otherwise referred to under the Privacy Shield Framework as an “agent”).


You have the right to choose (opt out) whether your personal information is to be disclosed to a third party or be used for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized by you. If you wish to opt out or have questions, please contact QuessGTS at [email protected] or in writing at MFXchange US, Inc. Attention: Privacy Officer, 201 Littleton Road, Suite 220, Morris Plains, NJ 07950


You have a right to access any of your European Personal Data which QuessGTS may collect or process. You also have a right to request that this data be corrected or removed from our servers.

Resolution of Complaints

In compliance with the Privacy Shield Principles, Quess GTS commits to resolve complaints about our collection or use of your personal information. (EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact QuessGTS at MFXchange US, Inc. Attention: Privacy Officer, 201 Littleton Road, Suite 220, Morris Plains, NJ 07950)

QuessGTS commits to cooperate with the International Centre for Dispute Resolution /American Arbitration Association (ICDR/AAA), http://go.adr/org/privacyshield.html in the event you do not receive acknowledgement of your inquiry or your inquiry has not been satisfactorily addressed.

The Federal Trade Commission has jurisdiction over QuessGTS’s compliance with the Privacy Shield.

Other Disclosures

QuessGTS may also disclose European Personal Data as necessary in connection with the sale or transfer of all or part of its business. QuessGTS does not currently disclose our customers’ European Personal Data to third parties or use third parties for the purposes of processing European Personal Data. If such a situation were to occur in the future, and QuessGTS were to disclose European Personal Data to any third parties acting as “agents” on behalf of QuessGTS, QuessGTS will require the recipient to protect the European Personal Data in accordance with the relevant principles of the Privacy Shield Framework, or otherwise take steps to ensure that the European Personal Data is appropriately protected. In the context of such an onward transfer, QuessGTS has responsibility for the processing of European Personal Data it receives and subsequently transfers to a third party acting as an agent on its behalf. QuessGTS shall remain liable under the Principles if its agent processes such European Personal Data in a manner inconsistent with the Principles, unless QuessGTS proves that it is not responsible for the event giving rise to the damage. QuessGTS may disclose European Personal Data where required or permitted by law, where QuessGTS believes that such disclosures are appropriate in connection with a law enforcement request or otherwise permitted by the Privacy Shield Framework, or in order to investigate, prevent, or take action regarding illegal activities or suspected fraud, or enforce, administer or apply QuessGTS’s agreements.

An individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. For additional information, see


If you have any questions about this Policy, or if you would like to request access to European Personal Data that QuessGTS may maintain about you, please contact QuessGTS at [email protected] or in writing at: MFXchange US, Inc. Attention: Privacy Officer, 201 Littleton Road, Suite 220, Morris Plains, NJ 07950.