RQM+ is committed to processing your data securely and transparently. This privacy notice sets out the types of data that we collect and hold on you as a client or potential client of the company. It also sets out how we use that information, how long we keep it for and other relevant information about your data.
RQM+ is aware of its obligations to residents and citizens of the EU under the General Data Protection Regulation (GDPR), of the UK under the Data Protection Act (UKDPA) and the (UK GDPR), of Swiss Federal Act on Data Protection (FADP)) and of the USA under a variety of legislation and acts that include data protection requirements - specifically including the California Consumer Privacy Act (CPRA),and the data protection requirements of residents and citizens of other countries, This privacy notice complies with the requirements of the above laws and regulations and is applicable globally but may be supplemented by additional information on our privacy practices that may be provided as required by applicable laws and regulations via notices provided at the time of data collection. Together, these are referred to as “Data Protection Legislation”.
When RQM+ is acting as a data processor, meaning that they handle personal data only on behalf of and under the instructions of a data controller, they don’t decide why or how the data is used; they simply carry out the controller’s directives, such as storing, organizing, or analyzing the data under a clear contract. In this case the privacy regulations differ from those of a data controller. The link below outlines RQM+ responsibilities when acting in the capacity as a data processor.
RQM+ ACTING AS A DATA PROCESSOR
RQM+ is acting as a data controller, meaning that it determines the processes to be used when using your personal data. The company has appointed Data Protection Officer who is responsible for ensuring your data is stored and processed in accordance with this privacy notice. The Data Protection Officer can be contacted at dpo@rqmplus.com
This Privacy Policy applies to personal data that we collect and process in our capacity as a data controller through:
We only process personal data when we have a lawful basis to do so under Article 6 of the GDPR. Depending on the context, our processing may be justified by one or more of the following legal bases:
In relation to your personal data, we will:
We may hold many types of data about you, including:
We do not request, hold or process special categories of data (such health, sexual orientation, race, ethnic origin, political opinion, religion, trade union membership and genetic and biometric data) or criminal conviction data for clients or potential clients.
We collect data about you in a variety of ways and we would normally collect the data from you directly. This will usually start when you contact us or talk to us about a business need you or your company has, but can also be when you have provided your details to access and download information from our website or shown an interest in specific topics of a marketing campaign. Further information may be collected directly from you as our relationship and correspondence increases.
In addition, data about you may be obtained from other sources including from your colleagues as the person to speak to regarding a business opportunity or need, from publicly available sources or third parties such as LinkedIn and Zoominfo. Where this is the case, data that we hold will be limited in nature.
We need to collect your data so that we can perform and meet our obligations under the contracts we are part to for delivering agreed services.
We also collect data so that we can carry out activities which are in the legitimate interests of the Company. We have set these out below:
With your consent, we collect your personal data to be able to include you on regular company e-mails and marketing correspondence.
We may share personal data with:
RQM+ does not and will not sell your data or any personal data to any third party for any reason.
As a globally operating organization RQM+ may be required to transfer personal data to countries between the USA, EEA, UK and also outside of those countries/jurisdictions.
RQM+ follows the EU-U.S. Data Privacy Framework (with the UK extension) and the Swiss-U.S. Data Privacy Framework, which are established by the U.S. Department of Commerce to regulate the collection, use, and storage of personal information that is transferred from the European Union (EU), United Kingdom (UK), and Switzerland to the United States, respectively.
We prioritize the confidentiality, integrity, and availability of your personal data. Our security measures are designed according to the NIST Cybersecurity Framework and include:
These measures are regularly reviewed to meet evolving threats and comply with GDPR Article 32.
We retain personal data only as long as necessary to fulfill the purposes outlined in this policy or to comply with legal obligations. Retention periods are defined based on:
No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.
Data Protection Legislation gives citizens and residents in certain jurisdictions rights in relation to the data we hold. Although these rights may not be rights to citizens and residents in other countries and jurisdictions where Data Protection Legislation is limited, RQM+ extend these privileges to all. These are:
Data subjects with a complaint about the processing of their personal data by RQM+ (or third-party associates) or how a complaint has been handled have the right to lodge a complaint directly with the Supervisory Authority and RQM+ ’s DPO or delegate at dpo@rqmplus.com
An investigation of the complaint shall be conducted as appropriate based on the merits of the specific case. The DPO shall inform the data subject of the progress and outcome of the complaint within one calendar month. If the issue cannot be resolved through consultation between the data subject and the DPO, then the data subject may seek redress through mediation, binding arbitration, litigation, or via complaint to the Supervisory Authority within the applicable jurisdiction.
GLOBAL BOTTOM CTA INSTRUCTIONS:
To display custom copy instead of global copy in this section, please go to Show Global Content for Bottom CTA? toggle in the "Contents" tab to the left, toggle it off, save, and then REFRESH the page editor, the custom text will then show up and ready to be edited.
Turning the global content back on will be the same process, go to the toggle and toggle it back on, save and refresh!
United States HQ 2790 Mosside Blvd. United States (U.S.) |
Europe HQ 3rd Floor, 1 Ashley Road Altrincham, Cheshire, |
©2025 RQM+ All Rights Reserved | Privacy Notice | Cookies Policy