QBS PRIVACY POLICY

BACKGROUND:

QBS Software Limited understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone whose personal data we process and/or store, including visitors to our website, and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.

1.Definitions and Interpretation

In this Policy the following terms shall have the following meanings:

“Cookie” means a small text file placed on your computer or device by our site when you visit certain parts of our site and/or when you use certain features of our site. Details of the Cookies used by our site are set out in Part 14, below; and
“Cookie Law” means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003;

2. Information About Us

We are QBS Software Limited, a company registered in England & Wales under company number 02119414.

Our trading names are:

QBS Software
QBS Distribution
QBS Publishing
QBS Services
GNR Technology

Our websites are owned and operated by us.

Registered address and trading address: 7 Wharfside, Rosemont Road, Wembley, Middlesex, England HA0 4QB.

UK VAT number: 650-1280-74.

Data Protection Officer: Damian Motyl.

QBS Software Limited
7 Wharfside
Rosemont Road
Wembley
Middlesex,
England
HA0 4QB

Tel: 0208 733 7101
E-mail: damian@qbs.co.uk

3. What Does This Policy Cover?

This Privacy Information explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.
This site may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.

4. What is Personal Data?

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

5. What Are My Rights?

Under the GDPR, you have the following rights, which we will always work to uphold:
a) The right to be informed about our collection and use of your personal data. This Privacy Policy should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in Part 15.
b) The right to access the personal data we hold about you. Part 13 will tell you how to do this.
c) The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Part 15 to find out more.
d) The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Please contact us using the details in Part 15 to find out more.
e) The right to restrict (i.e. prevent) the processing of your personal data.
f) The right to object to us using your personal data for a particular purpose or purposes.
g) The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
h) Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 15.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

6. What Data Do We Collect?

6.1 Business contacts, customers and their employees and representatives, suppliers and their employees and representatives, software publishers and their employees and representatives, hardware manufacturers and their employees and representatives, software end users and their employees and representatives, others who contact us.

• Occupations/positions in organisations;
• Postal addresses;
• Telephone numbers (landline and mobile);
• E-mail addresses;
• Software serial numbers;
• Bank details.

6.2 Personnel

• Name;

• Contact Details;

• National Insurance number;

• Age;

• Gender;

• Ethnicity;

• Nationality;

• Religion;

• Details of sick leave;

• Medical conditions;

• Disabilities;

• Prescribed medication;

• Interview notes;

• CVs, application forms, covering letters, and similar documents;

• Assessments, performance reviews, and similar documents;

• Details of remuneration including salaries, pay increases, bonuses, commission, overtime, benefits, and expenses;

• Details of trade union membership (where applicable);

• Employee monitoring information;

• Records of disciplinary matters including reports and warnings, both formal and informal;

• Details of grievances including documentary evidence, notes from interviews, procedures followed, and outcomes; and

• Results of Disclosure and Barring Service checks (where relevant and depending on the role).

6.3 Recruitment applicants

• Name;

• Contact Details;

• Areas of interest;

• CV, experience, education, academic and professional qualifications;

• Information provided as part of interviews and assessments;

• Diversity and equal opportunities data;

• Pre-employment screening information if your application is successful;

• Information about your and your immediate family’s financial relationships if your application is successful;

• Bank account details if your application is successful.

• Interview and assessment results and feedback;

• Job offer details;

• References from your named referees;

• Results of Disclosure and Barring Service checks (where relevant and depending on the role applied for); and

• Verification of information provided during the recruitment process by contacting relevant third parties (for example, previous employers, education and qualification providers) or using publicly available sources (for example, to verify your experience, education and qualifications).

6.4 Visitors to our website and internet users

Our site uses Google Analytics, which collects data from each visit to the site, including through the use of Cookies, but does not store any personally identifiable information.

From time to time, we may use Google AdWords to advertise across the Internet. The Google AdWords cookie is used to track conversions from the Google search.

7.How Do You Use My Personal Data?

