Effective Date: Wednesday, 01 November 2021
Respect for the privacy of Personal Information about you is very important to us. We use and share Personal Information that you provide only in ways that we tell you about, and we secure Personal Information that you provide to prevent it from being used and shared for other purposes.
1 Collection of Personal Information and Non-Personal Information
How Personal Information is Collected in your Digital Wallet (“Q-Servi Wallet”): after you download and successfully install Q-Servi Wallet, you will be asked to create a digital account with us. During this process you will be asked to enter your personal information and also some upload identification documents that will be added to your account via either your device’s camera or your device’s file storage.
Please note that your personal data are only stored, locally in your device and you control whether your Personal Information can be shared to someone else or not. For example, During your visit to an associated clinic, you will decide what data from your Personal Information you want to share with the clinic representative and share it with our site using the QR code functionality.
Types of Personal Information that are Collected: Different types of Personal Information may be collected about you through your use of the Site. The kind of Personal Information which may be collected through the usage of your Q-Servi Wallet, are as follows:
- Basic identifiers such as first name, last name, title, date of birth, contact information such as your email address and telephone number, and other identifiers that you may include within or upload to your own Site app profile (hereinafter, your Q-Servi Wallet) or that you otherwise choose to make available through your use of the Site; Basic identifiers are kept in your Q-Servi Wallet on a permanent basis and can be removed by uninstalling the application from your device. Any identifier shared by QR code is retained for a period no longer than ten (10) minutes, so as to be made available to the organisation that you selected to share your QR code with.
- Additional Profile information that you may choose to include in your Q-Servi Wallet, such as your preferences, feedback and survey responses; and
- Sensitive Personal Information that you choose to include in your Q-Servi Wallet, which may include information about race and ethnicity and health information, such as diagnostic test results and medical records.
How Non-Personal Information is Collected:
- When using your Q-Servi Wallet, Non-Personal information is only shared with our operations team when contacting us via the “Contact Us” page of your application.
- When using or navigating the site, you control whether Non-Personal Information is collected from you. For example, when you use or navigate the Site, information about your browser type may be collected if you set your browser settings to enable collection of such information.
Kinds of Non-Personal Information that are Collected:
- Technical data shared by your Q-Servi Wallet, include: OS version, device model, device operating system, system version, Q-Servi Wallet application version.
- When using or navigating the site, technical data collected include: your internet protocol (IP) address, browser type and version, device type, time zone setting and location, browser plug-in types and versions, crash reports, operating system and platform and other technology on the devices you use to access the Site
Camera, images, videos, audios and File sharing within your Q-Servi Wallet
- The application is requesting use of your camera, photos and / or access to your device filesystem (files) in order to allow you to capture or update your ID document(s).
- Access to camera, photos and / or access to your files will enable you to store any type of document and/or health certificate in your wallet.,
- None of the files and images, uploaded or taken, are shared or stored by Q-Servi servers, and are only stored in an encrypted format, locally on your device. You have the option to share your selection of your data, including your Identification document and any health certificate, previously stored in your wallet, by generating a QR code from the application’s home screen.
- No personal information or document metadata from any uploaded file or image captured is extracted from the user’s device.
- Should you wish to restrict access to your device files and camera, you are able to do so from your phone settings, by changing Q-Servi Wallet app permission configuration.
- Android devices: Settingsà App & Notificationsà App permissions, then you may select Camera and/or Storage to alter the previously given permissions.
- iOS devices: Under Settings, you should find Q-Servi Wallet application and then you can alter previously granted selection of Camera and Photos
Should you wish to restrict access, this may also restrict relevant functionality within the Q-Servi Wallet.
2 Uses and Disclosures of Personal Information and Non-Personal Information; Purposes of Using and Disclosing Personal Information and Non-Personal Information
Uses and Disclosures of Personal Information; Purposes of Using and Disclosing Personal Information. You control uses and disclosures of Personal Information on the Site as follows:
- If you have a Q-Servi Wallet, you decide how you wish to use Personal Information in the Q-Servi Wallet utilising its functions and capabilities. The purpose of your use of Personal Information in this way is so that you may utilise and take advantage of the Q-Servi Wallet that we offer;
- You decide how Personal Information is disclosed and to whom it is disclosed. For example, if you contact us with a question, you may choose to disclose certain Personal Information about yourself to us so that we can identify and respond to you. You may disclose Personal Information in this way for the purpose of allowing us to communicate with you; and
- If you have a Q-Servi Wallet, you choose with whom you share your Personal Information. As an example, you may choose to share Personal Information in your Q-Servi Wallet with your employer or with a business you choose. You may share Personal Information in this way as part of utilising and taking advantage of the Q-Servi Wallet and its features.
