QSR INTERNATIONAL GLOBAL DATA PRIVACY POLICY

By using this site, you acknowledge that you have reviewed the terms of this QSR International Global Data Privacy Policy (“Privacy Policy”) and agree that we may collect, use, process and transfer your personal data in accordance with this Privacy Policy. If you do not agree to these terms, you may choose not to provide any personal data and not to use our site. However, this may preclude you from using our products or services. This Privacy Policy also forms part of the Terms and Conditions for ordering and purchasing QSR International’s products and services. Please read this Privacy Policy carefully.

In this Privacy Policy, references to “we”, “our” and “us” are to QSR (as that term is defined below), and references to “you”, “your” and “yours” are to our customers and third parties.

We may make changes to this Privacy Policy from time to time in accordance with legislative changes and business requirements. The most current version of the Privacy Policy will be posted on the QSR website. If a revision meaningfully reduces your rights, we will notify you by email.

  1. WHO ARE WE?

    QSR International, LLC (“QSR International”) is a global organization. QSR International’s head office is located in Burlington, Massachusetts, USA, and we have offices in the United Kingdom, Australia, Japan and Switzerland.

    The related entities of QSR International include:

    • QSR International (Americas) Inc. – United States of America;
    • QSR International (UK) Limited – United Kingdom;
    • QSR International Pty Ltd - Australia;
    • Planet Software Pty Ltd - Australia;
    • QSR International Japan K.K. – Japan; and
    • Swiss Academic Software GmbH - Switzerland.

    For the purposes of this Privacy Policy, QSR International and its related entities will collectively be known as “QSR” or "QSR Group". As part of the business operations of QSR, all the information you provide may be transferred to or accessed by the various entities within the QSR Group in accordance with the provisions of this Privacy Policy.

    QSR is committed to protecting the privacy of its customers’ personal data and to the responsible use of personal data in accordance with the relevant laws which govern our use and handling of such information. We have developed this Privacy Policy to explain how we collect, store, use, process and disclose your personal data.

    This Privacy Policy sets out information on:

    1. the general categories of personal data we collect;
    2. why we collect an individual's personal data;
    3. how it will be used, and who it will be disclosed to;
    4. the legal basis of our processing of personal data;
    5. your rights in relation to the personal data we collect; and
    6. your rights and interests that will be affected if you elect not to provide your personal data.
  2. WHAT TYPE OF DATA IS COLLECTED?

    QSR will collect, store, use, process and disclose personal data only in a manner permitted by law.

    Personal data is any information or an opinion about an identified or identifiable natural person (“data subject”). The personal data that we may collect and hold in connection with your use of our website, software and services may include your:

    • name;
    • identification number;
    • date of birth;
    • gender;
    • postal and email address;
    • phone number;
    • contact preferences;
    • demographic information;
    • the location from which you have come to the site and the pages you have visited; and
    • technical data, which may include IP address, the types of devices you are using to access the website, device attributes, browser type, language and operating system.

    When you apply for and we facilitate the provision of a specific product or service, we may also collect information from you related to that product or service.

    Job Applicants

    If you are applying for employment with QSR, we may collect and process information about you such as your employment history, qualifications, residency status, background check and other information required as part of the recruitment process. Where reasonably necessary for the position for which you apply, we may also collect sensitive information about you such as your health or medical information, racial or ethnic origin and criminal convictions (if any). You acknowledge and consent to QSR's collection, storage, use, processing and disclosure of any such information for the purpose of assessing your employment application.

    QSR generally collects personal data as part of its recruitment process for the purpose of facilitating safe recruitment and determining suitability for the role. If you fail to provide certain information when requested, we may not be able to enter into an employment contract with you (for example if incorrect references are provided), or we may be prevented from complying with our legal obligations (such as evidence of right to work).

    Throughout your job application process, QSR will only use your personal information for the purposes for which it was collected, unless we reasonably consider that we need to use it for a secondary purpose, and that purpose is related, or in the case of sensitive information - directly related, to the original purpose. If we need to use your personal information for an unrelated secondary purpose, we will notify you and seek your consent.

    The period for which we retain your information will depend on whether your application is successful and you become employed by us, the nature of the information concerned, and the purposes for which it is processed.

    If the information is no longer required by us for any purpose for which it was collected, and is no longer required by law to be retained by us, we will destroy or de-identify the information.

  3. HOW DOES QSR COLLECT YOUR PERSONAL DATA?

    QSR may collect personal data from the individual concerned and from third parties, including but not limited to QSR's partners, agents and resellers.

    QSR may collect your personal data in various ways, such as when you communicate with us over the phone, via email, QSR's portal, through our website (for instance, when you activate the QSR software) or through a written application.