Under the GDPR, we must always have a lawful basis for using personal data.
The lawful basis on which we process personal data on individuals and unincorporated businesses is CONTRACT (in the case of clients, suppliers and providers of services to us) and LEGITIMATE INTERESTS (in the case of any other parties). We may also process certain personal data by LEGAL OBLIGATION.
Your personal data may be used for one or more of the following purposes:
• Contacting customers about their requirements for our products and for customer service purposes;
• Contacting prospective customers about their requirements for our products;
• Marketing our products;
• Contacting our suppliers, professional advisers, trade bodies and associations, bankers and finance providers;
• Contacting parties in legal claims and disputes;
• For employees and job applicants:

  • Identifying and communicating with staff;
  • Managing staff (including performance management
    and disciplinary);
  • Staff training and development;
  • Administering pay, pension and benefits;
  • Managing time, attendance, sickness and absence;
  • Compliance with legal or regulatory obligations
    relating to employees;
  • Dealing with complaints, claims and litigation;
  • Human resources administration and maintenance
    of HR records;
  • Communications, public relations, marketing and
    business development;
  • Financial reporting and analysis, business
    planning and forecasting and business restructuring;
  • Managing business risk (including relating to
    information technology and communications);
  • Safety, security and preventing and detecting
    inappropriate, unethical or unlawful activities;
  • Ensuring equal opportunity and diversity;
  • Recruitment and selection;
  • Pre-employment verification and screening;
  • Responding to reference requests;
  • Obtaining recruitment feedback;
  • Dealing with recruitment complaints.
  • Job offers;
  • Contacting unsuccessful job applicants about
    future opportunities;

With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email and/or telephone and/or text message and/or post with information, news, and offers on our services or of business opportunities we wish to introduce to you. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.

We do not use any automated systems for carrying out decision-making or profiling.

Our websites use Secure Sockets Layer (“SSL”) encryption, which is the most advanced encryption technology currently available, to protect your personal data when you visit our website.

Some of our websites have e-commerce functionality which enable visitors to order goods and make online payment. However, your payment card details are not stored or processed in our systems at any time. Instead, your payment card details (i.e. card number, expiry date and CVV) are sent directly to our payment processor, Secure Trading Limited, without passing through our servers.

Secure Trading Limited is PCI-compliant (Payment Card Industry Data Security Standard) and GDPR-compliant.

For more see:
https://www.securetrading.com/

8. How Long Will You Keep My Personal Data?

We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods:

Data Ref. Type of Data Purpose of
Data
Retention
Period or
Criteria
1

Names; Occupations/positions in organisations;Postal addresses;Telephone numbers (landline and mobile);E-mail addresses;Software serial numbers;Bank details.

 

Contacting
customers, software end-users and prospective customers about their
requirements for our products and providing customer service;
Marketing our products;
Contacting software
publishers, equipment manufacturers, our suppliers, professional advisers,
trade bodies and associations and bankers;
Contacting parties in legal
claims and disputes;
Processing payments.
Registering software licences
and guarantees.
Managing software and
maintenance renewals.  
15 years
2.   Name;Contact Details;Age;Gender;Ethnicity; Nationality; Religion;Details of sick leave; Medical conditions; Disabilities; Prescribed medication; Interview notes;CVs, application forms, covering letters, and similar documents;Assessments, performance reviews, and similar documents;Details of remuneration including salaries, pay increases, bonuses, commission, overtime, benefits, and expenses;Details of trade union membership (where applicable);Employee monitoring information;Records of disciplinary matters including reports and warnings, both formal and informal;Details of grievances including documentary evidence, notes from interviews, procedures followed, and outcomes; andResults of Disclosure and Barring Service checks (where relevant and depending on the role).   Identifying and communicating
with staff;
Managing staff (including
performance management and disciplinary);
Staff training and
development;
Administering pay, pension
and benefits;
Managing time, attendance,
sickness and absence;
Compliance with legal or
regulatory obligations relating to employees;
Dealing with complaints,
claims and litigation;
Human resources
administration and maintenance of HR records;
Communications, public
relations, marketing and business development;
Financial reporting and analysis,
business planning and forecasting and business restructuring;
Managing business risk
(including relating to information technology and communications);
Safety, security and
preventing and detecting inappropriate, unethical or unlawful activities;
Ensuring equal opportunity
and diversity;
Recruitment and selection.  
7 years
3.

