WHO ARE WE?
QSR International, LLC (“QSR International”) is a global organization. QSR International’s head office is located in Burlington, Massachusetts, USA, and we have offices in the United Kingdom, Australia, Japan and Switzerland.
The related entities of QSR International include:
- QSR International (Americas) Inc. – United States of America;
- QSR International (UK) Limited – United Kingdom;
- QSR International Pty Ltd - Australia;
- Planet Software Pty Ltd - Australia;
- QSR International Japan K.K. – Japan; and
- Swiss Academic Software GmbH - Switzerland.
- the general categories of personal data we collect;
- why we collect an individual's personal data;
- how it will be used, and who it will be disclosed to;
- the legal basis of our processing of personal data;
- your rights in relation to the personal data we collect; and
- your rights and interests that will be affected if you elect not to provide your personal data.
- WHAT TYPE OF DATA IS COLLECTED?
QSR will collect, store, use, process and disclose personal data (including sensitive information) only in a manner permitted by law.
Personal data is any information or an opinion about an identified or identifiable natural person (“data subject”). The personal data that we may collect and hold in connection with your use of our website, software and services may include your:
- identification number;
- date of birth;
- postal and email address;
- phone number;
- contact preferences;
- demographic information;
- the location from which you have come to the site and the pages you have visited; and
- technical data, which may include IP address, the types of devices you are using to access the website, device attributes, browser type, language and operating system.
When you apply for and we facilitate the provision of a specific product or service, we may also collect information from you related to that product or service.
Sensitive information includes information that reveals an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sexual orientation or practices, health information, criminal convictions and genetic or certain biometric information.
If you are applying for employment with QSR, we may collect and process information about you such as your employment history, qualifications, residency status, background check and other information required as part of the recruitment process. Where reasonably necessary for the position for which you apply, we may also collect sensitive information about you such as your health or medical information, racial or ethnic origin and criminal convictions (if any). You acknowledge and consent to QSR's collection, storage, use, processing and disclosure of any such information for the purpose of assessing your employment application.
QSR generally collects personal data as part of its recruitment process for the purpose of facilitating safe recruitment and determining suitability for the role. If you fail to provide certain information when requested, we may not be able to enter into an employment contract with you (for example if incorrect references are provided), or we may be prevented from complying with our legal obligations (such as evidence of right to work).
Throughout your job application process, QSR will only use your personal information for the purposes for which it was collected, unless we reasonably consider that we need to use it for a secondary purpose, and that purpose is related, or in the case of sensitive information - directly related, to the original purpose. If we need to use your personal information for an unrelated secondary purpose, we will notify you and seek your consent.
The period for which we retain your information will depend on whether your application is successful and you become employed by us, the nature of the information concerned, and the purposes for which it is processed.
If the information is no longer required by us for any purpose for which it was collected, and is no longer required by law to be retained by us, we will destroy or de-identify the information.
HOW DOES QSR COLLECT YOUR PERSONAL DATA?
QSR may collect personal data from the individual concerned and from third parties, including but not limited to QSR's partners, agents and resellers.
QSR may collect your personal data in various ways, such as when you communicate with us over the phone, via email, QSR's portal, through our website (for instance, when you activate the QSR software) or through a written application.
When ordering or registering on our website, you may be asked to enter personal data such as your name or email address. We may also ask for further personal data including your mailing address, phone number, contact preferences and credit card information. QSR does not store credit card information as payments are processed through third parties using external payment gateways.
In particular, your personal data will be collected by QSR when you participate in the following:
- Requesting a free trial software download.
- Purchasing a product from QSR.
- Activating QSR software or e-demos (includes trial software).
- Being a member of a user testing community.
- Registering for QSR training, webinars, conferences, events or exclusive content.
- Subscribing to email communications and newsletters.
- Submitting a product support request (including product crash report dialogues).
- Contacting QSR in relation to a query.
- Participating in an online survey and/or user testing activities.
- QSR marketing/promotional activities.
We have processes in place to ensure that our records remain accurate, complete and up to date, including by verifying information with you each time you use our services or from other sources.
Can I choose to remain anonymous?
You can always choose to deal with us anonymously or by using a pseudonym. You may also choose not to give us your personal data. However, please note that if you choose not to provide us with your personal data or to deal with us anonymously, this may affect your ability to access or use certain functions of our website, software, products or services, and we may not be able to respond to your queries.
If you wish to remain anonymous when dealing with us via a telephone call, please advise the call operator assisting you. Providing your personal details enables us to provide you with a contact record reference number which allows you, and other authorised persons, to retrieve information about that call at a later date.
