QUARTER-LIFE QUEENS CUSTOMER PRIVACY NOTICE
WHAT IS THE PURPOSE OF THIS DOCUMENT?
Quarter-Life Queens is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. You are being sent a copy of this privacy notice because you are using our services, which includes the Quarter-Life Queen blog, Social Media Platforms and Epiphany email list and so that you aware of how and why your personal data will be used, namely for the purposes of the Services, and how long it will usually be retained for. This privacy notice provides you with certain information that must be provided to you, under the General Data Protection Regulation ((EU) 2016/679) (the “GDPR”).
DATA PROTECTION PRINCIPLES
We will comply with data protection law and principles, which means that your data will be:
We may also collect, store and use the following “special categories” of more sensitive personal information:
WHAT IS THE PURPOSE OF THIS DOCUMENT?
Quarter-Life Queens is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. You are being sent a copy of this privacy notice because you are using our services, which includes the Quarter-Life Queen blog, Social Media Platforms and Epiphany email list and so that you aware of how and why your personal data will be used, namely for the purposes of the Services, and how long it will usually be retained for. This privacy notice provides you with certain information that must be provided to you, under the General Data Protection Regulation ((EU) 2016/679) (the “GDPR”).
DATA PROTECTION PRINCIPLES
We will comply with data protection law and principles, which means that your data will be:
-
Used lawfully, fairly and in a transparent way.
-
Collected only for valid purposes that we have clearly explained to you and not used in any way that
is incompatible with those purposes.
-
Relevant to the purposes we have told you about and limited only to those purposes.
-
Accurate and kept up to date.
-
Kept only as long as necessary for the purposes we have told you about.
-
Kept securely.
THE KIND OF INFORMATION WE HOLD ABOUT YOU
In connection with the Services, we will collect, store, and use the following categories of personal information about you:
We may also collect, store and use the following “special categories” of more sensitive personal information:
-
[Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.]
-
[Information about your health, including any medical condition, health and sickness records.]
-
[Information about criminal convictions and offences.]
4
HOW IS YOUR PERSONAL INFORMATION COLLECTED?
We collect personal information about the users of our Services from the following sources:
-
You
- Your public social media platforms
- Google Analytics
-
The following data from third parties is from a publicly accessible source [SPECIFY].HOW WE WILL USE INFORMATION ABOUT YOUWe will use the personal information we collect about you to:
-
To provide you with customized content that will aide you in overcoming your current life obstacles
- For Market research purposes
-
Comply with legal or regulatory requirements.It is in our legitimate interests to collect this data so we may better provide relevant content
We also need to process your personal information to provide customized experiences and expand company growth through market research
We don't collect SENSITIVE PERSONAL INFORMATIONSuch as your disability status - We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.
- We will also use this information to ensure that site content remains relevant and aid in the production of new content
-
To provide you with customized content that will aide you in overcoming your current life obstacles
-
INFORMATION ABOUT CRIMINAL CONVICTIONS
We do not envisage that we will process information about criminal convictions.
[We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.]
AUTOMATED DECISION-MAKING
You will not be subject to decisions that will have a significant impact on you, based solely on automated
5
DATA SHARING
Why might we share your personal information with third parties?
We may share personal data we hold with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may also disclose personal data we hold to third parties:
(a) In the event that we sell or buy any business or assets, in which case we may disclose personal data we hold to the prospective seller or buyer of such business or assets.
(b) If we, or substantially all of our assets, are acquired by a third party, in which case personal data we hold will be one of the transferred assets.
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any contract with you or other agreements; or to protect our rights, property, or safety of our employees, customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
TRANSFERRING PERSONAL DATA TO A COUNTRY OUTSIDE THE EEA
We may transfer any personal data we hold to a country outside the European Economic Area (”EEA”), provided that one of the following conditions applies:
(a) The country to which the personal data are transferred ensures an adequate level of protection for your rights and freedoms.
(b) You have given your consent.
(c) The transfer is necessary for one of the reasons set out in GDPR, including the performance of a
contract between us and you, or to protect your vital interests.
(d) Thetransferislegallyrequiredonimportantpublicinterestgroundsorfortheestablishment,exercise or defence of legal claims.
(e) Thetransferisauthorisedbytherelevantdataprotectionauthoritywherewehaveadducedadequate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercise of those rights.
Personal data we hold may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. That staff maybe engaged in, among other things, the fulfilment of contracts with
Why might we share your personal information with third parties?
We may share personal data we hold with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may also disclose personal data we hold to third parties:
(a) In the event that we sell or buy any business or assets, in which case we may disclose personal data we hold to the prospective seller or buyer of such business or assets.
