Privacy Policy

The following information sets out who QMS International Ltd (“QMS”) are, information about other companies in the Citation Group and tells you about how we use your personal data and why. QMS is committed to ensuring that your information is secure, accurate and relevant. To prevent unauthorised access or disclosure, we have implemented suitable physical, electronic, and managerial procedures to safeguard and secure personal data we hold.

QMS International Ltd

Kings Court

Water Lane

Wilmslow

Cheshire

SK9 5AR

Registered in England No. 9512735

QMS is part of the Citation Group. A group of companies operating in aligned industries of Compliance, Education and Quality; together we provide a wider and more comprehensive range of services to our customers.

Our Group Companies Include:

QMS

Food Alert

Xact

HS Direct

EPM

P&R

SMAS

SMUK

Southall Associates

Avec

QMS acts as data processor. Further information about how we process your data as a processor can be found throughout this notice. Whilst we don’t share that data outside the Group, we do share it internally to help improve our service offering, to better support the needs of your business. Under data protection laws you have rights; if you think something is not quite right with the way we are handling your data please contact us in writing or via email. The email address is DPO@QMS.co.uk The following information sets out what you can expect in the way that we handle your data. Let us know if you think something is missing or you feel it is incorrect, we’d love to put it right.

We use cookies on our websites for a variety of reasons including remembering your settings, load balancing, marketing and analytics. They may collect information about your device, including your IP address (where available), operating systems and browser type. Cookies can be managed through your browser or through our cookie consent tool which appears when you first click on the website, here you can manage any non-essential cookies you don’t want.

The cookies we use for analytics, marketing and advertising are Google and Facebook. The cookies collect standard internet log information and details of visitor behaviour patterns. We use the cookies to analyse the number of visitors to the various parts of the site, which pages people prefer and those that we need to improve. This information can also be helpful in allowing us to understand what prospective clients are looking for, how easy our site is to navigate and how effective our site is. This information is anonymised and only processed in a way which does not identify anyone. For more information about them, follow the links below:

Google https://policies.google.com/privacy?gl=GB&hl=en

We use Facebook Custom Audiences to deliver advertisements to Website Visitors on Facebook based on email addresses we have collected and through information collected via cookies. You can learn more about Facebook Custom Audiences by visiting https://www.facebook.com/help/381385302004628/.

We also use other cookies which help with our advertising and link to advertising networks via Facebook.

Other cookies we use on our site and why:

SessionCam analytics tracking cookies

SessionCam is a session replay tool that we use to understand our website visitors’ journeys and interactions with the website, allowing us to deliver a better user experience.

SessionCam uses both first and third-party cookies to record sessions and generate aggregated insights that do not identify you as an individual. Cookies are set to expire one year after visitors leave the website.

Visitors can disable cookies at any time by updating their browser settings.

When you fill out a contact form on our website, we will use your details to answer your questions by the means that you have provided to us.

In both cases you are providing consent for us to contact you and we have a legitimate interest in opening a record to ensure that we have made contact and can track our communications, ensuring your questions and requests have been answered, and information that we have discussed can be recorded.

Once your request has been actioned the initial request will be deleted, if your initial request has turned into a record, this will be retained until it is no longer required. It’s a legitimate interest to retain a record of the communications we have had with companies that have expressed an interest in our services.

We use an external third party who is based in the UK to manage and host our website. We also use another third party to provide our out of hours online chat tool. If you use the Live Chat service, we may collect your name, email address, company name, phone number or any other personal details you choose to share with us at the time. For more information, please see https://www.livechatinc.com/legal/gdpr-faq/

We use social media (LinkedIn, Twitter & Facebook) to provide information, answer questions and to interact with you. If you have liked a post or followed us, the details you make available on the platform will be known to us and will be used on the platform in this regard. We might also use your contact data and any knowledge we have about your interests in certain areas which relate to QMS or other group companies to place adverts in front of you.

Any personal data is you put into the social media platform will be used by the platform provider for their own purposes.

As a client, if you provide us with a testimonial or similar comment to be published on our website, and/or is hard copy format we’ll do so only with your consent. These are retained indefinitely or until you ask us to remove them.

