Qush Security Privacy Notice

Header 2

This privacy notice tells you about the information we process about you whilst you utilise business services provided by QUSH, and in some aspects after you cease using those services. In delivery of our business services information at time we serve data processors and, by law, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data.

Who we are?

This privacy notice tells you about the information we process about you whilst you utilise business services provided by QUSH, and in some aspects after you cease using those services. In delivery of our business services information at time we serve data processors and, by law, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data.

What do we do?

Qush provides business Cyber security services in the form of the Qush Reveal Cloud services.

Our customers utilise the online Cloud services we provide. The utilisation of such systems results in information of the usage being captured in the system history and related logs.

This information is held for our legitimate interests around business contract delivery, quality of service delivery and legitimate interests around subjects such as cyber-security and crime prevention.

For the Qush Reveal product: we process Customer Data. “Customer Data” includes, but is not limited to (i) information which identifies or could reasonably be used to identify any natural person, including without limitation a person’s first and last name, home or other physical address, telephone number, fax number, email address, social security number, driver’s license, government issued identification card, UDID, IP address, etc., (ii) data collected directly from a user via an application’s user interface (name, address, date of birth), (iii) data that is gathered indirectly, such as mobile phone numbers, IMEI, or UDID, and (iv) data gathered about a user’s behaviour, such as purchase and transactional information, location data, web browsing data or the applications used which is linked to a unique profile.

We do not use the information gathered to make any automated decisions that might affect you.

Where is the data stored that we process

Information relating to security logs involves storage on Qush servers within secured third party data centres. EU customer data is stored within the EEA and US customer data is stored on a data centre in the US.

How long is the data stored?

All information is held in line with the Qush Retention Policy. For the Qush Reveal Cyber service this is normally 3 months.


What we will do

We will only process the personal data on instructions from a Controller

If we become aware of a personal data breach, we will notify the relevant controller without undue delay

We will ensure that any transfer outside the UK/EEA is authorised by the Controller and complies with the GDPR’s transfer provisions.

We will not engage another processor (i.e. a sub-processor) without the Controller’s prior specific or general written authorisation.

As a data processor we will sometimes need to assist the data controller in facilitating requests made by individuals, i.e. if requested, delete any data we are processing on behalf of a controller.

Further information on what we process is contained in Exhibit A, the Data Processing Addendum, of QUSH’s Master Services Agreement available on the Qush website.

 

Your right to complain

If you have a complaint about our use of your information, we would prefer you to raise it with us in the first instance by emailing dpo@qush.com to give us the opportunity to put it right, in the UK you as escalation you can contact the Information Commissioner’s Office via their website at www.ico.org.uk/concerns or write to them at:

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF