Home » Privacy Policy

Privacy Policy

Q-Data Privacy Policy

Version 1.0

1.       The contact details of the data controller

2.       Introduction and scope of this policy

3.       Version control and date of next review

4.       Rights of Individuals

5.       The information we collect indirectly from individuals

5.1     Cookies and similar technologies

5.2     B2B Direct Marketing

6.       The information we collect directly from individuals

6.1     Contact us form on our website

6.2     Business Development and marketing

6.3     Contract (including pre-contractual)

6.4     Contact Database

7.       Cookies and similar technologies

7.1     Cookies

7.2     Plug-in’s

8.       Information we automatically collect

9.       Use of social media networks

9.1     Instagram

9.2     Twitter

9.3     Facebook

10.     Use of professional networks

10.1        LinkedIn

11.     Third-party products

11.1        WordPress

11.2        Google

11.3        Xero

11.4        Dropbox

11.5        Microsoft

11.6        Zoom

12.     Website Hosting

13.     How to complain

1.  The contact details of the data controller

The data controller responsible in accordance with the United Kingdom General Data Protection Regulation (UK GDPR) is:

Q-Data Limited

4 Cuckoo Close, Emsworth, United Kingdom, PO10 7GE

www.q-data.co.uk

The Data Protection Officer is Michelle Sumecki.

Please email: michelle.sumecki@q-data.co.uk

2.  Introduction and scope of this policy

This policy describes how we collect, use, and manage personal data when you visit our website. In addition, we have described how we process personal data to procure and provide the products and services we offer.

We aim to provide transparency relating to individuals who visit our website, individuals we interact with as a customer or prospective customer, or any personal data we process to fulfil our contractual obligations.

We maintain a separate HR policy for applicants and employees, available upon request.

In addition, we maintain a Data Protection Policy, encompassing our internal processes, procedures and obligations as data controllers.

3.  Version control and date of next review

This policy was last published 14th February 2022

The current version number is 1.0

The date of our next formal review of this policy is: January 2023

From time to time, we may update the third-party links within this policy. For example, if they have changed. We may also correct grammatical errors or make minor cosmetic improvements. In this instance, we will adjust the version number and publish the new version.

When we review our policy in depth or introduce a change in processing, we will update the version number, publish the new version, and issue a communication (e.g., a blog update, note on website, email).

If you require access to previous versions of our privacy policy, please email:  michelle.sumecki@q-data.co.uk

4.  Rights of Individuals

When your personal data is processed, you are subsequently a data subject under the definition of UK GDPR and have the following rights:

Your right of access

You have the right to ask us for copies of your personal information.

Your right to rectification

You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing

You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing

You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability

You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. However, if you make a request (Subject Access Request), we have one month to respond to you.

The Data Protection Act 2018 legislation relating to the ‘Rights of the data subject’ can be found here:

https://www.legislation.gov.uk/ukpga/2018/12/part/4/chapter/3

5.  The information we collect indirectly from individuals

5.1    Cookies and similar technologies

Purpose and the lawful basis for processing

We use cookies to enable the necessary performance of our website. Without them, it would not be possible to use or manage our website. In addition, optional cookies aim to enhance the experience and content for users of our website. Finally, plug-ins allow the website to either perform, enhance the content, manage security, or facilitate compliance.

The lawful basis we rely on to process your personal data is Article 6 (1) (a), based on consent from the website visitor the first time they visit our website.

Where consent is not technically possible, the lawful basis we rely on to process your personal data is Article 6 (1) (f), which allows the necessary processing required for our website to perform.

The personal data collected

Please refer to the Cookies and similar technologies section in this policy for details regarding the cookies we collect, plus details of plug-in’s we use on our website.

How personal data is stored and processed

Please refer to the Cookies and similar technologies section in this policy for details regarding how we store this type of data, including duration periods.

Retention periods

Please refer to the Cookies and similar technologies section in this policy for details regarding duration periods.

Rights of individuals

You have the right to withdraw consent. Please note that our website will present consent preferences the first time you visit our website. Your consent will be requested again when the duration period you selected expires.

Please refer to the Rights of Individuals in this policy for further information about your rights concerning your personal data.

5.2    B2B Direct Marketing

Purpose and the lawful basis for processing

We collect and process B2B personal data to market our products and services to new potential clients (individuals). Q-Data is a company offering outsourced DPO and data services, and to grow and generate profits, we need to identify individuals likely to require our products and services. We communicate to individuals by phone, email, or social media/professional platforms e.g., LinkedIn.

