Privacy Policy

Qualis Group (including its subsidiaries) is a data controller pursuant to the General Data Protection Regulation 2016 (the ‘GDPR’). This means that the Group decides how your personal data is processed and for what purposes. The Group is committed to protecting your personal data and respecting your right to privacy.

The Group will obtain information about you when you contact them, when you request the provision of specific services or when you use its website or other forms of communication, such as the completion of an online form

This privacy policy explains how the Group collects, uses and protects the personal data that it holds. The privacy policy applies to all the data we as a Group collect whether this is by letter, email, telephone, online, face-to-face or any other method.

The privacy policy does not provide exhaustive detail of all aspects of the Group’s collection and use of personal data. If you wish to obtain further information about the way that the Group processes your personal data, you should contact the Information Governance Lead.

What information do we collect about you?

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the GDPR and its principles.

The types of personal information that the Group collects about you might include your name, address, email address, IP address, and other information that is relevant to the enquiry that you make or the service that you request. This may include financial information and payment card information when making any payments or accessing certain applications to the Group. If you make a payment online, your payment account information is not held by the Group, as this information is collected by our third party payment processors who specialise in the secure online capture and processing of credit/debit card transactions.

Why do we collect this information and how will it be used?

The Group provides a wide range of services. In order to do this, it has to collect certain information and details about people who contact it or request the provision of such services.

The information that the Group collects will only be used for the purpose for which you have provided it and for the provision of services that you request. Your information will not be used for any other purpose unless you have given your consent, or this is otherwise required or permitted by law.

If you choose to give the Group your personal information, it will use that information to respond to your enquiry and will only pass your details to another organisation if it is required by law or that organisation is relevant to your enquiry. The Group does not collect or sell personal information for commercial purposes and will not share your information with third- parties for marketing purposes but it may be used for research purposes.

We comply with our obligations under the GDPR, by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data;

by protecting it from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We use leading technologies and encryption software to safeguard your data and keep strict security standards to prevent any unauthorised access.

How long do we keep your information?

The Group will only keep your personal data for as long as is necessary for the purpose for which we are processing it, unless we have a legitimate reason for keeping it, for example, any legal requirement to keep the data for a set time period.

Where legislation does not dictate a specific retention period, we have adopted a retention policy to ensure that no data is kept for longer than necessary after processing has taken place. Where we do not need to continue to process your personal data, it will be securely destroyed.

The lawful basis for processing your information

Depending on how we are processing your personal data, will determine the legal basis for processing. Where the purpose for processing your personal data has changed, we will seek your consent. In certain circumstances, you will be able to withdraw your consent to the processing of your personal data.

Complaints

The Group strives to meet the highest standards when collecting and using personal information. For this reason, it takes any complaints about such matters very seriously. The Group encourages people to bring it to its attention any instances where its collection or use of personal data is considered to be unfair, misleading or inappropriate.

If you wish to make a complaint about the way the Group has processed your personal information, you should contact the Information Governance Lead.

Your rights

You can access the personal data that the Group holds about you by submitting a Subject Access Request. This request must be in writing and clearly specify the information that you require. An application form is available upon request to assist you to submit a request.

There are various other rights that you can exercise as an individual in relation to the information that the Group collects and holds about you, including:

• the right to be informed;
• the right to rectification;
• the right to erasure;
• the right to restrict processing;
• the right to data portability;
• the right to object; and
• rights in relation to automated decision making and

Information about each of these rights is available upon request.

Disclosure of personal information

Depending on the purpose for which we originally obtained your personal data and the use to which it is to be put, it may be shared with other organisations. For example, personal data may be shared, where necessary, with other organisations that provide services on our behalf. In such cases, the personal data provided is only the minimum necessary to enable them to provide services to you.

The Group will not generally disclose personal data without your consent. However, there may be occasions when it may need to share personal information with other relevant bodies.

The Group may check information that you have provided, or information about you that someone else has provided, with other information that it holds. The Group may also obtain information about you from other organisations, or disclose information to such organisations, to:

• prevent or detect crime;
• protect public funds; and
• make sure information is

Such third parties include government departments, local authorities and private-sector companies such as banks, organisations that may lend you money and companies that assist the Group in fraud detection and prevention, such as Credit Reference Agencies.

The Group will not give information about you to anyone else, or use information about you for other purposes, unless the law allows it to. Where we require your consent to share or disclose your personal data, we will seek your consent.

Transferring your information outside of Europe

The Group may transfer your personal data to countries outside the European Union (EU), which may not have similar data protection laws to the United Kingdom. If the Group transfers your information outside of the EU in this way, it will take steps to ensure that appropriate security measures are in place to ensuring that your privacy rights continue to be protected as outlined in this Policy. If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.

Links to other websites

This privacy policy only relates to personal data processed by the Qualis Group. The policy does not cover links within the Group’s website to other websites. The Group, therefore, encourages you to read the privacy statements available on other websites that you visit.

The Group is not responsible for the privacy practices of other websites, even if you access them using links from the Group’s website. In addition, if you linked to the Group’s website from a third-party site, the Group is not responsible for the privacy policies and practices of

the owners and operators of that third-party site and recommend that you check the policy of such a third-party site.

Changes to this Privacy Policy

The Group keeps this privacy notice under regular review.

How to contact us

The Qualis Group’s Information Governance Lead can be contacted as follows:

Qualis Group Ltd – Information Governance Lead

Nathalie Boateng
Epping Forest District Council,
Civic Offices,
High Street,
Epping,
Essex, CM16 4BZ.

contactlegal@eppingforestdc.gov.uk