WHO ARE WE?
We are Queue Associates Worldwide, UK, Limited, of 5, St. John’s Lane, Farringdon, London EC1M 4BH +44 020 7549 1606, and Citicorp Centre, 18 Whitfield Road Units 1607-8, 16th Floor, Causeway Bay, Hong Kong (“Company” or “Queue”).
We provide Microsoft Dynamics implementation and customization services to customers.
We use your information as further explained in this Privacy Notice. We’ll be the “controller” of the information you provide to us.
Our website links to other websites, which will have their own privacy notices and terms.
WHAT DOES THIS PRIVACY NOTICE COVER?
Queue takes your personal data seriously. This policy:
Sets out the types of personal data that we collect about you; Explains how and why we collect and use your personal data; Explains how long we keep your personal data for;
Explains when, why and with who we will share your personal data; Sets out the legal basis we have for using your personal data; Explains the effect of refusing to provide the personal data requested;
Explains where we store your personal data and whether we transfer your data outside of the European Economic Area;
Explains the different rights and choices you have when it comes to your personal data; and explains how you can contact us.
WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU?
We will collect certain personal information about you in the course of your relationship with us. This information may be collected as the result of four different modes of interaction:
- Data collected in the course of providing professional services or exploring a business relationship
- Data stored to verify identity to authorize legal signatories and payment
- Data related to sales and marketing
This information includes client name and contact details including e-mail, website, and phone number.
WHERE DO WE COLLECT PERSONAL DATA ABOUT YOU FROM?
We may collect personal data about you from the following sources: Directly from you. This is information you provide to us.
From data provided through our website (via cookies).
From an agent/third party acting on your behalf. (e.g. from a contractor working on other computer systems in tandem or in parallel to our own service provision, when such information is necessary).
Through publicly available sources. We use the following public sources:
- Microsoft Partner Center (a service operated by Microsoft which may connect potential clients to Queue Associates, and may include information provided to Microsoft to facilitate direct contact with the client).
HOW AND WHY DO WE USE YOUR PERSONAL DATA?
We only collect information necessary to providing the best service that Queue has to offer. We do not collect information for the purpose of selling your information to anyone. We use your personal data for the following purposes:
Marketing, including sending promotional materials, information about products, services, special opportunities, limited-time offers, and events.
Processing data, if necessary, to transition customer accounting systems and databases. Whenever possible, Queue prefers to only process the data and will not take customer data into Queue systems or devices unless necessary to successfully complete a project.
Facilitate payment (including identity verification) or other necessary business operations.
Ongoing Service Support, including responding to inquiries, performing maintenance, and informing you about changes to services or recommended upgrades.
To otherwise carry out our obligations arising under our contract with your and to enforce the same.
We will not use your information for any other purposes unless we are required to do so by law or when it is necessary to fulfil a contractual obligation that we have established with you.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
How long we keep your information will depend on the purpose for which we use it. It will also depend on the details of any contracts we have formed with you.
We only keep your information for as long as is reasonably necessary for the purposes set out in this Privacy Notice and to fulfil our legal obligations. We have internal rules that set out how long we retain information including contact information, which is stored in or CRM system (Microsoft Dynamics SL) unless requested to be removed by client. Client data subject to scope of a specific project is removed from Queue systems at the termination of that project if at all stored on Queue systems. Client data retention policy is also reviewed during our Data Privacy meetings monthly.
WHO DO WE SHARE YOUR PERSONAL DATA WITH?
Your personal data may be shared with Third Parties, such as sub-contractors, for the purpose of completing a work project as detailed in a duly signed contractual agreement.
Your data may be accessed by our authorized executives for the purposes of ensuring proper data management.
We share your personal information with third parties who perform functions on our behalf and who also provide services to us, such as professional advisors, IT consultants carrying out testing and development work on our business technology systems, research and mailing houses and function co-ordinators.
We share your personal information with our other Company Group companies for internal reasons, primarily for business and operational purposes.
As we continue to develop our business, we may sell or purchase assets. If another entity acquires us or merges with us your personal information will be disclosed to such entity.
If any bankruptcy or reorganization proceeding is brought by or against us, all such information will be considered an asset of ours and as such it is possible they will be sold or transferred to third parties.
Where required we share your personal information with third parties to comply with a legal obligation; when we believe in good faith that an applicable law requires it; at the request of governmental authorities conducting an investigation; to detect and protect against fraud, or any technical or security vulnerabilities; to respond to an emergency; or otherwise to protect the rights, property, safety, or security of third parties, visitors to the our website, our business or the public.
These third parties comply with similar and equally stringent undertakings of privacy and confidentiality.
No other third parties have access to your information unless we specifically say so in this Privacy Notice, or we establish such disclosure as part of a business agreement, or the law requires this.
WHAT LEGAL BASIS DO WE HAVE FOR USING YOUR PERSONAL DATA?
We process your information:
To be able to provide you with software products and/or installation services, in line with our contractual agreements or our Terms & Conditions via the Queue website.
As is necessary for the performance of the contract with you for updating or transitioning accounting systems or other computer systems, defined in scope of your specific project. For example, for customization projects, demo data used in-house at Queue for customization; client data used in client testing site for validation of customization in order to limit direct contact with client data or to take steps at your request prior to entering into a contract.
