Online Privacy Notice
This privacy notice applies to the processing of personal data by Quantile Technologies Limited and Quantile B.V. in connection with any:
- provision of products and services, or information relating to products and services, by Quantile to actual and prospective clients (“client services”);
- provision of products and services to Quantile by third party suppliers or service providers (“supplier services”); and
- provision of personal data of candidates (whether by the candidate or by a third party, such as a recruitment agency) who contact us in relation to, or apply for, a position at Quantile (“recruitment activities”).
References in this notice to “Quantile”, “we”, “our” or “us” are references to Quantile Technologies Limited, Quantile B.V. and other Quantile Group entities as applicable. The registered offices of each entity can be found on our website here.
Quantile may amend this notice from time to time. Please check back regularly for updates or contact us for more information.
Applicability of this Privacy Notice
This notice describes how we collect and use information relating to individuals who visit our website or who otherwise engage with us in connection with client services, supplier services and recruitment activities.
This notice should be read in conjunction with our Cookie Notice.
How we obtain your personal data
We may collect personal data from you when you use any of the electronic platforms we offer, visit our offices, or otherwise interact with us. We collect personal data about you from a variety of sources, which may include:
- any documents or information submitted to us by you or on your behalf (for instance, submitting a job application form or a contact form on our website);
- our correspondence and transactions with you (including when you use our client portal in connection with client services, when you subscribe to our publications and register for events, and when you speak to or correspond with us by email, post, in person or over the telephone);
- publicly accessible sources including online forums for professional networking purposes (such as LinkedIn) and public registers of individuals (for instance, the UK Financial Conduct Authority’s Financial Services Register); and
- subject to applicable laws and regulations, the measures that we use for our security policies and procedures (for instance, recording of telephone calls, monitoring emails, and any security data taken at our physical offices).
The personal data we collect about you
Personal data includes any information about an individual from which that person can be identified. The information we collect helps us to manage our relationship with you and to operate and improve our business.
The information that we collect may include:
- your name, title and contact details (including address, telephone number and email address);
- professional information including your job title, work email address and work contact details;
- your internet protocol (IP) address and other online identifiers;
- in connection with recruitment activities, information about your qualifications, education and experience;
- other information you may provide to us during your relationship with us for our operational or business purposes in connection with client services, supplier services and recruitment activities; and
- information about your use of our client portal and related usage and technical data in connection with client services.
You are not obliged to provide us with your information where it is requested, but this may affect our ability to provide client services, receive supplier services or carry out recruitment activities relevant to you.
It is important that the personal data we hold about you remains accurate and current. Please keep us informed by contacting the Data Protection Officer if your personal data changes during your relationship with us.
How we use your personal data
We will only use your personal data when we have a legal basis for doing so. We use your personal data in the following circumstances and only to the extent necessary for each specific purpose:
- Performance of a contract: where we need to perform a contract which we are about to enter into or have entered into with you as a party, or to take steps at your request before entering into such a contract;
- Legal or regulatory obligation: where we need to comply with a legal or regulatory obligation that we are subject to;
- Legitimate interests: where we need to for our interests (or those of a third party) as detailed below, provided that your fundamental rights do not override such interests; and
- Consent: where you have provided your consent or explicit consent to processing your personal data.
We may use your personal data for the purposes of pursuing the following legitimate interests:
- to manage our relationship with you and ensure we are delivering appropriate services including notifying you about changes to our business, ensuring our records are up to date, promoting our client services, and identifying ways to improve and grow our business;
- to ensure the efficient and secure running of our business and facilitate our internal policies and procedures, including through the receipt of supplier services, maintenance and testing of information technology services and other systems, improving network and data security, assessing and managing risk, and fraud prevention; and
- to recruit appropriately skilled staff for positions at one of our offices.
Should you not wish to receive marketing materials from us, please let us know by sending an email to firstname.lastname@example.org.
Disclosures of your personal data
We may have to share your personal data with the entities and persons set out below, for the purposes for which we collected it as detailed above:
- Within the Quantile group: we may have to disclose your personal data between our international offices to ensure the efficient operation of our client services, supplier services and recruitment activities. As at the date of this notice, our offices are in London, Amsterdam and New York.
- Our third party service providers: we may have to disclose your personal data to our suppliers, service providers, professional advisers or consultants providing information technology, system administration, legal, audit, accounting and other supplier services to us.
