At NQC, we're committed to protecting and respecting your privacy.
This Policy explains when and why we collect personal information about people who use our website whether on their own account or as employees, agents or otherwise acting on behalf of another organisation (hereafter referred to as 'your organisation'), how we use it, the conditions under which we may disclose it to others and how we keep it secure. It also explains your rights in relation to your personal data and how to contact us or a relevant regulator in the event you have a complaint.
We may change this Policy from time to time so please check this page occasionally to ensure that you're happy with any changes.
Any questions regarding this Policy and our privacy practices should be sent by email to privacy@nqc.com or by writing to NQC I Ltd, Jactin House, 24 Hood Street, Manchester, M4 6XW. Alternatively, you can telephone +44 (0) 161 413 7983.
Who are we?
We're NQC I Ltd, we support our clients to manage risk and compliance in global supply chains via our online platforms.
NQC I Ltd is a registered company (no. 09395308). The registered address is 5 Brooklands Place, Brooklands Road, Sale, Cheshire, M33 3SD.
SupplierAssurance.com is provided by NQC I Ltd ('we', 'our' or 'us').
We are typically the controller of personal data obtained via our website, meaning we are the organisation legally responsible for deciding how and for what purposes it is used and for providing our privacy policy to you. However, in certain circumstances, where you or your organisation has been referred to our website or your organisation or you have been asked to use our services because they or you are a supplier of a particular customer and that customer has engaged us in a role as regards your data solely as its data processor, that customer will be the relevant data controller and it, as the data controller, is obliged to provide you with its own privacy policy or notice. Where this is the case, the terms of that privacy policy or notice take priority over and replace this policy.
How do we collect information from you?
We obtain information about you when you use our website and submit information about you or your organisation and its practices, for example, when you register on our platform and complete one of our online assessments as requested by one of your organisation’s customers. We may also collect your personal information over the telephone when you speak to one of our Support Representatives.
What type of personal data is collected from you?
The general categories of personal data that we may process are provided in detail below. In addition, we also may obtain your personal data from other sources and not directly from you, and this is explained in more detail in this section.
The personal information we collect might include your name, business address, business email address, IP address, and information regarding what pages are accessed and when.
Further details are as follows:
- We may process your basic contact details ("contact details"). The contact details may include your name, business email address, business address and business telephone number. The source of the contact details will either be you or someone in your organisation or shared with us by one of your customers.
- We may process data about your use of our website and services ("usage data"). The usage data may include your IP address, geographical location, browser type and version, operating system, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system.
- We may process information contained in any inquiry you submit to us regarding our services ("inquiry data").
- We may process information contained in or relating to any communication that you send to us ("correspondence data"). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms or the live chat services.
As part of the completion process of our online assessments, if you are asked to share the personal information of others, you must ensure you or your organisation has obtained their permission to add their details into our assessments. We may contact them to confirm such permission to do so where you have included such data. Their details may be shared with other users of our website, which may include transfer of data outside the EEA and the UK, as explained below.
If you or your organisation purchase an online assessment from us, card information is not held by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions, as explained below.
We collect and use this personal data for the purposes described in the section "How is your personal data used? " below.
How is your personal data used?
Under data protection law, we can only use your personal data if we have a proper reason, e.g.:
- where you have given consent.
- to comply with our legal and regulatory obligations.
| What we use your personal data for | Our reasons |
| To create and manage your or your organisation's account with us (Contact Details) | The contact details data may be processed for the purposes of operating our website, providing our services and communicating with you or your organisation. The legal basis for this processing is our legitimate interests, namely providing our services to our customers. Also, depending on the circumstances, your consent was gathered during the account registration process (which can be revoked or updated at any time within your User Details on the website). |
| To respond to Contact Us inquiries relating to our products and services submitted via our website Enquiry Data) | The inquiry data may be processed for the purposes of offering, marketing and selling relevant services to you or your organisation. The legal basis for this processing is consent. |
| Providing our services | The correspondence data may be processed for the purposes of communicating with you or your organisation and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and communications with users to ensure we deal with any queries they may have raised with us, or to inform them of the services they are using. |
| To transfer your personal data outside of the EEA and the UK | Where you or your organisation confirms via our platform that you/it wishes to share such personal data with another entity they may process the same outside of the EEA and UK. The legal basis for such processing may, depending on the circumstances, be as follows:
|
| To enforce legal rights or defend or undertake legal proceedings | Depending on the circumstances:
|
| Customise our website and its content to your particular preferences based on a record of your selected preferences or on your use of our website | Depending on the circumstances:
|
| Retaining and evaluating information on your recent visits to our website and how you move around different sections of our website for analytics purposes. This helps us to understand how people use our website so that we can make it more intuitive or to check our website is working as intended. | Depending on the circumstances:
|
| Communications with you or your organisation not related to marketing, including about changes to our terms or policies or changes to our products or services or other important notices | Depending on the circumstances:
|
| Protecting the security of systems and data | To comply with our legal and regulatory obligations We may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests or those of a third party, e.g. to protect systems and data and to prevent and detect criminal activity that could be damaging for you/your organisation and/or us. |
| Disclosures and other activities necessary to comply with legal and regulatory obligations that apply to our business, e.g. to record and demonstrate evidence of your consents where relevant | To comply with our legal and regulatory obligations |
| Marketing our services to existing and former website users | For our legitimate interests or those of a third party, i.e. to promote our business to existing and former website users. See "How do we use your personal data for marketing purposes? " below for further information |
See "Who has access to your personal data? " for further information on the steps we will take to protect your personal data where we need to share it with others.
