Quadrilect Background

Call now +44 (0)7483 348 224

Submenu: Data Protection > Our digital security > How we use your data > Other

Privacy Statement, Data Processing & Breach Management

Data Protection Policy

Data Protection Policy
We, Quadrilect Ltd are required to comply with the provisions of the General Data Protection Regulation GDPR in relation to how we handle any personal data we obtain from you. Any personal information we gather will only be used in the context of your employment with us OR the business we conduct with you. We may also collect Sensitive Personal Data about you, but only with your explicit consent in advance.
We will process the information we obtain from you to enable us to fulfil our contractual obligations  and we will only disclose your details to selected third parties where required to deliver the service purchased or a legal requirement, such as Qualification Awarding Organisations, Regulators or Industry bodies.


We may from time to time email or post to you or your company details of products or courses we believe may be of interest to you. If you no longer require such information or you have provided us with any information that you no longer wish us to use, please contact us on info@quadrilect.co.uk or call us on tel 07483 348 224.


Right to be Forgotten
You have the right to have us correct any inadequacies in the personal details we hold about you, and to object to any direct marketing we carry out using your personal details. You also have the right to ask for a copy of the information we hold in our records.  Please contact us at the address below if you want a copy of the personal data we hold about you.
You can at any point make a request to access your information and advise us if you wish for information to be removed.  We will respond to this request within 30 days.
You have the right to request removal of this information where it doesn’t breach statutory requirements.
Information on data protection can be found at www.ico.org.uk
You can contact us on
info@quadrilect.co.uk
tel: 07483 348 224


Our digital security
Firewall
The Boundary Firewall of our internal network is “industrial strength” which is closed to all externally instigated traffic from other than white listed IP addresses and uses one time codes, sent via SMS, to control administrator access. Daily firewall reporting is monitored for traffic that has been denied access so as to identify and respond to attempts to break security before a breach is achieved.  In addition, we:

  1. Action lock-out following failure to enter password, designed to prohibit automatic password hunting.
  2. Use industry leading malware protection with real time scanning of emails and file downloads and daily full scanning of system and data files. All with automatic deletion or quarantining of identified threats


Email and web host
Network Solutions are signed up to Privacy Shield, an EU-U.S. framework designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data. Data transfers between your browser and our website are encrypted in accordance with a valid SSL Certificate issued to Quadrilect Ltd.
Access to the website administration is secured to privileged users by two level authorization.
In-house Network
Our in house network is managed on internal servers protected by firewall and two level authorization.
Cyber Security Certificate
We hold a Cyber Essentials and IASME Certificate and insurance.


How we use your data
Training Courses
Data provided to register on a training course is processed to enable us to register you and send out information regarding your attendance at the course.
Name
Job Title
Company
Address
Telephone
Email
Dietary/special access requirement if required
 

Where is the data kept?
This data is kept on our event management database which is hosted on an internal server at a secured office location and is not connected to external networks or the internet. Any booking data is also held on our password / firewall protected network.
 

On line registrations
These are held on an SQL database integrated in to the web registration process of our website.  This site is hosted by Network Solutions Suggest.  Network Solutions are signed up to Privacy Shield, an EU-U.S. framework designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data. Data transfers between your browser and our website are encrypted in accordance with a valid SSL Certificate issued to Quadrilect Ltd.
Access to the website administration is secured to privileged users by two level authorization.
 

Credit/Debit card Information
Payment is made via Stripe, a secure online payment processing platform.  Quadrilect do not hold credit/debit card details.
 

Online Accounts
These accounts are set up & managed directly by the registrant.  The data is held in a secure SQL database integrated into the website.  We do not request or hold credit/debit card information on web accounts.
 

How long do we hold your data?
We hold your CPD records on our event management system [off line] and in network folders [firewall and password protected] as a lifelong learning reference.  However if you wish for the data to be removed we are happy to do so on request.  We hold financial records for up to 7 years.
 

Who do we share this data with?
A delegate list showing name and company is provided for each course and shared with the course administrator and course trainer/s.
 

Marketing data on our event management system for public courses
All learners are given a profile as follows:
Delegate – a previous course attendee & Area of interest – eg facilities/health & safety
We are happy to remove this data at any point if you do not wish to be contacted by us.  Alternatively you can choose to have just email communications or just direct mail.  Please just contact us and advise on tel: 07483 348 224
 

Who do we share your data with?
 

Zoom Video Conference Platform for Virtual Training Zone Courses only – you will log in using meeting id we provide via a browser but you do not give any other data other than your name so we can give you access.  If you choose to set up a zoom account and download the zoom software directly to your pc then you should check you are comfortable with their privacy and data policy directly.
https://zoom.us/privacy/
 

Mailing House for Direct Mail Campaigns [return address envelopes for removal requests].  Data protected and destroyed after processed.     Hanson Direct Privacy Policy http://www.hansondirect.co.uk/styled-3/
Dotdigital for e-news campaigns with an unsubscribe option   Dotdigital Privacy Policy https://dotdigital.com/terms/privacy-policy/
Mailchimp for e-news campaigns with an unsubscribe option   Mailchimp Privacy Policy https://mailchimp.com/legal/privacy/
Client  - secure document shared with privileged users.
Survey Monkey - Evaluation Survey    Survey Monkey Privacy Policy https://www.surveymonkey.com/mp/legal/privacy-policy/
Connaught – plain text email communications with event information and post course documentation   Connaught Privacy Policy requested. 
https://www.quadrilect.com/event-management_35_3882896022.pdf

For some of our events we request your permission to publish your details in the event delegate booklets.