    When ordering or registering on our website, you may be asked to enter personal data such as your name or email address. We may also ask for further personal data including your mailing address, phone number, contact preferences and credit card information. QSR does not store credit card information as payments are processed through third parties using external payment gateways.

    In particular, your personal data will be collected by QSR when you participate in the following:

    • Requesting a free trial software download.
    • Purchasing a product from QSR.
    • Activating QSR software or e-demos (includes trial software).
    • Being a member of a user testing community.
    • Registering for QSR training, webinars, conferences, events or exclusive content.
    • Subscribing to email communications and newsletters.
    • Submitting a product support request (including product crash report dialogues).
    • Contacting QSR in relation to a query.
    • Participating in an online survey and/or user testing activities.
    • QSR marketing/promotional activities.

    We have processes in place to ensure that our records remain accurate, complete and up to date, including by verifying information with you each time you use our services or from other sources.

    If you provide another person's personal data to QSR, you are responsible for telling the other person that you have provided their personal data to QSR. You must also refer them to this Privacy Policy. By providing another person's personal data to QSR, you represent and guarantee that you are legally authorised to provide such personal data, and QSR will not be responsible for verifying any such authorisation.

    Can I choose to remain anonymous?

    You can always choose to deal with us anonymously or by using a pseudonym. You may also choose not to give us your personal data. However, please note that if you choose not to provide us with your personal data or to deal with us anonymously, this may affect your ability to access or use certain functions of our website, software, products or services, and we may not be able to respond to your queries.

    If you wish to remain anonymous when dealing with us via a telephone call, please advise the call operator assisting you. Providing your personal details enables us to provide you with a contact record reference number which allows you, and other authorised persons, to retrieve information about that call at a later date.

  4. HOW YOUR PERSONAL DATA MAY BE USED BY QSR

    QSR has a legitimate business interest in operating and improving its business and the services it offers. QSR may only collect, store, use, process and disclose your personal data, and you consent to us doing so, for the following purposes:

    • to enable you to access and use our website, apps, and services;
    • to provide you with the information, products and services that you request from us;
    • to operate, improve and optimise the QSR website to better serve you and other users;
    • to send support and administrative messages, reminders, technical notices, billing, updates, security alerts, and information to you;
    • to enable QSR to respond promptly to your customer service requests;
    • to facilitate payment transactions;
    • to review QSR services or products.
    • to communicate with you and respond to queries via live chat, email or phone;
    • to provide the service(s), information or products you have requested or to carry out the transaction(s) you have authorised (or we may disclose this information to authorised QSR partners to undertake this activity on our behalf);
    • for research and development in order to improve QSR’s product offerings and solutions;
    • to send marketing and promotional messages to you and other information that has been requested or which may be of interest;
    • to investigate, prevent, or take action regarding illegal activities or suspected fraud; and
    • to facilitate recruitment by QSR.
  5. RETAINING YOUR PERSONAL DATA

    We will retain your personal data for the period necessary to fulfil the purposes outlined in this Privacy Policy. In most cases, it is generally not possible for us to specify in advance the exact periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the period required by applicable law.

    If your personal data is no longer required by us for the purpose for which it was collected and is no longer required by law to be retained by us, we will destroy or de-identify the information.

  6. TYPES OF DATA NOT COLLECTED BY QSR

    QSR does not collect any details of the data you are working with when you use our software products. This data is stored only in the projects or files into which you direct the software to save the data.

    NCapture stores the data you capture only in the files you create. When using NCapture to capture data from social media sites, you may be asked by the site whether you wish to grant NCapture permission to collect particular kinds of data.

    Choosing to grant these permissions to NCapture:

    1. does not allow NCapture to capture any data that you, as a user of that social media site, do not yourself have access to; and
    2. does not cause NCapture to send any captured data to QSR.

    When you import data captured using NCapture into NVivo, you have the option to exclude some unwanted information (such as location or bio data). Refer to the help documentation in NCapture and NVivo for further details.

