QSecure, a managed IT and security services specialist company, was founded in March 2011. The company’s mission is to protect and enhance the value of your business by building, maintaining and strengthening the structure of your organization. To achieve that, QSecure offers a variety of consultancy, professional and managed services, which include voice, networking and security solutions.
Under the EU’s General Data Protection Regulation (GDPR) the following are defined:
It means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
It means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State Law.
It means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
It means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.
3.1 The Personal Data and Information QSecure collects (as the data controller) about you and the way it is collected may vary according to the products and services you use and you have purchased, the relationship you have with us even if you are not a customer and the type of information we have gained from a third party on condition of consensus to share it with us (hereinafter referred to as “Cooperation”).
3.2 In the course of our collaboration, you may be requested to provide QSecure any personally identifiable data (“Personal Data”) to be kept and submitted by QSecure, such as:
4.1 On a personal basis, during the performance of a contract or during the process of examining a candidate customer’s or employees’ application for the provision of our services and products and for hiring respectively.
4.2 By telephone or in person in our officers during the communication between the candidate customer or employee and QSecure’s employees.
4.3 Through the use of our website and other electronic programmes and social media.
4.4 By post or electronic mail.
4.5 By our remote management and ticketing systems and applications used for providing support services.
4.6 By completing any questionnaires and/or documents, for review and analysis purposes aiming at the improvement of our services.
4.7 By third parties and Public Offices with whom QSecure collaborates.
4.8 When your information is published.
4.9 By signing up for notifications or other services from us.
4.10 By receiving personal information from third parties in other cases permitted by law, such as for exclusion of fraud, bankruptcy register etc.
5.1 Supply customers goods or services of QSecure.
5.2 Send statements, invoices and payment reminders to customers and collect payments from them.
5.3 Developing, communicating and/or promoting:
5.4 Send email notifications that customers have specifically requested.
5.5 Respond to any questions or tickets raised by the customers and/or interested parties regarding QSecure’s network, products and/or services.
5.6 Detect and prevent any possible fraud or other illegal acts, recover debts or trace those who have outstanding balances with QSecure.
5.7 To comply with our fair use obligations as well as to identify and resolve possible fraudulent use of our networks.
5.8 To protect our network and manage volumes of calls and other possible uses of our network.
5.9 QSecure may process the data that will be necessary for the proper provision of services to customers and for the fulfilment of its obligations to all competent bodies.
6.1 We process personal data of our customers, employees or visitors of our website according to the provisions of the General Data Protection Regulation of the EU (Regulation 2016/679), and from the time-to-time applicable national legislation relevant to the protection of personal data.
6.2 The reasons and purposes of processing of Personal Data are the following:
6.3 The legal basis for processing the Personal Data and Information:
7.1 QSecure will not make your Personal Data and Information available to any third party unless permitted or required to do so by the applicable legislation and it shall not sell or transfer any of this information to any third party.
7.2 In case QSecure processes Personal Data for which the Customer’s, Employee’s and/or Visitors’ consent is required, it shall seek their express or written consent.
7.3 In case QSecure processes Personal Information for the processing of which the authorization of the Commissioner of Personal Data Protection is required, such authorization shall be obtained before any processing takes place.
7.4 QSecure sustains solid information security measures and procedures to safeguard customers’, employee’s and visitors’ Personal Data, in line with its legal obligations. A comprehensive approach is considered for information security to effectively ensure the confidentiality, integrity and availability of the Personal Data. QSecure has already implemented a corporate Information Security Management System (ISMS) based on international standards ISO 27001 and ISO 27002. The ISMS includes amongst others the implementation of a corporate information security policy and procedures that cover e.g. security governance, document security, information management, operations and communications, personnel security, physical security, access to information systems, incident management etc. It also covers the necessary technical and procedural measures to effectively defend against cyber threats (hackers).
8.1 At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights according to the provisions of the General Data Protection Regulation of the EU (Regulation 2016/679) and the applicable local law on your personal data:
8.2 All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data (data processor).
8.3 In the event that you wish to make a complaint about how your personal data is being processed by QSecure (or third parties) or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and QSecure’s data protection representatives Data Protection Officer (DPO). QSecure accepts the following forms of ID when information on your personal data is requested: Passport, ID, birth certificate, utility bill (from last 3 months).
9.1 During the fulfilling of our contracting and legal obligations, QSecure may transfer your data to third parties such as:
9.3 Mergers and Acquisition: In the event of an acquisition from another organization or reorganization, your personal data will be transferred to this organization.
10.1 In the event that the transmission of your personal data to a third country will be necessary, the processors in third countries are required to comply with the European Data Protection Obligations and provide all appropriate safeguards for the transmission of personal data. The transmission if and when it should take place will be carried out in accordance to the procedure in article 46 of the General Data Protection Regulation of the EU (Regulation 2016/679).
11.1 QSecure will store and process Personal Data for as long as mandated by the Laws of the Republic of Cyprus and/or throughout the validity period of the customer’s contract or employee’s contract.
11.2 Certain Personal Data may be stored after the termination of the customer’s contract according to the provisions of the applicable Cyprus legislation. The following data is not erased:
11.3 Data maintained for law enforcement purposes when lawfully requested to do so by a Court of law (Law 183(I)/2007).
11.4 Data maintained for the purposes of taxation legislation (Law 95(I)/2000 and Law 4/1978), which are maintained for a period of six (6) years.
11.5 Data processed for the purposes of legitimate interest (e.g. an action against a customer), which are maintained until the legitimate purpose is completed.