The lawful basis we rely on to further process your data is Article 6 (10 (f), which allows us to process personal data based on a legitimate interest assessment.

We ensure the personal data we process for direct marketing meets the standards as required by the Personal Electronic Communication Regulations.

 

The personal data collected

The data we collect and subsequently process would typically include name, business name, job role, email, address, and phone number. In addition, we may research the company based on information made publicly available. We do this to identify companies potentially interested in our products or services. If we procure B2B data, we ensure the data meets the standards as required by the Personal Electronic Communication Regulations.

You can find out more information about our use of social media networks and use of professional networks

 

How personal data is stored and processed

We transfer prospect data onto a central database, managed solely by Q-Data. We communicate to individuals by phone, email, or social media/professional platforms e.g., LinkedIn.

Please refer to the information within this policy regarding how we process personal data within our Contact Database, which includes B2B data.

Please refer to Dropbox in this policy for further information about the third-party software we use.

Retention periods

We only retain personal data for the specified purpose it was collected. Any data that does not satisfy our legitimate interest criteria, or has had consent revoked, will be transferred to a suppression file.

Rights of individuals

You have the right to withdraw consent at any time. We will transfer your data to a suppression file unless you request your personal data is erased. You have the right to portability of your personal data.

Please refer to the Rights of Individuals in this policy for further information about your rights concerning your personal data.

6.  The information we collect directly from individuals

 

6.1    Contact us form on our website

Purpose and the lawful basis for processing

We have a contact form on our website to allow individuals to contact us directly and respond. Depending on the nature of your enquiry, we may retain your contact information in a central database as a prospective customer. In addition, we may further process your data at a future date by contacting you regarding our products or services, which we consider of relevance and interest to you.

The lawful basis we rely on to process your personal data is Article 6 (1) (a), which allows us to process personal data based upon your consent.

The lawful basis we rely on to further process your data is Article 6 (10 (f), which allows us to process personal data based on a legitimate interest assessment.

The personal data collected

We collect the name, contact details, plus optional message of the individual submitting the contact form.

We use the data collected to receive and reply to enquiries submitted via our corporate website.

We may also use your contact details to contact you at a future date.

How personal data is stored and processed

We receive your contact information via our email system (Microsoft Outlook). The processing of your personal data outside the UK/EU/EEA may occur. In such a case, the appropriate safeguards to protect personal data the transfer and processing of personal data are required.

For information on Microsoft’s Privacy Policy here: https://privacy.microsoft.com/en-gb and in particular their pledge regarding storing and processing EU data in the EU

We use Dropbox to store documents containing personal data. In this instance, files are password protected. The processing of your personal data outside the UK/EU/EEA may occur. In such a case, the appropriate safeguards to protect personal data the transfer and processing of personal data are required.

For information on Dropbox’s Privacy Policy here: https://www.dropbox.com/en_GB/privacy

Retention periods

We retain your contact details in our contact database for as long as required to respond to your enquiry. In addition, we will retain your personal contact details for as long as necessary to facilitate communication as a prospect or customer.

We will add your personal data to a suppression file if consent is withdrawn or there is no legitimate reason to continue processing your data.

Rights of individuals

You have the right to withdraw consent at any time. We will transfer your data to a suppression file unless you request your personal data is erased. You have the right to portability of your personal data.

Please refer to the Rights of Individuals in this policy for further information about your rights concerning your personal data.

6.2    Business Development and marketing

Purpose and the lawful basis for processing

We collect and process personal contact data of our existing and previous customers to advertise the products and services we believe will be of interest to them. In addition, we pursue networking opportunities that are likely to grow and nurture our business.

We communicate either by phone, email, or social media/professional platforms e.g., LinkedIn.

The lawful basis we rely on to further process your data is Article 6 (10 (f), which allows us to process personal data based on a legitimate interest assessment.

We ensure the personal data we process for direct marketing meets the standards as required by the Personal Electronic Communication Regulations.

The personal data collected

The data we collect and subsequently process would typically include name, business name, job role, email, address, and phone number.

We generally collect and process business-to-business contact data. However, it may extend to personal data (e.g., Hotmail email accounts and personal addresses) depending on the individual customer.