How do we use your personal data for marketing purposes?
We may use your personal data to send you updates (by email) about our services, including exclusive offers, promotions or new services. If we are providing services to your organisation rather than to you personally, these will usually be directed at your organisation rather than directed at you in your personal capacity.
We have a legitimate interest in using your personal data for marketing purposes (see above "How is your personal data used? "). This means we do not usually need your consent to send you marketing information. However, where consent is needed, we will ask for this separately and clearly.
You have the right to opt out of receiving marketing communications at any time by:
- contacting us at privacy@nqc.com, or,
- updating your email preferences on our website via your user account.
You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us then you can select your email notification choices within your user account. You will be asked to opt-in to these notifications when you register on our website.
Where the Privacy and Electronic Communications Regulations (PECR), as updated or replaced from time to time, so provide, we will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. However please note that the PECR does not apply to corporate email addresses. You can change your marketing preferences at any time by updating your email notification choices within your user account. If you need help to do this, you can contact one of our Support Representatives by email at support@nqc.com or by telephone on +44 (0) 161 413 7983.
We may ask you to confirm or update your marketing preferences if you ask us to provide further products or services in the future, or if there are changes in the law, regulation, or the structure of our business.
We will always treat your personal data with the utmost respect and never sell or share it with other organisations for marketing purposes.
For more information on your right to object at any time to your personal data being used for marketing purposes, see "What are your rights in relation to the personal data we hold? " below.
Who has access to your personal data?
We will not sell or rent your personal data to third parties.
We will not share your personal data with third parties for marketing purposes.
Other Organisations registered on our website: Our websites are designed to be collaborative and to enable organisations and their nominated users to share completed online assessments with other organisations. Your personal details (name, business email address etc.) will typically be linked to a completed assessment and therefore we may pass your information to other organisations as part of this sharing process. We share this information for the purposes of fulfilling our contractual obligations. We will only share the contents of a completed assessment where you or someone within your organisation have given us permission to do so. This permission is known as “sharing” on our website and can be managed through the Sharing functions within your online account.
Third Party Service Providers working on our behalf : We may pass your information to our third party service providers for the purposes of completing tasks and providing services to you on our behalf (for example to process a payment for an online assessment, to validate a specific assessment response). However, when we use third party service providers, we disclose only the personal information that is necessary for them to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
When you are using our secure online payment pages, your payment is processed by a third party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us.
We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation, or if we're under a duty to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of our customers. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.
If you would like more information about who we share our data with and why, please contact us (see "How can I contact NQC if I have any questions? " below).
How long will your personal data be kept?
We will not keep your personal data for longer than we need it for the purpose for which it is used.
Unless otherwise agreed with you as part of our specific contractual obligations with you, we will delete or anonymise any personal data we hold about you within 3 years of your account becoming inactive (where inactivity means no account logins for a consecutive 12 month period).
What are your rights in relation to the personal data we hold?
You generally have the following rights, which you can usually exercise free of charge:
| Access to a copy of your personal data | The right to be provided with a copy of your personal data. You have the right to ask for a copy of the information NQC hold about you. You can access this information yourself via your online account. To do this, visit your Dashboard, click your Name on the top right of the web page and under Options select "Export Personal Data". |
| Correction (also known as rectification) | The right to require us to correct any mistakes in your personal data You can access your online account at any time to view the personal data and change the information we hold about you (business telephone number, business address etc.). As we use your business email address as the primary way to identify and communicate with you, if you specifically need to amend your email address, you can telephone +44 (0) 161 413 7983 or email support@nqc.com. |
| Erasure (also known as the right to be forgotten) | The right to require us to delete your personal data in certain situations (usually where we require your consent to process). |
| Restriction of use | The right to require us to restrict use of your personal data in certain circumstances, e.g. if you contest the accuracy of the data |
| Data portability | The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations Our website enables you to export data in a structured, commonly used and machine readable format and we also have a number of APIs that can be used by another data controller/processor to transfer data between systems. |
| To object to use | The right to object:
|
| Not to be subject to decisions without human involvement | The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you We do not make any such decisions based on data collected by our website. |
For further information on each of these rights, including the circumstances in which they do and do not apply, please contact us (see "How can I contact NQC if I have any questions? " below). You may also find it helpful to refer to the guidance from the UK’s Information Commissioner on your rights under the UK GDPR or your appropriate local EEA supervisory authority where relevant.