In limited instances, we may use and disclose Personal Information as follows:
- Through your Q-Servi Wallet
- If you contact us with a question or concern about the Site, we may use the Personal Information you chose to share with us for the purpose of communicating with you about your question or concern;
- We may use Personal Information we’ve collected on the Site if we’re required to do so by applicable law or regulation or to comply with a legal obligation to which we are subject. We may also disclose such Personal Information to those authorised to receive it, as required by applicable law;
- Through our site
- We may use Personal Information you provide to us, such as your email address or other basic identifiers, to send you our newsletters, updates about us or our services or marketing materials if you have opted in to receive such communications from us; and
- We may disclose Personal Information we’ve collected on the Site to third-party service providers that we engage. We disclose Personal Information to such third-party service providers so that they may assist us in providing, managing and operating our Site.
Uses of Non-Personal Information; Purposes of Using Non-Personal Information.
You also control uses of Non-Personal Information as follows:
- You may set and adjust browser, operating system and device settings to allow or disable use of technical data such as location information and cookies. If you allow use of this information, it will serve the purpose of tracking certain interactions you’ve had with our Site (see “Cookies” section below for more details).
In limited instances, we may use and disclose Non-Personal Information as follows:
- We may use Non-Personal Information, which may consist of technical data (as described above), for web analytics purposes. For example, we may use such technical data for analysing our website traffic and other metrics for purposes of evaluating the performance of our website.
- We may disclose Non-Personal Information, which may consist of technical data (as described above), to third-party service providers that we engage to assist us with the web analytics functions noted above.
3 Processing of Information With Your Consent
When you browse our website or contact us with questions, you provide your consent for us to process information that may include Personal Information.
Q-Servi Wallet performs the following functions by means of an interface to the operating system of the user’s mobile phone
- Creation of a user profile. User identifiable information and credentials are only stored in an encrypted format within Q-Servi Wallet, in the user’s device.
- Registration of user’s personal information, so as to maintain a “user profile”. User identifiable information and credentials are only stored in an encrypted format within Q-Servi Wallet, in the user’s device. This can be used for the user to identify themselves when sharing selected data through a QR code.
- Storing of certificates within the application. The user is able to store any type of document within the application, allowing them to store or share, if they choose to, at any time.
- QR code generation, to share user data. The user is able to select and share data through a QR code functionality. Data shared is temporarily stored to our servers, encrypted with a key, that is directly and only shared with the recipient of the data, through the QR code, in order to be able to access the information shared. Additional measures to safeguard the information shared are in place, such as rotating decription keys.
The app does not use location tracking or geopositioning.
4 Revoking Your Consent
In situations where you have provided explicit consent for the processing of Personal Information, you may revoke your consent at any time by contacting us at email@example.com. However, please be aware that if you revoke your consent, you may not be able to use our website or our other Site features which depend on processing of Personal Information.
5 Data Minimization
6 Information Security
We use commercially reasonable administrative, technical, physical and organisational security measures to maintain the security and integrity of our Site and Personal Information and Non-Personal Information that is processed through the Site. We implement measures to protect against loss, misuse, or improper access to information through generally accepted industry standard technologies and procedures. For example, we use authentication, anonymisation and encryption technology to protect Personal Information in a User’s Q-Servi Wallet. Please note that there are inherent risks in transmission of information over the Internet, and we cannot guarantee that unauthorised access or use of information will never occur. Please also note that features of our Site, such as a Q-Servi Wallet, are designed to be interoperable with and allow for secure exchange of information with various other systems, but we cannot guarantee such interoperability with all systems and make no representation or warranty that unauthorised access to or use of information will never occur in connection with such exchange of information.
The QServi website use “cookies” to help you personalise your online experience.
Cookies are small text files that are placed on your computer or mobile device when you browse websites.