HOW YOUR PERSONAL DATA MAY BE USED BY QSR
QSR has a legitimate business interest in operating and improving its business and the services it offers. QSR may only collect, store, use, process and disclose your personal data, and you consent to us doing so, for the following purposes:
- to enable you to access and use our website, apps, and services;
- to provide you with the information, products and services that you request from us;
- to operate, improve and optimise the QSR website to better serve you and other users;
- to send support and administrative messages, reminders, technical notices, billing, updates, security alerts, and information to you;
- to enable QSR to respond promptly to your customer service requests;
- to facilitate payment transactions;
- to review QSR services or products.
- to communicate with you and respond to queries via live chat, email or phone;
- to provide the service(s), information or products you have requested or to carry out the transaction(s) you have authorised (or we may disclose this information to authorised QSR partners to undertake this activity on our behalf);
- for research and development in order to improve QSR’s product offerings and solutions;
- to send marketing and promotional messages to you and other information that has been requested or which may be of interest;
- to investigate, prevent, or take action regarding illegal activities or suspected fraud; and
- to facilitate recruitment by QSR.
RETAINING YOUR PERSONAL DATA
If your personal data is no longer required by us for the purpose for which it was collected and is no longer required by law to be retained by us, we will destroy or de-identify the information.
TYPES OF DATA NOT COLLECTED BY QSR
QSR does not collect any details of the data you are working with when you use our software products. This data is stored only in the projects or files into which you direct the software to save the data.
NCapture stores the data you capture only in the files you create. When using NCapture to capture data from social media sites, you may be asked by the site whether you wish to grant NCapture permission to collect particular kinds of data.
Choosing to grant these permissions to NCapture:
- does not allow NCapture to capture any data that you, as a user of that social media site, do not yourself have access to; and
- does not cause NCapture to send any captured data to QSR.
When you import data captured using NCapture into NVivo, you have the option to exclude some unwanted information (such as location or bio data). Refer to the help documentation in NCapture and NVivo for further details.
THIRD PARTIES TO WHOM QSR MAY DISCLOSE YOUR PERSONAL DATA
We may disclose your personal data to third parties for the purposes listed above, and so that they may perform services for us or on our behalf. QSR may need to disclose your personal data to third parties including:
- QSR’s suppliers, subcontractors, agents, professional advisers, government regulatory bodies, tribunals, courts of law, debt collection agents, insurers and to their respective related entities and partners.
- Third parties engaged by QSR (who will be bound by confidentiality obligations) in your geographic region or able to communicate in your language, to ensure that you are better serviced.
- Third parties engaged by QSR to conduct customer satisfaction surveys (only with your prior consent).
- In the event of a re-organisation, merger, or sale we may transfer your personal data to a third party (who will be bound by confidentiality obligations) during the due diligence process.
- Payment services providers in relation to financial transactions relating to our services, including processing payments.
- In relation to disclosure necessary for compliance with a legal obligation applicable to QSR, we may also disclose your personal data in circumstances where necessary in legal proceedings, whether in or out of court.
When we disclose personal information to third parties, we make all reasonable efforts to ensure that we disclose only relevant information and that it is accurate, complete and up to date and that the third party will comply with relevant privacy laws in relation to that information.
HOW DOES QSR KEEP YOUR PERSONAL DATA SECURE?
QSR has implemented security measures to protect your personal data from misuse, loss, and from unauthorised access, modification and disclosure. The following security measures are in place:
- QSR uses malware scanning. QSR’s website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to QSR’s website as safe as possible.
- Your personal data is contained behind secured networks and is only accessible to a limited number of persons duly authorised by QSR who are required to keep the information confidential.
- If you make an online application or undertake a payment transaction using QSR’s website, QSR takes additional steps to protect the security of your personal data. Your personal data is encrypted via a Secure Socket Layer (SSL) technology (in your web browser, you can confirm that your session is encrypted by the appearance of a locked padlock symbol at the foot of the browser).
- All payment transactions are processed through a gateway provider and are not stored or processed on our servers.
- Our staff are trained in how to keep your information safe and secure.
- We store your hard copy and electronic records in secure systems.
- We use trusted contracted service providers (including cloud storage providers).
- To help protect your privacy and maintain security, we may take steps to verify your identity before we can action your request.
Notwithstanding the security measures implemented by QSR, we advise that there are inherent risks in transmitting information across the internet, including the risk that information sent to or from a website may be intercepted, corrupted or modified by third parties. While QSR takes reasonable measures to protect your personal data, we cannot warrant the security of any information transmitted to QSR online and users of our website do so at their own risk.