  7. THIRD PARTIES TO WHOM QSR MAY DISCLOSE YOUR PERSONAL DATA

    We may disclose your personal data to third parties for the purposes listed above, and so that they may perform services for us or on our behalf. QSR may need to disclose your personal data to third parties including:

    • QSR’s suppliers, subcontractors, agents, professional advisers, government regulatory bodies, tribunals, courts of law, debt collection agents, insurers and to their respective related entities and partners.
    • Third parties engaged by QSR (who will be bound by confidentiality obligations) in your geographic region or able to communicate in your language, to ensure that you are better serviced.
    • Third parties engaged by QSR to conduct customer satisfaction surveys (only with your prior consent).
    • A third-party event management platform such as Eventbrite to register QSR hosted events, workshops, eWorkshops and webinars. Eventbrite has its own privacy policy and may be a data controller in its own right in relation to the personal data we disclose to Eventbrite.
    • In the event of a re-organisation, merger, or sale we may transfer your personal data to a third party (who will be bound by confidentiality obligations) during the due diligence process.
    • Payment services providers in relation to financial transactions relating to our services, including processing payments.
    • In relation to disclosure necessary for compliance with a legal obligation applicable to QSR, we may also disclose your personal data in circumstances where necessary in legal proceedings, whether in or out of court.

    Except as provided in this Privacy Policy, QSR will not disclose your personal data to a third party unless you have consented to the disclosure, the disclosure is required or authorised by law, in an emergency or in the event of an investigation of suspected criminal activity such as fraud.

    When we disclose personal information to third parties, we make all reasonable efforts to ensure that we disclose only relevant information and that it is accurate, complete and up to date and that the third party will comply with relevant privacy laws in relation to that information.

  8. HOW DOES QSR KEEP YOUR PERSONAL DATA SECURE?

    QSR has implemented security measures to protect your personal data from misuse, loss, and from unauthorised access, modification and disclosure. The following security measures are in place:

     

    • QSR uses malware scanning. QSR’s website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to QSR’s website as safe as possible.
    • Your personal data is contained behind secured networks and is only accessible to a limited number of persons duly authorised by QSR who are required to keep the information confidential.
    • If you make an online application or undertake a payment transaction using QSR’s website, QSR takes additional steps to protect the security of your personal data. Your personal data is encrypted via a Secure Socket Layer (SSL) technology (in your web browser, you can confirm that your session is encrypted by the appearance of a locked padlock symbol at the foot of the browser).
    • All payment transactions are processed through a gateway provider and are not stored or processed on our servers.
    • Our staff are trained in how to keep your information safe and secure.
    • We store your hard copy and electronic records in secure systems.
    • We use trusted contracted service providers (including cloud storage providers).
    • To help protect your privacy and maintain security, we may take steps to verify your identity before we can action your request.

    Notwithstanding the security measures implemented by QSR, we advise that there are inherent risks in transmitting information across the internet, including the risk that information sent to or from a website may be intercepted, corrupted or modified by third parties. While QSR takes reasonable measures to protect your personal data, we cannot warrant the security of any information transmitted to QSR online and users of our website do so at their own risk.

    If you have security concerns or wish to provide personal information by other means (e.g. by telephone or paper), you may contact us using the contact details set out at the bottom of this Privacy Policy.

  9. INTERNATIONAL TRANSFERS OF PERSONAL DATA

    In certain circumstances we may need to transfer your personal data to countries outside the country in which the data was collected (or, in the case of personal data collected within the European Economic Area (“EEA”), to countries outside the EEA) including our offices around the world which are currently located in the USA, UK, Australia, Japan and Switzerland.

    International transfers of your personal data are protected by appropriate safeguards, such as the standard data protection model clauses adopted by the European Commission or any other supervisory authority, which we will incorporate into our agreements with such transferees of personal data.

    As a customer or website user of QSR, you consent to QSR transferring or granting access to your personal data to companies in the QSR Group. All data is transferred or accessed using either a secure transport layer or encrypted algorithm. Most of the data collected is then centralised and imported into a central customer relationship management system and housed within secure data centre facilities. This is available to staff across all regions within the QSR Group by way of an encrypted secure transport layer and individual staff authentication is required.

  10. CLOUD STORAGE OF PERSONAL DATA

    We may store data on remote servers operated by a cloud service provider, rather than storing it on our own servers. Regardless of the location from which you use our online services or provide information to us, your data may be transferred to and maintained on servers located outside the country in which the data was collected (or, in the case of personal data collected within the EEA, to countries outside the EEA). By providing any data through our online services, you hereby expressly consent to the transferring and processing of your data in such other countries.

    Transfers of personal data to servers operated by cloud service providers outside the EEA will be protected by appropriate safeguards, namely the standard data protection clauses adopted by the European Commission or other supervisory authority, which we will incorporate into our agreements with such cloud service providers.

    All data is stored with secure methods, and with limited/restricted access to persons duly authorised by QSR. Customer data stored in the cloud components of QSR products is stored in one of the four regional data centres used by QSR. These data centres are located in Canada, Singapore, Netherlands, and the USA. The data centre geographically closest to the customer will be chosen as the default location. Enterprise customers may specify the data centre they wish to use. Should Enterprise customers decide not to specify a region, the region geographically closest to the Enterprise customer will be selected by default.

