Website, Email & Supplier Privacy Notice

V1.0 Feb 2019

We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.

Who we are

PQ Solutions Limited and its subsidiaries, trading collectively as Post-Quantum, collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

The personal information we collect and use

We collect personal data from you for one or more of the following purposes:

To provide you with information that you have requested or that we think may be relevant to a subject in which you have demonstrated an interest.
To initiate and complete commercial transactions with you, or the entity that you represent, for the purchase of products and/or services.
To fulfil a contract that we have entered into with you or with the entity that you represent. In these circumstances it may be your entity, rather than yourself, that has provided us with your personal data.
To ensure the security and safe operation of our websites and underlying business infrastructure.
To manage any communication between you and us.

Personal information gathered from Post-Quantum staff and end-users of Post-Quantum services are covered by separate privacy notices. For details on these contact privacy@post-quantum.com

Technical Information

In addition, to ensure that each visitor to any of our websites can use and navigate the site effectively, we collect the following:

Technical information, including the IP (Internet Protocol) address used to connect your device to the Internet.
Your login information, browser type and version, time zone setting, browser plug-in types and versions.
Operating system and platform.
Information about your visit, including the URL (Uniform Resource Locators) clickstream to, through, and from our site.

Our cookies policy, which can be viewed from the homepage of each of our website, describes in detail how we use cookies.

How we use, share, and retain your personal information

The table below sets out:

the information that we gather
the purpose for its collection
the lawful basis for its processing
with whom we share the data
the retention period of the data

Purpose of Collection	Information Category	Data Collected	Purpose for Collection	Lawfulness basis for processing	Data shared with?	Retention period
1a. To provide you with information	Subject matter information	Name, company name, geographic location, email address, business sector.	To provide appropriate online or email information about products and services that you have requested.	Contractual fulfilment	Internally only	Maximum eight years from the date the information is collected. Six months if a marketing email is left unopened.
1b. To provide you with information	Subject matter information	Name, company name, geographic location, email address, business sector.	To provide further, related, online or email information and ongoing news updates in relation to the identified area of interest.	Legitimate interest	Internally only	Maximum eight years from the date the information is collected. Six months if a marketing email is left unopened.
1c. To provide you with information	Subject matter information	Telephone number.	Follow-up to ensure requested information meets needs and identify further requirements.	Legitimate interest	Internally only	Maximum eight years from the date the information is collected. Six months if a marketing email is left unopened.
2a. Transactional information	Transaction details	Name, physical address, email address, telephone number, bank account details (for credit accounts), VAT number and other relevant tax information, other medium of content delivery.	To process purchase transactions for products and services with customers, and to ensure any transaction issues can be dealt with.	Contractual performance	Internally only	Maximum eight years from the date of the performance of the contract. Six months from the date the data subject has input personal information but has not proceeded with a transaction. Eight years for VAT records from the performance of the contract.
2b. Transactional information	Transaction details	Name, physical address, email address, telephone number, bank account details (for credit accounts), VAT number and other relevant tax information, other medium of content delivery.	For accounting and taxation purposes	Statutory obligation	Internally and professional advisers	Maximum eight years from the date of the performance of the contract. Six months from the date the data subject has input personal information but has not proceeded with a transaction. Eight years for VAT records from the performance of the contract.
2c. Transactional information	Transaction details	Name, physical address, email address, telephone number, bank account details (for credit accounts), VAT number and other relevant tax information, other medium of content delivery.	Documentation should any contractual legal claim arise.	Legitimate Interest	Internally and professional advisers	Maximum eight years from the date of the performance of the contract. Six months from the date the data subject has input personal information but has not proceeded with a transaction. Eight years for VAT records from the performance of the contract.
3. Security	Security information	Technical information, as described above, plus any other information that may be required for this purpose.	To protect our websites and infrastructure from cyber- attack or other threats and to report and deal with any illegal acts	Legitimate interest	interest Internally, forensic and other organisation s with which we might contract for this purpose	Relevant statutes of limitation.
4. Communications	Contact information	Names, contact details, identification details.	To communicate with you about any issue that you raise with us or which follows from an interaction between us.	Legitimate interest	Internally and, as necessary, with professional advisers.	Relevant statutes of limitation.
5a. Product and website development	Usage and survey data	Names, contact details, identification details.	To adapt and improve the website and develop existing and new products that meet the expectations and requirement of our customers.	Consent	Internally and with Google for analytics purposes.	If anonymised for statistical research, this data may be kept indefinitely.
5b. Product and website development	Usage and survey data	Names, contact details, identification details.	To adapt and improve the website and develop existing and new products that meet the expectations and requirement of our customers.	Consent	Internally and with Google for analytics purposes.	Where not anonymised, it shall be retained for a maximum of two years.

Transfer of your information out of the EEA

We may transfer your personal information to the following which are located outside the European Economic Area (EEA) as follows:

Our email, office productivity, analytics, accounting and customer relationship management software providers use cloud infrastructure, some or all of which’s physical infrastructure may be hosted in the USA

Such countries do not have the same data protection laws as the United Kingdom and EEA. Whilst the European Commission has not given a formal decision that the USA provides an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal information will be subject to relevant safeguards eg the EU-U.S. Privacy Shield (as permitted under Article 46 of the General Data Protection Regulation) that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information. To obtain a copy of the such safeguards, consult the website of the Information Commissioner’s Office (ico.org.uk)

If you would like further information please contact us (see ‘How to contact us’ below). We will not otherwise transfer your personal data outside of the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.

Your Rights

Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:

fair processing of information and transparency over how we use your use personal information
access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
require us to correct any mistakes in your information which we hold
require the erasure of personal information concerning you in certain situations
receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
object at any time to processing of personal information concerning you for direct marketing
object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
object in certain other situations to our continued processing of your personal information
otherwise restrict our processing of your personal information in certain circumstances

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

email, call or write to us
let us know the information to which your request relates

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How to complain

We hope that we can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/.

Changes to this privacy notice

This privacy notice was first published on 24th September 2019

We may change this privacy notice from time to time.

How to contact us

Please contact us if you have any questions about this privacy notice or the information we hold about you.

If you wish to contact us, please send an email to privacy@post-quantum.com.