(b) If we, or substantially all of our assets, are acquired by a third party, in which case personal data we hold will be one of the transferred assets.
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any contract with you or other agreements; or to protect our rights, property, or safety of our employees, customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
TRANSFERRING PERSONAL DATA TO A COUNTRY OUTSIDE THE EEA
We may transfer any personal data we hold to a country outside the European Economic Area (”EEA”), provided that one of the following conditions applies:
(a) The country to which the personal data are transferred ensures an adequate level of protection for your rights and freedoms.
(b) You have given your consent.
(c) The transfer is necessary for one of the reasons set out in GDPR, including the performance of a
contract between us and you, or to protect your vital interests.
(d) Thetransferislegallyrequiredonimportantpublicinterestgroundsorfortheestablishment,exercise or defence of legal claims.
(e) Thetransferisauthorisedbytherelevantdataprotectionauthoritywherewehaveadducedadequate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercise of those rights.
Personal data we hold may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. That staff maybe engaged in, among other things, the fulfilment of contracts with
6
www.morganlewis.com
you, the processing of payment details and the provision of support services.
We do not currently share information with third-parties
DATA SECURITY
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. No personal information is processed.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
DATA RETENTION
How long will you use my information for?
We will retain your personal information for a period of 24 months. We retain your personal information for that period for the sole purpose of market research and product production.. After this period, we will securely destroy your personal information in accordance with [our data retention policy OR applicable laws and regulations].
RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
We do not currently share information with third-parties
DATA SECURITY
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. No personal information is processed.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
DATA RETENTION
How long will you use my information for?
We will retain your personal information for a period of 24 months. We retain your personal information for that period for the sole purpose of market research and product production.. After this period, we will securely destroy your personal information in accordance with [our data retention policy OR applicable laws and regulations].
RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
-
Request access to your personal information (commonly known as a “data subject access request”).
This enables you to receive a copy of the personal information we hold about you and to check that
we are lawfully processing it.
-
Request correction of the personal information that we hold about you. This enables you to have
any incomplete or inaccurate information we hold about you corrected.
-
Request erasure of your personal information. This enables you to ask us to delete or remove
personal information where there is no good reason for us continuing to process it. You also have the
right to ask us to delete or remove your personal information where you have exercised your right to
object to processing (see below).
-
Object to processing of your personal information where we are relying on a legitimate interest (or
those of a third party) and there is something about your particular situation which makes you want
to object to processing on this ground. You also have the right to object where we are processing
your personal information for direct marketing purposes.
7
www.morganlewis.com
-
Request the restriction of processing of your personal information. This enables you to ask us
to suspend the processing of personal information about you, for example if you want us to establish
its accuracy or the reason for processing it.
-
Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact [POSITION] in writing.
RIGHT TO WITHDRAW CONSENT
You have the right to withdraw your consent for processing your information at any time. To withdraw your consent, please contact [POSITION]. Once we have received notification that you have withdrawn your consent, we will no longer process your information and, subject to our retention policy, we will dispose of your personal data securely. - By continuing to use this website, you confirm that you have accessed, read and understood our privacy notice, cookie policy, and data usage policies.
Cookies
We use cookies to improve your user experience and. Our Website Privacy
Policy found on the Quarter-Life Queens website under the legal stuff tabs describes which cookies we use, why we use them, and how you can find more information
about them. By continuing to use this website you consent to us using cookies. If you do not consent, you
may still use our website with a reduced user experience.
We use cookies and other similar technologies to distinguish you from other users of our website. This helps us to provide you with a better experience when you use the website and allows us to improve it. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer or mobile device. For example, cookies can be used to collect information about your use of the website during your current session and over time (including the webpages you view and the files you download), your operating system and browser type, your internet service provider, your domain name and IP address, the website that you visited before our website, and the link that you use to leave our website. If you are concerned about having cookies on your computer, you can set your browser to refuse all cookies or to indicate when a cookie is being set, allowing you to decide whether to accept it. You can also delete cookies from your computer. However, if you choose to block or delete cookies, certain features of the website may not operate correctly. For more information see www.allaboutcookies.org. [We use [Google Analytics] to help collect and analyse certain information about you (such as age, gender and interests).]
