The following information sets out who QMS International Ltd (“QMS”) are, information about other companies in the Citation Group and tells you about how we use your personal data and why. QMS is committed to ensuring that your information is secure, accurate and relevant. To prevent unauthorised access or disclosure, we have implemented suitable physical, electronic, and managerial procedures to safeguard and secure personal data we hold.
QMS International Ltd
Registered in England No. 9512735
QMS is part of the Citation Group. A group of companies operating in aligned industries of Compliance, Education and Quality; together we provide a wider and more comprehensive range of services to our customers.
Our Group Companies Include:
QMS acts as data processor. Further information about how we process your data as a processor can be found throughout this notice.
Whilst we don’t share that data outside the Group, we do share it internally to help improve our service offering, to better support the needs of your business.
Under data protection laws you have rights; if you think something is not quite right with the way we are handling your data please contact us in writing or via email. The email address is DPO@QMS.co.uk
The following information sets out what you can expect in the way that we handle your data. Let us know if you think something is missing or you feel it is incorrect, we’d love to put it right.
The cookies we use for analytics, marketing and advertising are Google and Facebook. The cookies collect standard internet log information and details of visitor behaviour patterns. We use the cookies to analyse the number of visitors to the various parts of the site, which pages people prefer and those that we need to improve. This information can also be helpful in allowing us to understand what prospective clients are looking for, how easy our site is to navigate and how effective our site is. This information is anonymised and only processed in a way which does not identify anyone. For more information about them, follow the links below:
We use Facebook Custom Audiences to deliver advertisements to Website Visitors on Facebook based on email addresses we have collected and through information collected via cookies. You can learn more about Facebook Custom Audiences by visiting https://www.facebook.com/help/381385302004628/.
We also use other cookies which help with our advertising and link to advertising networks via Facebook.
Other cookies we use on our site and why:
SessionCam analytics tracking cookies
SessionCam is a session replay tool that we use to understand our website visitors' journeys and interactions with the website, allowing us to deliver a better user experience. SessionCam uses both first and third-party cookies to record sessions and generate aggregated insights that do not identify you as an individual. Cookies are set to expire one year after visitors leave the website.
Visitors can disable cookies at any time by updating their browser settings.
When you fill out a contact form on our website, we will use your details to answer your questions by the means that you have provided to us.
In both cases you are providing consent for us to contact you and we have a legitimate interest in opening a record to ensure that we have made contact and can track our communications, ensuring your questions and requests have been answered, and information that we have discussed can be recorded.
Once your request has been actioned the initial request will be deleted, if your initial request has turned into a record, this will be retained until it is no longer required. It’s a legitimate interest to retain a record of the communications we have had with companies that have expressed an interest in our services.
We use an external third party who is based in the UK to manage and host our website. We also use another third party to provide our out of hours online chat tool. If you use the Live Chat service, we may collect your name, email address, company name, phone number or any other personal details you choose to share with us at the time. For more information, please see https://www.livechatinc.com/legal/gdpr-faq/
We use social media (LinkedIn, Twitter & Facebook) to provide information, answer questions and to interact with you. If you have liked a post or followed us, the details you make available on the platform will be known to us and will be used on the platform in this regard. We might also use your contact data and any knowledge we have about your interests in certain areas which relate to QMS or other group companies to place adverts in front of you.
Any personal data is you put into the social media platform will be used by the platform provider for their own purposes.
As a client, if you provide us with a testimonial or similar comment to be published on our website, and/or is hard copy format we’ll do so only with your consent. These are retained indefinitely or until you ask us to remove them.
As clients, we will often ask you which other companies you know that would benefit from our services. This will often be done either by email, in person or the use of a third-party tool (this enables confidentiality of the referral so we can’t see it).
QMS use a combination of site-based consultancy and certification services as well as online platforms to support the maintenance of customer management systems.
Where we provide online services through one of our platforms, we are the data processor. As a prospect or customer, you are the data controller with responsibility for how the platform is used and the information that you provide.
We maintain and administer the platforms and therefore have access to the personal data contained within them. This is typically to help with specific queries or when general assistance is required. Our clients can cancel their subscription to this service (by following the cancellation procedure) and any data stored within shall be archived.
From time to time we will send general operational and service updates directly through the platform along with other information about products and services which are subscribed to by other similar clients. Some of these services will be targeted based on the what services you do and don’t access, and others will be generic to everyone.