As clients, we will often ask you which other companies you know that would benefit from our services. This will often be done either by email, in person or the use of a third-party tool (this enables confidentiality of the referral so we can’t see it).

QMS use a combination of site-based consultancy and certification services as well as online platforms to support the maintenance of customer management systems.

Where we provide online services through one of our platforms, we are the data processor. As a prospect or customer, you are the data controller with responsibility for how the platform is used and the information that you provide.

We maintain and administer the platforms and therefore have access to the personal data contained within them. This is typically to help with specific queries or when general assistance is required. Our clients can cancel their subscription to this service (by following the cancellation procedure) and any data stored within shall be archived.

From time to time we will send general operational and service updates directly through the platform along with other information about products and services which are subscribed to by other similar clients. Some of these services will be targeted based on the what services you do and don’t access, and others will be generic to everyone.

To enable us to develop and communicate our platform-based services in a more effective way we export anonymised data and analyse it, to allow us to understand how the platform is used and if there are other area’s or services that we could offer to support our customers. Sometimes this will be reminders, on others it may be additional services. Any such areas shall be communicated to you through our platforms and can be stopped at any time by letting us know.

We use third party service providers in three areas. The first is for some direct marketing campaigns, these parties are only allowed to use the information to send out the publications. This is who we use:

GetResponse – https://www.getresponse.com/legal/privacy

The second is for the hosting of our platforms, we use Microsoft, a link to their privacy notice:

The third are analytic tools, the applications we use are:

Amazon AWS

Alteryx

Tableau

R/RStudio

Python

Ruler

In all cases they fulfil their obligations under Article 28 of the GDPR and all data is hosted in the EU or transferred using one of the lawful mechanisms set out in GDPR Chapter V.

Where promoting our services, we have three routes. The first is through inbound enquiries either directly, through social media posts or by providing your contact details when downloading content. The second is through opportunities presented by the rest of our Group to clients of other Group company services and in both cases is done in accordance with applicable data protection laws. Opting out, unsubscribing or objecting is your right, should you choose to do so, and it will be respected. We will not contact you again unless you become a customer of QMS, in which case we will keep you updated with new and existing products that we believe will be of interest to you.

As a new customer of QMS, you will be kept updated with new and existing products that we provide, which we think may be of interest for you.
If you have previously unsubscribed from our marketing emails before entering into a contractual relationship with QMS, please note that you will be automatically re-subscribed in order to ensure you receive all of the supporting material and additional content that we have created for our customers.
You are free to amend your preferences or unsubscribe from all marketing material at any time – and your decision to do so, after becoming a customer, will of course be respected.

If you sign up to our newsletters and other communications, you can easily unsubscribe at any time following this link. These communications are sent using a third-party tool which enables us to see how useful the content has been and if the email has been opened. This is done with the use of beacons and pixels in our emails

QMS is the data controller for the information you provide during the application process unless otherwise stated. Our ICO registration number is ZA155845. If you have any queries about the process or how we handle your information, please contact us on the details at the bottom of the page.

What will we do with the information you provide to us?

All information you provide during the application process will only be used for the purpose of progressing your application, or to fulfil a legal or regulatory requirement.

We will not share any of the information you provide during QMS’s internal recruitment process with any third parties for marketing purposes. The information you provide will be held securely by us. If you have provided your data in electronic form it shall be held securely in a third-party data centre within the EU.

We will use the contact details that you have provided to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.

What information do we ask for, and why?

We do not collect more information than we need to fulfil our stated purposes. The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for, but it might affect your application if you don’t.

Application stage

Applications may be received by email, by post or through a third-party recruitment agency. We will ask you for your personal details including name and contact information. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. Our recruitment team will have access to this information.

Assessments

We might ask you to participate in assessment days; complete tests or occupational personality profile questionnaires; and/or to attend an interview or a combination of these. Information will be generated by you and by us. For example, you might complete a written test, or we might take interview notes. This information is held by QMS.

If you are unsuccessful following assessment for the position you have applied for, we will retain your details for 12 months.

