This Privacy Policy applies to www.qdpservices.co.uk, www.qdpservices.com and www.qdpservices.org which are owned and operated by QDP Services Ltd, Riverside, Mountbatten Way, Congleton CW12 1DY (Registration in England: 3348159).

QDP Services Ltd. is registered with the Information Commissioner Office (ICO) (registration number: Z1155070). The ICO is the UK's independent body set up to uphold information rights. The ICO’s details can be found at https://ico.org.uk.

By joining QDP as a customer, filling out a survey or visiting our site, you agree to our Privacy Policy. Specifically, you expressly consent to us processing your personal data as described in this Privacy Policy. Furthermore, if you have enabled the use of cookies on your web browser, then you consent to our use of cookies as described in this Privacy Policy.

This Privacy Policy does not provide any additional terms and conditions or warranties whether expressly or implied. This Privacy Policy provides transparency to our users as how their data is collected and used and serves as a privacy notice as required by legislation.

If you have any further queries, please don’t hesitate to contact us by email enquiries@qdpservices.co.uk, by writing to QDP Services Ltd at the address above or by calling +44 (0) 1625 501917.

Changes to this policy

We may change this Privacy Policy at any time by updating this page, please make sure you frequently visit this page. We will endeavour to provide you with a notice of change of this page if any amendments occur. If you do not agree with the amendments please contact us or close your account and discontinue use of our services and site, otherwise, you will be deemed to have consented expressly to any changes.

Introduction

Our Privacy Policy describes how we capture and use personal data that we collect about visitors to our website.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

We have divided this policy into 4 parts reflecting the types of visitor we have to our sites:

Part 1: Privacy of Customers
Part 2: Privacy of Survey Respondents
Part 3: Privacy of all Site Visitors
Part 4: Privacy of all users of Survey Manager

Definitions

A “Customer” is anyone who has purchased or is using our services on a trial basis including, but not limited to, Gold Service and SurveyManager.

A “Survey Respondent” is anyone who fills out a survey via a QDP website.

A “Site Visitor” is anyone who visits our site.

A “User of Survey Manager” is anyone who uses SurveyManager including “Customers”

Part 1: Privacy of Customers

A “Customer” is anyone who creates or instructs QDP to create, administers or who collects and collates survey results using our services.

QDP acts as a data controller for all personal data which our Customers and site visitors provide regarding themselves. For the personal data which the Customers provide for survey targeting purposes and all data supplied by survey respondents when completing any of the surveys commissioned by the Customer, QDP acts as a data processor, processing only in accordance with Customer’s instructions; the Customer in such circumstances is the data controller.

The data we collect from you

We collect the following data from you:

· Account and Billing Information: this is the information you provide when signing up for one of QDP’s services and may include your name, username, email address, postal address etc.

Payment details. Where you pay for using our service, we will also collect information including billing address and payment contact details. Where payment is made by card the details needed, for example card number and expiry date, are not held by QDP. These details are held by Global Payments UK Limited which is a trading name of GPUK LLP. (Registered in England number OC337146)
Customer Criteria and annual survey planning information
Survey Questions, Targeting Information & Answers
Account Settings
Address Book: including any email addresses and names you put in.
Any other information you share with us including emails, queries and testimonials.
The legal basis for us collecting the above data is that it is necessary for us to provide you the services under contract. For Survey Questions, Targeting Information & Answers, we act as data processor; in this regard we follow your instructions regarding how you want to process that data.

What we do with the information we collect

We use the information we collect to provide our services to you. This includes:

Providing you customer support and help about our services when you contact us.
Contacting you about your account, billing information, changes to our Terms of Use, changes to other policies, and any other issues regarding our services.
For trouble shooting and testing of our services to ensure that it is secure, reliable and of high standard.
Maintain and improve our services.
To enforce our Terms of Use to ensure you are not carrying out any prohibited activities.
To prohibit illegal activity using our services.
To respond to legal requests, court orders or lawful requests from government agencies.
For providing our services to you as per your request.

