ABOUT THIS POLICY
We appreciate your interest in our consultancy and training services. Your privacy is important to us and we want you to feel comfortable with how we use and share your personal information.
This policy sets out how QCS International Ltd (herein called QCS) shall handle your personal information, including when and why it is collected, used and disclosed and how it is kept secure.
WHO WE ARE
At QCS we do all we can to respect your right to privacy and the protection of your personal information. We are a fully owned subsidiary of PHSC plc and this is a summary of what we and the Plc do with your information in order to run our business and provide our customers with consultancy and training course services
QCS has a Data Controller in post. Any correspondence relating to how we handle data should be addressed to our Data Controller.
HOW AND WHAT PERSONAL INFORMATION WE COLLECT
We collect and process various types of personal information, including basic information such as name, contact details, and information about the services and contact you have had from QCS.
Personal information you give to us
Most of your information will have been provided by you, or created through your use of our services. We also collect information from the technology you use when dealing with us and from third party organisations such as The International Certificate of Registered Auditors (IRCA) and Chartered Quality Institute (CQI) and group companies within PHSC plc
Personal information we collect about you
We may automatically collect the following personal information: our web servers store as standard details of your browser and operating system, the website you visit us from, the pages that you visit on our website, the date of your visit, and, for security reasons, e.g. to identify attacks on our website, the Internet protocol (IP) address assigned to you by your internet service. We collect some of this information using cookies – please see Cookies in Section 9.2 for further information. We may also collect any personal information which you allow to be shared that is part of your public profile on a third party social network.
Personal information we may receive from other sources
We obtain certain personal information about you from sources outside our business or other third-party companies. As part of normal training deliver we receive data from the International Register of Certified Auditors (IRCA) that includes items such as your personal delegate number, which is used to manage your qualification records.
Please see further underHow we use your personal informationfor details of the purposes we use the personal information we obtain from these sources and the legal basis on which we rely to process that information. The remaining provisions of this policy also apply to any personal information we obtain from these sources.
HOW WE USE YOUR PERSONAL INFORMATION
Where you have provided CONSENT
We may use and process your personal information where you have consentedfor us to do so for the following purposes:
- to share your personal information with other companies within PHSC plc so that they can provide you with legitimate business information relevant to your organisation;
- to supply brochures and other material you have specifically requested from us;
- to contact you via email, text message, post or telephone with marketing information about our consultancy and training course services (see Marketing section below for further details)
- to share your personal information with IRCA and CQI for them to contact you with marketing information about their products and services. Please see the Marketing section in this policy to find out more about these third parties
You may withdraw your consent for us to use your information in any of these ways at any time. Please see Withdrawing your consent for further details. Note that withdrawing consent for data to be shared with IRCA and CQI may results in your auditor registration details being lost.
Where required to perform a CONTRACT with you
We may use and process your personal information where it is necessary for the performance of a contract with you, or in order to take steps at your request before entering into a contract with you, including for the following purposes:
- To exchange information for training courses (bookings etc);
- To allow for the provision of consultancy services
Where it is in your VITAL INTEREST
We may use your personal information to contact you if there are any urgent notices to communicate to you relevant to your organisation and relevant to the types of services we deliver. For clarification, this may include informing you of changes to courses, or updates to technical standards and other requirements that QCS work with.
Where required to comply with our LEGAL OBLIGATIONS
We will use your personal information to comply with our legal obligations including:
- to assist HMRC, the Police, or any other public authority or criminal investigation body;
- to identify you when you contact us; and
- to verify the accuracy of data that we hold about you.
Where there is a LEGITIMATE INTEREST
We, may use and process your personal information where it is necessary for us to pursue our legitimate interestsas a business for the following purposes:
- for analysis, and profiling to inform our marketing strategy, and to enhance and personalise your customer experience;
- for market research in order to continually improve the products and services that we and our authorised dealers deliver to you;
- to administer our websites and for internal operations, including troubleshooting, testing, statistical purposes;
- for marketing activities (other than where we rely on your consent) e.g. to tailor marketing communications or send targeted marketing messages via social media and other third party platforms;
- for the prevention of fraud and other criminal activities;
- to undertake credit checks for finance;
- to correspond and communicate with you;
- to create a better understanding of you as a customer or training delegate;
- for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
- to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
- for the purposes of corporate restructure or reorganisation or sale of our business or assets;
- for efficiency, accuracy or other improvements of our databases and systems e.g. by combining systems or consolidating records we or our group companies hold about you;
- to enforce or protect our contractual or other legal rights or to bring or defend legal proceedings; and
- for general administration including managing your queries, complaints, or claims, and to send service messages to you.
OTHERS WHO MAY RECEIVE OR HAVE ACCESS TO YOUR PERSONAL INFORMATION
PHSC Plc Group companies only
We and other PHSC plc group companies use your information mainly to provide you with services, to understand our customers’ needs and improve our consultancy and training course services we offer, and for the day-to-day running of our business. We also use it to comply with laws and regulations that apply to us and to protect our business, our customers and our employees.
Our suppliers and service providers
QCS, in order to deliver IRCA and CQI-certified training, is required to submit delegate information to IRCA. This is completed in accordance with IRCA/CQI data security requirements. You can review IRCA privacy policies at https://www.quality.org/article/privacy-policy
QCS shall not provide data to any supplier or third party.
QCS International is not responsible for data management within IRCA. Delegates on our IRCA Certified training courses are requested to give permission for data to be submitted to IRCA.
WHERE WE STORE YOUR PERSONAL INFORMATION OUTSIDE THE EEA
All information you provide to us may be transferred to countries outside the European Economic Area (EEA). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EEA. These countries may not have similar data protection laws to the UK.
If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. These steps include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. Please contact us using the details at the end of this policy for more information about the protections that we put in place and to obtain a copy of the relevant documents.
If you use our services whilst you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.
HOW LONG WE KEEP YOUR PERSONAL INFORMATION
We don’t keep your information for longer than we need to, and which is in line with all UK Laws, as an example:
- If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws.
- We do not retain personal information in an identifiable format for longer than is necessary.
- We may need your personal information to establish, bring or defend legal claims, in which case we will retain your personal information for 7 years after the last occasion on which we have used your personal information in one of the ways specified in How we use your personal information.
The only exceptions to this:
- the law requires us to hold your personal information for a longer period, or delete it sooner;
- you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted in this section, or because we are required under the law (see further Erasing your personal information or restricting its processing; and
- in limited cases, the law permits us to keep your personal information indefinitely provided we put certain protections in place.
Your ‘data subject’ rights
You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received this information or, where no such information is required, after we have received your request.
Accessing your personal information
You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this policy. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
Correcting and updating your personal information
The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you.
In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us via our Data Controller.
Withdrawing your consent
Where we rely on your consent as the legal basis for processing your personal information, as set out under How we use your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this policy. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can also do so using the unsubscribe tool. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
Erasing your personal information or restricting its processing
In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.
You may also ask us to restrict processingyour personal information in the following situations:
- where you believe it is unlawful for us to do so,
- you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings.
In these situations, we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
Complaining to the UK data protection regulator
You have the right to complain to the Information Commissioners Office (ICO) if you are concerned about the way we have processed your personal information. Please visit the ICO’s websitefor further details.
SECURITY / COOKIES / LINKS / SOCIAL PLUGINS
We are committed to ensuring that your information is secure with us. We use tools to make sure that your information remains confidential and we continually improve our security measure in line with technological developments.
Security measures we put in place to protect your personal information
QCS International uses technical and organisational security measures to protect the personal information supplied by you and managed by us against manipulation, loss, destruction, and access by third parties. Our security measures are continually improved in line with technological developments.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information whilst in transit to our website and any transmission is at your own risk.
Use of ‘cookies’
‘Cookies’ are small pieces of information sent to your device and stored on its hard drive to allow our websites to recognise you when you visit.
Links to other websites
In addition, if you linked to our website from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.
We use so-called social plugins (buttons) of social networks such as Facebook, Linked In and Twitter.
After their activation, a direct link to the server of the respective social network is established. The contents of the button are then transmitted from the social network directly to your browser and incorporated in the website.
After activation of a button, the social network can retrieve data, independently of whether you interact with the button or not. If you are logged on to a social network, the network can assign your visit to the website to your user account. A social network cannot assign a visit to websites operated by our other group companies unless and until you activate the respective button there as well.
If you are a member of a social network and do not wish it to combine data retrieved from your visit to our websites with your membership data, you must log out from the social network concerned before activating the buttons.
We have no influence on the scope of data that is collected by the social networks through their buttons. The data use policies of the social networks provide information on the purpose and extent of the data that they collect, how this data is processed and used, the rights available to you and the settings that you can use to protect your privacy.
Unless you have told us not to, we will send you marketing information relating to our consultancy and training course services that we think will be of interest and relevant to you. If you change your mind and no longer want to receive these communications you can tell us at any time by contacting our Data Controller.
QCS will not share your information with third party companies for their own marketing purpose without your specific permission.
We may collect your preferences to send you marketing information directly from us by email/SMS (where applicable) including:
- if you register with us online; or
- if you book a course or request consultancy services
We will only do so if you have consented to receiving such marketing information directly from us.
You have the right to opt-out of our use of your personal information to provide marketing to you in any of the ways mentioned above. Please see the section Withdrawing your Consent.
CHANGES TO THIS POLICY
ALWAYS HERE TO HELP YOU
If you have any questions, suggestions or complaints about the processing of your personal information or wish to contact us to amend/update your marketing preferences, please contact the QCS Data Controller.
Write to us at:
QCS International Ltd
Unit 9 Cumbernauld Business Park
Find us online at www.qcsl.co.uk
Call us on 01236 734447
Email us on firstname.lastname@example.org
Tweet us on @qcsint
Policy dated 18.05.2018