Quantum Controls has produced this privacy statement in order to keep you informed on how we handle your personal data. All handling of your personal data is done in compliance with (i) the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Data Protection Act of 2018, prevailing Privacy and Electronic Communication Regulations (PECR) and any other legislation in force from time to time in any jurisdiction which implements it; (ii) any legislation in force in any jurisdiction implementing Directive 2002/58/EC or any successor thereof; and (iii) any other applicable national privacy legislation or regulations, and any guidance or codes of practice issued in respect of such legislation by data protection regulators.
Since personal data (“Personal Data”) of users and customers (collectively “Users“) of this Site may be processed in the European Union, notably in Italy, any processing of Personal Data will be conducted in compliance with applicable European laws.
Your Personal Data will be processed to provide the services you subscribed to or reserved for registered users, to facilitate your navigation of and shopping from the website and to keep you informed of Quantum Controls Ltd. news and offers.
Quantum Controls Ltd. is the sole controller of Personal Data collected and processed for purpose of rendering the e-commerce services and the sale of products (herein the “Commercial Purposes“) through the Site.
Quantum Controls Ltd. Trading Limited is the sole data controller of the Personal Data processed for marketing purposes, notably to send to Users, also through newsletter, information and updates on its products, offers, exclusive sales, promotional campaigns and on events and similar initiatives organized by Quantum Controls Ltd. (herein the “Marketing Purposes“).
1. OUR POLICY
Everyone has the right to protection of his/her Personal Data. We respect Users’ right to be informed regarding the collection of and other operations involving their Personal Data. In using data that may directly or indirectly identify you personally, we will apply a principle of strict necessity. For this reason, we have designed the Site in such a way that the use of your Personal Data will be kept to a minimum and will not exceed the purposes for which your Personal Data was collected and/or processed; we do not process your Personal Data when we can provide you with services through the use of anonymous or traffic data (such as marketing research made for improving our services, browsing data processed to provide you with customized contents or offers adapted to your preferred language, your location, etc.) or by other means which allow us to identify you, apart from when it is strictly necessary or upon request by competent public authorities or the police (for example, in case of traffic data or your IP address).
2. WHO COLLECTS AND PROCESSES YOUR PERSONAL DATA, HOW AND FOR WHICH PURPOSES?
Quantum Controls Ltd. is the only controller of your Personal Data as we determine the Commercial Purposes and means of processing Personal Data. For the Commercial Purposes only, Quantum Controls Ltd. has appointed certain entities that will also process Personal Data relating to the Site’s Users (herein the “Processors“).
The above mentioned service providers and Processors have been chosen because of their experience in processing Personal Data and they provide sufficient guarantees regarding compliance with data protection laws (including the technical security measures governing the processing to be carried out). In processing the Personal Data for Commercial Purposes, the Processors shall act only under the instructions from Quantum Controls Ltd. We frequently check to assure that the Processors continue to work to our standards.
Some of the Processors of your Personal Data appointed by Quantum Controls Ltd. are:
Name of courier, for shipping, delivering and returning products purchased on www.quantum-controls.co.uk
For the Commercial Purposes, we collect your Personal Data (such as personal details, e-mail address, address, Credit Card numbers, bank code, tax code and telephone number, etc.) on your order form only for the purpose of selling the products ordered by you. Your Personal Data is mostly processed by electronic means and, in some circumstances, by paper-based means, such as when the processing of your Personal Data is required for preventing fraud on the Site. Your Personal Data shall be stored in a way which allows us to identify you for the period necessary for the purposes which the data was collected for and subsequently processed and, in any case, in accordance with applicable laws. Please report any modification of your Personal Data to our Customer Care e-mail ([email protected]) and enter ‘Privacy’ as the topic in the subject line or through your personal account on the Site in order to ensure that your Personal Data is always accurate and up-to-date, relevant and complete. Your Personal Data shall not be disclosed to third parties other than us for purposes which are not permitted by law or without your consent.
Aside from the Processors appointed for Personal Data processing, your Personal Data will be made available also to third parties, autonomous controllers, for purposes related to supplying services requested by Users (for example, for purchase transactions) or for purposes of third parties.
Also, your Personal Data may be disclosed to the police or to judicial authorities, according to applicable laws and upon a formal request by such entities, for example in the event we need to prevent fraud on the Site (anti-fraud services).
Data processors will also have access to your Personal Data as stated in section 2 for the specific purposes stated therein. In all the above circumstances, your consent for data processing is not required as Personal Data Processing would be necessary for the performance of Commercial Purposes.
3. WHAT HAPPENS IF YOU DO NOT DISCLOSE YOUR PERSONAL DATA TO US?
Granting your Personal Data to us (in particular, your personal details, your e-mail address, your address, your Credit/Debit Card numbers and bank code and your telephone number) is necessary for processing your order for the purchase of products on our Site, supplying other services provided on the web site upon your request, or when your Personal Data is needed to fulfil obligations required by law or regulations. The refusal to provide us with some of your Personal Data necessary for performing the above purposes may consequently prevent us from processing your order for the purchase of products sold on the Site or fulfilling obligations required by law and other regulations. Therefore, failing to provide Personal Data may constitute, in some cases, a legitimate and justified reason for not processing your order for the purchase of products sold on the Site or not providing the Site’s services.