Marketing and promotional emails

Where you have consented, we will contact you regarding promotional activities and marketing in order to inform you about offers and helpful tips about our service, you have a right to withdraw that consent at any time by following the simple instruction on the email or emailing enquiries@QDPServices.co.uk telling us you no longer wish to receive promotional emails. Please also see your rights below.

Sharing & Disclosure of your data

We use sub-processors to store our data safely and securely. All survey data is stored in the UK. All our sub-processors have robust security features to ensure that they have the appropriate technical and organisation measures to keep personal data secure, furthermore, they are contractually bound to not access, modify, disclose or erase the data without our instructions. Our sub-processors are:

· iomart Group PLC, Kelvin Campus, West of Scotland Science Park, Lister Pavilion, Glasgow G20 0SP. iomart provide hosting services for our web sites , offsite back-up storage and support services.

· Consultancy Technology Ltd who are registered in England No: 03149384 who provide support services for SurveyManager.

We may disclose account or billing details if required by law or to comply with a court order or legal process.

We may disclose account details if there is a change in business ownership for example, in the event of a merger, change in ownership, consolidation amalgamation or other corporate change, you agree that the successor will process that data instead of QDP following a notice of 1 month given to all of QDP’s customers.

QDP is heavily focused on the privacy of your data, it does not sell or share your survey data except for the purposed of providing benchmarking using anonymised/aggregated data within the reports provided to you without first obtaining your consent and agreement.

Backup policy

All data you hold with us is backed up in a separate physical premises within the UK with technical and organisational measures equal to those where original data is held. This is to ensure that your data is not lost or destroyed should the original be destroyed without your instructions.

Rights to your data

If you are a Customer, you have the following rights to your data (please see below under the Heading “General Statement” for more information):

Right to access: You have the right to access all of the data we hold about you and for you by either logging in to your account or requesting it from our Customer Services Team by email: enquiries@qdpservices.co.uk.

You also have the right to access any information we hold about you and your account in a common machine readable format free of charge, unless your request is excessive or repetitive. We will process your request without delay and at the latest within 1 month, unless, your request is complex or numerous in which case we may take up to 3 months, but we will inform you within 1 month if this is the case.

Right to rectify: when you log on to your account, you can rectify or update any information on your account or any questions and targeting information from surveys you have commissioned. If you are not able to do so, please contact us at enquiries@qdpservices.co.uk.

Right to erase: When you log on to your account, you may also erase any data on your account with the exception of data that is required for you to keep your account open (such as your email address, name etc.). You may erase any survey questions or responses as you like when you are inside your account. You also have the right to erase any other data which we hold about you including raising any questions via email, if you would like us to do so please contact us at enquiries@qdpservices.co.uk.

When you terminate your account, all of your data will be erased except for the anonymised survey responses used for benchmarking purposes.

When you delete your data or terminate your account, it may still be stored by us for up to an additional 12 weeks due to the backups we have.

Right to object: You have the right to object to us using your data for marketing purposes. If you would like to do so please contact us at enquiries@qdpservices.co.uk. This will be done free of charge and without undue delay.

Communication from the site

Established members may occasionally receive information on improvements to our service, general service announcements, and a newsletter. Out of respect for the privacy of our users we present the option to not receive these types of communications. Please contact our Customer Services Team enquiries@qdpservices.co.uk.

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications; however, these communications are not promotional in nature.

We communicate with users on a regular basis to provide requested services and in regards to issues relating to their account we reply via email or phone, in accordance with the user’s wishes.

Retention Periods

We will retain your data for as long as necessary to carry out the service to you. If you wish to cancel your account, you may do so. Please contact us at: enquiries@qdpservices.co.uk.

Where you send us questions, queries or support requests, we will retain that data for up to 18 months or if you tell us to delete it immediately, whichever comes first, unless your request relates to improving our services, in which cases we will delete the personal data and store the enquiry or suggestion.

Part 2: Privacy of Survey Respondents

A “Survey Respondent” is anyone who fills out a survey powered by QDP’s products and services including SurveyManager and OLI.