Name;Contact Details;Areas of interest;CV, experience, education, academic and
professional qualifications;Information provided as part of interviews and
assessments;Diversity and equal opportunities data;Pre-employment screening information if an
application is successful;Information about an applicant’s immediate
family’s financial relationships if the application is successful;Bank account details if an application is
successful.Interview and assessment results and feedback;Job offer details;References from an applicant’s named referees;Results of Disclosure and Barring Service
checks (where relevant and depending on the role applied for); andVerification of information provided during
the recruitment process by contacting relevant third parties (for example,
previous employers, education and qualification providers) or using publicly
available sources (for example, to verify an applicant’s experience,
education and qualifications).

 

 

Recruitment and selection;
Pre-employment verification
and screening;
Responding to reference
requests;
Obtaining recruitment
feedback;
Dealing with recruitment
complaints.
Job offers;
Contacting unsuccessful job
applicants about future opportunities;  
7 years

9. How and Where Do You Store or Transfer My Personal Data?

With the exception of
certain categories of personal data that are categorised as sensitive personal
data, we may
store or transfer some or all of your personal data in countries that are not
part of the European Economic Area (the “EEA” consists of all EU member states,
plus Norway, Iceland, and Liechtenstein). These are known as “third countries”
and may not have data protection laws that are as strong as those in the UK
and/or the EEA. This means that we will take additional steps in order to
ensure that your personal data is treated just as safely and securely as it
would be within the UK and under the GDPR as follows.

Either:

  1. Wewill
    only transfer your personal data to countries that the European Commission has
    deemed to provide an adequate level of personal data protection; or
  2. Wewill
    use specific contractual clauses with external third parties that are approved
    by the European Commission for the transfer of personal data to third
    countries. These contracts ensure the same levels of personal data protection that
    would apply under the GDPR; or
  3. Where we transfer your data to a third party
    based in the US, this may be protected if they are part of the EU-US Privacy
    Shield. This requires that third party to provide data protection to standards
    similar to those in Europe; or
  4. We may transfer your data outside the EEA with
    your express consent having informed you of the risks; or
  5. We may transfer your data outside the EEA where
    this is necessary for the performance of a contract between you and us; or
  6. We may transfer your data outside the EEA where
    this is necessary for the performance of a contract between a third party and
    us which is in your interests.

Please contact us using the details below in Part 15 for
further information about the particular data protection mechanism used by us
when transferring your personal data to a third country.

The security of your personal data is essential to us, and to
protect your data, we take a number of important measures, including the
following:

  • The use of passwords, encryption and network
    security software;
  • Regular updating of software;
  • Physical security of premises and files;
  • Taking regular data backups and storing them in
    an off-site secure location;
  • Restrictions and conditions on the storage and
    processing of personal data on portable devices, including those owned by
    employees, agents or contractors personally;
  • Internal procedures and authorisation protocols
    for processing and transferring personal data;

10. Do You Share My Personal Data?

We will not share any of your personal data with any third parties for any purposes, subject to the following exceptions.
i. Where you have expressly consented; or
ii. Where sharing the personal data in question is necessary for the performance of a contract between you and us. This includes sharing your credit/debit card details with payment processors; or
iii. Where sharing the personal data in question is necessary for the performance of a contract between a third party and us which is in your interests; or
iv. In some limited circumstances, where we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal or regulatory obligations, a court order, or the instructions of a government authority.
v. We may share your data within the “group” of companies with substantially common ownership to us.
If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law, as described above in Part 9.
If any personal data is transferred outside of the EEA, we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR, as explained above in Part 9.

11. How Can I Control My Personal Data?

11.1 We aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails or at the point of providing your details.
11.2 You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.

12. Can I Withhold Information?

Subject to the following paragraph, you may access our site without providing any personal data at all.

Our site uses Google Analytics, which collects data from each visit to the site, including through the use of Cookies, but does not store any personally identifiable information. If you do not wish data to be collected (but not stored) by Google Analytics, please do not use our website.