- Potential buyers, transferees, merger partners or sellers: we may have to disclose your personal data to a potential buyer, transferee, or merger partner or seller and their advisers in connection with any actual or potential transfer or merger, sale, acquisition, assignment, transfer, or other disposition of part or all of Quantile’s business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it.
- Any person or entity to whom we are required to disclose: we may have to disclose your personal data or any portions thereof: (a) as required by, or to comply with, applicable law, regulation, court process or other statutory requirement; (b) in response to requests from any regulatory, supervisory, governmental or law enforcement authority; and (c) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
We require any person or entity to whom we disclose your personal data to respect the confidentiality and security of it, and to treat it in accordance with applicable laws and regulations. In each of the above cases, Quantile will use reasonable endeavours to ensure that such recipients will apply appropriate security and confidentiality measures to protect your information.
International transfers of your personal data
Sharing your personal data within the Quantile group involves transferring it outside the European Economic Area (the “EEA”), including the United Kingdom and the United States where we have offices.
In some cases, our third party service providers and any other entities to which we may disclose your personal data as set out above are based outside the EEA and accordingly, their processing of your personal data will involve transfers outside of the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- the European Commission has deemed by way of an adequacy decision that the relevant “third country” to which your personal data is transferred provides an adequate level of protection for personal data; or
- the third party entity based in another country that will process your personal data enters into a specific contract with us approved by the European Commission which gives your personal data equivalent protection as within the EEA.
The third countries in respect of which the European Commission has adopted an adequacy decision are listed here. You can find out more about the above safeguards by contacting us at email@example.com.
We have put in place procedures and technologies to maintain the security of your personal data from the point of collection to the point of destruction. We will maintain data security by protecting the confidentiality, integrity and availability of your data, including by using encryption methods, data classification systems, and regularly training staff on their responsibilities when handling personal data. Only people who are authorised to use your personal data can access it, and authorised users can only access personal data for authorised purposes.
Retention of your personal data
We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for. We will hold your personal data on our systems for the longest of the following periods:
- as long as is necessary for the relevant activity or as long as is set out in any relevant agreement you enter into with us;
- the length of time it is reasonable to keep records to demonstrate compliance with professional or legal obligations;
- any retention period that is required by law; or
- the end of the period in which litigation or investigations could arise in respect of your use of our website or the services that we provide to or receive from the organisation you are associated with.
Data protection laws may provide you with certain rights in relation to your personal data, which will at all times be respected by Quantile. These rights are set out below:
- Right of subject access: The right to request for details of personal data about you held by Quantile and to access and receive a copy of that personal data.
- Right to rectification: The right to have inaccurate or incomplete personal data about you rectified.
- Right to erasure (‘right to be forgotten’): The right to have certain personal data about you erased.
- Right to restriction of processing: The right to request that the processing of your personal data be restricted if you are disputing its accuracy, if you have raised an objection to processing, if processing is unlawful and you oppose erasure and request restriction instead, or if the personal data is no longer required by us but you require it to be retained to establish, exercise or defend a legal claim.
- Right to object: The right to object to the use of your personal data in certain circumstances, including the right to object to its use for marketing purposes.
- Right to data portability: In certain circumstances, the right to ask for personal data you have made available to us to be transferred to you or a third party in a structured, commonly used and machine-readable format.
- Right to withdraw consent: Where you have given consent to the processing of your personal data for one or more specific purposes, the right to withdraw such consent at any time. If you withdraw your consent, this will not affect the lawfulness of Quantile’s use of your personal data prior to the withdrawal of your consent.
- Right not to be subject to automated decisions: The right not to be subject to a decision which is based on automated processing where the decision will produce a legal effect or a similarly significant effect on you.
- Right to be informed: The right to be informed about how we will use and share your personal data and of the appropriate safeguards provided by us where we transfer your personal data to a third country or international organisation.
- Right to lodge a complaint: If you are unhappy with the way we have handled your information, the right to complain to your local data protection authority (“DPA”). The UK DPA is the Information Commissioner, whose website is available at: https://ico.org.uk. A list of the DPAs in each EU Member State can be found on the European Data Protection Board’s website here.
These rights are not absolute; they do not always apply and exemptions may be engaged. We may, in response to a request from you, ask you to verify your identity and to provide information that helps us to understand your request better. If we do not comply with your request, we will explain why.
If you have any questions about this privacy notice, or our privacy related practices, you can contact the Data Protection Officer at: firstname.lastname@example.org
For general matters, you can contact Quantile online or by telephone using the contact details or contact form available here.
Last updated: 8 April 2021