24th May 2018

Privacy Policy Product Websites

Privacy Policy Product Websites

Your privacy is our priority. Security in Qpercom has always been our top priority in both online and offline tasks. We have revised our Privacy Policy to accommodate terms of the General Data Protection Policy (GDPR). This policy outlines how Qpercom uses and protects any information provided to Qpercom when you use our product websites. In terms of GDPR, Qpercom acts as a Data Processor. Our client partners (universities, training institutions and organisations), are the Data Controllers. Our cloud storage providers, (Amazon Web Services (AWS) and Rackspace) are Sub-Data Processors who host the data securely. If you have any questions please email us.

Terms

The term ‘Qpercom’’ or ‘us’ or ‘we’ refers to the owner of the websites whose registered office is Unit 9B, GTC, Mervue Business Park, Galway, Ireland. ©Qpercom Ltd is a registered company, registration number 465030. The term ‘you’ refers to the user or viewer of our website. The term ‘website’ refers to client login websites of Qpercom Observe, Qpercom Choice, Qpercom Entrust and Qpercom Recruit. The points and descriptions used in this document are described as ‘Terms’. Please read the Terms of use of our product websites here. The following descriptions are used in this policy:

  • Data Controller means the Customer who, either alone or with others, controls the contents and use of personal data.
  • Data Processor means any person who processes personal data on behalf of the Data Controller but does not include an employee of the Data Controller who processes such data in the course of his employment.
  • Data Protection Laws means all legislation and regulations relating to the protection of personal data including (without limitation) the Data Protection Acts 1988 and 2003 of Ireland, the General Data Protection Regulation (“GDPR”) (from 25th May, 2018) and all other industry guidelines (whether statutory or non-statutory) or codes of practice or guidance issued by the Data Protection Commission or relevant Irish Supervisory Authority (as defined in the GDPR) relating to the processing of personal data or privacy or any amendments and re-enactments thereof.
  • The Supplier means the Supplier entity (Qpercom), who is the Data Processor of the Customer Personal Data.
  • SAAS Agreement refers to the Software as a Service Subscription Agreement between the Supplier and the Customer, together with all related and further agreements and orders executed under it between the Customer and the Supplier.

Website Visitors

By visiting the product websites and registering your details you automatically consent to data processing. Our data processing policies are outlined in the sections below.

Data Security

In relation to Customer Personal Data, and for the purposes of the Data Protection law, the Qpercom is a Data Processor. As between the Customer (the Data Controller) and the Qpercom (the Data Processor), all Customer Personal Data shall at all times be the property of the Customer and/or the Customer’s Authorised Users. We are committed to ensuring that your information is secure. We recognise online security is an area of vital importance for all our customers. We employ security measures to protect your information from access by unauthorised persons and to prevent unlawful processing, accidental loss, destruction and damage. We use state of the art technological security solutions, including encryption when transmitting sensitive information across the internet. This means that all personal information sent to and from the websites are encrypted in accordance with good industry practice.

Qpercom’s secure cloud storage partners are Amazon Web Services (AWS) and Rackspace who act as Data Processors on behalf of Qpercom. You can read about their data security policies and practices here for AWS and here for Rackspace.

We encourage our client partners to take steps to protect the security of their data both physically and electronically by following common best practice procedures such as:

  • Running Anti-Virus software and keeping it up to date;
  • Applying operating system, web browser and other security updates;
  • Not printing person-identifying or sensitive data;
  • Ensuring PCs or other devices are not left unattended whilst logged into our product websites; and;
  • Using strong passwords for all Services and logins.

In relation to data back-up, Qpercom shall follow its archiving and back-up procedures for Customer Data. In the event of any loss or damage to Customer Data, the Customer’s sole and exclusive remedy shall be for Qpercom to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by Qpercom in accordance with its archiving and back-up procedure. Qpercom shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by Qpercom to perform services related to Customer Data maintenance and back-up).

Appropriate Security Measures

Qpercom follows Appropriate Security Measures, referring to appropriate security measures required by Data Protection Laws to protect against unauthorised access to, alteration, disclosure or destruction of data and against their accidental loss or destruction and, in particular, where the processing involves the transmission of data over a network, it shall mean having regard to the state of technological development and the cost of implementing the measures, and ensuring that the measures provide a level of security appropriate to:

(i)              the harm that might result from unauthorised or unlawful processing, accidental or unlawful destruction or accidental loss of or damage to the data concerned, and

(ii)            the nature of the data;

Collection of Data

The Customer will provide Customer Personal Data to the Supplier or the Supplier will collect Customer Personal Data from the Customer and/or the Customer’s Authorised Users pursuant to this DPA for the purpose of the Supplier rendering Services to the Customer, or any other members of the Customer Group, and the Supplier will have access to the Customer Personal Data provided by the Customer in the course of rendering the Services.

