Privacy Notice for Customers & Suppliers
Effective Date: 30 April 2018
- What we do
- About this Privacy Notice
- What is personal data?
- Quadrangle as a Data Controller
4.1 Our role as a Data Controller
4.2 Information we must provide you
4.3 Information for employees of Quadrangle clients and suppliers
4.4 Cross-border flows of personal data
4.5 Data storage, data access and data retention
4.6 Sharing with Service Providers
4.7 Tracking technologies
4.8 Disclosures required by law or to fulfil a business transition
4.9 Notification of changes
4.10 User data supplementation
- Security measures
- Privacy questions, access rights, incident reporting
- Do you need extra help?
Quadrangle is a Customer Consultancy; we help our clients to understand what matters to their customers. This often involves us conducting studies on our clients’ behalf with their customers, prospective customers and the wider general public to improve their understanding of what people like, dislike, are satisfied with or want in the future.
We also undertake research to help our clients communicate better and more effectively with their customers.
We conduct surveys using a variety of methodologies including by telephone, face to face, online, by email and by SMS.
Quadrangle is a trading name of Quadrangle Research Group Limited, a company incorporated in England with Company Number 8064640 and whose registered office is at The Butlers Wharf Building, 36 Shad Thames, London, SE1 2YE.
Your privacy is important to us, and we ask that you read this Privacy Notice carefully as it contains important information on who we are, how and why we collect, store, use and share your personal data, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
This privacy notice relates to personal data of:
- Visitors to Quadrangle controlled websites including, by way of example, www.quadrangle.com, www.redquadrangle.com and www.redstoreworks.co.uk and if you are visiting one of our websites, please also refer to our Cookie Notice;
- Quadrangle clients;
- Quadrangle suppliers;
- Quadrangle potential clients;
- Quadrangle potential suppliers; and
- Employees of the entities identified above.
The practices covered include what information is gathered, with whom the information is shared, how long it is retained and where it is stored.
Under Data Protection laws of the United Kingdom, the term “personal data” means any information relating to a person who can be directly or indirectly identified, in particular, by reference to an identifier. This definition provides for a wide range of personal identifiers including name, address, email address, identification number, location data or online identifier. Personal data applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. If an individual cannot be identified from the data held then that data is not classified as personal data.
As a business we may have your personal data because you are an employee of a client, a potential client, a supplier or a potential supplier in order to pursue our normal business operations which could include:
- Providing customer consultancy and research services to clients;
- Informing clients and potential clients of our services and specialisms to help them solve business problems;
- Working with you as a supplier so you can fulfil your contract to supply goods or services to us;
- To communicate with you, to evaluate if you could supply us with goods or services in the future.
We collect personal information in order to work with you. We also collect personal information of employees of potential clients and potential suppliers to enable us to respond to your requests and to evaluate if we could work with you in the future. In these situations, we may collect information that can identify you such as your name, job title, company name, your work address, your work email address and your telephone number.
We will also collect personal information if you fill in forms on our websites or email us, for example if you download a report or sign up to receive our newsletter. The information we collect includes information which could identify you, such as your name, job title, company name, email address and telephone number.
When using our websites, we may also collect technical data including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our websites, together with usage data which includes information about how you use our websites, products and services.
Our websites are not directed at children and we have no intention of collecting personal data from young people. If we become aware that personal data from a child under 16 has been collected without the consent of such child’s parent or guardian, we will use all reasonable efforts to delete such information.
We will only use your personal data for the reasons specified in this Privacy Notice, unless you have specifically consented to, or opted in to, any other use of your personal data.
The personal data we collect may be used for the following purposes:
- to respond to requests you may make of us, including the provision of services that you have requested;
- to send you future reports and newsletters written by Quadrangle;
- to manage and improve our websites and services;
- to manage research surveys and other market research activities;
- to contact you and/or provide you with general information as well as information about our products and services from time to time;
- to share with agents, contractors or partners of Quadrangle in connection with services that these individuals or entities perform for, or with, our company. These agents, contractors or partners are restricted from using personal data in any way other than to provide services for Quadrangle;
- to respond to duly authorised information requests of governmental authorities or where required by law;
- to investigate suspected fraudulent activity in connection with our websites or violation of another party’s rights;
- to comply with our obligations under any contracts with you; or
- in connection with the sale, assignment, or other transfer of our business to which the information relates, in which case we will require any such buyer to agree to treat personal data in accordance with this Privacy Notice
From time to time we may employ other companies and individuals to perform functions on our behalf. These functions may include hosting our databases or surveys, for data processing services, analysing data, recruiting participants to take part in studies, or to send you information that you requested. The third parties will have access to the personal data needed to perform their functions, but may not use it for other purposes. They will never use your information to market to you. They must also process the personal data as set out in this Privacy Notice and as permitted by the UK’s data protection laws. Furthermore, we have put in place the appropriate contractual provisions as required under the General Data Protection Regulation (GDPR).
