Privacy & Policy
We operate to the highest standards when protecting your personal information and respecting your privacy. If you have any questions about your personal information, or how we use it, you can contact us via email at firstname.lastname@example.org.
We are the data “controller”, which means we are responsible for deciding how and why your personal information is used. We’re also responsible for making sure it is kept safe, secure and handled legally.
What is personal data?
Personal data refers to any information relating to an identified or identifiable natural person (“Personal Data”).
This Data Protection Policy applies to the services of OQCT Limited. If you live in the European Economic Area, Regulation (EU) 2016/679 (General Data Protection Regulation) is the European Regulation and in the UK, it is the Data Protection Act 2018.
The Supervisory Authority
The Information Commissioner’s Office (ICO) in the UK is the for us relevant authority in matters of data protection. You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
The lawful bases we use to process data
We will only ever process your information if we have a lawful basis to do so. The lawful bases we rely on are;
Contract – This is where we process your information to fulfil a contractual arrangement we have made with you.
Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose.
Legitimate Interests - This is where we rely on our interests as a reason for processing, generally this is to provide you with the best products and service in the most secure and appropriate way.
Legal Obligation – This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime or to meet responsible lending criteria.
What data do we collect?
We may collect data or ask you to provide certain data when you use our website and services. We will only ask you for the remaining data that is necessary to carry out the service contracted for. The sources from which we collect Personal Data are:
- Data collected directly from you or your device relating to an identified or identifiable natural person (“Data Subject”) and may include direct identifiers such as name, address, email address, phone number.
- Data collected online or through indirect identifiers such as login account number, login password, payment details, or IP address.
Data collected that is linked, for example if you have used our service and later choose us again, we will link your data and treat that linked data as Personal Data.
How personal data is collected
We collect personal data in the following ways:
you may provide personal data when you complete online forms, request products/services, join our mailing list, use our feedback form or otherwise or correspond with us (by post, phone or email)
we automatically collect personal data (technical and usage) when you browse or interact with our website, by using cookies, and other similar technologies. We may also receive technical data about you if you visit other websites which use our cookies.
You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. There is more information on the Information Commissioners website www.ico.org.uk
- information about the processing of your personal data
- obtain access to the personal data held about you
- ask for incorrect, inaccurate or incomplete personal data to be corrected
- request that personal data be erased when it’s no longer needed or if processing it is unlawful
- object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation
- request the restriction of the processing of your personal data in specific cases
- receive your personal data in a machine-readable format and send it to another controller (‘data portability’)
- request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to contest the decision
- Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time through our contact form.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.
We encourage you to get in touch if you have any concerns with how we collect or use your personal information. You do however also have the right to lodge a complaint directly with the Information Commissioners Office, the data protection regulator in the UK, their contact details can be found on their website www.ico.org.uk
When do we disclose your Personal Data?
We disclose your Personal Data in response to your business enquiry or your request for information within our Company in order to provide the best service possible and within our legitimate interest.
We may share your information with organisations that help us provide the services described in this Data Protection Policy and who may process such data on our behalf and in accordance with this Data Protection Policy, to support this website and our services. For example, with our legal other professional advisors.
We may also share information with salesforce.com, inc, and you may need to provide credit or debit card information directly to salesforce in order to process. The information which you supply to in such cases is not within our control and is subject to salesforce`s own Privacy Notice and Terms and Conditions.
In relation to information obtained about you from your use of our website, we may share a cookie identifier and IP data with analytic and advertising network services providers to assist us in the improvement and optimisation of our website which is subject to our Cookies Policy.
We may disclose personal information in other circumstances such as when you agree to it or if the law, a Court order, a legal obligation or regulatory authority ask us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our right, property or personal safety of our staff, the website and its users.
How long we keep it for
We keep your personal information as long as you are a customer of ours and generally for seven years afterwards to comply with legal requirements. During that time, we take steps to remove any personal data as soon as we no longer need it.
How do we protect your Personal Data?
We protect your data using state of the art technical, and physical safeguards and operate a firm system of policies, confidentiality agreements, digital safeguards and procedures to ensure the highest level of administrative protection.
In more detail to access our database the user must be authorised, is challenged through a two-way authentication system and use an encrypted VPN. Also, the removal of Personal Data from our location is forbidden and made by using a complex encryption system very difficult. We use cutting edge antivirus and anti-malware software and up-to-date firewall protection. Moreover, authorised personnel must have a legitimate need to know interest such as being your point of contact or service your user account.
The data we collect from you may be stored, with appropriate technical and organisational security measures applied to it, on our servers in the UK. In all cases, we follow generally high data protection standards and advanced security measures to protect the personal data submitted to us, both during transmission and once we receive it.
To exercise any of your rights, or if you have any questions or complaints about our use of your Personal Data and this policy, please contact us using our contact form.
Our main operations are based in the UK and your personal information is generally processed, stored and used within the UK and other countries in the European Economic Area (EEA). In some instances, your personal information may be processed outside the European Economic Area. If and when this is the case we take steps to ensure there is an appropriate level of security so your personal information is protected in the same way as if it was being used within the EEA.
Where we need to transfer your data outside the UK or EEA we will use one of the following safeguards:
- The use of European Commission approved standard contractual clauses in contracts for the transfer of personal data to third countries.
- The transfer to organisations that are part of the EU-US Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA.
- Transfers to a non-EEA country with privacy laws that give the same protection as the EEA.
Automated decision-making and profiling
We do not use automation for decision-making and profiling
This Data Protection Policy and our commitment to protecting the privacy of your personal data can result in changes to this Data Protection Policy. Please regularly review this Data Protection Policy to keep up to date with any changes.
Queries and Complaints
Any comments or queries on this policy should be directed to us using the following contact details.
71-75 Shelton Street,
UK: +44 20 8004 4401
US: +01 646 992 9857
If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.