Last updated: 21 July 2019
Introduction and Important Warnings
Your continuing privacy is important to QB. As we are an internet service, you must also play your part in securing your computer, smartphone, tablet, smart TV or any other device (“devices”) you use to browse or access the content we make available, or when you send or receive communication to or from us (e.g. e-mails or SMS text messages). You should always use up-to-date antivirus/anti-malware protection and ensure that the devices you use are updated with the latest security patches and are still supported by the manufacturer or distributor.
IMPORTANT WARNING: the name of the QB website or its IP (internet protocol) address will usually be visible to your Internet Service Provider (“ISP”) and will also usually be visible to the provider of a public WiFi facility if you use your device in a public area such as a restaurant or hotel (which we do not recommend). Depending on your circumstances when browsing or viewing content from the internet, we recommend that you use privacy-enhancing methods such as Virtual Private Networks (“VPN”) or Encrypting Proxies. However even then, it may still be possible for others to see that you are using a VPN or encrypting service even if QB or the content made available by QB service cannot be directly identified.
IMPORTANT WARNING about risks of sharing and commenting on social media web-sites
QB may voluntarily give your personal data to whom?
Generally, QB will only give to our service providers (such as card payment services, age verification service, content platform and cloud provider) just the minimum personal data that such service providers properly need in order to provide their services to QB and directly or indirectly - also to yourself. Our current service providers are listed below QB sharing your Personal Data with service providers
When might QB be forced to give your personal data to law enforcement authorities?
IMPORTANT WARNING: QB (as well as any of our service providers) may be compelled by operation of law, rules of court, court order, search warrant or the equivalent in any country to give some or all of your personal data to the authorities in any country for enforcement criminal and civil laws and without your consent or even knowledge.
QB, the UK Data Protection Act 2018, the GDPR and the ICO - The Data Protection Regulator
We are and will remain duly registered on the ICO’s Register https://ico.org.uk/about-the-ico/what-we-do/register-of-fee-payers.
Our Data Controller and Data Protection Officer; Questions and Complaints
Our Data Controller is QB itself: QueerBee CIC, Bickland House, Bickland Water Road, Falmouth, Cornwall TR11 4SB. If you have any questions or concerns about the way we handle, or may handle, your personal information, then we strongly encourage you to contact our Data Controller email firstname.lastname@example.org. If you want to rely on your rights under the Data Protection Act 2018 (see below “Your Rights under the Data Protection Act 2018”) you must contact our Data Controller without delay.
If you are dissatisfied or unhappy in any way with the response, actions or inactions of our appointed Data Controller, you should contact our Data Protection Officer (“DPO”) Jac Nunns, Bickland House, Bickland Water, Falmouth, Cornwall TR11 4SB United Kingdom email email@example.com. Please do not delay contacting our DPO. The appointment of a DPO is designed and intended by us to offer you enhanced protection for your personal data. You also have the right to complain or raise questions at any time with the ICO about the ways we collect, process and share your personal data. Please note that if you complain to the ICO they might ask you whether you had already contacted our DPO.
Your Rights under the Data Protection Act 2018
You have a number of important rights under the DPA 2018 data protection law including: the right to see what information we hold about you; the right to have inaccurate or out-of-date information changed or deleted; the right to object to processing by us; the right to know if we are processing or transferring your personal data out of the European Economic Area (“EEA” which is presently made up of the European Union, Norway, Liechtenstein and Iceland); the right to know to whom we may be giving your personal data; the right to know why we have the lawful right to process your personal data; and the right to know for how long we may keep your personal data.
Your rights may be reduced by a number of lawful exceptions. We set out below how you can use the rights offered in the DPA 2018, even if you are not in the UK “Your statutory rights under the DPA 2018”
What Personal Data does QB collect about you?
In order for QB to be able to provide you with the QB service, QB has to collect, store and process some personal information about you. We aim to keep the amount of such personal information to a reasonable minimum.
Personal Data which you give us voluntarily
- your name and land address, including country
- your age
- your electronic contact details, such as e-mail addresses, telephone numbers and instant messaging address
- details of payment method, such as credit or debit card details, or banking details. Depending on your selected payment means, you may be asked to provide further personal information to the payment provider when making a payment. While we do not store the details of your payment method , our payment processor [Stripe Payments Europe Ltd] may do so. For more on our payment processor, please see below QB sharing your Personal Data with service providers
- your password which you set up for your access to the QB web-site. To improve your privacy and security, we (or our payment processor) may ask that the password create must be of a minimum length and be made up of letters, numbers and other characters before the password can be accepted. IMPORTANT WARNING: your password for QB should be only for QB; never use the same or similar password on more than one web-site. If you forget your password, you may ask QB to allow you to re-set your password: please email us at firstname.lastname@example.org and we will email you a new temporary password with a link for you to re-set the password.
- your answer to any “security question” that we (or our card payment service may require as an extra security check for identifying you.
