1. Who are we?
QSR International, LLC (“QSR International”) and affiliates are a global organization. QSR International’s head office is located in Burlington, Massachusetts, USA, and there are offices in the United Kingdom, Australia, Japan and Switzerland.
The related entities of QSR International include the following:
- QSR International (Americas) Inc. – United States of America
- QSR International (UK) Limited – United Kingdom
- QSR International Pty Ltd - Australia
- Planet Software Pty Ltd - Australia
- QSR International Japan K.K. – Japan
- Swiss Academic Software GmbH - Switzerland
Consent needs to be free and informed. You must ensure you understand the purpose for the collection of your data.
2. What Type of Data is Collected?
- the general categories of personal data we collect;
- why we collect an individual's personal data;
- how it will be used, and who it will be disclosed to;
- the legal basis of our processing that personal data; and
- your rights in relation to the personal data we collect.
QSR will collect, store, use, process and disclose personal data only in a manner permitted by law. Personal data is any information or an opinion about an identified or identifiable natural person (“data subject”). The personal data collected, stored, used, processed and disclosed by QSR which is required for use of our website or software may include your name, an identification number, date of birth, gender, postal and email address, phone number, contact preferences, and credit and debit card information. When you apply for or we need to facilitate the provision of a specific product or service, we may also collect information from you related to that product or service.
If you are applying for employment with QSR, we may collect and process information about you such as employment history, qualifications, residency status, background check and other information required as part of the recruitment process. In that regard, we may also collect sensitive information or special categories of data such as health or medical information, racial or ethnic origin, and criminal convictions. You acknowledge and give your consent for QSR to collect, store, use, process and disclose any such information and personal data for the purpose of assessing your application for employment with QSR.
Generally, the purpose of us collecting your data as part of the recruitment process is to enable us to facilitate safe recruitment and to determine suitability for the role. If you fail to provide certain information when requested, we may not be able to take the steps to enter into a contract with you (for example if incorrect references are provided), or we may be prevented from complying with our legal obligations (such as evidence of right to work).
Throughout your job application process, QSR will only use your personal information for the purposes for which it was collected, unless we reasonably consider that we need to use it for a secondary purpose, and that purpose is related, or in the case of sensitive information - directly related, to the original purpose. If we need to use your personal information for an unrelated secondary purpose, we will notify and seek your consent. How long we retain your information will depend on whether your application is successful and you become employed by us, the nature of the information concerned, and the purposes for which it is processed.
If the information is no longer required by us for any purpose for which it was collected and is no longer required by law to be retained by us, we will destroy or de-identify the information.
3. How does QSR Collect Your Personal Data?
QSR collects your personal data in various ways, such as over the phone, via email, over the internet if you transact with QSR online, when you register on our website, fill out a form, activate the QSR software etc. We may also collect personal data about you from third parties, including (but not limited to) from our partners, agents and resellers.
When ordering or registering on our website, as appropriate, you may be asked to enter personal data such as your name or email address. We may ask for further personal data that identifies you, including your mailing address, phone number, contact preferences, and credit card information. QSR does not store your credit card information as payments are processed through third parties using external payment gateways.
In particular, your personal data will be collected when you participate in the following:
- Requesting a free trial software download.
- Purchasing a product from QSR.
- Activating QSR software or e-demos (includes trial software).
- Being a member of a user testing community.
- Registering for QSR training, webinars, conferences, events or exclusive content.
- Subscribing to email communications and newsletters.
- Submitting a product support request (including product crash report dialogues).
- Contacting QSR in relation to a query.
- Participating in an online survey and/or user testing activities.
- QSR marketing/promotional activities.
We have processes in place to ensure that our records remain accurate, complete and up to date, including by verifying the information with you each time you use our services or from other sources.
You may visit our website anonymously or choose not to give us your personal data. However, without your personal data, we may not be able to provide you with the products or services which you may request of us or respond to your queries.
4. How Your Personal Data may be Used by QSR
QSR has a legitimate business interest in operating and improving its business and the services it offers and may collect, store, use, process and disclose your personal data (and you consent to us doing so) for the following purposes:
5. Retaining your personal data
- To provide you with information, products or services that you request from us.
- To improve the QSR website in order to better serve you.
- To enable QSR to respond promptly to your customer service requests.
- To facilitate payment transactions.
- To review QSR services or products.
- To communicate with you as a follow up to any queries via live chat, email or phone.