How personal data is stored and processed

We transfer prospect data onto a central database, managed solely by Q-Data. We communicate to individuals by phone, email, or social media/professional platforms e.g., LinkedIn.

Retention periods

We only retain personal data for the specified purpose it was collected. Any data that does not satisfy our legitimate interest criteria, or has had consent revoked, will be transferred to a suppression file without undue delay.

Rights of individuals

You have the right to withdraw consent at any time. We will transfer your data to a suppression file unless you request your personal data is erased. You have the right to portability of your personal data.

Please refer to the Rights of Individuals in this policy for further information about your rights concerning your personal data.

6.3    Contract (including pre-contractual)

Purpose and the lawful basis for processing

We collect and process personal contact data to discuss or enter into contractual arrangements.

The lawful basis we rely on to further process your data is Article 6 (1) (b), necessary for the performance of a contract or before entering into a contract.

We may further rely on Article 6 (1) (f), if there are compelling legitimate interests within the scope of our contractual arrangement. In this instance, we have carried out a Legitimate Interests Assessment.

The personal data collected

It may not be possible to define each category of data we may process to fulfil contractual, or pre-contractual, obligations as this may vary depending on the nature of the contract. As a minimum we could capture contact details and invoicing information.

The complete details of each contract is agreed in Terms and Conditions.

However, we do not collect or store personal data on behalf of our contractual, or pre-contractual, arrangements. Our business model is purely consultative.

How personal data is stored and processed

We store contact details in our central contact database. Please refer to Contact Database within this policy for further information.

We store customer information in our invoicing system. Please refer to Xero within this policy for further information.

Retention periods

Retention periods for the data we hold to fulfil a contract will vary. We retain contact information in our contact database and invoicing system for as long as is necessary to fulfil either contractual or legal obligations, or legitimate interests.

Additional storage may occur if required by virtue of a legal obligation in the UK or European Union to which Q-Data is subject. 

Rights of individuals

The individual we have a contract with has a right to data portability.

If we rely upon consent or legitimate interests within the context of a contract, other rights will apply. Please refer to the Rights of Individuals in this policy for further information about your rights concerning your personal data.

6.4    Contact Database

Purpose and the lawful basis for processing

We collect and process personal contact database for:

Please refer to each policy section for further details.

We ensure the personal data we process for direct marketing meets the standards as required by the Personal Electronic Communication Regulations.

Please refer to the categories of data (above) for the relevant lawful basis of processing, as it may vary depending on the type of data and purposes of processing. 

The personal data collected

We generally collect contact information, such as name, role, company, address, email, and phone number.  We would also record relevant notes about the contact to enable us to manage this contact within our database.

We also retain a suppression file.

How personal data is stored and processed

We use Dropbox to store documents containing personal data. In this instance, files are password protected.

We use a third-party provider to store personal data. The processing of your personal data outside the UK/EU/EEA may occur. In such a case, the appropriate safeguards to protect personal data the transfer and processing of personal data are required.

Please refer to section under ‘Third-party software’, Dropbox in this policy for further information, including international data transfers relevant to these providers.

Retention periods

We retain your contact details in our contact database for as long as necessary to manage an ongoing relationship.

We will add your personal data to a suppression file if consent is withdrawn or there is no legitimate reason to continue processing your data.

Rights of individuals

You have the right to withdraw consent at any time. We will transfer your data to a suppression file unless you request your personal data is erased. You have the right to portability of your personal data.

Please refer to the Rights of Individuals in this policy for further information about your rights concerning your personal data.

7.  Cookies and similar technologies

7.1    Cookies

Purpose and the lawful basis for processing

Cookies are text files placed on your computer by websites you visit. They are widely used to make websites work, work more efficiently, and provide information to the owners of the site. For example, our website uses cookies when a user accesses our website. 

Please click on the link below for general information about cookies:

https://www.aboutcookies.org/cookie-faq

https://www.allaboutcookies.org

When a user first visits our site, they are presented with options to manage their cookie preferences.

The lawful basis we rely on to process your personal data is Article 6 (1) (a), based on consent received from the website visitor the first time they visit our website.

Where consent is not technically possible, the lawful basis we rely on to process your personal data is Article 6 (1) (f), which allows the necessary processing required for our website to perform.

