Last updated: 17th June 2021
QS ImpACT (“we”, “our”, “us”) are committed to protecting and respecting your privacy. We are a Charity registered in England and Wales (Charity no. 1161402) with a registered office at Calderstones Mansion, Calderstones Road, Liverpool, L183JD, and for the purposes of the Data Protection Act 2018 and UK General Data Protection Regulation, we are the data controller.
What types of information do we collect and how do we use it?
Information you give us. You will provide us with information when you contact us via our Website or email, telephone or otherwise. When you contact us, we will usually ask for your name and email address so that we can respond to your query.
In addition, when you sign up to the QS ImpACT website, we will usually ask for:
- your first name and last name;
- your email address;
- your date of birth;
- your educational establishment; and
- a photograph.
As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our website and the QS ImpACT website, we will use your information to:
- communicate with you;
- sign you up for our newsletters or alerts;
- contact you via telephone or email;
- identify our users;
- administer and provide services and support per your request;
- personalise our services for you;
- enforce our Website terms and conditions;
- if you have opted-in to marketing, communicate with you about products, services, promotions, events and other news and information we think will be of interest to you; or
- provide third parties with statistical information about our users (but those third parties will not be able to identify any individual user from that information).
Technical usage information. When you visit the Website, we automatically collect the information sent to us by your computer, mobile phone, or other access device. This information includes:
- your IP address;
- device information including, but not limited to, identifier, name, and type of operating system;
- mobile network information; and
- standard web information, such as your browser type and the pages you access on our Website.
As it is in our legitimate interests to process your data to provide effective services and useful content to you, we collect this information to:
- personalise our Website to ensure content from the Website is presented in the most effective manner for you and your device;
- monitor and analyse trends, usage and activity in connection with our Website and services to improve the Website;
- administer the Website, and for internal operations, in order to conduct troubleshooting, data analysis, testing, research, statistical and survey analysis;
- keep the Website safe and secure; or
- measure and understand the effectiveness of the content we serve to you and others.
We use Google Analytics, which is a web analytics tool that helps us understand how users engage with the Website. Like many services, Google Analytics uses first-party cookies to track user interactions, as in our case, where they are used to collect information about how users use our site. This information is used to compile reports and to help us improve our Website. The reports disclose website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our site – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.
How do we share your personal data?
We share your information with selected recipients. These categories of recipients include cloud storage providers, such as Google Drive, which store your personal data in the United States and Ireland to store the personal data you provide and for disaster recovery services, as well as for the performance of any contract we enter into with you;
We will share your information with law enforcement agencies, public authorities or other organisations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:
· comply with a legal obligation, process or request;
· enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
· detect, prevent or otherwise address security, fraud or technical issues; or
· protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
We will also disclose your information to third parties:
· in the event that we sell any business or assets, in which case we will disclose your data to the prospective buyer of such business or assets; or
· if we or substantially all of our assets are acquired by a third party, in which case information held by us about our users will be one of the transferred assets.
Where do we store your personal data?
The information that we collect from you will be transferred to Google Drive for the purposes of cloud storage and stored at/processed in the United States. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this policy. This transfer will be covered by the European Commission’s model clauses for the transfer of personal data to third countries (i.e., the standard contractual clauses), pursuant to Decision 2010/87/EU. Please contact firstname.lastname@example.org, if you would like to see a copy of the Model Clauses.
The security of your personal data
Unfortunately, the transmission of information via the internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted through the Website or over email; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organisational measures to safeguard your personal data against loss, theft and unauthorised use, access or modification.
We will, from time to time, host links to and from the websites of our affiliates or third parties. If you follow a link to any of these websites, these websites will have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to those websites.
How long do we store your personal data?
We will retain your information as follows:
· If you contact us for a general query or communication via email we will keep your data for 1 month after.
· If you express interest in or participate in a QS Word Merit program we will retain your data for up to a year after the end of the program.
· Your technical usage information for 2 months after.
· Data on your use of the services and our website: to help campaign and products in the future for 2 months.
· After you have terminated your use of our services and website, we will store your information in an aggregated and anonymised format.
You have the right to ask us to access the personal data we hold about you and be provided with certain information about how we
use your personal data and who we share it with. You also have the right to ask us to correct your personal data where it is inaccurate or incomplete and we will endeavour to do so without undue delay.
Where you have provided your personal data to us with your consent, you have the right to ask us for a copy of this data in a structured, machine readable format and to ask us to share (port) this data to another data controller.
In certain circumstances, you have the right to ask us to delete the personal data we hold about you:
· where you believe that it is no longer necessary for us to hold your personal data;
· where we are processing your personal data on the basis of legitimate interests and you object to such processing and we cannot demonstrate an overriding legitimate ground for the processing;
· where you have provided your personal data to us with your consent and you wish to withdraw your consent and there is no other ground under which we can process your personal data;
· where you believe our holding and processing of your personal data might endanger your life; or
· where you believe the personal data we hold about you is being unlawfully processed by us.
In certain circumstances, you have the right to ask us to restrict (stop any active) processing of your personal data:
· where you believe the personal data we hold about you is inaccurate and while we verify accuracy;
· where we want to erase your personal data as the processing is unlawful but you want us to continue to store it;
· where we no longer need your personal data for the purposes of our processing but you require us to retain the data for the establishment, exercise or defence of legal claims; or
· where you have objected to us processing your personal data based on our legitimate interests and we are considering your objection.
In addition, you can object to our processing of your personal data based on our legitimate interests and we will no longer process your personal data unless we can demonstrate an overriding legitimate ground.
To exercise any of these rights above, please contact email@example.com. In addition, you have the right to complain to the Information Commissioner’s Office or other applicable data protection supervisory authority.
Please note that these rights are limited, for example, where fulfilling your request would adversely affect other individuals, trade secrets or intellectual property, where there are overriding public interest reasons or where we are required by law to retain your personal data.
Withdrawal of Consent
Where you have provided your consent for us to process your personal data, you can withdraw your consent at any time by emailing firstname.lastname@example.org.
Objection to Marketing
At any time you have the right to object to our processing of data about you in order to send you promotions for new campaigns, including where we build profiles for such purposes, and we will stop processing the data for that purpose.
In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at email@example.com and we will endeavour to deal with your request. This is without prejudice to your right to launch a claim with the Information
Commissioner’s Office or the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.
Any changes we will make to this policy in the future will be posted on this page. Please check back frequently to see any updates or changes to this policy.
Questions, comments and requests regarding this policy are welcomed and should be addressed to firstname.lastname@example.org.