This statement governs the collection, storage and use of personal information collected by Q Networks Ltd, Company Registration Number: 04897687. Registered Address: Binley Innovation Centre, Binley Business Park, Harry Weston Road, Coventry, CV3 2TX. Registered in England.
We are required to provide you with the information in this privacy statement under applicable law which includes:
Data Protection Act 1998, which will be replaced by the General Data Protection Regulation (EU) 2016/679 from 25 May 2018
Privacy and Electronic Communications (EC Directive) Regulations 2003
About Q Networks Ltd
Q Networks Ltd offers a complete IT service, providing customers with remote & onsite support as well as consultancy, professional services, expert advice and project management. As a managed service provider we are a GDPR data processor and on your behalf will perform the following activities:
Onsite and remote support
Backup & disaster recovery solutions
Security patching and antivirus activities
Security solutions to protect your systems
Remote equipment monitoring
Anti-spam – mail cleaning & internet proxy
The details of these contracted services are included in a schedule of works which will be agreed at the time of signing or renewing our contract with you.
How can we assist you in terms of GDPR
As a GDPR processor we will assist you in fulfilling your own obligations as a data controller including:
Data Protection Impact Assessments
Data Subject Requests
Data Breach Notification
Data breach notification
A personal data breach is “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.”
After we become aware of a personal data breach, the GDPR requires us to notify you without undue delay. We consider that all (confirmed) personal data breaches are in scope.
We have processes in place to quickly identify and contact our security team.
As a controller you have the following obligations:
Notify the appropriate Data Protection Authority (DPA) within 72 hours of becoming aware of it for example, after we notify you. If you don’t notify the DPA within that time period, you’ll need to explain why to the DPA. This notice to the DPA is required even where there is a risk to individuals that is not likely to result in a high risk
Notify the data subjects of the breach without undue delay
Document the breach including a description of the nature of the breach—such as how many people were impacted, the number of data records affected, the consequences of the breach, and any remedial action your organisation is proposing or took
The personal information we collect or process
Engagement data – data related to support tickets, contracts
Website related data – for online visits and analytics
Personal data collected or processed to fulfil the contracted service
We collect anonymised details about visitors to our website for the purposes of aggregate statistics or reporting purposes. However, no single individual will be identifiable from the anonymised details we collect for these purposes.
Third-party service providers
When may share or store personal data with third-party companies for them to facilitate and support us in the provision of the Service. This includes services such as:
Cloud services provided by Microsoft, Google, Acronis, EveryCloud, Sophos
Cloud CRM services
Cloud Accounting packages
Credit reference, vetting and screening services
Payment processors and software providers
Cloud telephony services
Cloud based remote support & monitoring tools
These organisations are appointed by us as data processors and authorised by us to act on our behalf. These organisations process information securely based on an agreement and do not have any independent rights to share this information. We evaluate our suppliers for compliance with GDPR and general security requirements. Should you require more details on any of the above please contact us at email@example.com
How long do we keep your information for
For the duration of our engagement we will keep your personal data. After this period we will delete it except where it must be kept to comply with our legal obligations, resolve disputes, or enforce our agreements.
If you share our content through social media, for example by liking us on Facebook, following or tweeting about us on Twitter, those social networks will record that you have done so and may set a cookie for this purpose. In some cases, where a page on our website includes content from a social network, such as a Twitter feed, or Facebook comments box, those services may set a cookie even where you do not click a button. As is the case for all cookies, we cannot access those set by social networks, just as those social networks cannot access cookies we set ourselves.
Our systems automatically gather some anonymous information about visitors, including IP addresses, browser type, language, and the times and dates of webpage visits. The data collected cannot identify you and is as described above, for statistical analysis, to understand user behaviour, and to better administer the site.
Your information is held on servers hosted within Q Networks Ltd premises and cloud services. Transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data when in our control or when we transmit, we cannot guarantee the security of the data you transmit; any transmission is at your own risk.
How do we keep your personal data secure
All of our employees are familiar with our security policy and practices. Personal data is accessible to a limited number of qualified employees who are given a password in order to gain access to the information. We audit our security systems and processes on a regular basis.
We do not store any sensitive information directly but understand that this may be contained inside a data backup or visible to us when we are conducting our contracted duties. These activities are protected by passwords, two factor authentication and/or strong encryption protocols. Whilst we take commercially reasonable measures to maintain a secure site, electronic communications and databases are subject to errors, tampering and break-ins, and we cannot guarantee or warrant that such events will not take place and we will not be held liable for any such occurrences.
Your rights to your information
You have certain rights in relation to your personal information. If you would like further information in relation to these or would like to exercise any of them, please contact us at: firstname.lastname@example.org.
You have the right to request that we:
Update any of your personal information which is out of date or incorrect
Delete any personal information which we are holding about you
Restrict the way that we process your personal information
Prevent the processing of your personal information for direct-marketing purposes
Provide your personal information to a third-party provider of services
Provide you with a copy of any personal information which we hold about you, or
Consider any valid objections which you have to our use of your personal information
We will consider all such requests and provide our response within a reasonable period (and in any event within any time period required by applicable law). Please note, however, that certain personal information will be exempt from such requests in certain circumstances.
If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make. If you wish to contact us with respect to the above matters please email us at email@example.com
Third party sites
Complaints, questions and suggestions
We aim to meet the highest standards when collecting and using personal information. We take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. If you wish to complain about this policy or any of the procedures set out in it, please contact us at: firstname.lastname@example.org
In the EEA, you can also make a complaint to our supervisory body for data protection matters (the Information Commissioner’s Office in the UK) or seek a remedy through local courts if you believe your rights have been breached.
You can find details of how to do this on the ICO website at https://ico.org.uk/concerns/ or by calling their helpline on 0303 123 1113
Subscriptions are taken in compliance with UK Spam Laws detailed in the Privacy and Electronic Communications Regulations 2003. All personal details relating to subscriptions are held securely and in accordance with the GDPR.
Q Networks Ltd processes your data when it is in our legitimate interests to do this and when these interests do not override your rights. Those legitimate interests include providing you with information on our services and events. Please see the section on ‘Your Interests’ for more information.
When we process your personal information for our legitimate interests, we will consider and balance any potential impact on you and your rights under data protection and any other relevant law. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Changes to this privacy statement
This privacy statement was last updated on 24th May 2018.