  11. YOUR RIGHTS

    If you are a “data subject” under applicable data protection law in the EU or United Kingdom, you will have the following rights in relation to your personal data held by QSR:

    Right to Access: you may request confirmation from QSR as to whether we process your personal data, and if so, you may request a copy of that personal data. However, it may not be possible to give you a copy of the information if it was provided anonymously or if it may lead to harm being done to another person;

    Right to Rectification: you have the right to request that we rectify or update any personal data that is inaccurate, incomplete or outdated without undue delay;

    Right to Erasure: you have the right to request that we erase your personal data without undue delay in certain circumstances, such as where we collected personal data on the basis of your consent and you withdraw your consent;

    Right to Restriction of Processing: you have the right request that we restrict the use of your personal data in certain circumstances, such as while we consider another request that you have submitted, for example a request that we update your personal data;

    Right to Withdraw Consent: where you have given us consent to process your personal data, you have the right to withdraw your consent; and

    Right to Data Portability: you have the right to request that we provide you with a copy of your personal data in a structured, commonly used and machine-readable format in certain circumstances.

    Similarly, if you reside in Australia, you have the 'Right of Access' and the 'Right of Rectification' set out above. If we refuse to provide you with access to your personal data or to update your data in the way you request, we will provide you with written reasons. If we refuse to correct or update your information, you may request that we make a note on your record that you are of the opinion that the information is inaccurate, incomplete, out of date, irrelevant or misleading, as the case may be.

    There is no charge for requesting access to your personal information, but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material). You will be notified of any likely costs before your request is processed.

    To exercise your rights as set out above, please contact our Data Protection Officer (DPO) using the contact details set out at the bottom of this Privacy Policy.

  12. LINKS TO THIRD PARTY SITES

    The QSR website may provide links to other websites for your convenience and information. These websites may be owned and operated by companies other than QSR. QSR is not responsible for these sites or any consequence of a person's use of those sites. In particular, we are not responsible for the privacy policies or practices of the operators of other websites. We recommend that you review the privacy policies of those external websites before using them.

  13. BLOGS AND OTHER INTERACTIVE SERVICES

    QSR may provide blogs, online forums or other interactive services on its website which enable users to post and share information. Any information posted or shared by users through blogs, online forums or other interactive services will become public information and will be available to other users who access the QSR website.

  14. COOKIES

    Cookies are small files that a site or its service provider transfers to your computer's hard drive through your web browser (if you allow) that enables the site's or service provider's systems to recognize your browser and capture and remember certain information.

    We use cookies to understand and save user preferences for future visits to our website, for statistical purposes, for marketing purpose and to compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. Cookies help us improve the QRS website and products, optimise your experience, store information about your preferences, speed up your searches and to recognise you when you return to the QRS site.

    Data collected through the use of cookies may include personal data (and will therefore be regulated by applicable privacy laws) if the data subject is an identified or identifiable natural person. We will deal with any personal data collected by cookies in the same way we handle other personal data under this Privacy Policy.

    You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies by selecting the appropriate setting on your browser. If you disable cookies, this may prevent you from using the full functionality of our website. However, you can still place orders.

  15. DIRECT MARKETING

    We do not sell, trade, or otherwise transfer to third parties (other than as set out in this Privacy Policy) your personal data for the purposes of direct marketing. However, we may provide non-personally identifiable user data to third parties for marketing, advertising, or other uses.

    For marketing and profiling purposes, we will only process your personal data with your specific consent. You have the right to withdraw your consent at any time by following the opt-out instructions provided in the communication or by letting us know using the contact details set out at the bottom of this Privacy Policy. Your decision to provide your data for such purposes is optional and will have no impact on your ability to use our products or benefit from our services.

  16. THIRD PARTY SERVICES

    Google Analytics

    Our website uses Google Analytics, a web analytics service provided by Google Inc. (Google). Google Analytics uses cookies to help analyse how users use the website. Google Analytics anonymously tracks how users interact with the website, including where they came from, what they did on the website and whether they completed any transactions on the website.

    The information generated by the cookie about your use of the website (including their IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of compiling reports on the website activity and providing other services relating to the website and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate a person's IP address with any other data held by Google.

    You can opt out of the collection of information via Google Analytics by downloading the Google Analytics Opt-out browser add here. Google’s privacy policy can be found here.

    Google AdWords

    Our website uses Google Analytics and Google AdWords cookies to advertise our products and services through Google AdWords and/or other third-party vendors to persons who have previously accessed our website.