Use of Data

We will process Personal Information in order to allow access and make use of our websites, to allow the Customer to participate in the services offered, to administer an account, to maintain login accounts and records and to enable us to comply with any legal or regulatory requirements. Qpercom shall only Process Customer Personal Data to the extent necessary pursuant to the Customer’s instructions and as set forth in the SAAS Agreement. The Customer instructs the Supplier to Process Customer Personal Data: (i) in accordance with the SAAS Agreement; (ii) as part of any Processing initiated by the Customer in its use of the Services; and (iii) to comply with the Customer’s reasonable instructions to the extent they are consistent with the terms of the SAAS Agreement. Qpercom will conduct the Processing in compliance with Data Protection Laws. Qpercom will keep Customer Personal Data confidential and ensure Appropriate Security Measures are in place and take appropriate technical, physical and organisational security measures as described in the Privacy Statement to protect Customer Personal Data against unauthorised or unlawful Processing, accidental loss or damage or destruction.

Information may be processed in the following ways:

  • For general account management and processing of your SAAS agreement;
  • To help identify you in case we need to interact over the phone, electronic email, via our technical support platform or any other way;
  • To help diagnose system problems and to administer our websites;
  • To carry out research requested and consented by the customer only;
  • Testing and analysis purposes (in which exam data is anonymised);
  • To enable us to comply with any legal or regulatory requirements.

Controlling Personal Information

The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. We will not sell, distribute or lease personal information to third parties unless we have permission or are required by law to do so. The Supplier shall promptly notify the Customer of each request from a data subject for access to Customer Personal Data relating to him or her.  The Supplier shall not accede to any such request for access except on the instructions of the Customer. If you believe that any information we are holding is incorrect or incomplete, please email us as soon as possible. We will promptly correct any information found to be incorrect.

Data Retention Policy

Where Customer Personal Data is no longer required by the Supplier for the performance of the Services, the Supplier will either return such data immediately after termination of the SAAS Agreement, or destroy it if requested to do so by the Customer. At such time when Customer Personal Data is either returned or destroyed, Qpercom’s Data Protection Agreement will expire automatically. Qpercom will not use customer personal data for any other purposes, in particular, providing such data to third parties. No copies or duplicates of Customer Personal Data will be made without the Customer’s knowledge and agreement, except when copies must be made for security purposes to ensure that data can be preserved in order to comply with legal requirements.

External Links

In the event our product websites contain links to other sites, Qpercom will not be responsible for the privacy practices or the content of such websites. This Privacy Policy does not extend to those websites. Once you leave our website, they policies of that website apply.

Third Party Providers

The Customer acknowledges that the Services may enable or assist it to access the website content of, correspond with, and purchase products and services from, third parties via third-party websites and that it does so solely at its own risk.  Qpercom makes no representation or commitment and shall have no liability or obligation whatsoever in relation to the content or use of, or correspondence with, any such third-party website, or any transactions completed, and any contract entered into by the Customer, with any such third party.  Any contract entered into and any transaction completed via any third-party website is between the Customer and the relevant third party, and not the Supplier. The Supplier recommends that the Customer refers to the third party’s website terms and conditions and privacy policy prior to using the relevant third-party website.  The Supplier does not endorse or approve any third-party website nor the content of any of the third-party website made available via the Services.

Indemnity

The Customer shall indemnify the Supplier on demand from time to time from and against all Losses suffered or incurred by the Supplier arising out of or in connection with the breach by the Customer of its obligations under this DPA. The provision of this Clause shall continue in force and effect without limit in time after the termination of the provision of the Services.

In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of our product websites.

Every effort is made to keep the website up and running smoothly. However, Qpercom takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

Changes to Privacy Policy

Qpercom may make minor changes to the Privacy Policy at any time, at our sole discretion. We encourage our client partners and users to check this page from time to time. Continuing to use this site after any change in the policies will constitute your acceptance of such changes. Client partners will be notified by email of any major changes (within the scope of the SAAS) to the Privacy Policy or Terms.