We use cookies and other similar technologies to distinguish you from other users of our website. This helps us to provide you with a better experience when you use the website and allows us to improve it. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer or mobile device. For example, cookies can be used to collect information about your use of the website during your current session and over time (including the webpages you view and the files you download), your operating system and browser type, your internet service provider, your domain name and IP address, the website that you visited before our website, and the link that you use to leave our website. If you are concerned about having cookies on your computer, you can set your browser to refuse all cookies or to indicate when a cookie is being set, allowing you to decide whether to accept it. You can also delete cookies from your computer. However, if you choose to block or delete cookies, certain features of the website may not operate correctly. For more information see www.allaboutcookies.org. [We use [Google Analytics] to help collect and analyse certain information about you (such as age, gender and interests).]
9
Record Retention
1. PURPOSE
Quarter-Life Queens RECORD RETENTION PROCEDURES
The purpose of these Record Retention Procedures (these “Procedures”) of Quarter-Life Queens (the “Company”) is to assure retention of records necessary for ongoing operations,
legal compliance, and audit protection, while promoting orderly and efficient records
management.
These Procedures govern the retention, storage and disposal of Company Records (as defined below). It is the policy of the Company to retain records pursuant to the Records Retention Schedule (the “Retention Schedule”), attached to these Procedures, for the longer of:
(a) the period such Records are needed for business purposes; or
(b) the period such records should be retained pursuant to statutory, regulatory or other legal requirements.
2. PRINCIPLES
3.1 “Records” are any informational material, physical or electronically generated or received by the Company in connection with the conduct of business. A Record owned by the Company but in the hands of a third party document/data vendor or document/service vendor is also governed by these Procedures, and the Company should ensure by affirmative written language in its contracts with such third parties
These Procedures govern the retention, storage and disposal of Company Records (as defined below). It is the policy of the Company to retain records pursuant to the Records Retention Schedule (the “Retention Schedule”), attached to these Procedures, for the longer of:
(a) the period such Records are needed for business purposes; or
(b) the period such records should be retained pursuant to statutory, regulatory or other legal requirements.
2. PRINCIPLES
-
2.1 In order to ensure the Company’s compliance with statutory, regulatory or other legal
recordkeeping requirements, all founding members, volunteers and employees should
follow these Procedures.
-
2.2 The Company is required by law to retain certain Records for various periods of time,
especially Records concerning tax and accounting, ongoing contractual obligations and
employment and related human resource issues. Additionally, when litigation or a
government investigation or audit is pending, or reasonably anticipated, relevant
records shall not be destroyed until authorised by a founding member.
-
2.3 The Retention Schedule is used to identify the time periods for the retention and
disposition of Records created, received, used or distributed by the Company.
-
2.4 These Procedures apply to all Company Records, regardless of location, (homes,
storage facilities or any other location), including all computer generated, received or
stored Records whether or not through a home/remote connection or a Company
facility. Such Records must be retained or disposed of as required by these
Procedures.
-
2.5 Only the final versions of Records should be maintained. Drafts and duplicate copies
should be deleted or disposed of when the final version is completed, unless there is
a specific business need to retain them (and then retained only as long as the business
need exists).
3.1 “Records” are any informational material, physical or electronically generated or received by the Company in connection with the conduct of business. A Record owned by the Company but in the hands of a third party document/data vendor or document/service vendor is also governed by these Procedures, and the Company should ensure by affirmative written language in its contracts with such third parties
10
www.morganlewis.com
their adherence to these Procedures with respect to Company Records. Records should
be retained so long as the time period specified in the Retention Schedule.
(a) Examples of Records: correspondence, memoranda, forms, reports, bound record books, drawings, photographs, microfiche, microfilm, electronic databases, e-mail messages, voicemail messages, videotapes, Word documents, Excel spreadsheets, VoIP, tape (including back-up tapes), internet webcasts, video blogs, audio, computer hard drives, mainframes, optical, intranet and other media.
6.1 Electronic communications, including back-up tapes and information maintained on hard drives, constitute Records subject to these Procedures and the Retention Schedule. Like any other Records, if an electronic communication contains information (whether in the body of the message or in attachments) that falls into one of the categories in the Retention Schedule, it must be retained and disposed of in accordance with these Procedures and the Retention Schedule. The existence of back- up tapes or other storage of information does not mean that retention obligations for originals and other copies need not be followed simply because the information is stored elsewhere.
(a) Examples of Records: correspondence, memoranda, forms, reports, bound record books, drawings, photographs, microfiche, microfilm, electronic databases, e-mail messages, voicemail messages, videotapes, Word documents, Excel spreadsheets, VoIP, tape (including back-up tapes), internet webcasts, video blogs, audio, computer hard drives, mainframes, optical, intranet and other media.
-
3.2 “Retention Period” is the total time period for which a Record should be preserved.
This period typically begins on the date the Record is created.
