Our Data Protection Policy
Online safety is of paramount importance to QCL.
We take pride in how we deal with the data we hold and make sure we comply with the General Data Protection Regulation (GDPR).
We take seriously the privacy of all who visit our website.
f there are any requests concerning personal information or any queries with regard to these practices please contact our Privacy Officer by e-mail at [email protected]
Company’s Registered Address: 29-31 Knowlsey Street, Bolton, Lancashire, BL1 2AS
Registered Number: 02199091
We review this policy annually.
Date of Last review: 6th August 2020.
Quick Controls uses of Personally Identifiable Data
The elements of Data that we collect may include: those given when completing our enquiry form.
We also collect information automatically about visits to our websites via Cookies.
Our Lawful Basis for processing this information may be Contract and/or Legitimate Interest. We try and minimise the amount of information held to that we need to provide our services and conduct our business.
Updating Your Information
You can update your account information by contacting the office on 01204 224 296 or emailing [email protected]
Data kept for marketing purposes can be changed at any time by clicking on the unsubscribe link on any email from us. Alternatively, you can email [email protected] to update your information.
Your Access to Personally Identifiable Data
The General Data Protection Regulation gives you the right to access information held about you.Your right of access can be exercised in accordance with the regulations. Please make such a request in writing to P[email protected]@Quick-controls.games.
Disclosure of Personal Identifiable Data to third parties
Quick Controls has a policy of not sharing any Personal Identifiable Data about visitors with anyone outside the organisation.
Who We Share data with
We do not sell or share your data without your consent, other than those processors we use for our business operations under our control:
Microsoft – office & email systems;
Google – office & email systems;
ActiveCampaigns – email marketing campaigns;
Manchester Metropolitan University – educational input into product development; and
University of Manchester – impact assessment.
In all cases the servers where your personal data is stored and processed are located in the European Economic Area or other areas where adequate standards of protection are in place in line with EU law.
We may also disclose Data to third party suppliers if we are otherwise required to do so by law.
Security and Protection of Personal Identifiable Data
All remote access to Quick Controls web applications are conducted over HTTPS, an encrypted web link secured with a Secure Sockets Layer (SSL). This is the same method used by banks and commercial entities to secure sensitive data from interception.
External Storage of Personal Identifiable Data
Quick Controls stores data on secure database servers – Amazon Webservers. Amazon Webservers are housed in secure data centers, trusted and used by many of the country’s leading organisations.
Transfer of Personal Identifiable Data Outside of the European Economic Area
All data entered and saved on Quick Controls products is stored and backed up on secure database servers within the UK. Any email communication with us will go through our email systems (Microsoft Office 365 & Google Mail) which is held on Privacy Shield compliant servers held in the USA – the US Privacy Shield policy is available to view on request. Wherever possible we request our customers to upload their data directly to Quick Controls products rather than emailing it to us.
Use of Personal Identifiable Data
By accepting the Terms and Conditions those who fill in our enquiry forms are consenting for us to hold their data in order to process their enquiry.
Data Retention Schedule
Quick Controls holds data on suppliers, and potential partners.
Data may be held electronically on our email systems, payroll, CRM systems, and access control systems. (Please note that our accounts software holds no personal data)
Our working email servers (Office 365) have a 6-month retention policy. Our back up email servers (Gmail) have a 36-month retention policy.
Payroll is cleansed in August every year. The cleansing will be the removal of data relating to employees who terminated employment more than 6 years previous.
Customers and potential customers in our CRM and access control system are deleted 5 years from the last active service.
Breach Notification Procedure
Any potential Data Protection Breach (DPB) is notified to the Privacy Officer (PO). The PO will open an incident log and make an initial assessment of the breach’s severity.
The PO will conduct a detailed assessment and investigation of the DPB. The PO will establish a likelihood and severity of a resulting risk to people’s rights and freedoms.
If there is a risk, the ICO will be notified within 72 hours of the notification.
If there is no risk, a documented decision will be made available to the ICO (although the ICO will not be notified).
If a DPB is likely to result in a high risk to the rights and freedoms of individuals, the PO will inform those concerned directly and without undue delay.
Any DPB will be documented and reviewed to ascertain if lessons can be learned.