We will not sell your personal data to third parties.
You may choose to provide us with your personal data in a variety of situations. For example, you may give us information such as your name, residential address, email address, post code, resume, phone number, and additional contact information in order for us to communicate with you on a project or so that we can assess if we can work together. You may at any time invoke rights in relation to the personal data provided to us in accordance with any applicable laws. If you inform us that you do not want us to use this information to make further contact with you beyond fulfilling your requests, we will respect your wishes. If you give us personal data about somebody else such as a work colleague, we will assume that you have his or her permission to do so.
You may contact Quadrangle in order to invoke your rights as a data subject under applicable laws in accordance with section 6 below.
a) Quadrangle is an entity acting as the Data Controller.
b) Contact details of the data protection officer are available in section 6 below.
c) The purposes of the processing are:
- To fulfil your transaction request;
- To provide you with support and consulting services;
- To verify your identity;
- To provide or request information on products, services, or call-back requests;
- To send you specific marketing materials;
- To undertake the processing activities identified in section 3.3.
If you no longer wish to receive communications from us, you may opt-out by following the unsubscribe instructions located at the bottom of any email communication, or by emailing us at firstname.lastname@example.org, or by contacting us by phone and telling us you do not want to be contacted in future. We will require your name, phone number, address, email address and the reason why we contacted you, including the relevant details of the study, where possible.
If you wish to opt-out from marketing emails provided by third parties, you must contact that third party directly.
d) The recipients of your personal data will be selected Quadrangle employees and third-party providers under contract with Quadrangle ensuring data protection levels equivalent to those set forth in this Privacy Notice. Where personal data collected in the EEA is transferred to a subcontractor in a third country outside of the EEA and which country is not deemed to meet the adequacy standards of the EU Commission, Quadrangle shall ensure that it only transfers your personal data with appropriate safeguards in place and in accordance with GDPR.
e) We will retain personal data we process about our customers and suppliers for as long as needed to provide services to our customers and receive services from our suppliers in accordance with the contractual terms in our agreements with them. Quadrangle will retain such personal data as necessary to comply with our legal and contractual obligations including the right of audit and to resolve disputes.
f) You have the right to seek access to, a copy of, and rectification or erasure of your personal data in accordance with applicable laws as set forth in section 6 below.
g) Where the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time as set forth in section 6 below.
h) Where applicable laws so prescribe, you have the right to lodge a complaint to a supervisory authority as set forth in section 6 below.
If you work for a Quadrangle client or supplier, we may collect and process your personal data as necessary for the performance of the contract in place between the Quadrangle client and Quadrangle in accordance with GDPR Article 6.
Quadrangle conducts research and has partners globally. Our privacy practices are designed to provide protection for your personal data in accordance with the laws applicable to each respective location.
We will not transfer personal data of citizens of EU countries outside of the EU unless this has been notified to you and any transfer is under a contract which includes the use of EU approved standard contractual clauses (Model Clauses) or otherwise in accordance with GDPR.
Personal data that is collected from you may, subject to adequate confidentiality undertakings, and for the sole purpose of providing our clients with the services they have contracted from us, be accessed by our personnel and to or by third party companies and subcontractors that help us provide our services. In any such case, the personnel granted access to your personal data will have been deemed by their managers to have a reasonable business need to do so.
We will retain personal data for as long as needed to provide the services to our clients in accordance with the contractual terms in our agreements with them. Quadrangle will retain personal information of customers and suppliers (including secure encrypted off-site back-up retention) only as necessary to comply with our legal and contractual obligations, resolve disputes, and to provide our clients with the services they have contracted with us. In order to enable us to resolve any disputes and to comply with our clients’ rights of audit we will retain this information for up to 7 years following the end of a contract.
We may share your information with third parties who provide services on our behalf to help with our business activities under contractual terms providing adequate protection to your information. These companies are authorised to use your personal data only under our instructions and only as necessary to provide the contracted services to us. These services may include:
- Sending marketing communications;
- Conducting research, coding and analysis, translation;
- Creation of films, images and audio media;
- In conduct of audits on our business to ensure that we are complying with our responsibilities.
We may also disclose your personal data as required by law such as to comply with a court order or other legal process when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
If Quadrangle is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email or a prominent notice on our website of any change in ownership, uses of your personal data, and choices you may have regarding your personal data.
We may also disclose your personal data to any other third party with your prior consent.
