- Data Controller means the Customer who, either alone or with others, controls the contents and use of personal data.
- Data Processor means any person who processes personal data on behalf of the Data Controller but does not include an employee of the Data Controller who processes such data in the course of his employment.
- Data Protection Laws means all legislation and regulations relating to the protection of personal data including (without limitation) the Data Protection Acts 1988 and 2003 of Ireland, the General Data Protection Regulation (“GDPR”) (from 25th May, 2018) and all other industry guidelines (whether statutory or non-statutory) or codes of practice or guidance issued by the Data Protection Commission or relevant Irish Supervisory Authority (as defined in the GDPR) relating to the processing of personal data or privacy or any amendments and re-enactments thereof.
- The Supplier means the Supplier entity (Qpercom), who is the Data Processor of the Customer Personal Data.
- SAAS Agreement refers to the Software as a Service Subscription Agreement between the Supplier and the Customer, together with all related and further agreements and orders executed under it between the Customer and the Supplier.
By visiting the product websites and registering your details you automatically consent to data processing. Our data processing policies are outlined in the sections below.
In relation to Customer Personal Data, and for the purposes of the Data Protection law, the Qpercom is a Data Processor. As between the Customer (the Data Controller) and the Qpercom (the Data Processor), all Customer Personal Data shall at all times be the property of the Customer and/or the Customer’s Authorised Users. We are committed to ensuring that your information is secure. We recognise online security is an area of vital importance for all our customers. We employ security measures to protect your information from access by unauthorised persons and to prevent unlawful processing, accidental loss, destruction and damage. We use state of the art technological security solutions, including encryption when transmitting sensitive information across the internet. This means that all personal information sent to and from the websites are encrypted in accordance with good industry practice.
Qpercom’s secure cloud storage partners are Amazon Web Services (AWS) and Rackspace who act as Data Processors on behalf of Qpercom. You can read about their data security policies and practices here for AWS and here for Rackspace.
We encourage our client partners to take steps to protect the security of their data both physically and electronically by following common best practice procedures such as:
- Running Anti-Virus software and keeping it up to date;
- Applying operating system, web browser and other security updates;
- Not printing person-identifying or sensitive data;
- Ensuring PCs or other devices are not left unattended whilst logged into our product websites; and;
- Using strong passwords for all Services and logins.
In relation to data back-up, Qpercom shall follow its archiving and back-up procedures for Customer Data. In the event of any loss or damage to Customer Data, the Customer’s sole and exclusive remedy shall be for Qpercom to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by Qpercom in accordance with its archiving and back-up procedure. Qpercom shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by Qpercom to perform services related to Customer Data maintenance and back-up).
Appropriate Security Measures
Qpercom follows Appropriate Security Measures, referring to appropriate security measures required by Data Protection Laws to protect against unauthorised access to, alteration, disclosure or destruction of data and against their accidental loss or destruction and, in particular, where the processing involves the transmission of data over a network, it shall mean having regard to the state of technological development and the cost of implementing the measures, and ensuring that the measures provide a level of security appropriate to:
(i) the harm that might result from unauthorised or unlawful processing, accidental or unlawful destruction or accidental loss of or damage to the data concerned, and
(ii) the nature of the data;
Collection of Data
The Customer will provide Customer Personal Data to the Supplier or the Supplier will collect Customer Personal Data from the Customer and/or the Customer’s Authorised Users pursuant to this DPA for the purpose of the Supplier rendering Services to the Customer, or any other members of the Customer Group, and the Supplier will have access to the Customer Personal Data provided by the Customer in the course of rendering the Services.
Use of Data
We will process Personal Information in order to allow access and make use of our websites, to allow the Customer to participate in the services offered, to administer an account, to maintain login accounts and records and to enable us to comply with any legal or regulatory requirements. Qpercom shall only Process Customer Personal Data to the extent necessary pursuant to the Customer’s instructions and as set forth in the SAAS Agreement. The Customer instructs the Supplier to Process Customer Personal Data: (i) in accordance with the SAAS Agreement; (ii) as part of any Processing initiated by the Customer in its use of the Services; and (iii) to comply with the Customer’s reasonable instructions to the extent they are consistent with the terms of the SAAS Agreement. Qpercom will conduct the Processing in compliance with Data Protection Laws. Qpercom will keep Customer Personal Data confidential and ensure Appropriate Security Measures are in place and take appropriate technical, physical and organisational security measures as described in the Privacy Statement to protect Customer Personal Data against unauthorised or unlawful Processing, accidental loss or damage or destruction.
Information may be processed in the following ways:
- For general account management and processing of your SAAS agreement;
- To help identify you in case we need to interact over the phone, electronic email, via our technical support platform or any other way;
- To help diagnose system problems and to administer our websites;
- To carry out research requested and consented by the customer only;
- Testing and analysis purposes (in which exam data is anonymised);
- To enable us to comply with any legal or regulatory requirements.
Controlling Personal Information
The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. We will not sell, distribute or lease personal information to third parties unless we have permission or are required by law to do so. The Supplier shall promptly notify the Customer of each request from a data subject for access to Customer Personal Data relating to him or her. The Supplier shall not accede to any such request for access except on the instructions of the Customer. If you believe that any information we are holding is incorrect or incomplete, please email us as soon as possible. We will promptly correct any information found to be incorrect.
Data Retention Policy
Where Customer Personal Data is no longer required by the Supplier for the performance of the Services, the Supplier will either return such data immediately after termination of the SAAS Agreement, or destroy it if requested to do so by the Customer. At such time when Customer Personal Data is either returned or destroyed, Qpercom’s Data Protection Agreement will expire automatically. Qpercom will not use customer personal data for any other purposes, in particular, providing such data to third parties. No copies or duplicates of Customer Personal Data will be made without the Customer’s knowledge and agreement, except when copies must be made for security purposes to ensure that data can be preserved in order to comply with legal requirements.
Third Party Providers
The Customer shall indemnify the Supplier on demand from time to time from and against all Losses suffered or incurred by the Supplier arising out of or in connection with the breach by the Customer of its obligations under this DPA. The provision of this Clause shall continue in force and effect without limit in time after the termination of the provision of the Services.
In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of our product websites.
Every effort is made to keep the website up and running smoothly. However, Qpercom takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.