Quintessa

This privacy policy describes the information we collect and the way we use it. It was last updated on 23 May 2018. Other company policies, including the company's general privacy policy, are provided on the Policies page.

Contents

  1. Introduction
  2. Quintessa's Guarantee
  3. The Personal Data Quintessa Collects
  4. Your Rights

1. Introduction

This privacy policy describes the personal data Quintessa collects via the https://www.quintessa.org/ website, the way we use them and your associated rights.

Quintessa is committed to being open and transparent about our use of data. Any personal data that we collect is handled in accordance with the EU General Data Protection Regulation (GDPR). In the United Kingdom, GDPR is regulated by the Information Commissioner’s Office (ICO), which maintains its own guide to GDPR. Any questions you may have in relation to this privacy policy should be addressed to Quintessa’s Data Protection Coordinator via or the address below. Unresolved complaints may be forwarded to the ICO.

Quintessa’s registered office is: The Hub, 14 Station Road, Henley-on-Thames, Oxfordshire, RG9 1AY, United Kingdom, and its business registration number is: 3716623.

2. Quintessa’s Guarantees

Quintessa makes the following guarantees with respect to the personal data referred to in this privacy policy.

  • The data are used to carry out the activities defined in this privacy policy and for no other purpose.
  • Personally identifiable data are stored on servers under Quintessa’s control within the United Kingdom. Some non-personally identifiable data may be transferred to Google Analytics service, which is stored on Google’s servers worldwide, as described in Section 3.7.

3. The Personal Data Quintessa Collects

Quintessa collects personal data if you choose to provide us with them for a given purpose, such as signing up to a newsletter or downloading software from our website. We also collect technical information associated with your visits, as recorded by the webserver and as provided by your web browser, primarily for webserver management, diagnostics and information security. Full details of personal data collected are provided in the following subsections.

3.1. Newsletter Subscribe/Unsubscribe Forms

This concerns data provided voluntarily by visitors when they sign up to Quintessa newsletters.

What data do we collect?

E-mail address, date, and whether the visitor wishes to subscribe or unsubscribe from a given newsletter.

Why do we collect them?

  • To manage requests for changes to newsletter subscriptions.
  • To maintain records of consent and consent withdrawal.

With whom do we share them?

We will not share your personal data with third parties, except in the following circumstances.

  • We may share your data if required to do so by law.
  • In the case of a formal external audit of Quintessa’s systems, your data may be viewed within our company premises and network by the auditor who is required to maintain absolute confidentiality.

For how long are they kept?

Until you ask us to delete the data.

What is the legal basis for processing the data?

Under GDPR, the legal basis for processing the data is “Consent”. See Section 4 for information on your associated rights.

3.2. Software Download Processes

This concerns data provided by visitors in a series of forms before downloading software from our website. Some software download processes collect information required to initiate licence agreements. Such licence agreement data is covered by in Section 3.3.

What data do we collect?

The information requested varies between software downloads, but may involve contact details, reasons for wishing to download the software and communication preferences. Some data are mandatory to complete the process, while some are not.

Why do we colect them?

  • To understand who is downloading software and why, so that we can continue to provide relevant software downloads.
  • To ensure we have a means of contacting such users if software defects are identified.
  • To notify such users about software updates or software-related news. The exact purpose depends on the specific software and is made clear at the time the user provides the data.

With whom do we share them?

We will not share your personal data with third parties, except in the following circumstances.

  • We may share your data if required to do so by law.
  • In the case of a formal external audit of Quintessa’s systems, your data may be viewed within our company premises and network by the auditor who is required to maintain absolute confidentiality.

For how long are they kept?

Until you ask us to delete the data.

What is the legal basis for processing the data?

Under GDPR, the legal basis for processing the data is “Consent”. See Section 4 for information on your associated rights.

3.3 Software Download Processes with a Licence Agreement

Certain software download processes on our website have a licence agreement component. This concerns the data we collect to process that licence agreement.

What data do we collect?

The information requested varies between software downloads. It includes any data necessary to identify an individual for the purpose of processing the licence agreement, such as their name and address.

Why do we collect them?

To manage the contract through which a visitor may use or purchase the software.

With whom do we share them?

We will not share your personal data with third parties, except in the following circumstances.