To comply with our legal obligations to retain records for tax purposes and audits
As this is necessary in pursuit of our legitimate interests in maintaining a current list of prospective and active clients, and this includes profiling related to business needs and opportunities. While there are some risks with this type of activity, on balance, we consider the risk to your rights of data protection is outweighed by the significant benefits in conducting business and providing services. We’ve also implemented protections for your rights by maintaining multiple technical standards and business processes, including ISO 9001, ISO 27001, multi-factor authentication, encryption, and password protection. The benefits of our legitimate interests outweigh the risk of data protection where the data at issue is publicly available contact information of companies, whose unlikely unauthorised access would result in minimal, if any, harm or damage. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on legitimate interests. More information on this right, and on how to exercise it, is set out below.
If you notify us of any health or disability requirements, then this may involve the processing of more detailed personal data including sensitive data such as health information that you or others provide about you. In that case we always ask for your consent before undertaking such processing and you have the right to withdraw your consent at any time. More information on this right and how to exercise it is set out below.
WHAT HAPPENS IF YOU DO NOT PROVIDE US WITH THE INFORMATION WE REQUEST OR ASK THAT WE STOP PROCESSING YOUR INFORMATION?
We have statutory obligations under tax laws of the US and UK that require us to process your information if you are a client or former client. We may also have contractual obligations to process your information, depending on the nature of the contract formed between Queue and you, as a customer. If you don’t provide the information requested, Queue may be unable to provide services to you. This may interfere with our ability to form or fulfil contracts with you.
DO WE MAKE AUTOMATED DECISIONS CONCERNING YOU?
No, we do not carry out automated decision making or automated profiling.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal consequences for you or similarly significant effects. While we’re confident that the technology works, we understand that not everyone is comfortable with decisions being left entirely up to machines. If you have any questions about our use of Multi-Factor Authentication, Data/E-mail Encryption for the use of identity verification, please contact us on using the details at the end of this Privacy Notice.
WHAT ABOUT MARKETING?
Queue Associates would like to contact you from time to time about our new similar products and promotional offers by email. Prospective clients may be contacted by telephone. Customers and prospective clients may receive items by post.
You can expect to receive no more than 4 marketing emails per month from us.
You can unsubscribe / opt out at any time by clicking the “Unsubscribe” link in any of our communication or by contacting us using the details at the end of this Privacy Notice.
WHERE DO WE STORE YOUR PERSONAL DATA? DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE THE EEA?
All information you provide to us is either stored on SharePoint On-Line, One Drive for Business, or Dynamics 365 for Sales (formerly CRM). Data is stored on these by region and access rights are also assigned based on region. Accordingly, data collected in the UK or EEA will be confined to access rights by our location in the UK. The only exception to this is executive-level access, which is used to ensure appropriate data management procedures or resolve technical issues.
As a rule, we do not transfer personal data out of the EEA. However, in exceptional cases, data may be accessed by group company members in other regions (typically, the United States) to ensure proper data management or to assist in data migration. We will execute a data transfer agreement with you if this exceptional case applies.
Where possible, we try to only process your information within the UK and European Economic Area (EEA). If we or our service providers transfer personal data outside of the UK or EEA, we always require that appropriate safeguards are in place to protect the information when it is processed. Part of our executive, sales, and implementation teams are based in the United States. We have put in place safeguards to protect personal data processed in or accessed from the United States. You can obtain a copy of the safeguards in place for such transfers by contacting us using the details at the end of this Privacy Notice.
HOW DO WE KEEP YOUR PERSONAL DATA SECURE?
We ensure the security of your personal data by maintaining ISO 9001 and ISO 27001 certifications, multi-factor authentication, encryption, firewalls, and password protection.
We also take steps to ensure all our subsidiaries, agents, affiliates and suppliers employ adequate levels of security.
WHAT RIGHTS DO YOU HAVE IN RELATION TO THE PERSONAL DATA WE HOLD ON YOU?
By law, you have a number of rights when it comes to your personal data. Further information and advice about your rights can be obtained from the data protection regulator in your country.
What does this mean?
1. The right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Notice.
2. The right of access
You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Notice).
This is so you’re aware and can check that we’re using your information in accordance with data protection law.
3. The right to rectification
You are entitled to have your information corrected if it’s inaccurate or incomplete.
4. The right to erasure
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
5. The right to restrict processing
You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
6. The right to data portability
You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
7. The right to object to processing
You have the right to object to certain types of processing, including processing based on our legitimate interests and processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities).
8. The right to lodge a complaint
You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.
9. The right to withdraw consent
If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.
HOW CAN YOU MAKE A REQUEST TO EXERCISE YOUR RIGHTS?
To exercise any of the rights above, or to ask a question, contact us using the details set out at the end of this Privacy Notice.
HOW WILL WE HANDLE A REQUEST TO EXERCISE YOUR RIGHTS?
We’ll respond as soon as we can regarding a specific request. The request will be reviewed by Queue internal resources specific to the request (i.e., account, sales, etc.). A draft of the response will be reviewed internally prior to any release of information to the client.
Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.
We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:
baseless or excessive/repeated requests, or further copies of the same information.
Alternatively, the law may allow us to refuse to act on the request.
HOW CAN YOU CONTACT US?
If you have questions on the processing of your personal data, would like to exercise any of your rights, or are unhappy with how we’ve handled your information, please email firstname.lastname@example.org.
If you’re not satisfied with our response to any complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the data protection regulator in your country.