Legal

Information We Collect

We collect information you provide directly to us, such as when you create an account, submit a form, make a purchase, or communicate with us. This information may include your name, email address, company name, job title, phone number, and any other information you choose to provide.

We also automatically collect certain information when you use our services, including your IP address, browser type, operating system, device identifiers, pages viewed, links clicked, and the date and time of your visit.

How We Use Your Information

We use the information we collect to provide, maintain, and improve our services, to process transactions and send related information, to send promotional communications (with your consent), and to respond to your comments, questions, and requests.

We may also use the information to monitor and analyse trends, usage, and activities in connection with our services, to detect, investigate, and prevent fraudulent transactions and other illegal activities, and to personalise and improve your experience.

Quaisr Ltd Privacy Policy (Summary)

Quaisr Ltd Privacy Policy (Summary)

Overview

Quaisr Ltd ("Quaisr", "we", "us", "our") is the data controller for personal data processed in connection with its platform, website, and related services (the "Service"). This policy explains what data is collected, how it is used, the legal bases for processing, how long it is retained, and your rights under the UK GDPR and Data Protection Act 2018.

Data We Collect

Information you provide directly

• Account Information – name, email, job title, company, phone number, and other contact details when you register or request a demo.
• Billing Information – payment card details, billing address, VAT number, purchase order details (processed via third‑party payment provider).
• Profile Information – optional details such as profile photo, department, role description.
• Communications – support correspondence, survey responses, questionnaires, and feedback.
• Customer Data – any business data you upload or transmit (e.g. quality management records, compliance documentation, audit trails).
• Event and Webinar Data – registration and participation details for Quaisr events, webinars, and training.

Information collected automatically

• Usage Data – pages visited, features used, actions taken, search queries, visit time/duration, interaction patterns.
• Device Information – device type, manufacturer, model, OS and version, browser and version, screen resolution, language.
• Network Information – IP address, ISP, approximate location from IP, connection type.
• Log Data – server logs (timestamps, URLs, HTTP methods, response codes, referrers).
• Cookies & Similar Technologies – data from cookies, pixels, web beacons, local and session storage (as described in Cookie Settings).

Information from third parties

• Identity verification and fraud‑prevention services.
• Business intelligence and data‑enrichment providers.
• Partner integrations and SSO providers you connect.
• Public databases and company registries.
• Social media platforms where you interact with Quaisr content.

Quaisr takes reasonable steps to ensure such third‑party data is lawfully obtained and usable.

How Your Information Is Used

Personal data is processed to:

• Provide the Service – operate and maintain the platform, process transactions, and manage accounts.
• Manage Accounts – create and administer accounts, authenticate users, process billing and payments, and send service messages (confirmations, invoices, technical notices).
• Improve and Develop – analyse usage, troubleshoot, research, and develop new features and services.
• Ensure Security & Prevent Fraud – detect, investigate, and prevent fraud, abuse, unauthorised access, and security incidents.
• Communicate – send product updates, newsletters, and marketing (where consent or legitimate interest applies) and respond to enquiries.
• Comply with Law – meet legal/regulatory obligations, respond to lawful requests, resolve disputes, and enforce agreements.
• Analytics & Reporting – create aggregated, anonymised, or pseudonymised insights for internal reporting and business intelligence.
• Customer Support – provide technical support, troubleshooting, onboarding, and training.

Legal Bases for Processing (UK GDPR)

Quaisr relies on:

• Performance of a Contract – to provide the Service, manage accounts, and process payments.
• Legitimate Interests – to improve services, secure systems, conduct marketing, and manage operations, balanced against your rights.
• Consent – for specific purposes such as marketing communications or surveys, where you have clearly agreed.
• Legal Obligation – to comply with laws (e.g. financial record‑keeping, lawful access requests).

Where legitimate interests are used, Quaisr performs a balancing test. You may object to such processing at any time.