Personal Data which QB collects as an integral and automatic part of you viewing and using the QB website
When you view or use the QB website, then as an automatic and integral part of your website usage, we can see (directly or indirectly) certain personal data about yourself including:
- your IP address (which usually identifies the country from where you are presently accessing QB service)
- your operating system
- your browser and browser “add-ons”
- any referring web-link that you clicked to arrive at QB website
- your login details
- your e-mail address
- your viewing times
- your time zone
- details of pages that you viewed or content you may have placed in the basket for future payment or viewing
- bare details of the “hand over” to a card payment service and the “hand back” with the outcome of a successful or unsuccessful payment (QB does not store or have access to the details of your method of payment),
- bare details of the “hand over” to our age verifier provider and the “hand back” with the result of the age verification process.
These details are kept by us securely.
Use of Analytics
Other ways that QB might collect personal data about you
Our service providers will give us information about you eg the age verification service will let us know whether or not they can confirm that you are at least 18 (eighteen) years old; the card payment service will let us know whether or not your payment has been successful. They may also let us know later that they want to correct or update their earlier statements to us if they consider that a response they had provided to us was not correct or needs to be updated. Our content platform provider and cloud providers may also tell us more about you eg if they consider that you are using, accessing, altering, hacking, infringing or otherwise abusing content on their platforms or allowing others to do so.
Why does QB collect, store or process your personal data?
We need to collect, store or process your information for the following Purposes:
To enable identification, age verification and registration, payment and the supply of our services to you including our ability to contact you about registration, general payment and contractual issues. We rely on this Contractual Basis but please see also below about complying with legal obligations relating to your age, payment and payment details.
To check that our website and services are functioning as expected, to make technical adjustments or additions as may be required and to provide and maintain troubleshooting facilities. We rely on this Contractual Basis.
Compliance with Legal Obligation
To comply with any obligations imposed by law in respect of payments and payment method, including any obligations in respect of criminal activity including fraud, money laundering, breach of sanctions, risk and age verification. We rely on this Compliance with Legal Obligation Basis.
To monitor and check if our website, content or any other services including those of our providers are being or are being allowed to be, or have been or have been allowed to be, abused, hacked or accessed without proper permission or authority or otherwise accessed or used in breach of our terms and conditions https://www.queerbee.org/pages/terms-and-conditions , or are being, or have been, used for immoral, discriminatory, profiling (including religious, health and orientation profiling), commercial, defamatory or infringing intellectual property purposes. To the extent that such activities do not fall within the Compliance with Legal Obligation Basis (see just above), we rely on this Legitimate Interest Basis.
Marketing with your Consent
To provide you with relevant marketing messages, recommendations and suggestions based on your history of browsing and viewing our website. We rely on this Consent Basis. If you have consented to receive marketing messages, recommendations and suggestions, you can withdraw your consent at any time by going to https://www.queerbee.org/dashboard
QB sharing your Personal Data with service providers
In order to offer QB website and services to you, we make use of recognised and well-established companies that provide specialist and secure services and who will need to be securely supplied with some of your personal data in order to offer their particular service. Your access to such third party services will be subject to the terms and conditions and Privacy Policies imposed by the third party service provider. You should read and understand the terms and conditions and Privacy Policies of such third party service provider before you access those services, which are not the responsibility of QUEERBEE. If you encounter any difficulties using those services or have any complaints then you should contact the third party service provider. We currently use the following service providers:
Disclosing Your Personal Data for Law Enforcement Authorities
As mentioned above “When might QueerBee be forced to give your personal data to law enforcement authorities?” you are warned that QB (and its service providers such as card payment service, age verification service, content platform provider, and cloud computing provider) may be required by operation of law or rules of court or the equivalent to disclose to law enforcement authorities some or all of your personal information without your consent or even knowledge.
QueerBee’s Data Processors
If QB work with a service provider which is a “Data Processor” (as defined in the DPA 2018) based within the European Economic Area (“EEA” - the European Union, Norway, Liechtenstein and Iceland), then our work with that service provider will be governed by a contract in writing between QB and the Data Processor which conforms to the requirements of the DPA 2018. We will carry out due diligence on any Data Processor we may work with in order to check if that Data Processor is suitable to receive and process securely your personal data for the strictly limited purposes which we set out in our contract with the Data Processor.
If we use a Data Processor that is not based within the EEA, then, as required by the DPA 2018 and GDPR, we will transfer personal data to such Data Processor only by means of an adequate and secure method of data transfer approved by the ICO (as required by the DPA 2018 and the GDPR.) Data Processors we work with who are based outside the EEA are currently: bluehost, uscreen
Transferring your personal data to Data Controllers outside the EEA
QB is located in the UK and is established under the company law of England and Wales. Transferring your personal data within the EEA (the EU, Norway, Liechtenstein and Iceland) is currently considered to be safe under the DPA 2018 and the GDPR.
We will transfer personal data to such Data Processor only by means of an adequate and secure method of data transfer approved by the ICO (as required by the DPA 2018 and the GDPR).