We use third-party software to manage our website. The processing of your personal data outside the UK/EU/EEA may occur. In such a case, the appropriate safeguards to protect personal data the transfer and processing of personal data are required. Please refer to section under ‘Third-party software’, WordPress and Google, in this policy for further information, including international data transfers relevant to these providers.

The personal data collected

When website users first visit our site, they are presented with options to manage their cookie preferences.

Cookie consent levels are determined by:

  • Necessary for the site to function
  • Manage preferences for the visitor to select preferences
  • All Levels OK to confirm the use of all cookies are accepted by the visitor

The domain www.q-data.co.uk uses the following cookies, including type, description and retention periods:

Cookie

Type

Description

Duration

_gid

Analytics

Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website’s performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

1 day

_gat_gtag_UA_218125291_1

Analytics

Set by Google to distinguish users.

1 minute

_ga_4ZJ91VZVN3

Analytics

This cookie is installed by Google Analytics.

2 years

_ga

Analytics

The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.

2 years

 

Retention periods

When website users first visit our site, they are presented with options to manage their cookie preferences. The dashboard will store your consent preferences for 30 days. 

Rights of individuals

You have the right to withdraw consent. Please note that our website will retain the consent preferences selected by you the first time you visited our website. Your consent will be requested again when the duration period you selected expires.

Please refer to the Rights of Individuals in this policy for further information about your rights concerning your personal data.

7.2    Plug-in’s

Our site uses plug-in’s for the following purposes:

  • To facilitate our contact form
  • To provide a cookie notice to inform users that our site uses cookies and to provide them with control options
  • Protect and secure our website (Anti-virus, Firewall and Malware Scan)
  • Super-fast caching
  • SEO solution, including on-page content analysis, XML sitemaps

We have not provided the plug-in authors within this policy, as we may change or review the website plug-ins we use to manage our website. If you have any questions about the plug-ins we use, or would like further information, please contact michelle.sumecki@q-data.co.uk

Where consent is not technically possible, the lawful basis we rely on to process your personal data is Article 6 (1) (f), which allows the necessary processing required for our website to perform.

8.  Information we automatically collect

When you visit our website, we automatically collect information from your web browser to retrieve the page from the server (unless disabled/masked by third party software). Information about your devise is required to display the correct format (e.g., mobile pages). The information we collect:

  • Your IP address and location derived from the IP address
  • Internet or other electronic network activity information, like the referring websites or services
  • The time and date of each access
  • Device settings, such as browser type, operating system, and language
  • Cookie information (please refer to our ‘Cookies and similar technologies section’)

9.  Use of social media networks

9.1    Instagram

Data Controller for Instagram: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland

Purpose and the lawful basis for processing

The purpose of our corporate presence is for communication and information sharing with existing and potential customers regarding our products and services. We may provide a link to our Instagram page on our website.

We generally have no influence or control of your personal data by Instagram; therefore, we cannot to make any clauses or statements regarding the purpose and scope of the processing of your data.

The processing of your personal data outside the UK/EU/EEA may occur. In such a case, the appropriate safeguards to protect personal data the transfer and processing of personal data are required.

For information on Instagram’s Privacy Policy here:

https://help.instagram.com/519522125107875/?maybe_redirect_pol=0

Refer to the section: ‘how do we operate and transfer data as part of our global services’ for Instagram’s reference to International Transfers. 

Every individual is free to use Instagram and engagement is based on consent.

The personal data collected

Generally, we only use Instagram for business-to-business prospecting activities and customer interaction.

We may provide information and communicate with individuals via Instagram, which may also display on our company website. If you carry out an action on our Instagram account (e.g. comments, liked, contributions, etc.), you may make personal data (e.g. name, photo, user profile, comments) public.

How personal data is stored and processed

We generally have no influence of control of your personal data managed by the data controllers, Instagram.

Personal data generally stays within the platform unless we agree to persue mutually agreeable communication outside the online environment. In this instance, we may transfer your contact details to our central contact database as a prospect with the possibility of maturing to a customer.

Retention periods

We generally have no influence or control of your personal data stored by the data controller, Instagram.

If we continue communication beyond the Instagram platform, we will only retain your personal data to facilitate communication regarding our products and services either as a prospect or customer.

Rights of individuals

For further information on how Instagram processes your personal data, including your rights using the Instagram platform, please click here:

https://help.instagram.com/519522125107875

9.2    Twitter

Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland

Purpose and the lawful basis for processing

The purpose of our corporate presence is for communication and information sharing with existing and potential customers regarding our products and services. We may provide a link to our Twitter page on our website.

