1. Who We Are
QHL QUAD CODE HOLDING LIMITED, a limited liability company part of the QUAD CODE Entities, incorporated and registered in the Republic of Cyprus under company number HE390331 and have our main business office at 106 Gladstonos street, Gladstonos Business Centre, Ground Floor, Office 3, Section C6. 3032 Limassol, Cyprus (hereinafter “Quadcode”). Quadcode is the Controller and responsible for the personal information you disclose to us to make use of our Services.
2. DATA COLLECTIONS AND PROCESSING
- Identity Data includes first name, last name, and patronymic (if available), date of birth gender, passport, ID, Driver’s number, and copy of photo.
- Contact Data includes billing address, email address and telephone numbers.
- Usage Data includes information about how you use Website, products and Services and IP history.
- Data in KYC (Know your customer) includes identity document information, including copies of recent dated Utility Bills, Identity Card, Passport, and/or Driver’s License, Tax Identification Numbers (TIN).
- Location Data includes details on your actual location when interacting with our Website (for example, a set of parameters that determine regional settings of your interface, namely residency country, time zone, and the interface language)
- Audio Data includes full voice recordings of calls that you receive from us or make to us.
- Aggregated Data includes statistical or demographic data for any purpose. Such data can be derived from your data but may not be considered personal data in law as it will not directly or indirectly reveal your identity. An example of such Aggregated Data could be that we aggregate your Usage Data to calculate the percentage of users accessing a specific website feature and/or services/product preference. Notwithstanding the above, if Quadcode combines Aggregate Data with data in a way that the end result can in any way identify the data subject, Quadcode shall treat such combined data as data which will be treated as per the provisions herein contained. (the above collectively referred to as “personal data”)
Our Website is not intended for children and we do not knowingly collect data relating to children. As we do not allow users under the age of 18 to use our services, we need to obtain your birth date in order to confirm the Clients’ age checks.
4. PROCESSING OF YOUR DATA
Processing of your Data is carried out by Quadcode following the principles of lawfulness, fairness, transparency and always adhering to the intended purpose of data processing, the principle of data minimization, accuracy, limited data storage, data integrity, confidentiality and accountability. Quadcode may process your personal data for any of the following reasons:
- To perform its contract with you,
- To comply with its legal and regulatory obligations, including without limitation to the,
- To perform compliance checks, such as verification of your identity, and helping to detect fraudulent or malicious activity on our site or services,
- To maintain our accounts and records,
- To manage our business needs, such as monitoring, analysing, and improving the Services and the Website’s performance and functionality,
- To comply with all applicable laws and regulations; and/or
- For the purposes of safeguarding our legitimate interests and your interests and fundamental rights do not override those interests.
5. DATA RETENTION
To comply with the applicable legal, regulatory, tax, accounting requirements we keep your personal data for a minimum period of 5 years from the date our business relationship is terminated. We may need to retain your information for a longer period where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate business purposes, such as to respond to queries or complaints, fighting fraud and financial crime and responding to requests from regulators.
At the expiration of the personal data retention period the personal data is erased by irreversible destruction and we also inform all third parties, to whom the personal data was transferred, regarding such erasure and request implementation of similar actions on their part.
6. DATA SECURITY
We protect your data by adhering to industry standard regulations on data protection by categorising them into data types (e.g. technical, personal data, cookie data, etc) while applying relevant protection processes and due diligence procedures. Therefore, we apply appropriate technical and organisational controls to protect your data, including secure computer systems adopting least privilege access in order to prevent unauthorised access, disclosure, modification, or destruction of personal data. Any hard copy documents are locked in a secure cabinet, and destroyed once no longer required.
Encryption of your data in transit. Encryption provides a high level of security and privacy for your personal data. When personal data in provided when using our Services, we use strong encryption technologies (such as Transport Layer Security) to protect the personal data during transmission from your devices to our servers.
For providing more trust and security we use digital EV (Extended Validation) Certificates issued by trusted Certificate Authorities. You can see the ‘Green Bar’ in the supported browser versions which confirms what all transmitted personal data is secure.
Protection of your personal data in our infrastructure. We make it a priority to develop Services that are secure "by default". The "default" security of our Services means that every new services and features are designed with strict security requirements in mind before we even begin development. This is the key to guaranteed protection and privacy of all personal data that our Services handle and store, once the service or new feature is released.
To secure personal data, we use the pseudonymisation which allows most of our Services to operate without using your actual data. Instead of that, our services use a system ID that can't be traced back to identify you.
Quadcode is always vigilant about the Security of the personal data stored in our infrastructure. Because of that we locate all our equipment used for your personal data processing in secure personal data centres. Network access to this equipment is isolated from the Internet. We use network segmentation for isolation of Services which need different level of security from each other. In addition, we restrict logical access to the personal data for our employees on "need to know" basis. So, only personnel, who really require access to the personal data for the purpose of providing you with our best Service, will have access to it.
Threats protection. Quadcode is highly knowledgeable about modern threats to personal data security and privacy, and we are well prepared to combat them. All events that occur in our infrastructure are continuously monitored, analysed and responded, which allows us to ensure proper protection of your personal data, keeping it safe from threats, vulnerabilities, and the effects of malware.
In the event of a failure that affects the accessibility of your personal data, we have personal data backup and recovery procedures in place that will us help to restore your personal data in short time. For further guarantee the quick recovery we use high availability mode enabled for most critical databases which allows us to minimize downtime.
Employee awareness of data security. Our employees may handle your personal data in order to provide you with the first-class Service. To guarantee the security and confidentiality of your personal data, we monitor all employees’ actions with access to your personal data in our systems and grant access strictly on a "need to know" basis: only employees who need access will receive it. We hold regular training sessions to make sure that each employee understands the principles that Quadcode follows to achieve robust data security and privacy.
If you choose not to give your personal information. In the context of our business relationship we may need to collect data by law, or under the terms of a contract we have with you. Without this data, we are, in principle, not in a position to close or execute a contract with you. If you choose not to give us this data, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform the Services.
To what extent we carry automated decision-making and profiling. In establishing and carrying out a business relationship, we generally do not use automated decision-making. If we use this procedure in individual cases, we will inform you of this separately. In some cases, we may proceed with profiling in order to evaluate certain personal aspects. We shall inform you accordingly in case we perform any profiling. In general, any data collection that is optional would be made clear at the point of collection.
7. DATA COLLECTIONS
We use different methods to collect data from and about you including through:
Direct Interactions. You will provide to us your Identity, Contact and Financial Data online through the Website and/or by completing and filling online forms and/or by corresponding with us by emails or otherwise.
We require to collect the above data in order to that we are able to (i) provide our services efficiently, (ii) to comply with our ongoing legal and regulatory obligations, including, inter alia, (a) to prevent fraud and money laundering acts and/or (b) conduct the assessment of suitability and appropriateness test.
If you fail to provide the data when requested we may not be able to perform the contract we have or trying to enter into with you (for example, to provide you with our Services). In this case, we may have to cancel a Service you have with us but we will notify you if this is the case at the time.
It is important that the data we hold about you is accurate and current. Please keep us informed if your data changes during your relationship with us.
Automated Technologies or Interactions. When using our services, your device automatically transmits to us its technical characteristics. Locale (a set of parameters that determine regional settings of your interface, namely, residence country, time zone and the interface language) is used for the purpose of providing you with the best possible service within our platform.
Using the information about IP address, cookies files, information about browser and operating system used, the date and time of access to the site, and the requested pages addresses allows us to provide you with the optimal operation on our web application, mobile and/or desktop versions of our application and monitor your behaviour for the purpose of improving the efficiency and usability of our Services.
We use web analytics tools to track performance of our website and marketing source of user by cookies in order to optimize our marketing costs and provide users with better experience.
You may at any time request that we refrain from any such transmissions (to the degree this is possible and subject to any of our legal obligations) by sending your request to the DPO using our details in the OUR CONTACT DETAILS below using the registered email address you disclosed and registered with us. We will address your request within 30 business days.