INTERNATIONAL TRANSFERS OF PERSONAL DATA
In certain circumstances we may need to transfer your personal data to countries outside the country in which the data was collected (or, in the case of personal data collected within the European Economic Area (“EEA”), to countries outside the EEA) including our offices around the world which are currently located in the USA, UK, Australia, Japan and Switzerland.
International transfers of your personal data are protected by appropriate safeguards, such as the standard data protection model clauses adopted by the European Commission or any other supervisory authority, which we will incorporate into our agreements with such transferees of personal data.
As a customer or website user of QSR, you consent to QSR transferring or granting access to your personal data to companies in the QSR Group. All data is transferred or accessed using either a secure transport layer or encrypted algorithm. Most of the data collected is then centralised and imported into a central customer relationship management system and housed within secure data centre facilities. This is available to staff across all regions within the QSR Group by way of an encrypted secure transport layer and individual staff authentication is required.
CLOUD STORAGE OF PERSONAL DATA
We may store data on remote servers operated by a cloud service provider, rather than storing it on our own servers. Regardless of the location from which you use our online services or provide information to us, your data may be transferred to and maintained on servers located outside the country in which the data was collected (or, in the case of personal data collected within the EEA, to countries outside the EEA). By providing any data through our online services, you hereby expressly consent to the transferring and processing of your data in such other countries.
Transfers of personal data to servers operated by cloud service providers outside the EEA will be protected by appropriate safeguards, namely the standard data protection clauses adopted by the European Commission or other supervisory authority, which we will incorporate into our agreements with such cloud service providers.
All data is stored with secure methods, and with limited/restricted access to persons duly authorised by QSR. Customer data stored in the cloud components of QSR products is stored in one of the four regional data centres used by QSR. These data centres are located in Canada, Singapore, Netherlands, and the USA. The data centre geographically closest to the customer will be chosen as the default location. Enterprise customers may specify the data centre they wish to use. Should Enterprise customers decide not to specify a region, the region geographically closest to the Enterprise customer will be selected by default.
If you are a “data subject” under applicable data protection law in the EU or United Kingdom, you will have the following rights in relation to your personal data held by QSR:
Right to Access: you may request confirmation from QSR as to whether we process your personal data, and if so, you may request a copy of that personal data. However, it may not be possible to give you a copy of the information if it was provided anonymously or if it may lead to harm being done to another person;
Right to Rectification: you have the right to request that we rectify or update any personal data that is inaccurate, incomplete or outdated without undue delay;
Right to Erasure: you have the right to request that we erase your personal data without undue delay in certain circumstances, such as where we collected personal data on the basis of your consent and you withdraw your consent;
Right to Restriction of Processing: you have the right request that we restrict the use of your personal data in certain circumstances, such as while we consider another request that you have submitted, for example a request that we update your personal data;
Right to Withdraw Consent: where you have given us consent to process your personal data, you have the right to withdraw your consent; and
Right to Data Portability: you have the right to request that we provide you with a copy of your personal data in a structured, commonly used and machine-readable format in certain circumstances.
Similarly, if you reside in Australia, you have the 'Right of Access' and the 'Right of Rectification' set out above. If we refuse to provide you with access to your personal data or to update your data in the way you request, we will provide you with written reasons. If we refuse to correct or update your information, you may request that we make a note on your record that you are of the opinion that the information is inaccurate, incomplete, out of date, irrelevant or misleading, as the case may be.
There is no charge for requesting access to your personal information, but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material). You will be notified of any likely costs before your request is processed.
LINKS TO THIRD PARTY SITES
The QSR website may provide links to other websites for your convenience and information. These websites may be owned and operated by companies other than QSR. QSR is not responsible for these sites or any consequence of a person's use of those sites. In particular, we are not responsible for the privacy policies or practices of the operators of other websites. We recommend that you review the privacy policies of those external websites before using them.
BLOGS AND OTHER INTERACTIVE SERVICES
QSR may provide blogs, online forums or other interactive services on its website which enable users to post and share information. Any information posted or shared by users through blogs, online forums or other interactive services will become public information and will be available to other users who access the QSR website.
Cookies are small files that a site or its service provider transfers to your computer's hard drive through your web browser (if you allow) that enables the site's or service provider's systems to recognize your browser and capture and remember certain information.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies by selecting the appropriate setting on your browser. If you disable cookies, this may prevent you from using the full functionality of our website. However, you can still place orders.