For information on Twitter’s Privacy Policy here: Please refer to Twitter’s Privacy Policy, ‘Our global Operations and Data Transfers’. 

The processing of your personal data outside the UK/EU/EEA may occur. In such a case, the appropriate safeguards to protect personal data the transfer and processing of personal data are required.

For information on Twitter’s Privacy Policy here:

https://twitter.com/en/privacy

Every individual is free to use Twitter, and engagement is based on consent.

The personal data collected

We may provide and share information and communicate with individuals via Twitter, which may also display on our company website. If you carry out an action on our Twitter account (e.g. comments, likes, contributions, etc.), you may make personal data (e.g. name, photo, user profile, comments) public.

How personal data is stored and processed

We generally have no influence or control of your personal data by the data controller, Twitter; therefore, we cannot to make any clauses or statements regarding the purpose and scope of the processing of your data.

Retention periods

We generally have no influence or control of your personal data stored by the data controller, Twitter.

Rights of individuals

For further information on how Twitter processes your personal data, please click here:

https://twitter.com/en/privacy

9.3    Facebook

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland

Purpose and the lawful basis for processing

The purpose of our corporate presence (Q-Data) is for communication and information sharing with existing and potential customers regarding our products and services. We may provide a link to our Facebook page on our website.

The personal data collected

We create and manage lead generation/communication to engage with companies with a potential interest in our products or services.

We generally have no influence or control of your personal data by Facebook; therefore, we cannot to make any clauses or statements regarding the purpose and scope of the processing of your data.

The processing of your personal data outside the UK/EU/EEA may occur. In such a case, the appropriate safeguards to protect personal data the transfer and processing of personal data are required.

For information on Facebook’s Privacy Policy here:

https://en-gb.facebook.com/policy.php

We may create a managed campaign via the Facebook platform to actively attract leads who may be interested in our products or services. The lawful basis we rely on to process your personal data is Article 6 (1) (a), which allows us to process personal data based upon your consent.

How personal data is stored and processed

We generally have no influence or control of your personal data by the data controller, Facebook; therefore, we cannot to make any clauses or statements regarding the purpose and scope of the processing of your data.

The data generated on our corporate Facebook campaign manager account are managed within the Facebook platform. 

We may transfer prospect data onto a central database, managed solely by Q-Data.

We only retain personal data for the specified purpose it was collected. Any data that does not satisfy our legitimate interest criteria, or has had consent revoked, will be transferred onto a suppression file.

Our policy regarding Business development and marketing within this document will provide you with further information regarding the personal data we process for marketing activities.

Retention periods

We generally have no influence or control regarding the retention periods of your personal data by the data controller, Facebook.

If we continue a commercial interest outside of the Facebook platform, we will only retain your personal data to facilitate communication regarding our products and services either as a prospect or customer, or if there are compelling legitimate interests.

Rights of individuals

Any individual can request to opt-out of our marketing initiatives. We will retain this information in a suppression file.

For further information on how Facebook processes your personal data, please click here: https://en-gb.facebook.com/policy.php

Our policy regarding Business development and marketing within this document will provide you with further information regarding the personal data we process for marketing activities.

10.       Use of professional networks

We use corporate presences on professional networks, primarily LinkedIn.

10.1 LinkedIn

LinkedIn: LinkedIn, Unlimited Company, Wilton Place, Dublin 2, Ireland

Purpose and the lawful basis for processing

We use LinkedIn to provide information, offer users the possibility of communication, and to advertise our products and services. Our corporate presence is also used for job applications and active sourcing.

Every user is free to engage in LinkedIn activity.

When we interact with prospective customers on LinkedIn, we have established legitimate interests, Article 6 (1) (f), as the lawful basis for processing personal data. We have conducted a Legitimate Interest Assessment, which is available upon request.

The processing of your personal data outside the UK/EU/EEA may occur. In such a case, the appropriate safeguards to protect personal data the transfer and processing of personal data are required.

For information on LinkedIn’s Privacy Policy here: Please refer to LinkedIn’s Privacy Policy:

https://www.linkedin.com/legal/privacy-policy

For further information regarding EU/EEA, and Swiss Data Transfers:

https://www.linkedin.com/help/linkedin/answer/62533

The personal data collected

We typically collect the name, job role, company name, and contact details of individual’s we have identified within the LinkedIn network who may have an interest in our product or services. We may transfer their personal data outside the online platform in the interests of continuing the communication.

How personal data is stored and processed

We generally have no influence or control regarding the retention periods of your personal data by the data controller, LinkedIn.

If we continue a commercial interest outside of the LinkedIn platform, please see our policy regarding:

Business Development and marketing

B2B Direct Marketing

Retention periods

We generally have no influence or control regarding the retention periods of your personal data by the data controller, LinkedIn.

If we continue a commercial interest outside of the LinkedIn platform, we will only retain your personal data to facilitate communication regarding our products and services either as a prospect or customer.

Rights of individuals

For information on how LinkedIn process your personal data, please click here:

https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

Our policy regarding B2B Direct Marketing  and Business Development and marketing

within this document will provide you with further information regarding the personal data we process for marketing activities.

11.       Third-party products

We use third-party software and providers to process personal data.

We may use third-party software and providers to enable us to use the personal data we process, for example, to facilitate a contract.

11.1  WordPress

Our website is built using WordPress, which uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters.

Please see complete information on WordPress cookies here:

https://wordpress.org/support/Article/cookies/

11.2  Google

Google maintains servers around the world and your information may be processed on servers located outside the UK/EU/EEA. In such a case, the appropriate safeguards to protect personal transfer and processing of personal data is required. For information on Google’s Privacy Policy here: Please refer to Google’s Privacy Policy, and specifically Google’s Legal Frameworks for Data Transfers

To opt out of being tracked by Google Analytics across all websites, visit:

https://tools.google.com/dlpage/gaoptout

11.3  Xero

We process personal data to enable us to manage our business accounts, including invoicing. 

The processing of your personal data outside the UK/EU/EEA may occur. In such a case, the appropriate safeguards to protect personal data the transfer and processing of personal data are required.

For information on Xero’s Privacy Policy, please click here:

https://www.xero.com/uk/about/legal/privacy/

11.4  Dropbox

We use Dropbox to store and share personal data and information. Personal data files are password protected.

We use Dropbox to store documents containing personal data. In this instance, files are password protected. The processing of your personal data outside the UK/EU/EEA may occur. In such a case, the appropriate safeguards to protect personal data the transfer and processing of personal data are required.

For information on Dropbox’s Privacy Policy, please click here: https://www.dropbox.com/en_GB/privacy

11.5  Microsoft 

We use Microsoft Office 365 to process personal data, for example Outlook.

We also use Microsoft Teams to facilitate video conferencing communication. This may be in the context of contract, pre-contractual meetings, either as a supplier or client of Q-Data.

The processing of your personal data outside the UK/EU/EEA may occur. In such a case, the appropriate safeguards to protect personal data the transfer and processing of personal data are required.

For information on Microsoft’s Privacy Policy here: https://privacy.microsoft.com/en-gb and in particular their pledge regarding storing and processing EU data in the EU

1.1      Zoom

We use Zoom to facilitate video conferencing communication. This may be in the context of contract, pre-contractual meetings, either as a supplier or client of Q-Data.

The processing of your personal data outside the UK/EU/EEA may occur. In such a case, the appropriate safeguards to protect personal data the transfer and processing of personal data are required.

For information on Zoom’s Privacy Policy here: https://explore.zoom.us/en/gdpr/?_ga=2.225117722.1403884589.1645204940-117236262.1645204940

12.       Website Hosting

We have considered the safeguarding and security of our website as follows:

Backups

Back-ups are incremental and archived. Data sent to and from the back-up system is always encrypted.

Monitoring

All systems are monitored using PRTG and Pingdom.

PRTG is an enterprise monitoring suite – designed for large businesses and data centres. It reports in real-time and alerts of any developing issues or current issues. For example, if a server starts to run slow, or a hard drive begins to develop a fault we will know about it.

Pingdom is a third-party service that monitors uptime and performance of systems. We have various rules set up to check our systems every 60 seconds. SMS messages and emails and sent to us if a fault is detected.

Secure Datacentre

The servers and hosting infrastructure feature military-grade security, based in the UK. 

Management

All systems feature ‘lights-out management’. This means our server can be accessed remotely. For example, if a server shuts down (owing to hardware failure).  Servers can also be shut down and powered on remotely.

13.       How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us by emailing: michelle.sumecki@q-data.co.uk

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk