Privacy Policy

QDP Services Ltd (QDP) is committed to protecting and respecting your privacy.

This Privacy Policy applies to www.qdpservices.co.uk, www.qdpservices.com and www.qdpservices.org which are owned and operated by QDP Services Ltd, Windsor House, Royal Court, Macclesfield  SK11 7AE (Registration in England: 3348159).

QDP Services Ltd. is registered with the Information Commissioner Office (ICO) (registration number: Z1155070). The ICO is the UK's independent body set up to uphold information rights. The ICO’s details can be found at https://ico.org.uk.

By joining QDP as a customer, filling out a survey or visiting our site, you agree to our Privacy Policy. Specifically, you expressly consent to us processing your personal data as described in this Privacy Policy. Furthermore, if you have enabled the use of cookies on your web browser, then you consent to our use of cookies as described in this Privacy Policy.

This Privacy Policy does not provide any additional terms and conditions or warranties whether expressly or implied. This Privacy Policy provides transparency to our users as how their data is collected and used and serves as a privacy notice as required by legislation.

If you have any further queries, please don’t hesitate to contact us by email enquiries@qdpservices.co.uk, by writing to QDP Services Ltd at the address above or by calling +44 (0) 1625 501917.

Changes to this policy

We may change this Privacy Policy at any time by updating this page, please make sure you frequently visit this page. We will endeavour to provide you with a notice of change of this page if any amendments occur. If you do not agree with the amendments please contact us or close your account and discontinue use of our services and site, otherwise, you will be deemed to have consented expressly to any changes.

Introduction

Our Privacy Policy describes how we capture and use personal data that we collect about visitors to our website.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

We have divided this policy into 3 parts reflecting the types of visitor we have to our sites:

Definitions

A “Customer” is anyone who has purchased or is using our services on a trial basis including, but not limited to, Gold Service, SurveyManager or RevisionPlan.

A “Survey Respondent” is anyone who fills out a survey powered by QDP.

A “Site Visitor” is anyone who visits our site.

Part 1: Privacy of Customers

A “Customer” is anyone who creates or instructs QDP to create, administers or who collects and collates survey results using our services.

QDP acts as a data controller for all personal data which our Customers and site visitors provide regarding themselves. For the personal data which the Customers provide for survey targeting purposes and all data supplied by survey respondents when completing any of the surveys commissioned by the Customer, QDP acts as a data processor, processing only in accordance with Customer’s instructions; the Customer in such circumstances is the data controller.

The data we collect from you

We collect the following data from you:

·         Account and Billing Information: this is the information you provide when signing up for one of QDP’s services and may include your name, username, email address, postal address etc.

What we do with the information we collect

We use the information we collect to provide our services to you. This includes:

Marketing and promotional emails

Where you have consented, we will contact you regarding promotional activities and marketing in order to inform you about offers and helpful tips about our service, you have a right to withdraw that consent at any time by following the simple instruction on the email or emailing enquiries@QDPServices.co.uk telling us you no longer wish to receive promotional emails. Please also see your rights below.

Sharing & Disclosure of your data

We use sub-processors to store our data safely and securely. All survey data is stored in the EEA. All our sub-processors have robust security features to ensure that they have the appropriate technical and organisation measures to keep personal data secure, furthermore, they are contractually bound to not access, modify, disclose or erase the data without our instructions. Our sub-processors are:

·         Rackspace International GmbH who are registered in Switzerland: CH-020.4.047.077-1. Rackspace provide hosting services for our web sites

·         Concise Technologies Ltd who are registered in England No: 3839017 who provide offsite back-up storage and support services.

·         Consultancy Technology Ltd who are registered in England No: 03149384 who provide support services for SurveyManager.

We may disclose account or billing details if required by law or to comply with a court order or legal process.

We may disclose account details if there is a change in business ownership in the event of a merger, change in ownership, consolidation amalgamation or other corporate change, you agree that the successor will process that data instead of QDP following a notice of 1 month given to all of QDP’s customers.

QDP is heavily focused on the privacy of your data, it does not sell or share you survey data except for the purposed of providing benchmarking using anonymised data within the reports provided to you without first obtaining your consent and agreement.

Backup policy

All data you hold with us is backed up in a separate physical premises with technical and organisational measures equal to those where original data is held. This is to ensure that your data is not lost or destroyed should the original be destroyed without your instructions.

Rights to your data

If you are a Customer, you have the following rights to your data (please see below under the Heading “General Statement” for more information):

Right to access: You have the right to access all of the data we hold about you and for you by either logging in to your account or requesting it from our Customer Services Team by email: enquiries@qdpservices.co.uk.

You also have the right to access any information we hold about you and your account in a common machine readable format free of charge, unless your request is excessive or repetitive. We will process your request without delay and at the latest within 1 month, unless, your request is complex or numerous in which case we may take up to 3 months, but we will inform you within 1 month if this is the case.

Right to rectify: when you log on to your account, you can rectify or update any information on your account or any questions and targeting information from surveys you have commissioned. If you are not able to do so, please contact us at enquiries@qdpservices.co.uk.

Right to erase: When you log on to your account, you may also erase any data on your account with the exception of data that is required for you to keep your account open (such as your email address, name etc.). You may erase any survey questions or responses as you like when you are inside your account. You also have the right to erase any other data which we hold about you including raising any questions via email, if you would like us to do so please contact us at enquiries@qdpservices.co.uk.

When you terminate your account, all of your data will be erased except for the anonymised survey responses used for benchmarking purposes.

When you delete your data or terminate your account, it may still be stored with us for up to an additional 12 weeks due to the backups we have.

Right to object: You have the right to object to us using your data for marketing purposes. If you would like to do so please contact us at enquiries@qdpservices.co.uk. This will be done free of charge and without undue delay.

Communication from the site

Established members may occasionally receive information on improvements to our service, general service announcements, and a newsletter. Out of respect for the privacy of our users we present the option to not receive these types of communications. Please contact our Customer Services Team enquiries@qdpservices.co.uk.        

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications; however, these communications are not promotional in nature.

We communicate with users on a regular basis to provide requested services and in regards to issues relating to their account we reply via email or phone, in accordance with the user’s wishes.

Retention Periods:

We will retain your data for as long as necessary to carry out the service to you. If you wish to cancel your account, you may do so. Please contact us at: enquiries@qdpservices.co.uk.

Where you send us questions, queries or support requests, we will retain that data for up to 18 months or if you tell us to delete it immediately, whichever comes first, unless your request relates to improving our services, in which cases we will delete the personal data and store the enquiry or support.

Part 2: Privacy of Survey Respondents

A “Survey Respondent” is anyone who fills out a survey powered by QDP’s products and services including SurveyManager and OLI.

QDP acts as a data controller for all personal data which our Customers and site visitors input, except for any personal data which the Customer’s survey respondents fill out. For the personal data which the Customer’s survey respondents fill out onto any of the surveys commissioned by the Customer, QDP acts as a data processor, processing only in accordance to our Customer’s instructions; the Customer in such circumstances is the data controller.

 

The information QDP collects about Survey Respondents

Survey responses: On the instructions of the Customer, we collect your survey responses on their behalf. We then store those survey responses for the Customer. If you would like your survey responses erased, rectified, accessed or for any other queries about your responses, please contact the Customer directly. Please bear in mind that most surveys are not anonymous and Customers may have given QDP your personal data to help with detailed reporting and increase the usefulness and value of the survey. Please contact the Customer for further help and clarification on this issue.

QDP’s Use of the information we collect about you

We do not use your survey responses other than carrying out the service for the Customer. Your survey responses are owned and managed by the Customer who will have its own policy on data handling and would decide on whether your survey responses are kept private, disclosed to third parties, or provided to the public.

We do however employ a high standard of security, so if the Customer keeps your survey responses private, it will be stored in a highly secured environment. For more information please see our security section below.

We do not sell your survey data to other parties nor do we store it to contact you for a purpose other than under the direction of Customer.

We only share your data with third parties if necessary to carry out the service(s) that the Customer has requested and as mentioned in this Privacy Policy.

Your rights to the data we process on behalf of the Customer

If you want to access your data, rectify your data, erase your data, object to the processing of your data, or for any other enquiries regarding the handling of your data, please contact the Customer directly.

If you believe that the Customer is not complying with its legal obligation(s) regarding your data, please contact our Customer Services Team: enquiries@qdpservices.co.uk.

You can opt out of receiving survey requests by contacting the Customer directly.

Data Retention

Please note that as the Customers control their own survey data, if you are a Survey Respondent to a Customer’s survey you will need to contact them directly to amend or delete anything in your survey responses.

Part 3: Privacy of All Site Visitors

A “Site Visitor” is anyone who visits our site.

QDP acts as a data controller for all personal data which our Customers and site visitors input, except for any personal data which the Customer’s survey respondents fill out. For the personal data which the Customer’s survey respondents fill out onto any of the surveys commissioned by the Customer, QDP acts as a data processor, processing only in accordance to our Customer’s instructions; the Customer in such circumstances is the data controller.

Cookies

We use both session ID cookies and persistent cookies. For the session ID cookie, once users close the browser, the cookie simply terminates. A persistent cookie is a small text file stored on the Site Visitor’s hard drive for an extended period of time. Persistent cookies can be removed by following Internet browser help file directions (see below). With session cookies we are able to ensure that only people who have entered in correct login details are able to use password-protected areas, and only areas that they are authorised to use. Persistent cookies enable us to track and target the interests of our users to enhance the experience on our site.

When you visit our site, we use cookies to store data on your device. This is so that we can:

Third Party cookies

Third parties we work with also place cookies on your device when you visit our website to provide you with marketing content which is tailored according to you, and in order to determine if such content is useful or effective. If you don’t want to view targeted ads please visit http://www.aboutads.info to opt out. We use Google Analytics on our website to support display advertising. If you wish to find out more about this, please visit: https://www.google.com/intl/en/policies/technologies/ads/

To learn more about the cookies we use, please visit our cookies page:https://www.QDP.co.uk/how-we-use-cookies

Some third party cookies may transfer your personal data outside of the EEA, for example, where your IP address is collected and anonymised. Where this happens we ensure that we comply with Article 46 GDPR, which ensures that the transfer is subject to appropriate safeguards.

Google Analytics & Google Tag Manager

This cookie helps us measure how you interact with our website. It does this by recording what a Site Visitor has done on pages and interactions with our website and is used to collect and analyse information about how Site Visitors use our site. We use Google Analytics and the Google Tag Manager platforms to collect and compile reports that help us improve our services. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. A unique User ID number is assigned to users who sign up with QDP in order to better understand their use of our service while logged in, no personally identifiable information is collected by this process.

To opt out of google Analytics, please visit https://tools.google.com/dlpage/gaoptout/

How to control cookies from your web browser

Web browsers general accept cookies. You can however change your setting to decline cookies. To learn more about this, please visit this link: https://www.aboutcookies.org/how-to-control-cookies/

Do note that changing the setting on your browser to reject cookies means that you may not have access to important features on our site.

As the legal basis of using cookies, it is necessary for the purposes of the legitimate interests pursued by QDP and other parties as applicable (including Google). Our legitimate interests are:

However, if you believe that such interests are overridden by the interests or fundamental rights and freedoms of you as the data subject and that those require protection of your personal data, please contact us at support@QDPServices.co.uk. We will block access to your data or give you the means to quickly do so, while we make a decision as to your request.

Source Data

QDP records the source of how you got to our site, including for example from another website or from a link to our website.

Log Files

We collect information about you when you visit our site including which webpages you visit, when you have visited them etc. We may also keep log files which contain data about the device you’re using, the IP address, internet service provider, operating system, timestamps and files you view from our site.

IP Addresses

By visiting our site, your IP address will be recorded by our servers and stored in log files. These log files are used for record keeping, tracking referring websites, inferring your general location, and for security purposes to avoid SPAM, abuse and DDOS attacks.

Device Data

We collect data about the device and system you use to access our site. In particular, we collection your IP address, operating system, device type, browser type and your general location of accessing the site.

Security

QDP has active security measures to ensure that we are compliant with all data we process in accordance to data privacy legislation as applicable to the UK. Our technical and organisational security measures mean that we comply with our obligations to ensure that data stored with us is stored safely and securely.

Our security measures include:

 

Our website takes every precaution to protect our users' information. When users browse or submit information via the website, their information is protected both online and off-line. Our website is encrypted and is protected by HTTPS (with the exception of our Basic Account (free). The lock icon displayed on your web browser signifies that HTTPS protection is active, as opposed to un-locked (or open). While we use HTTPS encryption to our website, we also do everything in our power to protect user information offline. All of our users' information is restricted. Only employees who need the information to perform a specific job are granted access to personally identifiable information. Furthermore, all employees are kept up-to-date on our security and privacy practices. Every quarter, as well as any time new policies are added, our employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure our users' information is protected. Finally, the servers that store personally identifiable information are in a secure environment, in a locked facility.

Regarding our accounts, HTTPS encryption for surveys is available for all accounts and surveys administered by those accounts, except for surveys that are administered by our Basic Account. When using one of our Paid Accounts please ensure that the “SSL Encryption” option is switched when you create and send surveys to your survey respondents.

For ensuring security of data at rest, we use Microsoft SQL Server Transparent Data Encryption (TDE) using AES encryption algorithm.

 

Right to complain

If you feel that we have mistreated the handling of your data, you have the right to complain to us in which case we will rush to resolve the matter as quickly as possible and prevent any further mishandling.

You also have the right to complain to the Information Commissioner’s Office.

Necessary Disclosure by law

Though we make every effort to preserve user privacy, we may need to disclose personal information when required by law wherein we have a good-faith belief that such action is necessary to comply with a current judicial proceeding, a court order or legal process served on our website.

Links

This website contains links to other sites. Please be aware that we, QDP, are not responsible for the privacy practices of such other site. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies solely to information collected by this website.

General Statement

For this section, the following definitions apply:

Controller, Personal Data, Data Subject and Processor all have the meaning defined in the General Data Protection Regulations (GDPR).

Recipient: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Third Party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Restriction of processing: the marking of stored personal data with the aim of limiting their processing in the future.

Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Consent: Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Legal Basis

In addition to the legal basis mentioned above, we may also possess the following legal basis for processing the data subject’s personal data where:

EU Data Subject Rights

Certain regulations afford EU Data Subjects with rights. These rights are summarised below. In order to assert any of these rights please contact our Customer Services Team at any time.

Security of processing

QDP has implemented technical and organisational measures to ensure personal data processed remains secure, however, absolute security cannot be guaranteed. Please contact our Customer Services Team for further details. enquiries@qdpservices.co.uk

Law & jurisdiction

This Privacy Policy is governed by and interpreted according to the law of England and Wales. All disputes arising out of this Privacy Policy will be subject to the exclusive jurisdiction of the English and Welsh courts.

Transfer of Rights

You may not transfer any of your rights under this Privacy Policy to any other person. We may transfer our rights under this privacy notice where we reasonably believe your rights will not be affected.

Invalid provisions

If any court or competent authority finds that any provision of this Privacy Policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this Privacy Policy will not be affected.