    We use Google Ads to improve our presence online and help measure the effectiveness of our advertising. Google Ads helps QSR to make sure our ads are shown to the right people. It collects data that helps you track conversions from Google ads, optimize ads, build targeted audiences for future ads and remarket to people who have already taken some kind of action on your website.

    You can opt out of Google’s use of cookies by visiting the Google Ad Settings here. Alternatively, you can opt out of a third-party vendor’s use of cookies by visiting the Network Advertising Initiative opt-out page here.

    Clickstream data

    When you visit our website, a record is made of your visit, including the following information:

    • your server address;
    • your top-level domain name;
    • the date and time of access to the site;
    • pages accessed and documents downloaded;
    • the previous site visited; and
    • the type of browser software in use.

    We analyse this non-identifiable website traffic data (including through the use of third-party service providers) on an aggregated basis to improve our services and for statistical purposes.

    No attempt will be made to identify users or their browsing activities except in the unlikely event of an investigation, where a law enforcement agency may exercise a warrant to inspect the Internet Service Provider's log files.

    Facebook

    We use the Facebook pixel - a piece of code that you put on your website that allows you to measure the effectiveness of your advertising by understanding the actions people take on your website.

    Pixels helps QSR to make sure our ads are shown to the right people. It collects data that helps you track conversions from Facebook ads, optimize ads, build targeted audiences for future ads and remarket to people who have already taken some kind of action on your website.

    Autopilot

    We use Autopilot to send marketing communications. Autopilot will capture identifiable information (e.g. Name, Email). Autopilot collects information to help us better segment audiences and serve you relevant marketing communications.

    Mixmax

    We use Mixmax to improve our email communication. Personally identifiable information will be captured in Mixmax (e.g. email). The application is used to improve our email communications.

    LinkedIn

    We use the LinkedIn pixel - a piece of code that you put on your website that allows you to measure the effectiveness of your advertising by understanding the actions people take on your website. Pixels helps QSR to make sure our ads are shown to the right people. It collects data that helps you track conversions from LinkedIn ads, optimize ads, build targeted audiences for future ads and remarket to people who have already taken some kind of action on your website.

    Zapier

    We use Zapier to send collected information between multiple applications. When you submit your details on our website, these details may be passed via Zapier to other applications. This helps us understand how you use our website.

    Typeform

    Typeform is used to collect survey data. We use collected survey data to improve our products, create educational content, create marketing content.

    Demio

    Demio is a webinar platform we use to engage, communicate, and build relationships with our prospects and customers. We use Demio to host webinars and collect personally identifiable information in relation to webinar engagement data.

    Unbounce

    We use Unbounce to create marketing web pages. We capture personally identifiable information such as names, emails, and addresses so we can best communicate with users interested in our products.

    Amplitude

    We use Amplitude to report on our product usage. We capture non-identifiable, and identifiable information in Amplitude. This is primarily used to aggregate data and generate reports on how our products are being used. This helps us improve our products, and operations.

    Segment

    We use Segment to pass information between applications. Segment is used to pass information between applications. Your information, identifiable and non-identifiable, may flow through segment.

    Notion

    Notion is used as an internal wiki. Occasionally, information you provide may be included in Notion for the purposes of improving our products and operations.

    Drift

    Drift is used to provide a chat-bot and real-time conversation with our team, on our website. We may capture personally identifiable information such as names and email. This is so we can best communicate with the user.

  17. UNSUBSCRIBE FROM EMAILS

    If at any time you would like to unsubscribe from receiving emails from QSR, you can email us at info@qsrinternational.com and we will promptly action you request.

  18. CHILDREN

    QSR considers a child to be anyone under the age of 18. We do not knowingly seek or collect personal data from a child without the consent of a parent or guardian. If QSR becomes aware that personal data that has been submitted relates to a child without the consent of a parent or guardian, QSR will use reasonable efforts to delete that personal data from its files as soon as possible. If deletion is not possible, QSR will ensure that the personal data is not used further for any purpose.

  19. HOW TO CONTACT US

    If you have any questions, complaints or concerns about how we handle your personal information or think that your privacy has been affected, please contact our DPO for an examination of your complaint or concern. Our DPO is responsible for all matters relating to privacy and data protection and can be contacted at dataprotectionofficer@qsrinternational.com.

    If you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent advisor or contact the relevant data privacy regulator:

    For Australian residents, this is the Office of the Australian Information Commissioner;

    For UK residents, this is the Information Commissioner’s Office;

    For residents of the European Economic Area, this is the data protection authority in your country of residence. A list of EU national data protection authorities can be found on the European Commission website at: https://ec.europa.eu/info/strategy/justice-and-fundamental-rights/data-protection_en.