Email communications
All email communications are managed via our host Network Solutions.  Network Solutions are signed up to Privacy Shield, an EU-U.S. framework designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data. Data transfers between your browser and our website are encrypted in accordance with a valid SSL Certificate issued to Quadrilect Ltd.


Qualifications
Data provided to register on a Qualification is processed to enable us to register you with the relevant Awarding Organisation and send out information regarding your qualification programme, process assessment and results.
 

Where is the data kept?
As above for training course attendance as outlined in your signed study plans
Learner folders are held on our network which is run on in-house servers with commercial firewall & password protection.  These folders contain your application, study plan, assessment submissions and feedback
 

How long do we hold this data?
CPD records are held for lifelong learning as above
Financial data is held for up to 7 years
Who do we share the data with?
The qualifying Awarding Organisation
Qualification Team Members for the purpose of delivery of the qualification: Assessors/Tutors.  Please note all Assessors and tutors sign confidentiality agreements.
 

Online accounts
Our on line learning platform for qualifications is Moodle.  We set up the learner account and provide user name and password.  The accounts are deleted on successful completion of the qualification or registration expires.
 

Plagiarism Software
All assessments are processed through a plagiarism software tool, Plagscan [secure access for privileged users]. This will generate a report on the assessment to ensure the work is properly referenced and has not been copied from another source without the correct acknowledgements.  Once an assessment has been processed and the report generated the information is deleted.


Conferences, Dinners and Events
 

What data do we hold?
For the purpose of processing your registration we collect the following data.
Name
Job Title / Profession
Company
Address
Telephone
Email
 

Where do we hold it?
This data is kept on our event management database which is hosted on an internal server at a secured office location and is not connected to external networks or the internet. Any booking data is also held on our password / firewall protected network.
 

How long do we hold it?
We hold your CPD records on this system as a lifelong learning reference.  However if you wish for the data to be removed we are happy to do so on request.  We hold financial records for up to 7 years.
 

Who do we share it with?
 

Zoom Video Conference Platform for online events – For large online events you will be asked to register directly with zoom but they will not sell or re-use your data.  Please see their privacy policy below https://zoom.us/privacy/
Mailing House for Direct Mail Campaigns [return address envelopes for removal requests].  Data protected and destroyed after processed.     Hanson Direct Privacy Policy http://www.hansondirect.co.uk/styled-3/
Dotdigital for e-news campaigns with an unsubscribe option   Dotdigital Privacy Policy https://dotdigital.com/terms/privacy-policy/
Mailchimp for e-news campaigns with an unsubscribe option   Mailchimp Privacy Policy https://mailchimp.com/legal/privacy/
Client  - secure document shared with privileged users.
Survey Monkey - Evaluation Survey    Survey Monkey Privacy Policy https://www.surveymonkey.com/mp/legal/privacy-policy/
Connaught – plain text email communications with event information and post course documentation   Connaught Privacy Policy requested. 
https://www.quadrilect.com/event-management_35_3882896022.pdf

For some of our events we request your permission to publish your details in the event delegate booklets.


Other
Email communications
All email communications are managed via our host Network Solutions. Network Solutions are signed up to Privacy Shield, an EU-U.S. framework designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data. Data transfers between your browser and our website are encrypted in accordance with a valid SSL Certificate issued to Quadrilect Ltd.
Our network is run on in house servers which have commercial firewall & two level authorization password protection.
 

Portable devices
All documents with personal data are secured with password protection.  A log of portable devices and content is maintained to manage and destroy data as appropriate.
Supplier Data
We use Sage Accounts to manage our supplier accounts and hold the following information.
Company name, address and bank details.  This information is held so we can process supplier invoices for services received.
Sage Accounts is held on our secure internal network and only accessed by privileged users with password protection.


Data Breach Management
Daily firewall reporting monitored and quarterly periodic testing of system access.  If a breach is identified we will alert all customers and suppliers via email and put a notice on our website outlining the form of the breach and data exposed.  All security passwords will be updated and system access points restored with new IP addresses where required.
Customers will be asked to change their account passwords.
Note no credit/debit card data is stored as we use a payments processing platform.

Changes to our data processing
We will update this policy if any change to our data processing occurs and this will be published on our website.  A link will be provided to this policy with the confirmation of all training & qualification registrations.  If there is a fundamental change of the type of data we are processing and the use of data we will send an email communication to all suppliers and customers updating them on our processes with a link to the updated policy.
Data Destruction
Any request for data to be deleted where it doesn’t breach statutory requirements will be processed within 48 hours.  Notification will be sent confirming the data destruction.
System hardware will be disposed of through a certified company and certificates of destruction will be held for audit purposes.
Hard copy data with personal identifiers will be destroyed by a certified shredding company and certificates of destruction will be held for audit purposes.
Hard copy data stored with a secure storage facility is annually reviewed and an archive document is updated recording content and date of destruction.


Click here to download our policy