Data Sharing and Disclosure

Quaisr does not sell, rent, or trade your personal data for third‑party marketing. Data may be shared with:

• Service Providers – cloud hosting (e.g. AWS, Vercel), payments (e.g. Stripe), email, analytics, support tools, and security services, under contract and with appropriate safeguards.
• Business Transfers – acquirers or successors in mergers, acquisitions, reorganisations, asset sales, or bankruptcy, under protections no less favourable than this policy.
• Legal Requirements – authorities or third parties where required or permitted by law, or to protect rights, property, or safety.
• Professional Advisers – lawyers, auditors, accountants, insurers, as needed for their services.
• With Your Consent – where you explicitly agree to specific sharing.
• Aggregated/Anonymised Data – non‑identifiable data for research, analysis, benchmarking, or marketing.

International Data Transfers

Personal data may be transferred outside the UK. Where the destination country is not deemed adequate, Quaisr uses safeguards such as:

• UK or EU Standard Contractual Clauses.
• UK adequacy regulations.
• Binding Corporate Rules (where applicable).
• Other recognised transfer mechanisms.

You can request details of these safeguards using the contact details below.

Data Retention

Data is kept only as long as necessary for its purposes and applicable obligations:

• Account Data – for the life of the account and 30 days after deletion.
• Billing & Financial Records – 7 years after the end of the relevant financial year.
• Usage Logs & Analytics – up to 24 months.
• Communications & Support Records – up to 36 months after last interaction.
• Marketing Consent Records – while subscribed, plus 12 months after withdrawal of consent.
• Security & Incident Logs – up to 36 months.

Data that is no longer needed is securely deleted or irreversibly anonymised. Retention is reviewed regularly.

Your Rights (UK GDPR)

You can exercise the following rights:

• Access – obtain a copy of your personal data and information about its processing.
• Rectification – correct inaccurate or incomplete data.
• Erasure – request deletion in certain circumstances (e.g. no longer needed, consent withdrawn).
• Restriction – limit processing in specific situations (e.g. while accuracy or legal basis is checked).
• Data Portability – receive your data in a structured, commonly used, machine‑readable format and have it sent to another controller where technically feasible.
• Object – object to processing based on legitimate interests, including related profiling, and object at any time to direct marketing.
• Automated Decision‑Making – not to be subject to decisions based solely on automated processing (including profiling) that produce legal or similarly significant effects. Quaisr does not currently use such processing.

To exercise these rights, email privacy@quaisr.com. Requests are acknowledged within 5 working days and normally completed within one calendar month (extendable by up to two further months for complex or numerous requests). Identity verification may be required.

Data Security

Quaisr applies technical and organisational measures, including:

• Encryption in transit (TLS 1.2+) and at rest (AES‑256 or equivalent).
• Regular vulnerability assessments, penetration tests, and security audits.
• Role‑based access controls and multi‑factor authentication.
• Employee security training, awareness, and phishing simulations.
• Documented incident response procedures (detection, assessment, containment, notification, remediation).
• Physical security at processing facilities (access control, surveillance, environmental protections).
• Regular backups and disaster recovery planning.

Quaisr holds SOC 2 Type II and JOSCAR certifications. While no system is completely secure, Quaisr commits to prompt and transparent incident response.

Children’s Privacy

The Service is not intended for individuals under 18, and Quaisr does not knowingly collect children’s data. If such data is identified without proper parental consent, it will be deleted. Suspected cases should be reported to privacy@quaisr.com.

Third‑Party Links and Services

The Service may link to third‑party sites or services not operated by Quaisr. Quaisr is not responsible for their content, privacy policies, or practices. You should review the privacy policies of any third‑party services you use.

Changes to This Policy

This Privacy Policy may be updated periodically to reflect changes in practices, law, or operations. Material changes will be communicated via the website and, where appropriate, by email or in‑product notifications. The "Last Updated" date on the policy indicates the latest revision. Continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Details

For questions, concerns, or rights requests:

• Privacy Email: privacy@quaisr.com
• Data Protection Officer: dpo@quaisr.com
• Post: Quaisr Ltd, London, United Kingdom

You may also lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.