Cookies are not actual programs or software. When you visit a website, it stores a snippet of text from your visit; the next time you visit, it is retrieved by the website, remembering you. This can be used differently depending on the actual website visited. Cookies allow websites to store such things as user preferences. You can think of cookies as providing a “memory” for the website, enabling it to recognise a user and respond appropriately. Cookies on our website do NOT store any personally identifiable information such as names, addresses, email addresses or phone numbers.
Our cookies help us:
- Make our website work as you’d expect
- Remember your settings during visits
- Allow you to share pages (names/blog articles) with social networks like Facebook or Twitter
- Continuously improve our website for you
- Collect any personally identifiable information – we will always ask for your express permission if we ever collect this information.
- Collect any sensitive information without your express permission
What information is kept by the cookie?
A cookie will typically hold:
- The name of the website that it has come from
- How long the cookie will stay on your computer or phone
- A value – usually a randomly generated unique number
How long do cookies stay on my computer?
- Session cookies – these only last until you close your browser. They are not stored on your hard drive. They are usually used to track the pages that you visit so that information can be customised for you for that visit.
- Persistent cookies – these are stored on your hard drive until you delete them or they reach their expiry date. These may, for example, be used to remember your preferences when you use the site.
- Website function cookies
- Social media cookies
- Third-party and advertising cookies
- Analytics cookies
More About Our Cookies
Website Function Cookies such as session or preference cookies
- Holding information once you’ve logged in to save you having to re-login each time you visit a different page during your session
- Once you log off or close the browser, the session cookie will be removed
Our site, like most websites, includes functionality provided by third parties. A common example is an embedded YouTube or Vimeo video.
Disabling these cookies is likely to break the functions offered by these third parties
Social Media Website Cookies
To facilitate easy sharing or liking of content on social network platforms such as LinkedIn and Twitter, we have included sharing buttons on our site.
The privacy implications on this will vary from social network to social network and will be dependent on the privacy settings you have chosen on these networks.
Anonymous Visitor & Behaviour Statistics Cookies
- How visitors reached our website (e.g. from a search engine, an advert, social media site etc.)
- The activity of users on the site such as the number of pages viewed, time spent on individual pages, the pages visitors leave our site on
- How often visitors return to our site
- Visitor technology used (e.g. browser, operating system, device etc.)
These statistics help us make our site as user-friendly as possible to ensure a good experience for all visitors.
- Google Analytics, a program that helps us measure site usage details, including the examples above.
Site Improvement Cookies:
We regularly test new designs or site features on our site. We do this by showing slightly different versions of our website to other people and anonymously monitoring how visitors respond to these different versions. Ultimately this helps us to offer you a better website.
- Third-party vendors, including Google, show ads on sites on the internet.
We have no access to or control over these cookies. However, users may opt-out of Google’s cookies by visiting the Google advertising opt-out page.
You may opt-out of the DoubleClick cookie by visiting the Google advertising opt-out page or opt-out of Google Analytics by visiting the Google Analytics opt-out page.
Turning Cookies Off
You can switch cookies off by adjusting your internet browser settings to stop it from accepting cookies. There are many different browsers and versions. Some of the most common browsers and versions and listed below. Click the name of your preferred browser below to learn how to disable and manage cookies. If your version of browser is not listed, please visit your preferred search engine.
Please be aware that turning off cookies will impair the performance of many websites and not just ours.
8 Third-Party Content
Our Site may include links to third-party content, including without limitation, links to third-party websites. We do not endorse or recommend such third-party content and we are not responsible for the privacy practices of the operators or publishers of such content. Please be aware that when you access links to a third party’s content via our Site, you are bound by the privacy policies and practices of that third party. We urge you to be aware of and read the privacy policies governing your use of any third-party content.
9 Location of Information Processing
In instances where you process Personal Information from your local device, processing of this Personal Information occurs where you or your device are located. In other situations where you control the disclosure of your Personal Information, once you disclose such Personal Information to a recipient (such as a clinic or lab that you choose), it may be further processed by those recipients wherever they are located. In situations where we process Personal Information or Non-Personal Information, processing of such information may occur in the United Kingdom (UK) where our cloud-based servers are located or at the locations of our offices, offices of our affiliates or at processing locations of our third-party data management contractors.