QDP acts as a data processor, processing only in accordance to our Customer’s instructions; the Customer in such circumstances is the data controller.

The information QDP collects about Survey Respondents

Survey responses: On the instructions of the Customer, we collect your survey responses on their behalf. We then store those survey responses for the Customer. If you would like your survey responses erased, rectified, accessed or for any other queries about your responses, please contact the Customer directly. Please bear in mind that most surveys are not anonymous and Customers may have given QDP your personal data to help with detailed reporting and increase the usefulness and value of the survey. Please contact the Customer for further help and clarification on this issue.

QDP’s Use of the information we collect about you

We do not use your survey responses other than carrying out the service for the Customer. Your survey responses are owned and managed by the Customer who will have its own policy on data handling and would decide on whether your survey responses are kept private, disclosed to third parties, or provided to the public.

We do not sell your survey data to other parties nor do we store it to contact you for a purpose other than under the direction of Customer.

We only share your data with third parties if necessary to carry out the service(s) that the Customer has requested and as mentioned in this Privacy Policy.

Your rights to the data we process on behalf of the Customer

If you want to access your data, rectify your data, erase your data, object to the processing of your data, or for any other enquiries regarding the handling of your data please contact the Customer directly.

If you believe that the Customer is not complying with its legal obligation(s) regarding your data, please contact our Customer Services Team: enquiries@qdpservices.co.uk.

You can opt out of receiving survey requests by contacting the Customer directly.

Data Retention

Please note that as the Customers control their own survey data, if you are a Survey Respondent to a Customer’s survey you will need to contact them directly to amend or delete anything in your survey responses.

Part 3: Privacy of All Site Visitors

A “Site Visitor” is anyone who visits our site save for those completing a questionnaire. Please see Part 2 if you are a respondent to a survey

QDP acts as a data controller for all personal data which our site visitors input, except for any personal data which the site visitors respondents fill out. For the personal data which the site visitors respondents fill out, QDP acts as a data processor, processing only in accordance to the site visitors instructions; the site visitor in such circumstances is the data controller.

Cookies

We use both session ID cookies and persistent cookies. For the session ID cookie, once users close the browser, the cookie simply terminates. A persistent cookie is a small text file stored on the Site Visitor’s hard drive for an extended period of time. Persistent cookies can be removed by following Internet browser help file directions (see below). With session cookies we are able to ensure that only people who have entered in correct login details are able to use password-protected areas, and only areas that they are authorised to use. Persistent cookies enable us to track and target the interests of our users to enhance the experience on our site.

When you visit our site, we use cookies to store data on your device. This is so that we can:

Distinguish you from other users of our website.
Improve our website’s performance and your experience of using our website.
Make it easier and more convenient for you to log in to our site, by storing the username and password on your device.
Ensure secure login.
In certain surveys under the Customer’s direction, ensure that a survey respondent can’t retake the same survey more than once.
Track referral data and see how you got to our site.
Measure your usage of our services.

If you believe that such interests are overridden by the interests or fundamental rights and freedoms of you as the data subject and that those require protection of your personal data, please contact us at support@QDPServices.co.uk. We will block access to your data or give you the means to quickly do so, while we make a decision as to your request.

Source Data

QDP records the source of how you got to our site, including for example from another website or from a link to our website.

Log Files

We collect information about you when you visit our site including which webpages you visit, when you have visited them etc. We may also keep log files which contain data about the device you’re using, the IP address, internet service provider, operating system, timestamps and files you view from our site.

IP Addresses

By visiting our site, your IP address will be recorded by our servers and stored in log files. These log files are used for record keeping, tracking referring websites, inferring your general location, and for security purposes to avoid SPAM, abuse and DDOS attacks.

Device Data

We collect data about the device and system you use to access our site. In particular, we collection your IP address, operating system, device type, browser type and your general location of accessing the site.

Security

QDP has active security measures to ensure that we are compliant with all data we process in accordance to data privacy legislation as applicable to the UK. Our technical and organisational security measures mean that we comply with our obligations to ensure that data stored with us is stored safely and securely.

Our security measures include:

Cyber Essentials Plus certified
Access controls
Firewalls
McAfee Secure Security Scan
Online Security (Encryption) - with the exception of our Basic Account (free).
Encryption at rest

For more information on our security measures please email Support@QDPServices.co.uk.

Our website takes every precaution to protect our users' information. When users browse or submit information via the website, their information is protected both online and off-line. Our website is encrypted and is protected by HTTPS (with the exception of our Basic Account (free). The lock icon displayed on your web browser signifies that HTTPS protection is active, as opposed to un-locked (or open). While we use HTTPS encryption to our website, we also do everything in our power to protect user information offline. All of our users' information is restricted. Only employees who need the information to perform a specific job are granted access to personally identifiable information. Furthermore, all employees are kept up-to-date on our security and privacy practices. Every quarter, as well as any time new policies are added, our employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure our users' information is protected. Finally, the servers that store personally identifiable information are in a secure environment, in a locked facility.

Regarding our accounts, HTTPS encryption for surveys is available for all accounts and surveys administered by those accounts, except for surveys that are administered by our Basic Account. When using one of our Paid Accounts please ensure that the “SSL Encryption” option is switched when you create and send surveys to your survey respondents.

For ensuring security of data at rest, we use Microsoft SQL Server Data.

Right to complain

If you feel that we have mistreated the handling of your data, you have the right to complain to us in which case we will rush to resolve the matter as quickly as possible and prevent any further mishandling.

You also have the right to complain to the Information Commissioner’s Office.

Necessary Disclosure by law

Though we make every effort to preserve user privacy, we may need to disclose personal information when required by law wherein we have a good-faith belief that such action is necessary to comply with a current judicial proceeding, a court order or legal process served on our website.

Links

This website contains links to other sites. Please be aware that we, QDP, are not responsible for the privacy practices of such other site. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies solely to information collected by this website.

Part 4: Privacy of Users of Survey Manager

A “User of SurveyManager” or “User” is anyone who creates or collects and collates survey results using our services.

QDP acts as a data controller for all personal data which the User and site visitors provide regarding themselves. For the personal data which the User provides for survey targeting purposes and all data supplied by survey respondents when completing any of the surveys commissioned by the User, QDP acts only as a data processor, processing in accordance with User’s instructions; the User in such circumstances is the data controller.

The data we collect from you

We collect the following data from you:

Survey Questions, Targeting Information & Answers
Account Settings
Address Book: including any email addresses and names you put in.
Any other information you share with us including emails, queries and testimonials.
The legal basis for us collecting the above data is that it is necessary for us to provide you the services under contract. For Survey Questions, Targeting Information & Answers, we act as data processor; in this regard we follow your instructions regarding how you want to process that data.

What we do with the information we collect

We use the information we collect to provide our services to you. This includes:

Providing you customer support and help about our services when you contact us.
For trouble shooting and testing of our services to ensure that it is secure, reliable and of high standard.
Maintain and improve our services.
To enforce our Terms of Use to ensure you are not carrying out any prohibited activities.
To prohibit illegal activity using our services.
To respond to legal requests, court orders or lawful requests from government agencies.
For providing our services to you as per your request.

Sharing & Disclosure of your data

· iomart Group PLC, Kelvin Campus, West of Scotland Science Park, Lister Pavilion, Glasgow G20 0SP. iomart provide hosting services for our web sites , offsite back-up storage and support services.

· Consultancy Technology Ltd who are registered in England No: 03149384 who provide support services for SurveyManager.

We may disclose account or billing details if required by law or to comply with a court order or legal process.

We may disclose account details if there is a change in business ownership in the event of a merger, change in ownership, consolidation amalgamation or other corporate change, you agree that the successor will process that data instead of QDP following a notice of 1 month given to all of QDP’s customers.

Backup policy

All data you hold with us is backed up in a separate physical premises with technical and organisational measures equal to those where original data is held. This is to ensure that your data is not lost or destroyed should the original be destroyed without your instructions.