We may update this Privacy Notice to reflect changes to our information practices. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
We may receive information about you from other sources including from our clients, publicly available databases or third parties from whom we have purchased data and combine this data with information we already have about you. This helps us to update, expand, and analyse our records, improve the insights obtained from our research, identify potential research participants, and provide products and services that may be of interest to you. If you provide us personal data about others or if others give us your information, we will only use that information for the specific reason for which it was provided to us.
Examples of the types of personal data that may be obtained from public sources or purchased from third parties and combined with information we already have about you may include marketing data about our customers from third parties that is combined with information we already have about you to create more tailored advertising and products.
The security of your personal data is important to us.
Quadrangle operates under a strong security and privacy regime. We have successfully undergone third party auditing in relation to our Information Security Management System, and we are accredited by the British Standards Institution that we have met the requirements of ISO27001 in relation to information security.
The ISO27001 audit report provides assurance that we have designed and implemented effective security controls as defined in the ISO standards. During the examination, the independent auditors evaluated and tested controls over the following domains:
- Organization and management;
- Communications and training;
- Risk management, design, and implementation of controls;
- Monitoring of controls;
- Logical and physical access controls;
- Systems operation and backups;
- Personnel and third-party screening and controls;
- Change Management.
Quadrangle is also accredited by IQCS (Interviewer Quality Control Scheme) and conducts all research in accordance with the Market Research Society (MRS) code of conduct. Further information about the MRS code of conduct can be found at https://www.mrs.org.uk/standards/code_of_conduct .
If your personal data is stored by Quadrangle, you are welcome to read more about how we protect your personal data by applying industry-leading security measures and performing ongoing security tests and controls. Please refer to pur Security Measures, which are available to download here.
As part of its accreditation process, IQCS audits our interviewers’ policies and procedures to ensure that they have been adequately trained and that sufficient quality control checks have been made that the data they collect is accurate and complete.
If you have any questions about how we use your personal data or about this Privacy Notice, you can send an email to email@example.com. You can also contact us by post at Quadrangle Research Group Limited, The Butlers Wharf Building, 36 Shad Thames, London, SE1 2YE.
You can contact Quadrangle’s Data Protection Officer as follows:
By email: DataProtectionOfficer@quadrangle.com
The Data Protection Officer,
Quadrangle Research Group Limited,
The Butlers Wharf Building,
36 Shad Thames,
If you have an unresolved privacy or personal data use concern that we have not addressed satisfactorily, please contact us and we will address it as a priority. If you wish to complain about Quadrangle’s handling of your data you can complain to the supervisory authority in the jurisdiction in which you reside. In the United Kingdom this is the Information Commissioner’s Office (ICO).
You can contact the ICO as follows:
Phone: 030 3123 1113
Information Commissioner’s Office,
Under the GDPR, you have a number of important rights free of charge. In summary, those include rights to:
- the fair processing of information and transparency over how we use your use personal information;
- access your personal information and to certain other supplementary information that this Privacy Notice is already designed to address;
- require us to correct any mistakes in your information which we hold;
- require the erasure of personal information concerning you in certain situations;
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to request the transmission of this data to a third party in certain situations;
- object to our continued processing of your personal information in certain circumstances;
- otherwise restrict our processing of your personal information in certain circumstances.
For further information on each of those rights and other rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual’s rights under the GDPR.
If you would like to exercise any of those rights, please contact us emailing firstname.lastname@example.org or by writing to us at Quadrangle, The Butlers Wharf Building, 36 Shad Thames, London, SE1 2YE marking your correspondence for the attention of the Data Protection Officer..
Before Quadrangle is able to assist you, provide you with any information, or correct any inaccuracies, we may ask you to verify your identity and to provide other details to help us to respond to your request. We will endeavour to respond within an appropriate timeframe.
If you are enquiring or exercising any of your legal rights or want to withdraw your consent on behalf of personal data we collect and process under the instructions of our clients (see section 12 above), please direct your query to our client, which is the Data Controller. If you contact our company in relation to this, we are under obligation to refer your enquiry to the Data Controller.
Should you wish to report an incident relating to Quadrangle’s security, confidentiality, or privacy, you are welcome to file a report by emailing email@example.com or by writing to us at Quadrangle, The Butlers Wharf Building, 36 Shad Thames, London, SE1 2YE marking your correspondence for the attention of the Data Protection Officer.
If you would like this notice in another format (for example: audio, large print, braille) please contact us by emailing firstname.lastname@example.org or by writing to us at Quadrangle, The Butlers Wharf Building, 36 Shad Thames, London, SE1 2YE.
Quadrangle Research Group Limited