THIRD PARTY SERVICES
The information generated by the cookie about your use of the website (including their IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of compiling reports on the website activity and providing other services relating to the website and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate a person's IP address with any other data held by Google.
Our website uses Google Analytics and Google AdWords cookies to advertise our products and services through Google AdWords and/or other third-party vendors to persons who have previously accessed our website.
We use Google Ads to improve our presence online and help measure the effectiveness of our advertising. Google Ads helps QSR to make sure our ads are shown to the right people. It collects data that helps you track conversions from Google ads, optimize ads, build targeted audiences for future ads and remarket to people who have already taken some kind of action on your website.
When you visit our website, a record is made of your visit, including the following information:
- your server address;
- your top-level domain name;
- the date and time of access to the site;
- pages accessed and documents downloaded;
- the previous site visited; and
- the type of browser software in use.
We analyse this non-identifiable website traffic data (including through the use of third-party service providers) on an aggregated basis to improve our services and for statistical purposes.
No attempt will be made to identify users or their browsing activities except in the unlikely event of an investigation, where a law enforcement agency may exercise a warrant to inspect the Internet Service Provider's log files.
We use the Facebook pixel - a piece of code that you put on your website that allows you to measure the effectiveness of your advertising by understanding the actions people take on your website.
Pixels helps QSR to make sure our ads are shown to the right people. It collects data that helps you track conversions from Facebook ads, optimize ads, build targeted audiences for future ads and remarket to people who have already taken some kind of action on your website.
We use Autopilot to send marketing communications. Autopilot will capture identifiable information (e.g. Name, Email). Autopilot collects information to help us better segment audiences and serve you relevant marketing communications.
We use Mixmax to improve our email communication. Personally identifiable information will be captured in Mixmax (e.g. email). The application is used to improve our email communications.
We use the LinkedIn pixel - a piece of code that you put on your website that allows you to measure the effectiveness of your advertising by understanding the actions people take on your website. Pixels helps QSR to make sure our ads are shown to the right people. It collects data that helps you track conversions from LinkedIn ads, optimize ads, build targeted audiences for future ads and remarket to people who have already taken some kind of action on your website.
We use Zapier to send collected information between multiple applications. When you submit your details on our website, these details may be passed via Zapier to other applications. This helps us understand how you use our website.
Typeform is used to collect survey data. We use collected survey data to improve our products, create educational content, create marketing content.
Demio is a webinar platform we use to engage, communicate, and build relationships with our prospects and customers. We use Demio to host webinars and collect personally identifiable information in relation to webinar engagement data.
We use Unbounce to create marketing web pages. We capture personally identifiable information such as names, emails, and addresses so we can best communicate with users interested in our products.
We use Amplitude to report on our product usage. We capture non-identifiable, and identifiable information in Amplitude. This is primarily used to aggregate data and generate reports on how our products are being used. This helps us improve our products, and operations.
We use Segment to pass information between applications. Segment is used to pass information between applications. Your information, identifiable and non-identifiable, may flow through segment.
Notion is used as an internal wiki. Occasionally, information you provide may be included in Notion for the purposes of improving our products and operations.
Drift is used to provide a chat-bot and real-time conversation with our team, on our website. We may capture personally identifiable information such as names and email. This is so we can best communicate with the user.
UNSUBSCRIBE FROM EMAILS
If at any time you would like to unsubscribe from receiving emails from QSR, you can email us at email@example.com and we will promptly action you request.
QSR considers a child to be anyone under the age of 18. We do not knowingly seek or collect personal data from a child without the consent of a parent or guardian. If QSR becomes aware that personal data that has been submitted relates to a child without the consent of a parent or guardian, QSR will use reasonable efforts to delete that personal data from its files as soon as possible. If deletion is not possible, QSR will ensure that the personal data is not used further for any purpose.
HOW TO CONTACT US
If you have any questions, complaints or concerns about how we handle your personal information or think that your privacy has been affected, please contact our DPO for an examination of your complaint or concern. Our DPO is responsible for all matters relating to privacy and data protection and can be contacted at firstname.lastname@example.org.
If you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent advisor or contact the relevant data privacy regulator:
For Australian residents, this is the Office of the Australian Information Commissioner;
For UK residents, this is the Information Commissioner’s Office;
For residents of the European Economic Area, this is the data protection authority in your country of residence. A list of EU national data protection authorities can be found on the European Commission website at: https://ec.europa.eu/info/strategy/justice-and-fundamental-rights/data-protection_en.