Privacy Policy

We are Quortus Limited, a company registered in England and Wales with registered number 04276565 and normal place of business at Building A, Riverside Way, Camberley, England, GU15 3YL. Our Data Protection Lead can be contacted at enquiries@quortus.com.

We have produced this privacy notice in order to keep you informed of how we handle your personal data. All handling of your personal data is done in compliance with the General Data Protection Regulation (EU) 2016/679 (“Data Protection Legislation”). The terms “Personal Data”, “Special Categories of Personal Data”, “Personal Data Breach”, “Data Protection Officer”, “Data Controller”, “Data Processor”, “Data Subject” and “process” (in the context of usage of Personal Data) shall have the meanings given to them in the Data Protection Legislation. “Data Protection Lead” is the title given to the member of staff leading our data protection compliance programme in lieu of a requirement for a Data Protection Officer.

What are your rights?

When reading this notice, it might be helpful to understand that your rights arising under Data Protection Legislation include:

The right to be informed of how your Personal Data is used (through this notice);
The right to access any personal data held about you;
The right to rectify any inaccurate or incomplete personal data held about you;
The right to erasure where it cannot be justified that the information held satisfies any of the criteria outlined in this policy;
The right to prevent processing for direct marketing purposes, scientific/historical research or in any such way that is likely to cause substantial damage to you or another, including through profile building; and
The right to object to processing that results in decisions being made about you by automated processes and prevent those decisions being enacted.

You can exercise your right to access personal data held about you by emailing enquiries@quortus.com with the subject line: “Subject Access Request”. When you submit a ‘subject access request’, you will need to provide confirmation of your identity. This is provided free of charge and our response will be made within thirty (30) days, unless our Data Protection Lead deems your request as being excessive or unfounded. If this is the case, we will inform you of our reasonable administration costs in advance and/or any associated delays, giving you the opportunity to choose whether you would like to pursue your request. If you believe we have made a mistake in evaluating your request, please see the section ‘Who can you complain to?’.

If you have questions about any of the rights mentioned in this section, please contact our Data Protection Lead at enquiries@quortus.com.

Who is the Data Controller?

Quortus Limited is the Data Controller.
What are the lawful bases for processing personal data?
Under Data Protection Legislation, there must be a ‘lawful basis’ for the use of personal data. The lawful bases are outlined in Article 6, Section 1 of the GDPR. They are sub-sections:
a) ‘your consent’;
b) ‘performance of a contract’;
c) ‘compliance with a legal obligation’;
d) ‘protection of your, or another’s vital interests’;
e) ‘public interest/official authority’; and
f) ‘our legitimate interests’.

What are Quortus Limited’s ‘legitimate interests’?

Legitimate interests are a flexible basis upon which the law permits the processing of an individual’s personal data. To determine whether we have a legitimate interest in processing your data, we balance the needs and benefits to us against the risks and benefits for you of us processing your data. This balancing is performed as objectively as possible by our Data Protection Lead. You are able to object to our processing and we shall consider the extent to which this affects whether we have a legitimate interest. If you would like to find out more about our legitimate interests, please contact enquiries@quortus.com.

About our processing of your data

We might collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:

Identity Data such as forename and surname.

Contact Data such as email addresses and telephone numbers.

Technical Data such as such as IP addresses; login data; browser info; time zone; location; browser plug-ins; operating systems; platforms and other technology on the device used to access this website.

Marketing and Communications Data such as your preferences about receiving communications from Quortus Limited.

Reference	What categories of information about you do we process?	Why are we processing your data?	Where did we get your personal data from?
Account Creation	Identity Data Contact Data	We process your personal data in order to allow you to create an account on our web portal. This processing is conducted lawfully on the basis of ‘performance of a contract’.	Directly obtained from you.
Maintenance and Support	Identity Data Contact Data	We process your personal data in order to be able to provide you with our maintenance and support services. This processing is conducted lawfully on the basis of ‘performance of contract’.	Directly obtained from you.
Marketing	Identity Data Contact Data Marketing and Communications Data	If you are a current or previous customer – provided that you haven’t opted-out before or since we collected your personal data – we may occasionally send you marketing related to the services that you purchased. This processing is conducted lawfully on the basis of ‘legitimate interests’.	Directly obtained from you.

How long will your personal data be kept?

Quortus Limited holds different categories of personal data for different periods of time. Wherever possible, we will endeavour to minimise the amount of personal data that we hold and the length of time for which it is held.

If we process your data on the basis of ‘legitimate interests’, we will retain your data for as long as the purpose for which it is processed remains active. We review the status of our legitimate interests every twelve (12) months and will update this notice whenever we determine that either a legitimate interest no longer exists or that a new one has been found.
All categories of personal data that are held by us because they are essential for the performance of a contract will be held for a period of six years, as determined by reference to the Limitations Act 1980, for the purposes of exercising or defending legal claims.

Who else will receive your personal data?

Quortus Limited passes your data to the third parties listed in the section ‘Third Party Interests’ below.

Does your data leave the EU?

Yes. Details are included in the section ‘Third Party Interests’ below.

Third Party Interests

Name/Category of Third Party Controller	What processing are we performing for them?	If applicable – who is their representative within the EU?
HMRC, regulatory authorities or other authorities	We are joint Controller with these authorities who require reporting of processing in some situations.	N/A

Name/Category of Third-Party Processor

Purposes for carrying out processing

If applicable – where does data leaving the EEA go and what safeguards are in place?

Internal technology providers

Telephony providers

Office software providers, such as email clients

CRM software providers

We might use providers located outside the EEA. These providers are bound by the contractual provisions of the EU Commission’s model clauses.

Marketing technology providers

External marketing support and email marketing services to keep in touch with you and send you our marketing emails and develop new relationships with potential clients.