GDPR policy

At Quality Unit, safeguarding your privacy and ensuring compliance with data protection regulations is paramount. We are committed to transparency, security, and adherence to the General Data Protection Regulation (GDPR) standards which became enforceable on May 25th, 2018 to protect the personal data of our users.

Definitions

Quality Unit: refers to Quality Unit, s. r. o., the company providing the Service.

GDPR:

Service: refers to the URLsLab WordPress plugin and chatbot system, along with associated tools, services, and content provided by Quality Unit.

Subscriber: refers to the user accessing or using the Service, whether as an individual or on behalf of a legal entity.

Personal data: refers to any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person as defined in the Regulation (EU) 2016/679 Of the European Parliament and of the Council.

Data controller: refers to the the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law as defined in the Regulation (EU) 2016/679 Of the European Parliament and of the Council.

Data processor: refers a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller as defined in the Regulation (EU) 2016/679 Of the European Parliament and of the Council.

Subprocessor: refers to any third-party entity or service provider engaged by Quality Unit to process or handle part of Service Data on behalf of the Subscriber, in accordance with the terms of this agreement.

You / Your / They / Their: refers to the user accessing or using the Services, whether as an individual or on behalf of a legal entity. It has the same meaning as a Subscriber.

Processing: refers to any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction as defined in the Regulation (EU) 2016/679 Of the European Parliament and of the Council.

Owner / Account Owner: The owner account holds the highest level of privilege, encompassing comprehensive access to account management functionalities, billing oversight, system settings configuration, and report generation. In addition to these administrative functions, owners also retain the ability to engage with tickets and monitor workflow processes within the system.

Description, scope and commitment

Understanding GDPR: The General Data Protection Regulation (GDPR) is a legal framework implemented by the European Union (EU) to enhance data protection and privacy rights for individuals within the EU and the European Economic Area (EEA). The GDPR regulates the processing of personal data and imposes obligations on organizations handling such data, irrespective of their location.

Scope of Application: Quality Unit, as a provider of Service, processes personal data on behalf of the Subscribers. This may include information provided directly by individuals or collected through the use of the Service. Quality Unit acknowledges the responsibility to comply with GDPR requirements concerning the handling of personal data.

Commitment to GDPR Compliance: Quality Unit has taken substantial measures to ensure compliance with the GDPR since its enforcement date on 25th May 2018. Quality Unit’s compliance efforts encompass robust data protection policies, procedures, and technical safeguards designed to uphold the principles of lawfulness, fairness, and transparency in data processing.

Data processing of customer support interactions between Subscriber and Quality Unit

Data processing details: Quality Unit processes various types of data to facilitate our services effectively. The data types we process include but are not limited to: Name, address, phone number, email address, IP Address, information about products purchased, information about product usage, information gathered from other communication channels such as email, chat, social media and instant messaging, information provided to our support team to address account-related issues, geo-localization data, browser information, system information.

Data sources: The aforementioned data is collected directly from the Subscriber. It may stem from conversations held between the Subscriber and Quality Unit, or be specified within the Subscriber’s customer profile. Additionally, data may be sourced from publicly available directories or other authorized third parties.

Purpose of data collection and processing: The Subscriber consents for data processing is obtained for specific purposes, namely marketing services and customer support services.

Data processing duration: The Subscriber consents for data processing is valid for the duration of Service usage and up to five (5) years following termination of Service, or until consent is revoked. For individuals who are not current or prospective customers of Quality Unit, consent is valid for a period of five years, or until revocation. Following the expiry of the consent period, data will be securely erased.

Subprocessors: Subscribers grant consent for selected data to be accessed by our subprocessors and subcontractors. These entities undergo regular assessments and audits to ensure the highest standards of privacy and security are maintained.