Conditional offer

If we make a conditional offer of employment, we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.

You will therefore be required to provide:

• Proof of your identity – you will be asked to attend our office with original documents, we will take copies.
• Proof of your qualifications – you will be asked to attend our office with original documents, we will take copies.
• You will be asked to complete a criminal records declaration to declare any unspent convictions.
• For certain positions we will contact you to complete an application for a Basic Criminal Record check via the Disclosure and Barring Service, which will verify your declaration of unspent convictions.

We will contact your referees, using the details you provide in your application, directly to obtain references

If we make a final offer, we will also ask you for the following:

• Bank details – to process salary payments
• Emergency contact details – so we know who to contact in case you have an emergency at work

Use of third-party recruitment

Where recruitment is concerned QMS is a data controller and where we use third party recruitment agencies, they are a joint controller. This is because they will try to place you with other organisations.

Where we use other third parties, including job sites that you have registered with, they are a data processor. We ensure that appropriate controls and contracts are in place with these third parties.

If you are employed by QMS, relevant details about you will be provided to a number of third party providers, including our payroll and pensions providers. All colleagues will be provided with a privacy notice to explain this in detail.

How long is the information retained for?

If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus an additional seven years following the end of your employment. This includes your criminal records declaration, records of any security checks and references.

If you have been unsuccessful at either the shortlisting stage or assessment stage your data will only be retained for 6 months except for your name. This will be kept for two years so that we have a record of who we have previously interviewed. This is a legitimate reason to ensure a consistent robust selection and recruitment process.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it. If this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Your rights

Under data protection legislation, you have rights as an individual which you can exercise in relation to the information we hold about you.

These rights include:

• The Right of Subject Access – this is the right to access data we hold about you and, where required, an explanation of that data.
• The Right to Rectification – this is the right to have inaccurate or incomplete data rectified.
• The Right to Erasure – this is also known as the ‘right to be forgotten’ and means that in certain circumstances you have the right to ask us to delete data we hold on you.
• The Right to Restrict Processing – this is where you can request that we restrict/block processing of personal data (but still retain it)
• The Right to Data Portability – this allows people to reuse their persona data by requesting it in a useable format.
• The Right to Object – this right allows you to object to us processing your personal data. This is typically related to processing based on legitimate interest, performance of a task in the public interest, direct marketing and processing for scientific or historical research.

You can read more about these rights here – https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/

Complaints or queries

QMS attempts to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of QMS collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.

If you want to make a complaint about the way we have processed your personal information, you can contact the Information Commissioner’s Office in their capacity as the statutory body which oversees data protection law – www.ico.org.uk/concerns.

Access to Personal information

QMS tries to be as transparent as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’, which must be submitted in writing to the address provided below. If we do hold information about you we will:

• Give you a description of it;
• Tell you why we are holding it;
• Tell you who it could be disclosed to; and
• Let you have a copy of the information in an intelligible form.

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

If we do hold information about you, you can ask us to correct any mistakes by contacting the Group Data Protection Officer.

Disclosure of personal information

In many circumstances we will not disclose personal data without consent, unless legally obliged to do or as part of contractual obligations with our customers (where you are a party to the agreement or service).

We may disclose your personal information to the following categories of recipients:

• To our Group companies (as identified at the top of this notice), third party services providers and partners who provide data processing services to us (for example, to support the delivery of, provide functionality on, or help to enhance the security of our Website), or who otherwise process personal information for purposes that are described in this Privacy Notice or notified to you when we collect your personal information.
• To any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
• To a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Notice;
• To enforce or apply our Terms of Service or other agreements or to protect HS Direct and its customers (including with other companies and organisations for the purposes of fraud protection and credit risk reduction)
• To any other person with your consent to the disclosure.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to contact us” heading below.

Links to other websites

This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

Changes to this privacy notice

We keep our privacy notice under regular review. This privacy notice was last updated on 15th January 2020

How to contact us

If you want to request information about our privacy policy, you can email us or write to:

Group Data Protection Officer
Kings Court
Water Lane
Wilmslow
SK9 5AR