Rights to your data

If you are a User, you have the following rights to your data (Please also see under the Heading “General Statement” for more information):

If the Customer has terminated their account, all of your data will be erased except for the anonymised survey responses used for benchmarking purposes.

When you delete your data or the account has been terminated, it may still be stored with us for up to an additional 12 weeks due to the backups we have.

Communication from the site

We communicate with users on a regular basis to provide requested services and in regards to issues relating to their account we reply via email or phone, in accordance with the user’s wishes.

Retention Periods

We will retain your data for as long as necessary to carry out the service to you. If you wish to cancel your account, you may do so. Please contact us at: enquiries@qdpservices.co.uk.

General Statement

For this section, the following definitions apply: Controller, Personal Data, Data Subject and Processor all have the meaning defined in the General Data Protection Regulations (GDPR).

Recipient: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Third Party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Restriction of processing: the marking of stored personal data with the aim of limiting their processing in the future.

Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Consent: Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Legal Basis

In addition to the legal basis mentioned above, we may also possess the following legal basis for processing the data subject’s personal data where:

the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
processing is necessary for compliance with a legal obligation to which the controller is subject;
processing is necessary in order to protect the vital interests of the data subject or of another natural person;
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or,
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

EU Data Subject Rights

Certain regulations afford EU Data Subjects with rights. These rights are summarised below. In order to assert any of these rights please contact our Customer Services Team at any time.

Right to Confirmation: Each data subject has the right to obtain from QDP (when acting as controller) confirmation as to whether or not his or her personal data is being processed. This includes the right to confirm whether his or her personal data is transferred to a third country or to an international organisation as well as the appropriate safeguards relating to the transfer.
Right to Access: Each data subject has right to obtain from QDP (when acting as controller), free information about his or her personal data stored at any time and a copy of this information, however, QDP reserves the right to charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive.
Right to Rectification: Each data subject has the right to rectify inaccurate personal data concerning him or her that is being processed by QDP (when acting as controller) without undue delay. Furthermore, the data subject has the right to complete any incomplete personal data and to provide supplementary statements to rectify that personal data.
Right to Erasure: Each data subject has right to erase any personal data concerning him or her which is being processed by QDP (when acting as controller) without undue delay. QDP may refuse to grant you this right if a statutory exemption applies.
Right of Restriction of Processing: Each data subject has the right to restrict the processing of personal data from QDP (when acting as controller) where a statutory ground applies.
Right to Data Portability: Each data subject has the right to receive the personal data concerning him or her, which was provided to QDP (when acting as controller), in a commonly used machine-readable format.
Right to Object: Each data subject has the right to object to QDP (when acting as controller) to the processing of his or her personal data if a statutory basis exists.
Right not to be subject to automated individual decision-making, including profiling: Each data subject has the right not to be subject to a decision based solely on automated processing, including profiling.
Right to Withdraw Consent: Where consent forms the basis for processing by QDP (when acting as controller), the data subject has the right to withdraw his or her consent to the processing of his or her personal data at any time. Data Subjects can contact QDP’s Customer Services Team to withdraw consent at any time.
Right to Complain to the Supervisory Authority (Information Commissioner’s Office (ICO)): Details of the ICO are provided at the top of this Privacy Policy.

Security of processing

QDP has implemented technical and organisational measures to ensure personal data processed remains secure, however, absolute security cannot be guaranteed. Please contact our Customer Services Team for further details. enquiries@qdpservices.co.uk

Law & jurisdiction

This Privacy Policy is governed by and interpreted according to the law of England and Wales. All disputes arising out of this Privacy Policy will be subject to the exclusive jurisdiction of the English and Welsh courts.

Transfer of Rights

You may not transfer any of your rights under this Privacy Policy to any other person. We may transfer our rights under this privacy notice where we reasonably believe your rights will not be affected.

Invalid provisions

If any court or competent authority finds that any provision of this Privacy Policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this Privacy Policy will not be affected.