To enable us to develop and communicate our platform-based services in a more effective way we export anonymised data and analyse it, to allow us to understand how the platform is used and if there are other area’s or services that we could offer to support our customers. Sometimes this will be reminders, on others it may be additional services. Any such areas shall be communicated to you through our platforms and can be stopped at any time by letting us know.
We use third party service providers in three areas. The first is for some direct marketing campaigns, these parties are only allowed to use the information to send out the publications. This is who we use:
GetResponse - https://www.getresponse.com/legal/privacy
The second is for the hosting of our platforms, we use Microsoft, a link to their privacy notice:
The third are analytic tools, the applications we use are:
In all cases they fulfil their obligations under Article 28 of the GDPR and all data is hosted in the EU or transferred using one of the lawful mechanisms set out in GDPR Chapter V.
Where promoting our services, we have three routes. The first is through inbound enquiries either directly, through social media posts or by providing your contact details when downloading content. The second is through opportunities presented by the rest of our Group to clients of other Group company services and in both cases is done in accordance with applicable data protection laws. Opting out, unsubscribing or objecting is your right, should you choose to do so, and it will be respected. We will not contact you again unless you become a customer of QMS, in which case we will keep you updated with new and existing products that we believe will be of interest to you.
If you sign up to our newsletters and other communications, you can easily unsubscribe at any time following this link. These communications are sent using a third-party tool which enables us to see how useful the content has been and if the email has been opened. This is done with the use of beacons and pixels in our emails
QMS is the data controller for the information you provide during the application process unless otherwise stated. Our ICO registration number is ZA155845. If you have any queries about the process or how we handle your information, please contact us on the details at the bottom of the page.
What will we do with the information you provide to us?
All information you provide during the application process will only be used for the purpose of progressing your application, or to fulfil a legal or regulatory requirement.
We will not share any of the information you provide during QMS’s internal recruitment process with any third parties for marketing purposes. The information you provide will be held securely by us. If you have provided your data in electronic form it shall be held securely in a third-party data centre within the EU.
We will use the contact details that you have provided to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.
What information do we ask for, and why?
We do not collect more information than we need to fulfil our stated purposes. The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for, but it might affect your application if you don’t.
Applications may be received by email, by post or through a third-party recruitment agency. We will ask you for your personal details including name and contact information. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. Our recruitment team will have access to this information.
We might ask you to participate in assessment days; complete tests or occupational personality profile questionnaires; and/or to attend an interview or a combination of these. Information will be generated by you and by us. For example, you might complete a written test, or we might take interview notes. This information is held by QMS.
If you are unsuccessful following assessment for the position you have applied for, we will retain your details for 12 months.
If we make a conditional offer of employment, we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.
You will therefore be required to provide:
We will contact your referees, using the details you provide in your application, directly to obtain references
If we make a final offer, we will also ask you for the following:
Use of third-party recruitment
Where recruitment is concerned QMS is a data controller and where we use third party recruitment agencies, they are a joint controller. This is because they will try to place you with other organisations.
Where we use other third parties, including job sites that you have registered with, they are a data processor. We ensure that appropriate controls and contracts are in place with these third parties.
If you are employed by QMS, relevant details about you will be provided to a number of third party providers, including our payroll and pensions providers. All colleagues will be provided with a privacy notice to explain this in detail.
How long is the information retained for?
If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus an additional seven years following the end of your employment. This includes your criminal records declaration, records of any security checks and references.
If you have been unsuccessful at either the shortlisting stage or assessment stage your data will only be retained for 6 months except for your name. This will be kept for two years so that we have a record of who we have previously interviewed. This is a legitimate reason to ensure a consistent robust selection and recruitment process.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it. If this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Under data protection legislation, you have rights as an individual which you can exercise in relation to the information we hold about you.
These rights include:
You can read more about these rights here – https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
QMS attempts to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of QMS collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.
If you want to make a complaint about the way we have processed your personal information, you can contact the Information Commissioner’s Office in their capacity as the statutory body which oversees data protection law – www.ico.org.uk/concerns.
Access to Personal information
QMS tries to be as transparent as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’, which must be submitted in writing to the address provided below. If we do hold information about you we will:
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If we do hold information about you, you can ask us to correct any mistakes by contacting the Group Data Protection Officer.
In many circumstances we will not disclose personal data without consent, unless legally obliged to do or as part of contractual obligations with our customers (where you are a party to the agreement or service).
We may disclose your personal information to the following categories of recipients:
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to contact us” heading below.
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 15th January 2020
How to contact us
Group Data Protection Officer