Our Website uses analytics services, which are a set of tools used to collect and analyse anonymous usage information, enabling us to better understand how our Website is used. This, in turn, enables us to improve our Website and the Services offered through it. You do not have to allow us to use these cookies, however whilst our use of them does not pose any risk to your privacy or your safe use of our Website, it does enable us to continually improve our Website, making it a better and more useful experience for you.
You will be required to provide cookie consent by acknowledging the privacy and cookie policies during registration of your account. By giving your consent to the placing of Cookies you are enabling us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of our Site may not function fully or as intended.
You can choose to delete cookies on your computer or device at any time, however you may lose any information that enables you to access our Website more quickly and efficiently including, but not limited to, login and personalisation settings. It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.
You can instruct your browser to enable or disable cookies, refuse all cookies or to indicate when a cookie is being sent. Please note that by doing so you may not be able to use all the provided functions of our Website and/or Services in full.
We use the following cookies:
|Strictly Necessary Cookies||These are cookies that are required for the operation of Our Site. They include, for example, cookies that enable you to log into secure areas of our website.|
|Analytics and Performance Cookies||We use third party analytics providers, such as Google Analytics to collect information about the usage of our services and enable us to improve how these services work, for example, by ensuring that users are finding what they are looking for easily.|
|Functionality Cookies.||These are used to recognise you when you return to Our Site. This enables us to personalise our content for you and remember your preferences (for example, your choice of language or region).|
|Targeting Cookies||We use third party targeting tools, such as LinkedIn Insights and ads tags. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests.|
Please see our cookies policy for further details
9. DISCLOSURE OF DATA
We strive to maintain discretion with respect to client related matters and assessments of which we acquire knowledge. We may disclose data that concerns you only if (i) we are legally required to do so; (ii) if required when you expressly order us to process a transaction or any other service and (iii) it is required for the provision of our services under our contractual relationship and/or (iv) protection of our legitimate interests, in accordance with the provisions of the GDPR and applicable local legislation as amended from time to time.
We may share your personal data in the following circumstances, the following are examples of where and how your information may be transferred, but please note this is not an exhaustive list and that due to ongoing changes in our IT and operational infrastructure this may change at any time:
- We may share your data between the Quadcode Group on a confidential basis in order to provide you with our Services.
- We may have to share your personal data with third parties service providers, processing data on our behalf, who help us with our business operations. When your personal data is shared with a third party, we will take the necessary steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law. We ensure that our contracts with those third parties contain the appropriate GDPR model clauses and that all our third parties are also compliant with the GDPR, this affords your data the same protection away from our organisation, as it does within it. Your personal data is shared with third party organisations/entities including but not limited to:
- Service Providers. We may share your personal data with our trusted third party service providers, who, on our behalf, operate, maintain, and/or support our IT systems and IT infrastructure, our websites, manage our payment solutions, perform statistical analysis, marketing and advertising purposes, sending newsletters, provide customer support and perform other important services for us. We will store and process your data following industry best practice and security. Some of that processing takes place at our offices and data centres in Amsterdam and Frankfurt.
- Regulator and state authorities. The Company will make such disclosure only if required to be disclosed by the Company by applicable law, regulation or court order and to the minimum required extent.
Other disclosures. In addition to where you have consented to a disclosure of the data
or where disclosure is necessary to achieve the purpose(s) for which, it was collected, data
may also be disclosed in special situations, where we have reason to believe that doing so is
necessary to identify, contact or bring legal action against anyone damaging, injuring, or
interfering (intentionally or unintentionally) with our rights or property, users, or anyone
else who could be harmed by such activities, or otherwise where necessary for the
establishment, exercise or defence of legal claims.
Where reasonably possible, management shall ensure that third parties collecting, storing or
processing personal information on behalf of the Company have:
- Signed non-disclosure agreements or confidentiality agreements which includes privacy clauses in the contract; and/or
- Established procedures to meet the terms of their agreement with third party to protect personal information.