- To provide the service(s), information or products you have requested or to carry out the transaction(s) you have authorised (or we may disclose this information to authorised QSR partners to undertake this activity on our behalf).
- For research and development in order to improve QSR’s product offerings/solutions to you.
- For job applications within QSR, to review your skills and experience for employment.
QSR will destroy or de-identify your personal data if it is no longer needed for the purpose for which it was collected or disclosed in terms of applicable law.
6. Types of data not collected by QSR
QSR does not collect any details of the data you are working with when you use our software products. This data is stored only in the projects or files into which you direct the software to save the data.
NCapture stores the data you capture only in the files you create. When using NCapture to capture data from social media sites, you may be asked by the site whether you wish to grant NCapture permission to collect particular kinds of data.
Choosing to grant these permissions to NCapture:
(a) Does not allow NCapture to capture any data that you, as a user of that social media site, do not yourself have access to.
(b) Does not cause NCapture to send any captured data to QSR.
When you import data captured using NCapture into NVivo, you have the option to exclude some unwanted information (such as location or bio data). Refer to the Help documentation in NCapture and NVivo for further details.
7. Third parties to whom QSR may disclose your Personal Data
In providing the products and services to you, and insofar as reasonably necessary for those purposes, QSR may need to disclose your personal data to third parties including:
- QSR’s suppliers, subcontractors, agents, professional advisers, government regulatory bodies, tribunals, courts of law, debt collection agents, insurers and to their respective related entities, and partners.
- Third parties engaged by QSR (who will be bound by confidentiality obligations) in your geographic region or able to communicate in your language, to ensure that you are better serviced.
- Third parties engaged by QSR to conduct customer satisfaction surveys (only with your prior consent).
- In the event of a re-organisation, merger, or sale we may transfer your personal data to a third party (who will be bound by confidentiality obligations) during the due diligence process.
- Payment services providers in relation to financial transactions relating to our services, including processing payments.
- In relation to disclosure necessary for compliance with a legal obligation applicable to QSR, we may also disclose your personal data in circumstances where necessary in legal proceedings, whether in or out of court.
When we disclose personal information to third parties, we make all reasonable efforts to ensure that we disclose only relevant information and that it is accurate, complete and up to date and that the third party will comply with relevant privacy laws in relation to that information.
8. How does QSR keep your personal data secure?
QSR has implemented security measures to protect your personal data.
The following security measures are in place:
- QSR uses malware scanning. QSR’s website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to QSR’s website as safe as possible.
- Your personal data is contained behind secured networks and is only accessible by a limited number of persons duly authorised by QSR who are required to keep the information confidential.
- If you make an online application or undertake a payment transaction using QSR’s website, QSR takes additional steps to protect the security of your personal data. Your personal data is encrypted via a Secure Socket Layer (SSL) technology (in your web browser, you can confirm that your session is encrypted by the appearance of a locked padlock symbol at the foot of the browser).
- All payment transactions are processed through a gateway provider and are not stored or processed on our servers.
Notwithstanding the security measures implemented by QSR, you should be aware that there are risks in transmitting information across the internet. While QSR takes reasonable measures to protect your personal data, we cannot warrant the security of any information transmitted to QSR online and users of our website do so at their own risk.
9. International transfers of personal data
In certain circumstances we may need to transfer your personal data to countries outside the country in which the data was collected (or, in the case of personal data collected within the European Economic Area (“EEA”), to countries outside the EEA) including our offices around the world (currently located in the USA, UK, Australia, Japan and Switzerland). International transfers of your personal data will be protected by appropriate safeguards, for example the standard data protection model clauses adopted by the European Commission or any other supervisory authority, which we will incorporate into our agreements with such transferees of personal data.
As a customer or website user of QSR, you give your consent to QSR to transfer or grant access to your personal data between the companies in the QSR group. All data is transferred or accessed using either a secure transport layer or encrypted algorithm. A majority of the data collected is then centralised and imported into a central customer relationship management system, and housed within secure data centre facilities. This is available to staff across all regions within the QSR group by way of an encrypted secure transport layer and individual staff authentication is required.
10. Cloud storage of personal data
We may store data on remote servers operated by a cloud service provider to QSR rather than storing it on our own servers. Regardless of where you use our online services or provide information to us, the information may be transferred to and maintained on servers located outside the country in which the data was collected (or, in the case of personal data collected within the EEA, to countries outside the EEA). By providing any data through the online services, you hereby expressly consent to such transferring and processing of your data in such third countries.
Transfers of personal data to servers operated by cloud service providers outside the EEA will be protected by appropriate safeguards, namely the standard data protection clauses adopted by the European Commission or a supervisory authority, which we will incorporate into our agreements with such cloud service providers.
All data is stored with secure methods and with limited/restricted access to persons authorised by QSR. Customer data stored in the cloud components of QSR products is stored in one of the four regional data centres used by QSR. These data centres are located in Canada, Singapore, Netherlands, and the USA. The data centre geographically closest to the customer will be chosen as the default location. Enterprise customers will be able to specify what data centre they wish to use. Should Enterprise customers decide not to specify a region, the region geographically closest to them will be selected by default.
11. Your rights
If you are a “data subject” under applicable data protection law in the EU or United Kingdom, you will have the following rights in relation to personal data that we hold about you:
Right to Access - to request confirmation of whether we process personal data relating to you, and if so, to request a copy of that personal data (however sometimes it may not be possible to give you a copy of the information if it was provided anonymously or if it may lead to harm being done to another person);
Right to Rectification - to request that we rectify or update any personal data that is inaccurate, incomplete or outdated;
Right to Erasure - to request that we erase your personal data in certain circumstances, such as where we collected personal data on the basis of your consent and you withdraw your consent;
Right to Restriction of Processing - to request that we restrict the use of your personal data in certain circumstances, such as while we consider another request that you have submitted, for example a request that we update your personal data;
Right to Withdraw Consent - where you have given us consent to process your personal data, to withdraw your consent; and
Right to Data Portability - to request that we provide a copy of your personal data to you in a structured, commonly used and machine readable format in certain circumstances.
Similarly, if you reside in Australia, you expressly have the 'Right of Access' and the 'Right of Rectification' as above. If we refuse to provide you with access to your record or to update your record in the way you request, we will provide you with written reasons. If we refuse to correct or update your information, you may request that we make a note on your record that you are of the opinion that the information is inaccurate, incomplete, out of date, irrelevant or misleading, as the case may be.
There is no charge for requesting access to your personal information, but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material).
To exercise your rights as set out above or please contact our Data Protection Officer (see How to contact us below).
12. Links to third party sites
To help protect your privacy and maintain security, we may take steps to verify your identity before we can action your request.
The QSR website may provide links to other sites for your convenience and information. These websites may be operated by companies other than QSR. QSR is not responsible for the privacy policies or practices of the operators of other websites. We recommend that you review the privacy policies of those external websites before using them.
13. Blogs and Other Interactive Services
QSR may provide blogs, online forums or other interactive services on its website which enable users to post and share information. Any information posted or shared by users through blogs, online forums or other interactive services will become public information and will be available to other users who access the QSR website.
Cookies are small files that a site or its service provider transfers to your computer's hard drive through your web browser (if you allow) that enables the site's or service provider's systems to recognize your browser and capture and remember certain information.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings.
If you disable cookies, some features will be disabled. As a result, your site experience may be less efficient and some of our services will not function properly. However, you can still place orders.
15. Direct Marketing
However, we may provide non-personally identifiable user data to third parties for marketing, advertising, or other uses.
For marketing and profiling purposes we will only process your personal data when you have given us your specific consent and you have the right to withdraw your consent at any time. Your decision to provide your data for such purposes is optional and will have no consequence on your ability to use our products or benefit from our services.
16. Unsubscribe from Emails
If at any time you would like to unsubscribe from receiving emails from QSR, you can email us at firstname.lastname@example.org and we will promptly action you request.
QSR considers a child to be anyone under the age of 18. We do not knowingly seek or collect personal data from a child without the consent of a parent or guardian. If QSR becomes aware that personal data that has been submitted relates to a child without the consent of a parent or guardian, QSR will use reasonable efforts to delete that personal data from its files as soon as possible. If deletion is not possible, QSR will ensure that said personal data is not used further for any purpose.
18. How to contact us
If you have any questions, complaints or concerns about how we handle your personal information, please contact our Data Protection Officer (DPO). Our DPO is responsible for all matters relating to privacy and data protection and can be contacted at email@example.com
If you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent advisor or lodge a complaint with the relevant data privacy regulator. In the UK this is the Information Commissioner’s Office. If you are in the EEA it is the Data Protection Authority in your country of residence.