13. What Are My Rights In Relation To My Personal Data And How Can I Exercise Them?

Your right of access
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 15. To make this as easy as possible for you, a Data Subject Request Form is available on request for you to use. You do not have to use this form, but it is the easiest way to tell us everything we need to know to respond to your request as quickly as possible.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within 21 days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

Your right to have incorrect data corrected
You have the right to request for your personal data to be amended or rectified where it is inaccurate (for example, if you change your name or address) and to have incomplete personal data completed.
Any request to update personal data should be made in writing and sent to the email or postal addresses shown in Part 15. To make this as easy as possible for you, a Data Subject Request Form is available on request for you to use.
When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make updates as appropriate based on your updated information and inform you that we have done so within one month. The period may be extended by up to two months in the case of complex requests. If such additional time is required, we will inform you that this is the case.

Your right to erasure or “right to be forgotten”
You have the right to obtain deletion of your personal data in the following cases:
• the personal data are no longer necessary in relation to the purposes for which they were collected and processed;
• our legal grounds for processing is consent, you withdraw consent and we have no other lawful basis for the processing;
• our legal grounds for processing is that the processing is necessary for legitimate interests pursued by us or a third party, you object to our processing and we do not have overriding legitimate grounds;
• you object to our processing for direct marketing purposes;
• your personal data have been unlawfully processed; or
• your personal data must be erased to comply with a legal obligation to which we are subject.
All data deletion requests should be made in writing and sent to the email or postal addresses shown in Part 15. To make this as easy as possible for you, a Data Subject Request Form is available on request for you to use.

Your right to restrict processing
You have the right to restrict our processing of your personal data in the following cases:
• for a period enabling us to verify the accuracy of your personal data where you have contested the accuracy of the personal data;
• your personal data have been unlawfully processed and you request restriction of processing instead of deletion;
• your personal data are no longer necessary in relation to the purposes for which they were collected and processed but the personal data are required by you to establish, exercise or defend legal claims; or
• for a period enabling us to verify whether the legitimate grounds relied on by us override your interests where you have objected to processing based on it being necessary for the pursuit of a legitimate interest identified by us.
All data processing restriction requests should be made in writing and sent to the email or postal addresses shown in Part 15. To make this as easy as possible for you, a Data Subject Request Form is available on request for you to use.

Your right to object to processing
You have the right to object to our processing of your personal data in the following cases:
• our legal grounds for processing is that the processing is necessary for a legitimate interest pursued by us or a third party; or
• our processing is for direct marketing purposes.
All data processing objections should be made in writing and sent to the email or postal addresses shown in Part 15. To make this as easy as possible for you, a Data Subject Request Form is available on request for you to use.

Your right to withdraw consent
Where we process personal data based on consent, individuals have a right to withdraw consent at any time.
All consent withdrawal should be made in writing and sent to the email or postal addresses shown in Part 15. To make this as easy as possible for you, a Data Subject Request Form is available on request for you to use.
Please see the relevant “Use of personal data” sections of this privacy statement for further details about our processing of personal data based on consent.

14. How Do You Use Cookies?

Our site may place and access certain first-party Cookies on your computer or device. First-party Cookies are those placed directly by us and are used only by us to facilitate and improve your experience of our site and to provide and improve our services. We have carefully chosen these Cookies and have taken steps to ensure that your privacy and personal data is protected and respected at all times.
By using our site, you may also receive certain third-party Cookies on your computer or device. Third-party Cookies are those placed by websites, services, and/or parties other than us. Third-party Cookies are used on our site to track conversions from advertisements and searches, analysing website user interaction, obtaining website user feedback, linking our website to social media advertising and linking to a third-party e-commerce platform. For more details, please refer to the table below. These Cookies are not integral to the functioning of our site and your use and experience of our site will not be impaired by refusing consent to them.
All Cookies used by us are used in accordance with current Cookie Law.
Before Cookies are placed on your computer or device, you will be shown a prompt requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of our site may not function fully or as intended.
Certain features of our site depend on Cookies to function. Cookie Law deems these Cookies to be “strictly necessary”. You may still block these Cookies by changing your internet browser’s settings as detailed below, but please be aware that our site may not work properly if you do so. We have taken great care to ensure that your privacy is not at risk by allowing them.