Depending on how you use the Site, your use of the Site may involve transfer of your Personal Information across borders from the country in which you are located to other countries around the world. To the extent we process your Personal Information, we may also transfer such Personal Information internationally. Accordingly, with respect to an international data transfer, your Personal Information may be subject to different protections depending on the laws and regulations of the country to which your Personal Information is transferred. In all cases in which we control your Personal Information, we will seek to apply reasonable safeguards for the protection of such Personal Information that is transferred internationally.
10 Third-Party Service Providers
11 Access to Your Personal Information
At any time, you may access Personal Information which you control on the Site. For example, if you maintain Personal Information in your Q-Servi Wallet, you may access such Personal Information in the Q-Servi Wallet at any time.
In the limited cases in which we control and maintain your Personal Information, you may contact us to request access to such Personal Information at: firstname.lastname@example.org. After receiving the request, we may take steps to verify your identity and once verified we will respond to your access request within a reasonable timeframe.
12 Deletion of Your Personal Information
At any time, you may delete Personal Information which you control on the Site. For example, if you maintain Personal Information in your Q-Servi Wallet, you may delete such Personal Information in the Q-Servi Wallet at any time. Please be aware that certain parts of the Site, such as the Q-Servi Wallet, may include functions which allow you to back up your Personal Information using your own operating system or device, and in case you have backed up your Personal Information in this way, the backup copy will remain even if you have deleted Personal Information on the Site. In the limited cases in which we control and maintain your Personal Information, you may contact us to request deletion of such Personal Information at: email@example.com. After receiving the request, we may take steps to verify your identity and once verified we will respond to your deletion request within a reasonable timeframe. Please be aware that if we delete Personal Information, it may limit your ability to fully utilise the Site and related service we can provide to you.
13 Use of Site by Children
14 Retention of Personal Information
For individuals in the EU: Ian Sherrington has been appointed as our representative in the EU for data protection matters, pursuant to Article 27 of the EU’s General Data Protection Regulation. Ian Sherrington can be contacted in addition to or instead of us on matters related to the processing of Personal Information. You may contact Ian Sherrington at the following address: Catharina van Rennesstraat 280, 2551 GV Den Haag, Netherlands. You may also contact Ian Sherrington by phone at +31 621 861158 or by email at GDPR@qservi.com.
As a data subject, you have the right to request from us access to, rectification of, erasure of, portability of and/or restriction of processing of your Personal Information. You also have the right to object to further processing of your Personal Information. To exercise any of these rights, please contact us at firstname.lastname@example.org. We will respond to your request in accordance with applicable law.
In the event we process your Personal Information based on your consent, you may withdraw your consent at any time (provided, however, such withdrawal will not affect the lawfulness of processing of your Personal Information that occurred before our receipt of your withdrawal). To withdraw consent for processing of your Personal Information, please contact us at email@example.com.
We may transfer Personal Information from the EU and/or UK to other countries and jurisdictions around the world. Please be aware that the European Commission determined that only certain countries/jurisdictions provide an adequate legal framework for the protection of Personal Information. For more information on the countries/jurisdictions that the European Commission has determined provide an adequate legal framework for protection of Personal Information, please visit: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. To the extent Personal Information is transferred from the EU or UK to countries/jurisdictions that have not been deemed by the European Commission to provide an adequate legal framework for the protection of Personal Information, such Personal Information may be at greater risk once it is transferred to such countries/jurisdictions due to the absence of this adequacy determination by the European Commission. Nonetheless, we commit to protect Personal Information under our control by applying reasonable safeguards to Personal Information transferred to such countries/jurisdictions.
If you have a concern with the handling of your Personal Information, you may lodge a complaint with the applicable data protection authority (also known as “Supervisory Authority”) in the country in which you reside.
For a list of European Union Supervisory Authorities and their contact information, please visit: https://edpb.europa.eu/about-edpb/board/members_en.
If you are located in the Isle of Man, you may contact Information Commissioner (website: https://www.inforights.im/).
If you are located in the UK, you may contact the Information Commissioner’s Office (ICO) (ICO website: https://ico.org.uk/).
If you have a concern, you may also contact us at firstname.lastname@example.org.
16 Questions; Concerns