If you would like to exercise any of those rights, please complete a Contact Us form—available on our website or email or write to us—see below: "How can I contact NQC if I have any questions? ". When contacting us please:
- provide enough information to identify and any additional identity information we may reasonably request from you, and,
- let us know which right(s) you want to exercise and the information to which your request relates.
What security precautions do we have in place to protect the loss, misuse or alteration of your information?
When you give us personal information, we take steps to ensure that it's treated securely. We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Any sensitive information is encrypted and protected with up to 256 bit encryption over TLS V1.2. Where we have given (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We are ISO 27001 certified and have a comprehensive Information Security Management System in place within the organisation. This ensures we have robust organisational processes and procedures in place to manage our operations. We have also implemented a number of technical security measures to protect your data including two factor authentication (where required) and data encryption (both in motion and at rest) etc. We undertake regular penetration tests of our websites to simulate potential attacks on our servers to evaluate the security of the system. We also regularly test our business continuity plans and our ability to quickly restore our website and it's content if required.
How does the website use 'cookies'?
Like many other websites, our website uses cookies. 'Cookies' are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual.
Our cookies are used to:
- measure how you use the website so it can be updated and improved based on your needs
- remember the notifications you've seen so that we don't show them to you again
Our introductory message
You may see a pop-up welcome message when you first visit our website. We'll store a cookie so that your computer knows you've seen it and knows not to show it again.
| Name | Purpose | Expires |
| NQCSCRIMSEEN_COOKIE | Saves a message to let us know that you have seen our cookie message | 30 days |
Session cookies
We set cookies to help manage your progress within the site. These cookies don't store your personal data and are deleted when you leave the site.
| Name | Purpose | Expires |
| NQCSCRIM_AUTH | Provides the site with your account details once you've logged in | When you close your browser |
| NQCSCRIM_PAGE_TIMEOUT | Ensures an unactive browser tab does not log you out of another tab | When you close your browser |
| NQCSCRIM_PAGE_ACTIVE | Ensures an unactive browser tab does not log you out of another tab | When you close your browser |
| NQCSCRIM_PAGE_LASTPOLL | Ensures an unactive browser tab does not log you out of another tab | When you close your browser |
Do we have links to other websites?
Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website and platform, so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.
In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
Will we transfer your personal data between EEA and UK?
We will transfer your personal data to our hosting service providers located outside the UK in mainland Europe.
As we are based in the UK, we will also transfer your personal data from the EEA to the UK.
Will we transfer your information outside of Europe?
As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Economic Area (“EEA”) and the UK (together “Europe”).
By way of example, this may happen if any of our servers are from time to time located in a country outside of the EEA or if your organisation has authorised or requested your contact data to be made available to a supplier or customer of it based outside of Europe.
Also, if you or your organisation accesses our services from outside Europe, your information may be transferred outside the EEA in order to provide these services.
If we transfer your information outside of Europe in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy.
The EEA, UK and other countries outside the EEA and the UK have differing data protection laws, some of which may provide lower levels of protection of privacy.
Under data protection laws, we can only transfer your personal data to a country outside the UK/EEA where:
- in the case of transfers subject to UK data protection law, the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an 'adequacy regulation') further to Article 45 of the UK GDPR or the recipient has signed up to legally-approved standard data protection clauses recognised or issued further to Article 46(2) of the UK GDPR.
- in the case of transfers subject to EEA data protection laws, the European Commission has decided that the particular country ensures an adequate level of protection of personal data (known as an 'adequacy decision') further to Article 45 of the EU GDPR or the recipient has signed up to legally-approved standard data protection clauses recognised or issued further to Article 46(2) of the EU GDPR.
- you have given us explicit consent to such transfer of your data; or
- a specific exception applies under relevant data protection law.
Any changes to the types of destinations to which we send personal data or in the transfer mechanisms we use to transfer personal data internationally will be notified to you in accordance with the section on "How will NQC review this Policy? " below.
How will NQC review this Policy?
We keep this Policy under regular review. This Policy was last updated in July 2021.
We reserve the right to change or update this Policy from time to time. If material changes are made, we will place a prominent notice on our Website for at least 30 days prior to the change taking effect, or communicate with you directly by email or through Notifications within your online account, and will update the last revised date at the bottom of this Policy.
How can I contact NQC if I have any questions?
If you have any questions or concerns regarding the use or disclosure of your personal information through the website, about this privacy policy or the information we hold about you, to exercise a right under data protection law or to make a complaint, you can contact NQC by email, call or write to us at NQC Ltd, Jactin House, 24 Hood Street, Manchester, M4 6XW or email privacy@nqc.com, telephone +44 (0) 161 413 7983
How can I lodge a complaint about your data handling?
We hope that we can resolve any query or concern you raise about our use of your information. If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. The supervisory authority in the UK is the Information Commissioner who may be contacted at concerns.