Data processing rights: Quality Unit upholds the utmost importance of correct data processing and ensure a high level of security, privacy, and compliance with data protection regulations. Subscribers possess the following rights regarding data processing: (a) Right to access data: Subscribers have the right to obtain information regarding the processing of their data, including contact details of the data processor, purpose of processing, categories of data, data recipients, data transfer to third countries, processing duration, rights of the data subject, and information about data profiling and automation; (b) Right for correction: Subscribers have the right to rectify any inaccurate or incomplete data concerning them; (c) Right to erasure (‘right to be forgotten’): In certain circumstances as permitted by law, Subscribers may request the erasure of their data; (d) Right for processing limitations: Subscribers may request limitations on the processing of their data under specific conditions; (e) Right for data migration: Upon request, Subscribers can receive their data in a structured, commonly used, and machine-readable format for transfer to another data processor; (f) Right to object: Subscribers can object to the processing of their data in certain situations; (g) Right for contacting local data processing authority: Subscribers have the right to contact the local data protection authority regarding concerns or issues related to data processing. The local data processing authority for Quality Unit is Úrad na ochranu osobných údajov Slovenskej republiky with address Hraničná 12, 820 07 Bratislava 27, Slovak Republic, European Union.

Revoking consent for data processing: To submit a request to revoke data processing consent, please provide the name of your company, subject, data processor, a written request for data revocation, and your signature. Address your request to support@urlslab.com. Alternatively, to unsubscribe from our mailing list, please use the provided form here.

DPO, compliance team and formal verification

Data protection resources: maintains both an internal team and a dedicated Data Protection Officer to oversee GDPR compliance. For inquiries pertaining to GDPR compliance, the Subscriber is encouraged to direct all questions to support@urlslab.com.

Formal verification process: For formal verification purposes, Subscribers may download our data protection addendum and include their company details. This addendum facilitates the verification process and ensures compliance with regulatory requirements.

Data storage and access

Data storage policy: Subscriber’s data is retained solely for the duration of their utilization of Service or until a request for data deletion is submitted. Data belonging to Quality Unit’s EU Subscribers is stored in the European data center situated in Germany, provided by Akamai Connected Cloud. Access to Subscriber’s personal information is granted exclusively upon prior request by the Subscriber or with their explicit approval. Access is granted to customer support, development, or marketing teams.

Data removal and subprocessor management

Data removal: When a Subscriber requests deletion of their data, Quality Unit promptly responds to the deletion process without delay. The deletion of the Subscriber’s data is executed within 1 business day.

Subprocessors: Quality Unit enters into data processing agreements with each of its subprocessors or subcontractors to ensure compliance with data protection regulations. Subscribers can access the list of Quality Unit’s subprocessors and subcontractors for transparency and accountability.

Safeguards implementation and operations processing

Technical and organisational measures: Prior to the GDPR deadline, extensive safeguards and processes were already established, reflecting Quality Unit’s unwavering commitment to safeguarding the privacy of the Subscribers’ data. Additional guidelines were implemented to enhance the handling of sensitive data, incident response protocols, and other relevant measures to bolster data protection efforts. The list of implemented technical and organisational measures is available below.

Operations processing: All measures undertaken are geared towards ensuring optimal customer support and delivering reliable services in compliance with regulatory standards.

Data subjects, data categories, and cross-border transfers

Data subjects: Natural persons or business information, whose data has been shared either with the Subscriber of Quality Unit or Quality Unit.

Data categories: Data categories encompass full name, business name, email, phone number, address, IP address, timestamps of actions, browser cookies, and additional data collected by subscribers in their account. There are no special categories of data processed or collected.

Cross-border transfers: Cross-border transfers are conducted solely within EU or US jurisdictions.

Security measures for Subscribers

HTTPS encryption: All accounts operate over a secure connection utilizing the HTTPS protocol. Hyper Text Transfer Protocol Secure (HTTPS) ensures that data exchanged between Subscriber’s browser and Servce is encrypted, safeguarding Subscriber’s chat and email communication from interception.

Secure credential storage: Quality Unit adheres to the latest best practices for securely storing and protecting user login credentials and passwords in the cloud environment.

API security: Access to Service’s REST API is restricted to accredited users, requiring authentication through username and password or username and API tokens, bolstering security measures for API interactions.

Features and functionality to assist Subscribers with GDPR compliance

Service Data deletion: The Service provides Subscribers the ability to request the deletion of Service Data containing personal data, including account, chat history, Subscription plan, and images, from active Service accounts.

Account ownership control and deletion

Account ownership control and deletion: Every Service account owner maintains a complete control over their account and can request deletion at any time via email to support@urlslab.com.