  • We may share certain data with trusted service providers for the purposes of fulfilling the contract only.
  • We may share your data if required to do so by law.
  • In the case of a formal external audit of Quintessa’s systems, your data may be viewed within our company premises and network by the auditor who is required to maintain absolute confidentiality.

For how long are they kept?

For a minimum of 10 years from the termination of any such agreement.

What is the legal basis for processing the data?

Under GDPR, the legal basis for processing the data is “Contract”. See Section 4 for information on your associated rights.

3.4. Software Download Technical Information

This concerns technical data that are collected when a visitor proceeds to activate a software download via our website.

What data do we collect?

Technical information provided by the visitor's browser, including web address of the download, time of the download, browser type and version, operating system, and IP address.

Why do we collect them?

To enable fault diagnosis and technical support associated with software downloads (e.g. to help us support a range of web browsers).

With whom do we share them?

We will not share your personal data with third parties, except in the following circumstances.

  • We may share your data if required to do so by law.
  • In the case of a formal external audit of Quintessa’s systems, your data may be viewed within our company premises and network by the auditor who is required to maintain absolute confidentiality.

For how long are they kept?

Until you ask us to delete the data.

What is the legal basis for processing the data?

Under GDPR, the legal basis for processing the data is “Legitimate Interests”. See Section 4 for information on your associated rights.

3.5. Web Server Access Logs

This concerns data that are collected by the web server as it handles requests for web content.

What data do we collect?

Technical information associated with each website request, such as the IP address from which the request was made, the time and page requested, and also including information provided by the visitor's browser, such as the user-agent string (identifying the browser type and version) and the origin of the request.

Why do we collect them?

  • To control and manage the web server and its associated traffic, including for fault diagnosis (e.g. to help us support a range of web browsers).
  • For information security, including identification of malicious traffic or non-human traffic such as bots.
  • On occasion, we also combine this with information about software downloads to determine what other pages on the website visitors with that IP address have accessed, and the country or country-region associated with the download. This is to help us understand the software downloader’s likely interests better, and so ensure that members of staff with relevant experience are involved in any communications with them from the outset.

With whom do we share them?

We will not share your personal data with third parties, except in the following circumstances.

  • We may share your data if required to do so by law.
  • In the case of a formal external audit of Quintessa’s systems, your data may be viewed within our company premises and network by the auditor who is required to maintain absolute confidentiality.

For how long are they kept?

For a minimum of 10 years.

What is the legal basis for processing the data?

Under GDPR, the legal basis for processing the data is “Legitimate Interests”. See Section 4 for information on your associated rights.

3.6. Content Security Policy Reports

Quintessa utilises standard web technology called Content Security Policy to help ensure that the website content is delivered exactly as it was intended. This concerns data submitted by the user’s browser to Quintessa when it identifies that an attempt has been made to interfere with the intended rendering of the content.

What data do we collect?

Technical information associated with the content security policy infringement, such as the IP address from which the request was made, the time and page requested, and also including information provided by the visitor's browser, such as the user-agent string (identifying the browser type and version) and the origin of the request.

Why do we collect them?

We collect the data as a security measure, which:

  • helps us identify and prevent loading of erroneous resources within our own website content; and which
  • may also help to identify and prevent viruses, malware and malicious browser extensions on the visitor’s system from interfering with the loading of the website content.

With whom do we share them?

We will not share your personal data with third parties, except in the following circumstances.

  • We may share your data if required to do so by law.
  • In the case of a formal external audit of Quintessa’s systems, your data may be viewed within our company premises and network by the auditor who is required to maintain absolute confidentiality.

For how long are they kept?

Typically, about one year.

What is the legal basis for processing the data?

Under GDPR, the legal basis for processing the data is “Legitimate Interests”. See Section 4 for information on your associated rights.

3.7. First-party Cookies set by Google Analytics

Quintessa uses Google Analytics to help analyse web traffic. This concerns the cookies set and the data collected through our use of that service. Please see Google's privacy policy for further details.

The data collected do not, on their own, personally identify any user, but could theoretically be used to do so using advanced tools provided by Google. Quintessa guarantees that it will not use Google's tools to this. We only look at data from all users aggregated over the period of a day or more to assess: trends; the impact of various events such as newsletter distribution; and routes taken by visitors through the website.