- International Transfers. We process data within the EEA and countries deemed by the European Union as having adequate safeguards for protecting personal data. These countries are recognised by the EU as having suitable safeguards for the rights and freedoms of individuals and recourse processes by which data subjects can exercise their rights.
Should there be a business need to transfer or process your data to company(ies) and/or third parties might imply a transfer of your data to third countries, which may not fall within ambit of the GDPR (so called Third Countries) we will ensure that they are subject to appropriate security measures and safeguards as deemed appropriate under GDPR and other relevant national and international data protection laws. This may include entering into the appropriate contractual agreements to regulate any such transfers and safeguard any personal information transferred to them. A transfer to a company and/or third party based in a Third Country would only take place where one of the following applies:
- The individual has given consent to the transfer of information
- The transfer is necessary for the performance of a contract between the individual and the Company, or the implementation of pre-contractual measures taken in response to the individual’s request.
- The transfer is necessary for the conclusion or performance of a contract concluded in the interest of the individual between the Quadcode group company and a third party.
- The transfer is necessary or legally required on important public interest grounds or for the establishment, exercise or defence of legal claims.
- The transfer is required by law.
- The transfer is necessary in order to protect the vital interests of the individual.
- The transfer is made under a data transfer agreement.
- The transfer is otherwise legitimised by applicable law.
Remedial action shall be taken in response to misuse or unauthorized disclosure of personal information by a third party collecting, storing or processing personal information on behalf of Quadcode.
If you want to obtain further information on any data transfers mentioned above please contact us using the registered email address you disclosed to us through the points of contact listed in the Section OUR CONTACT DETAILS.
10. YOUR RIGHTS
Under certain circumstances in accordance with GDPR and the applicable local legislation as amended from time to time you have rights, which we will always work to uphold. Some of the rights are rather complex and include exemptions, thus we strongly advise you to contact us (at the contact details listed in the section OUR CONTACT DETAILS below) and/or seek guidance from the regulatory authorities for a full explanation of these rights. You can find a summary of your rights below in this section:
- The right to access the personal data we hold about you. Upon request and verification of your identity, we will send you a copy of the personal data we hold about you.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. It is important that your personal data is kept accurate and up to date. If any of the personal data we hold about you changes, please keep us informed if we have that data.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold. We may not always be able to comply with your request of erasure for specific legal reasons, for which you will be notified. Please note that retention requirements supersede any right to erasure requests under the data protection laws.
- The right to restrict (i.e. prevent) the processing of your personal data. Please note that any requests in relation of the processing of your data means that we may not be able to provide you with the service, in which case you will be notified.
- The right to object us in using your personal data for a particular purpose or purposes.
- The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
- The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
- Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
11. CONTACT US
|Full Name of Legal Entity:||QHL QUAD CODE HOLDING LIMITED|
106 Gladstonos street
To enable us to process your request, please contact us using the registered email address you disclosed and registered with us. We may require that you provide us with proof of your identity, such as by providing us with a copy of a valid form of identification. This is to ensure that we appropriately protect the personal data we hold from unauthorised access requests and comply with our security obligations.
If you have any questions, or want more details about how we use your data, you may contact us at the above contact details and we will be happy to provide you with further details.
If following your request to us we are unable to provide you with a satisfactory answer then you may lodge a complaint with the local data protection supervisory authority. The data protection supervisory authority in Cyprus is: Commissioner for Data Protection P.O. Box 23378, 1682 Nicosia, Cyprus- www.dataprotection.gov.cy
We would however appreciate the chance to deal with your concerns before you approach the GRA, so please contact us in the first instance.
We may provide links to third party websites in our Website. These linked websites are not under our control, and we therefore cannot accept responsibility or liability for the conduct of third parties linked to our websites, including without limitation to the collection or disclosure of your data. Before disclosing your data on any other website, we encourage you to examine the terms and conditions of using that website and its privacy policies.
We have the right, at our discretion, to change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection and in order to ensure that the information herein provides relevant and adequate information about our collecting and processing of your data