In accordance with the General Data Protection Regulation (GDPR), VQ Communications Ltd has implemented this privacy information notice to inform you, our current and former clients, of the types of data we process about you. We also include within this notice the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.
This notice applies to current and former clients who use, or have used, our product and ancillary services.
VQ Communications Ltd of Unit 4b, Byron House, Landsdowne Court, Bumpers Way, Chippenham, SN14 6RZ is the Data Controller of the personal data that you supply to us under your contract with us.
Our Data Protection Officer is Giles Adams who can be contacted at firstname.lastname@example.org. Tel: 01249 880140.
A) DATA PROTECTION PRINCIPLES
Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:
- processing is fair, lawful and transparent
- data is collected for specific, explicit, and legitimate purposes
- data collected is adequate, relevant and limited to what is necessary for the purposes of processing
- data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
- data is not kept for longer than is necessary for its given purpose
- data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures we comply with the relevant GDPR procedures for international transferring of personal data
B) TYPES OF DATA HELD
We keep several categories of personal data on and from our clients in order to carry out effective and efficient processes. We hold the data within our computer systems, for example, the systems that we use to provide our software licenses, product and technical and support services and documentation.
Specifically, we hold the following types of data:
- personal details such as name, address, phone numbers, job title, email addresses etc. for the main contact and other contacts for the delivery of the service.
C) COLLECTING YOUR DATA
You provide several pieces of data to us directly when you request a quote, product and technical information, enter into a contract with us, request support and maintenance services, during the onboarding process and during the contract and after the contract has ended.
Occasionally, we may receive information about you from other sources (such as suppliers, other customers and our VQ Partners) which we will add to the information we already hold about you in order to help us operate our business effectively. For example, we may receive personal data about you from our partner, Cisco, for the purpose of us contacting you about our product where Cisco has a legal basis for sharing that information with us.
For more information about our VQ Partners, please see our VQ Partners page: https://www.vqcomms.com/partners/. Personal data is kept in files or within the Company’s IT systems.
D) LAWFUL BASIS FOR PROCESSING
The law on data protection allows us to process your data for certain reasons only. In the main, we process your data in order to comply with a legal requirement or in order to effectively provide the business contract we have with you, including ensuring we can deliver our software and support to you.
The information below categorises the types of data processing we undertake and the lawful basis we rely on.
|Activity requiring your data||Lawful basis|
|Set up your account||Performance of the contract (Article 6(1)(b))|
|Carry out the delivery of the software licenses and support services||Performance of the contract (Article 6(1)(b))|
|Ensuring payments are made under your account||Performance of the contract (Article 6(1)(b))|
|Ensuring VAT and insurance premium tax is paid||Legal obligation (Article 6(1)(c))|
|Making financial decisions in relation to entering both initial and subsequent contracts||Our legitimate interests (Article 6(1)(f))|
|Making decisions about service delivery methods||Our legitimate interests (Article 6(1)(f))|
|Ensuring efficient administration of contractual services to you||Performance of the contract (Article 6(1)(b))|
|Effectively monitoring the service provided including adherence to commitments and service entitlements||Our legitimate interests (Article 6(1)(f))|
|Maintaining up to date records about you to ensure, amongst other things, effective correspondence can be achieved and appropriate contact points in place||Our legitimate interests (Article 6(1)(f)) and performance of the contract (Article 6(1)(b))|
|Dealing with legal claims made against us||Our legitimate interests (Article 6(1)(f))|
|Preventing fraud||Our legitimate interests (Article 6(1)(f)) and legal obligation (Article 6(1)(c))|
|Ensuring our administrative and IT systems are secure and robust against unauthorised access||Our legitimate interests (Article 6(1)(f))|
|Contact you with details of the latest versions and upgrades to our product available for purchase that we think may be of interest to you and you have consented for us to contact you in this way||Consent (Article 6(1)(a))|
|Access your log files in order to resolve a problem you have reported and to, as a result, generally improve our product should the problem be one that is effecting other users||Performance of the contract (Article 6(1)(b)) and our legitimate interests (Article 6(1)(f))|
E) FAILURE TO PROVIDE DATA
Your failure to provide us with data may mean that we are unable to fulfil our requirements for entering into a contract with you. This could include being unable to offer you services or administer existing contractual services.
F) WHO WE SHARE YOUR DATA WITH
Your personal data may also be processed on our behalf by third party service providers such as employees of partner organisations in order to perform a contracted service for us. We require third parties to respect the security of your data and to treat it in accordance with the law.
For example, log files submitted to the VQ customer portal is actively managed and kept up to date from a security and patch level by VQ. However, the ticketing system used by VQ is Freshdesk (https://freshdesk.com/ ). Please see the following Freshdesk policies:
We do not allow our third-party service providers (“data processors”) to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. The processing of your personal data is governed by a data processing contract between us and our data processors, ensuring a commitment to the principals of the GDPR and the Data Protection Act 2018.
Other than this, your data is not shared with third parties without your consent, unless this is required to comply with a legal obligation placed upon us. All employees within VQ Communications that handle your personal data are trained in ensuring data is processed in line with GDPR.
G) PROTECTING YOUR DATA
We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We use technical and organisational measures to safeguard your personal data in accordance with the law.
H) TRANSFERS OUTSIDE THE EEA
We may need to transfer your personal data outside the European Economic Area in the course of using some of our service providers, for example Freshdesk (see above) which is based in the US. We also use a CRM system provided by Infusionsoft (https://keap.com/legal/data-protection-faq) which is hosted in the US.
The European Commission has recognised that US companies who have registered under the Privacy Shield framework as providing adequate protection in respect of data protection. We have also entered into adequate contractual provisions with such service providers.
I) RETENTION PERIODS
We only keep your data for as long as we need it for, which will be at least for the duration of your service contract plus 7 years from the date that service contract with us terminates, although in some cases we will keep your data for a longer period after your contract has ended. Some data retention periods are set by the law.
J) CLIENT RIGHTS
You have the following rights in relation to the personal data we hold on you:
- the right to be informed about the personal data we hold on you and what we do with it;
- the right to obtain a copy of the personal data we process concerning you. We will take steps to verify your identity before responding to your request. Once we have verified your identity we will respond as soon as possible and in any event within one month. For further information, see “Subject Access Requests” in our GPDR Compliance Statement: https://www.vqcomms.com/gdpr-compliance-statement/;
- the right for any inaccuracies in the personal data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’;
- the right to have your personal data deleted in certain circumstances. This is also known as ‘erasure’. For further information, see “Right To Be Forgotten” in our GPDR Compliance Statement: https://www.vqcomms.com/gdpr-compliance-statement/;
- the right to restrict or object to the processing of your personal data;
- the right to transfer the personal data we hold on you to another party. This is also known as ‘portability’;
- the right to regulate any automated decision-making and profiling of personal data.
If you wish to learn more about these rights and how they operate, please look at the ICO’s website https://ico.org.uk/for-the-public/.
Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data.
L) MAKING A COMPLAINT
If you think your data rights have been breached, you are able to raise a complaint with the Information Commissioner (ICO) here https://ico.org.uk/. You can contact the ICO at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or by telephone on 0303 123 1113 (local rate) or 01625 545 745.
If you have a concern or complaint about the way we handle your data, we ask that you contact us to allow us to investigate and resolve the matter as appropriate.
N) DATA PROTECTION COMPLIANCE
Our Data Protection and Compliance Officer is:
Telephone 01249 880140