Personal data is any information that relates to a living individual. It also includes any data that can be used with other sets of data to identify an individual. Typical examples of personal data are name, identification number, location data, online identifier and email address.
Processing relates to any operation carried out on personal data including collection, recording, organising, structuring, storing and using. Processing also doesn’t have to be by automated means which means that processing includes paper-based, non-digital systems.
A Data Subject is the individual whose personal data is being processed
A Data Controller is the organisation which determines how personal data is processed
A Data Processor is an organisation which processes data on behalf of a Controller. This typically means a third party who is used by the Controller to process their data (e.g. a marketing company used to send out marketing materials)
When you use our services to store or process your personal data (including customer’s or user’s data), you are the Data Controller and we are a Data Processor. This will be true for any personal data you place on our servers either directly, via a hosted website or by use of any of our other services.
The GDPR requires you, as a Data Controller, to ensure that any Data Processor services you use to process personal data are GDPR compliant. This means that when you use any of our services to process your personal data you need to carry out due diligence on our services and ensure certain contractual terms are in place.
This GDPR statement is our way of helping you meet these GDPR regulatory requirements and to offer you an assurance that we take GDPR and the security of your personal data as part of the everyday running of our services.
As an Australian company operating within the EU, QiQ Communications PTY LTD (QiQ) are committed to ensuring our business, services and internal processes are GDPR compliant. This GDPR Statement provides our assurances to GDPR compliance.
By the GDPR implementation deadline, we will have put in place:
You are the owner of the data you submit to our servers.
When your data is placed on our servers, you are the Data Controller and QiQ, the Data Processor. We do not access the data you store on our services and any processing (as a Data Processor) is only regarding the hosting services we provide to you. We do not use your data for any processing of our own.
We do not share or provide access to any of your data with third parties unless required to do so to provide our service or by law. Where law enforcement or other authorised parties request access to our servers, we follow strict internal policies for dealing with such requests in line with existing law. Furthermore, the third parties are required to demonstrate they have a lawful reason to access the data and under what authority.
QiQ operate servers at:
Each data centre we operate from has hardware security access for example:
All our employees keep up to date with all technical aspects of security and ensure the ongoing security of our servers and systems. This means that any security patches are applied to our systems as a matter of priority and any changes or updates to our own systems are done so, always, with data protection and privacy in mind and where appropriate, in discussion with our customers. Where we have an agreement in place with our customers to do so, we also maintain the security of our customer’s own servers or hosted applications.
Remote admin access to our servers is strictly restricted to key personnel within our Technical Support team. Our team will access a server only to resolve an issue reported by the client. Or to ensure that the Managed Hosting Service Level opted for by a client is met.
Data centre staff have physical access to the servers, but have strict protocols in place to ensure they only do so, if requested by a member of our technical support team and such a request will only be in cases when they need to carry out a visual check of a server or carry out physical maintenance on the server itself.
All QiQ employees are trained and made aware of their responsibilities under GDPR including their duties with regards to access, security and processing of any personal data stored on our servers. Security and data governance are covered in our employee handbooks and actively discussed as part of quarterly meetings to ensure all staff are up to date.
Should our approach to any aspect covered by this statement change we will make sure, where your data is impacted, that we notify you within a reasonable timeframe and in line with any contractual terms in place between us.
In the unlikely event of a breach occurring (as defined in the GDPR) we will notify you within 48 hours of the breach coming to our attention. This will be enough time for you to consider your requirements, under GDPR, for reporting the breach to the ICO and Data Subjects.
We help you to comply with GDPR
Our approach to our own compliance also helps you comply with your own GDPR compliance requirements. This statement should go some way to explain our approach to GDPR compliance. By using our services, you can be assured that your use is GDPR compliant.
If required we will assist you or the Information Commissioner’s Office with any query relating to the GDPR compliance of our services.
Any questions, queries or requests for further information regarding our GDPR compliance should be sent to:
QiQ Communications PTY LTD
Office 1, 45 Ena Street
Terrigal NSW 2260