Disclosure of further Personal Data to us other than that required for fulfilling legal or contractual obligations and to be properly browse our services with necessary traffic data is, on the contrary, optional and does not have any effect on the use of the Site and of its services or on the purchase of products on the Site. We will inform you at every step whether disclosing your Personal Data to us is compulsory or optional by marking with an appropriate asterisk symbol (*) the information that is compulsory or data needed for the purchase of products on the Site.
4. TO WHOM YOUR PERSONAL DATA WILL BE DISCLOSED?
Personal Data will be disclosed to third party companies that provide, on behalf of Quantum Controls Ltd., specific services as data Processors or to other recipients of Personal Data collected by us that process your Personal Data only for the Commercial Purposes and, in any case, according to applicable laws and regulations.
Except for to the above mentioned third parties, Personal Data will not be disclosed to any other third parties or disseminated or transferred without informing our Users of such disclosure/dissemination/transfer.
5. SECURITY MEASURES
All staff undergo a training and awareness in all aspects of Data Protection.
The Site uses automatic systems of traffic data collection, such as cookies. A cookie is a file stored on the hard disk of the terminal of an Internet user; it does not contain intelligible information but it allows linking between a terminal and other information about User’s experience on the Site and his/her preferences expressed while choosing services and purchasing products offered by the Site) provided by the Users. For Cookies disseminated by our servers, no one else may gain access to the information contained therein. These information and data are gathered directly and automatically by the Site. The information collected by cookies will be processed in order to optimize the services of the Site. We have provided cookies in connection to functions such as selecting the country, the language, the location, browsing the catalogue, purchasing products online and in general in connection with the provision of services reserved to registered customers. Each Internet browser allows the blocking or the deletion of cookies. Your Internet browser contains instructions on these procedures. Please access the information on your Internet browser if you wish to delete cookies.
7. LIST OF COOKIES WE COLLECT
The table below lists the cookies we collect and what information they store.
8. LEGITIMATE INTEREST
We wish to inform you that we may process your Personal Data also without your consent in certain circumstances provided by laws. Legitimate interests are a lawful basis upon which the GDPR permits the processing of an individual’s personal data.
To determine whether we have a legitimate interest in processing your data, we balance the needs and benefits to us against the risks and benefits for you of us processing your data. This balancing is performed as objectively as possible by our Data Protection Co-ordinator. You are able to object to our processing and we shall consider the extent to which this affects whether we have a legitimate interest.
9. YOUR RIGHTS UNDER GDPR
Your rights arising under GDPR include:
- The right to be informed of how your Personal Data is used (through this statement);
- The right to access any personal data held about you;
- By emailing ([email protected]) you have the right to withdraw consent at any time;
- The right to rectify any inaccurate or incomplete personal data held about you;
- The right to erasure where it cannot be justified that the information held satisfies any of the criteria outlined in this policy, or where you have withdrawn consent;
- The right to prevent processing for direct marketing purposes, scientific/historical research or in any such way that is likely to cause substantial damage to you or another, including through profile building; and
- The right to object to processing that results in decisions being made about you by automated processes and prevent those decisions being enacted.
10. OPT-IN/OPT OUT
Each time your consent is required, Quantum Controls Ltd. will inform you in advance and will give you the option to either provide or refuse your consent for the use of your Personal Data, including your e-mail address, for the above purposes, by ticking the appropriate boxes.
We wish to inform you that we may process your Personal Data also without your consent in certain circumstances, such as when such processing is necessary for performing a legal obligation to which we are subject or when such processing is necessary for performing obligations undertaken in contracts with the users.
To the extent of applicable laws and subject to your rights, your personal data may be processed by us for sending you advertising or offers for Marketing Purposes about products and services unless you object to it at any time, either when Your personal data has been collected or at any time, notably when receiving any offer from Us.
In any case, we wish to inform you that we guarantee that the users may exercise, at any time and without having to state their reasoning, their right not to receive future communications connected to particular services upon request.
11. LINKS TO OTHER WEB SITES
12. HOW LONG WILL YOUR PERSONAL DATA BE KEPT?
We hold different categories of personal data for different periods of time. Wherever possible, we will endeavour to minimise the amount of personal data that we hold.
- If ‘consent’ is the basis for our lawful processing of your data, we will retain your data so long as both the purpose for which it was collected, and your consent, is still valid. We review the status of your consent every twelve (12) months and treat non-response to our requests for renewal of consent as if they were your request to withdraw consent. Occasionally, we might identify a legitimate interest in retaining some of your personal data that has been obtained by consent. If we do, we will inform you that we intend to retain it under these conditions and identify the interest specifically.
- If we process your data on the basis of ‘legitimate interests’, we will retain your data for so long as the purpose for which it is processed remains active. We review the status of our legitimate interests every twelve (12) months and will update this notice whenever we determine that either a legitimate interest no longer exists or that a new one has been found.
- All categories of personal data that are held by us because they are essential for the performance of a contract, will be held for a period of six years, as determined by reference to the Limitations Act 1980, for the purposes of exercising or defending legal claims.
13. DATA BREACHES UNDER GDPR
The GDPR introduces a duty on us to report certain types of personal data breach to the Information Commissioner’s Office (ICO). In situations where the likelihood and severity of the resulting breach creates a risk to your rights and freedoms will notify you without undue delay and the ICO 72 hours of becoming aware of the breach, where feasible.
If the breach is likely to result in a high risk of adversely affecting your rights and freedoms, we will also inform you without undue delay.
15. GOVERNING LAW
– the UK Data Protection Act 2018, incorporating GDPR and PECR for the other Processing of Personal Data carried out by Alexander McQueen Trading Limited as a data controller for any other processing operations.