QB Security Measures
We use an https encrypted connection between your device and our server or our providers’ servers. If your device does not support a currently and generally approved https protocol, you may not be able to register or log into our website. This applies equally to viewing the QB homepage
Card payments are taken using a payment processor : Stripe Payments Europe Ltd which is regularly certified for compliance with PCI-DSS QB sharing your Personal Data with service providers
We and our service providers use up-to-date security measures, both physical and electronic, to protect your personal data. Further we and our service providers have practices and protocols in place to identify anyone who requests information about you before we or our service providers consider whether we should disclose such information. As a result, we may have to ask you to provide, securely, additional information - including answering your security question - before we or our service providers can consider properly giving you any information about your personal data.
As set out above QueerBee’s Data Processors , we use required and approved secure methods when using Processors wherever they are based.
We also use required and approved secure methods when transferring personal data to a data controller out of the EEA as set out above Transferring your personal data to Data Controllers outside the EEA
How long does QB keep your personal data?
We will securely keep your personal data for as long as you continue to be a registered user of our web-site and services.
You can withdraw your consent to receive marketing messages, recommendation and services at any time by setting or re-setting your preference at https://www.queerbee.org/dashboard
Keeping your personal data on a “restricted basis”
If you cease to be a registered user of QB for any reason, we will usually keep the personal data we were holding when you ceased to be a registered user on a “restricted basis” for a period of 7 (seven) years unless there are or were to be any laws or specific reasons that require some or all of your personal data to be retained for a longer period. “Restricted basis” refers to keeping your personal data on a separate secure database or data silo that can only be accessed and used for regulatory and evidential (including taxation) purposes. This general seven (7) year period for keeping your personal data on this restricted basis is consistent with the Limitation Act 1980 (as amended) of England and Wales. Access to this restricted personal data will be strictly monitored and recorded under QueerBee’s in-house protocols. When the “restricted basis” retention period or periods have elapsed, your personal data will be securely deleted. If only part of your personal data is required to be kept on the restricted basis after the seven (7) year general period has elapsed, the rest of your personal data will be securely deleted at that time.
Your statutory rights under the DPA 2018
Under the Data Protection Act 2018 and or any regulations made under that Act or any successor, you have the following important statutory rights (limited by some exceptions):
Data Subject Access Request - “DSAR”
You can ask in writing to see what personal data we hold about you by contacting The QB Data Controller at e-mail email@example.com. As e-mails can occasionally not be delivered or arrive in a corrupted form, you are strongly urged to send a hard copy of your e-mailed request to our Data Controller by post at Bickland House, Bickland Water Road, Falmouth Cornwall TR11 4SB United Kingdom. Our Data Controller will respond within one (1) month unless the Data Controller raises valid reasons during that one (1) month period as to why more time will be required.
QB cannot charge a fee to reply to your DSAR unless there are some exceptional circumstances.
If you have any questions about how to make an official DSAR, we strongly encourage you to make an informal enquiry first with our Data Controller who will offer informal advice: email firstname.lastname@example.org.
Please note that there are a number of limitations and exemptions to disclosure under a DSAR.
If you are unhappy or dissatisfied in any way with QB’s official Reply to your DSAR, you have the right to complain to our Data Protection Officer (e-mail email@example.com) who will launch a rapid review. As e-mails can sometime fail to arrive, or arrive in a corrupted form, we strongly urge you to send a hard copy of your e-mailed complaint to our DPO by post at Bickland House, Bickland Water Road, Falmouth, Cornwall TR11 4SB United Kingdom. You can also contact the Information Commissioner’s Office (www.ico.org.uk), Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF United Kingdom, to request a review (assessment) of the adequacy of the Reply that you received from either our Data Controller or our DPO. The ICO may ask you whether you had already contacted our DPO.
Other DPA 2018 Rights
Other Rights you may have include the following:
- You have the right to withdraw any consent that you have given
- You are entitled to request that your personal information be deleted
- You are entitled to request that some or all of your personal information be erased
- You are entitled to request that some or all of your personal information be amended. In any event, you are strongly advised to keep your contact details up-to-date
- You are entitled to object to processing carried out under the legitimate interest basis
- You are entitled to object to automated decision making (which is not carried out by QB itself, though may be carried out by our payment processor or age verification providers. As they act as Data Controllers for the purposes of their processing, you should contact their Data Controllers to raise this objection or request a DSAR. The QB Data Controller will let you have their Data Controller’s contact details).
- You may have the right to Data Portability
Some DPA 2018 rights are subject to certain limitations and exemptions
If you have any questions about your other DPA 2018 rights, we strongly encourage you to contact our Data Controller who will offer advice. Please do not hesitate to make an informal enquiry in the first instance: email firstname.lastname@example.org.
Future changes to QB’s Privacy and Cookie Policies
We strongly encourage you to check regularly whether our Privacy and Cookie Policies have changed. This would especially be the case if the UK were to exit the European Union at any time.
We will endeavour to contact all currently registered users by e-mail to give advance notification and reminders of any forthcoming material changes to our Privacy and Cookie Policies.
We strongly urge you to tell us about any update in your contact details.