-
3.3 “Retention Schedule” is the schedule for the retention of Records that identifies the
period of time certain types of records should be retained. The Retention Schedule is
based on any applicable legal, statutory or regulatory requirements and the needs of
the organisation.
-
4.1 The Retention Schedule provides a specific Retention Period for certain Record types.
-
4.2 Variation from a specified Retention Period set forth in the Retention Schedule should
be documented, in writing, noting a legitimate business or legal need to retain the
record for a shorter or greater period of time.
-
5.1 Records may be disposed of once their retention period expires, provided that they
are not relevant to litigation.
-
5.2 Records due for disposal should be deleted securely.
-
5.3 Where Records are kept on personal devices, including but not limited to, mobile
phones, laptops and tablets (“Personal Devices”), the founders, staff members and
volunteers may be required to delete such Records at the request of the Company or
to provide Personal Devices to the Company for the purpose of deleting Records.
6.1 Electronic communications, including back-up tapes and information maintained on hard drives, constitute Records subject to these Procedures and the Retention Schedule. Like any other Records, if an electronic communication contains information (whether in the body of the message or in attachments) that falls into one of the categories in the Retention Schedule, it must be retained and disposed of in accordance with these Procedures and the Retention Schedule. The existence of back- up tapes or other storage of information does not mean that retention obligations for originals and other copies need not be followed simply because the information is stored elsewhere.
11
7. ELECTRONIC RECORDS
7.1 Electronic documents and files such as web page files, text/formatted files, spreadsheets, PowerPoint and PDF documents should be kept in such manner so as to ensure the retention of important documents, while also encouraging optimal performance of the Company network. Like any other Record, if an electronic record falls into one of the categories in the Retention Schedule, it should be retained and disposed of in accordance with these Procedures and the Retention Schedule. When possible, electronic Records should be preserved in their native format so that (a) it avoids altering metadata and (b) data remains accessible for future retrieval purposes.
8. END OF SERVICE
8.1 Each member, volunteer, employee, officer or director should return to the Company all Records, or delete all Records from Personal Devices if requested by the Company (or submit such Personal Devices to the Company to carry out deletion), upon the end of his or her service with the Company. This obligation shall extend to Records maintained on any computers or electronic communication systems provided by the Company or Personal Devices. It is the Company’s policy to retrieve hard drives from computers provided by the Company to founding members, volunteers, employees, officers or directors at the end of their service and to retain such hard drives in accordance with these Procedures and the Retention Schedule.
9. COMPLIANCE
9.1 Compliance with the Company’s Records Retention Procedures is mandatory. Destroying or altering a document with the intent to impair the document’s integrity or availability for use in any potential official proceeding is a crime. Destruction of corporate records may only take place in compliance with the Records Retention Procedures. In addition, documents relevant to any pending, threatened, or anticipated litigation, investigation, or audit shall not be destroyed for any reason. Any belief that Company records are being improperly altered or destroyed should be reported to a responsible supervisor or appropriate internal authority immediately.
7.1 Electronic documents and files such as web page files, text/formatted files, spreadsheets, PowerPoint and PDF documents should be kept in such manner so as to ensure the retention of important documents, while also encouraging optimal performance of the Company network. Like any other Record, if an electronic record falls into one of the categories in the Retention Schedule, it should be retained and disposed of in accordance with these Procedures and the Retention Schedule. When possible, electronic Records should be preserved in their native format so that (a) it avoids altering metadata and (b) data remains accessible for future retrieval purposes.
8. END OF SERVICE
8.1 Each member, volunteer, employee, officer or director should return to the Company all Records, or delete all Records from Personal Devices if requested by the Company (or submit such Personal Devices to the Company to carry out deletion), upon the end of his or her service with the Company. This obligation shall extend to Records maintained on any computers or electronic communication systems provided by the Company or Personal Devices. It is the Company’s policy to retrieve hard drives from computers provided by the Company to founding members, volunteers, employees, officers or directors at the end of their service and to retain such hard drives in accordance with these Procedures and the Retention Schedule.
9. COMPLIANCE
9.1 Compliance with the Company’s Records Retention Procedures is mandatory. Destroying or altering a document with the intent to impair the document’s integrity or availability for use in any potential official proceeding is a crime. Destruction of corporate records may only take place in compliance with the Records Retention Procedures. In addition, documents relevant to any pending, threatened, or anticipated litigation, investigation, or audit shall not be destroyed for any reason. Any belief that Company records are being improperly altered or destroyed should be reported to a responsible supervisor or appropriate internal authority immediately.