Most browsers allow you to view, manage, delete and block cookies for a website. Be aware that if you delete all cookies then any preferences you have set will be lost, including the ability to opt-out from cookies as this function itself requires placement of an opt out cookie on your device. Links to information on how to control cookies for common browsers are set out below:

Microsoft Edge:

https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy

Microsoft Internet Explorer:

https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies

Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en

Mozilla Firefox:

https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

MacOS Safari:

https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Others:

Home

http://www.cookiecentral.com/faq/

You can opt-out of having your anonymised browsing history within our websites or applications recorded by Google Analytics cookies. You can learn more about Google’s privacy policies and how to opt-out of their analytics cookies by clicking on following link:

http://www.google.com/analytics/learn/privacy.html

In addition to cookies that are “strictly necessary” for our site to function the following first-party Cookies may be placed on your computer or device:

NOTE: the Cookies listed below are the ones for standard use of Google Analytics. We need to identify any cookies used by our website (other than those that are strictly necessary for the website to work) and provide a similar level of disclosure for those). We should also incorporate a cookie acceptance button on the websites.

First-party cookies  
Name of Cookie Purpose
Google Analytics
_ga
This cookie is typically
written to the browser upon the first visit. If the cookie has been deleted
by the browser operator, and the browser subsequently visits pwc.com, a new
_ga cookie is written with a different unique ID. In most cases, this cookie
is used to determine unique visitors to our site and it is updated with each
page view. Additionally, this cookie is provided with a unique ID that Google
Analytics uses to ensure both the validity and accessibility of the cookie as
an extra security measure.
Google Analytics
_gat
This cookie is typically
written to the browser upon the first visit. If the cookie has been deleted
by the browser operator, and the browser subsequently visits our site, a new
_gat cookie is written with a different unique ID. In most cases, this cookie
is used to determine unique visitors to pwc.com and it is updated with each
page view. Additionally, this cookie is provided with a unique ID that Google
Analytics uses to ensure both the validity and accessibility of the cookie as
an extra security measure.
Google Analytics
_utma
This
cookie is typically written to the browser upon the first visit. If the
cookie has been deleted by the browser operator, and the browser subsequently
visits our site, a new __utma cookie is written with a different unique ID.
In most cases, this cookie is used to determine unique visitors to our site
and it is updated with each page view. Additionally, this cookie is provided
with a unique ID that Google Analytics uses to ensure both the validity and
accessibility of the cookie as an extra security measure.
Google Analytics
_utmb
This
cookie is used to establish and continue a user session on our site. When a
user views a page on our site, the Google Analytics code attempts to update
this cookie. If it does not find the cookie, a new one is written and a new
session is established. Each time a user visits a different page on our site,
this cookie is updated to expire in 30 minutes, thus continuing a single
session for as long as user activity continues within 30-minute intervals.
This cookie expires when a user pauses on a page on our site for longer than
30 minutes.
Google Analytics
_utmc
This
cookie operates in conjunction with the ‘_utmb’ cookie to determine whether
or not to establish a new session for the user. If it does not find the
cookie, a new one is written and a new session is established. This cookie
expires when a user’s session is no longer active.
Google Analytics
_utmz
This
cookie stores the type of referral used by the visitor to reach our site,
whether via a direct method, a referring link, a website search, or a
campaign such as an ad or an email link. It is used to calculate search
engine traffic and page navigation within our site. The cookie is updated with
each page view to our site.

15. How Do I Contact You?

To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:

For the attention the Data Protection Officer (Damian Motyn).

QBS Software Limited
Email address: damian@qbs.co.uk.
Telephone number: 0208 733 7101.
Postal Address: QBS Software Limited, 7 Wharfside, Rosemont Road, Wembley, Middlesex, England HA0 4QB

16. Changes to this Privacy Policy

We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.

Any changes will be immediately posted on our site. We recommend that you check this page regularly to keep up-to-date.