If you do not wish to allow Google Analytics to collect data as you browse the web, you may opt-out of data collection via Google Analytics. Alternatively, you may configure your browser to block access to scripts originating from the domain www.google-analytics.com or use one of the various browser extensions available.

What data do we collect?

A random identifier associated with the user and certain usage statistics are stored in first party cookies. Data provided by the user's browser (such as browser type, operating system and IP address) are collected, processed (see below) and associated with the identifier and transferred to the Google Analytics service and associated with Quintessa’s account. The service is configured to transmit partial IP addresses only, allowing for coarse location determination only (e.g. country or country region).

Why do we collect them?

  • To analyse usage of our website by website users.
  • To identify when visitors have followed an advertisement placed by Quintessa on an external website and arrived on our website, and to determine whether they proceed to certain location or undertake certain actions subsequently. This is to allow Quintessa to assess the effectiveness of advertising campaigns.

With whom do we share them?

We will not share your data with third parties other than Google LLC (as explained in the introduction to Section 3.7), except in the following circumstances.

  • We may share the data if required to do so by law.
  • In the case of a formal external audit of Quintessa’s systems, the data may be viewed within our company premises and network by the auditor who is required to maintain absolute confidentiality.

For how long are they kept?

Cookie duration is up to two years, or until deleted from the browser by the user. From 25 May 2018, data will be kept by Google for a period of up to 50 months. (Prior to that date, the duration was unknown as it was not specified by Google, nor configurable.)

What is the legal basis for processing the data?

Under GDPR, the legal basis for processing the data is “Legitimate Interests”. See Section 4 for information on your associated rights.

3.8. Session Cookies

This concerns the session cookie that is part of the basic functionality of our website. If blocked or deleted by the user, certain aspects of the website, such as software downloads and newsletter subscription management, may not function.

What do we collect?

A random identifier associated with the user is stored in a first-party session cookie (Q_WWW_SESSION or Q_CO2_SESSION).

Why do we collect them?

  • To enable basic functionality associated with certain parts of the website involving a sequence of pages (such as newsletter signup or software download.)
  • As part of our website security mechanisms.

With whom do we share them?

We will not share your personal data with third parties, except in the following circumstances.

  • We may share your data if required to do so by law.
  • In the case of a formal external audit of Quintessa’s systems, your data may be viewed within our company premises and network by the auditor who is required to maintain absolute confidentiality.

For how long are they kept?

Duration is controlled by the visitor's browser. Such cookies are generally deleted by the browser when it is closed.

What is the legal basis for processing the data?

Under GDPR, the legal basis for processing the data is “Legitimate Interests”. See Section 4 for information on your associated rights.

4. Your Rights

If you wish to exercise your rights in relation to your personal data, please use the facilities available to do so if appropriate (e.g. by following a link in a newsletter sent by Quintessa to unsubscribe from further such communications) or contact Quintessa’s Data Protection Coordinator. Please note that the following rights are not absolute, and may be challenged or overridden in certain circumstances, such as to satisfy legal requirements.

Quintessa will endeavour to satisfy all reasonable requests within one month. Where that is not possible and so more time is required, you will be notified and be informed as to why. If a request is considered unfounded or excessive, you will be notified. Quintessa may then charge a fee to cover administrative costs if you still wish to proceed.

You have a right to be informed about the collection and use of your personal data. If you wish to be notified about changes to this privacy policy, please inform Quintessa’s Data Protection Coordinator.

You have a right to access the personal data we hold concerning you, and to have incorrect data rectified. Quintessa will make reasonable attempts to verify the identity of the source of any such requests before providing the relevant data. Whenever possible, responses will be made promptly and within one month.

You may request restriction of processing of your data for a limited period if you have a legitimate reason, such as while a disagreement about rights in relation to your personal data is resolved.

The remaining rights vary depending on the legal basis associated with the processing of the data. Please refer to Section 3 to determine which legal basis applies.

  • For Consent, you may withdraw consent to processing of your personal data and may request their erasure.
  • For Contract, you may request that your personal data is erased. However, since the data have been collected for the purpose of fulfilling a contract, this may not be possible or may result in the termination of the contract.
  • For Legitimate Interests, you may object to the processing of your data in the specified manner and may request for them to be erased.