Privacy Notice
The Privacy Notice details the organisation's acquiring, use and sharing of
personal data for the delivery of its services alongside its commitment to
ensuring the privacy and security of this data. It is drafted to be public facing
and support the requirements around transparency and accountability for
the use of individual's data.
DOCUMENT CONTROL
VERSION
CHANGES
AUTHOR
DATE
1.0
Initial Version
8foldGovernance
Oct 2022
2.0
2024 Version
8foldGovernance
Sept 2024
REVIEW AND APPROVAL
NAME
SIGNATURE
DATE
Prepared by:
8foldGovernance (Georgina)
8foldGovernance
23 Sept 2024
Reviewed by:
Ehud Kafri
Ehud K
25 Sept 2024
Approved for
publication by:
CTO@QLog
Ehud K
25 Sept 2024
Contents
1. Introduction 4
2. Who we are 4
3. The purposes we are processing your information for and why we are lawfully
able to do this 5
4. Source and recipients of personal data 8
5. Keeping your data secure 8
6. International Transfers 9
7. Retention 9
8. Automated decision-making or profiling 9
9. Your Rights 10
10. Data Protection Officer (DPO) 10
11. Cookies 11
12. Links to other websites 12
13. How to make a complaint 13
14. Changes to this Privacy Notice 13
www.qlog.co Ha-Melacha St 6, Binyamina Israel 3
1. Introduction
This privacy notice covers the use of QLog Technologies Ltd (QLog) products in the
United Kingdom (UK) and the European Union (EU) countries. These products
include the Qlog mobile app and Software as a Service (SaaS) solutions.
The processing of your personal data is carried out by QLog under the framework
provided by the General Data Protection Regulation 2016/679 (EU GDPR), the UK
General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018
(DPA 18).
This privacy notice tells you what you can expect from us with regards to the
collecting, storing and use of your information. It explains in detail:
the purposes we are processing your information for and why we are
lawfully allowed to do this;
where gain your information from and whether there are other recipients of
your personal information;
whether we intend to transfer it to another country; and
how long we store it for;
whether we do automated decision-making or profiling.
Your rights in relation to this data
who the Data Protection Officer (DPO) is and contact details for them.
2. Who we are
QLog is registered in Israel under company registration number 515699858 and
our registered office is located at Ha-Melacha St 6, Binyamina, Israel. For the
purposes of applicable data protection legislation, QLog is the data controller for
the personal data we process, as described in this privacy notice unless otherwise
stated. To enable us to offer services that process personal data in the UK we
have registered with the Information Commissioner's Office (ICO) under
registration no. ZB541490.
www.qlog.co Ha-Melacha St 6, Binyamina Israel 4
3. The purposes we are processing your information for and
why we are lawfully able to do this
We may collect, use, store and transfer different kinds of personal data about you
which we have set out in the table below, together with the legal basis which we
rely on for such processing and the purpose for which we process that personal
data.
Categories of Data
Subjects
Categories of
Personal Data
Legal Basis for
Processing
Purpose of Processing
Client Staff
First Name
(mandatory)
Necessity for
performance of a
contract
Provision of the QLog
service and User
support
Last Name
(mandatory)
Necessity for
performance of a
contract
Provision of the QLog
service and User
support
Work email address
(mandatory)
Necessity for
performance of a
contract
Provision of the QLog
service and User
support
Preferred Language
(mandatory)
Necessity for
performance of a
contract
Provision of the QLog
service and User
support
Job Role
Necessity for
performance of a
contract
Provision of the QLog
service and User
support
Organisation Title
Necessity for
performance of a
contract
Provision of the QLog
service and User
support
Cellular
Necessity for
performance of a
Provision of the QLog
service and User
www.qlog.co Ha-Melacha St 6, Binyamina Israel 5
contract
support
Phone1
Necessity for
performance of a
contract
Provision of the QLog
service and User
support
Employee Number
Necessity for
performance of a
contract
Provision of the QLog
service and User
support
Fax
Necessity for
performance of a
contract
Provision of the QLog
service and User
support
GeoAddress
Necessity for
performance of a
contract
Provision of the QLog
service and User
support
Photo
Necessity for
performance of a
contract
Provision of the QLog
service and User
support
Picture
Necessity for
performance of a
contract
Provision of the QLog
service and User
support
Service Providers
Staff Name
Necessity for
performance of a
contract
Support the QLog
Service
Work email address
Necessity for
performance of a
contract
Support the QLog
Service
Work contact number
Necessity for
performance of a
contract
Support the QLog
Service
Visitors to our
website
Email Address,
Organisation Name,
Language
Necessity for the
website to function
Support the QLog
Service
www.qlog.co Ha-Melacha St 6, Binyamina Israel 6
In line with these purposes, the information used is described as personal data in
data protection law i.e. EU GDPR, UK GDPR and DPA 18.
There are therefore defined processing conditions that allow the use of this and
those applicable to the use of this information by QLog are set out below.
Under data protection law the following lawful bases apply to the processing of
personal data:
Article 6(1)(b) ‘processing is necessary for the performance of a contract
to which the data subject is party or in order to take steps at the request of
the data subject prior to entering into a contract’ (contract)
Article 6(1)(f) ‘processing is necessary for the purposes of the legitimate
interests pursued by the controller…’ (legitimate interests)
o For processing of personal data under a commercial contract for
commercial purposes.
o For performance monitoring and analysis purposes.
In cases where we indirectly receive personal data as a data controller, we’ll
contact you to let you know we are processing your personal information if it is
not disproportionate or prejudicial to do so.
Qlog also acts as a data processor when it provides services to the NHS and other
healthcare organisations (clients). The data controller in this context will likely
seek to rely on the following lawful bases to process data:
To support the processing of data in support of the provision of NHS
services, legal powers such as those provided within:
The National Health Service and Community Care Act 1990
The NHS Act 2006
The Health and Social Care Act 2012
To support the processing of personal data and special categories of data
in accordance with the UK GDPR:
Art. 6(1)(e) - Public task
www.qlog.co Ha-Melacha St 6, Binyamina Israel 7
Art. 9(2)(h) - healthcare purposes
To support the processing of personal data in accordance with the Data
Protection Act 2018:
Condition 2 of Schedule 1 - Health and Social Care Purposes.
To support the processing of confidential information in accordance with
the Common Law Duty of Confidentiality:
Implied consent
4. Source and recipients of personal data
QLog collects personal data directly from our clients (e.g. hospitals) and our
suppliers via cloud technology, cellular phones, existing computers, and
lightweight, inexpensive BLE (Bluetooth Low Energy) devices.
We will not ordinarily or routinely share any of your personal data with any third
party unless we have a lawful reason for doing so. For example, in some
circumstances, we are legally obliged to share information in order to comply
with/under a court order.
We may share aggregated (anonymised) data with our commercial partners in
support of the service. We will not share your information with any third parties for
the purposes of direct marketing.
5. Keeping your data secure
We use a combination of technical and organisational measures to safeguard
your personal data retained within the QLog System, for example: we store your
personal data on secure encrypted servers.
QLog has achieved ISO 27001:2022, an auditor-validated certificate that
demonstrates QLog is committed to protecting data through its implementation
of industry best practices for information security management. In addition, Qlog
has attained Cyber Essentials, a UK government-based program that allows
www.qlog.co Ha-Melacha St 6, Binyamina Israel 8
organisations to demonstrate it has taken the necessary steps to protect
themselves from cyber-attacks and a commitment to cyber security.
6. International Transfers
For clients based in the UK, the EU and Israel data will only be stored within the
European Economic Area (“the EEA”). (The EEA consists of all EU member states,
plus Norway, Iceland, and Liechtenstein). When personal data is transferred
outside of the EEA, the appropriate technical and organisational safeguards will
be in place. All international transfers will only occur if it complies with the relevant
legislation.
7. Retention
We retain your personal data in accordance with national and regional retention
guidelines in our server logs, our databases, and our records for as long as
necessary to provide our services to you.
We may need to retain some of your information for a longer period, such as in
back-up records, or in order to comply with our legal or regulatory obligations, to
resolve disputes or defend against legal claims. For example, in the UK, personal
data will be retained in line with the retention periods specified in the NHS England
Records Management Code of Practice.
Where we anonymise your personal data (so that it can no longer be associated
with you) for research or statistical purposes, we may use this information
indefinitely without further notice to you.
8. Automated decision-making or profiling
We do not undertake any automated decision-making or profiling in relation to
your personal data.
www.qlog.co Ha-Melacha St 6, Binyamina Israel 9
9. Your Rights
Under data protection law, you have the following rights to your information:
Your right of access - You have the right to ask us for copies of your
personal information.
Your right to rectification - You have the right to ask us to rectify personal
information you think is inaccurate. You also have the right to ask us to
complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal
information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to
restrict the processing of your personal information in certain
circumstances.
Your right to object to processing - You have the right to object to the
processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer
the personal information you gave us to another organisation, or to you, in
certain circumstances.
In order to take up any of these rights you should contact: our Data Protection
Officer by emailing: dpo@qlog.co
10. Data Protection Officer (DPO)
Our Data Protection Officer (DPO) is 8foldGovernance Ltd (company registration
number 12085647) and can be contacted at: dpo@qlog.co
www.qlog.co Ha-Melacha St 6, Binyamina Israel 10
11. Cookies
Like many other websites, our website uses cookies. ‘Cookies’ are small pieces of
information sent by a website to your device and stored to enable that website to
recognise you when you visit in the future. They can also be used to collect
statistical data about your browsing activity and patterns of behaviour but do not
identify you as an individual. This helps us to understand how people who visit our
website use it, enabling us to improve the layout and content for visitors.
We may use both session-based cookies and persistent cookies. Session-based
cookies are temporary cookies that remain on your device until the completion of
the current session. A browser session starts when a user opens the browser
window and finishes when it is closed. Session-based cookies allow us to link the
actions of a particular user during their session activity. Persistent cookies remain
on your device until you manually delete them or while their lifetime is up. They
are activated each time when a user visits the website.
Cookies are used for different purposes, which can be broken down into the
following categories:
Description
This set of cookies is required for the Services to work. They include, for
instance, cookies for users' authentication and security. These cookies
are essential to let you log into secure areas of the website, navigate
around it, and remember the last actions in the system. They are
necessary to enable our security mechanisms and prevent malicious
activities. Examples of these cookies could be setting unique identifiers
for each visitor and signing into the website as a registered user.
www.qlog.co Ha-Melacha St 6, Binyamina Israel 11
These cookies are essential for user preferences, features and services
provided by our website. They let us provide you with a more
personalised online experience: remember your preferences (such as a
user name, a language, region and so on), fill out forms which you
could use on the service before, keep you logged in after a previous
visit if you asked about this and much more. By disabling these
cookies, you lose the efficiency of the site.
Cookies and other technologies such as web beacons and tags allow
us to anonymously track our users' activity, pages they have visited,
time spent on them, clicks and so on to make the solution more
relevant to your needs. We do not share your personal information with
advertisers. These cookies may be used to better understand your
online activity, and optimise and improve the Service content and
capabilities.
Performance cookies let us recognise users, and find out how they
navigate through our website. All data is collected anonymously.
Constant auditing, important logging events, and research of new
features and services let us quickly respond to the slightest issues in
the work and fix them. These cookies can tell us, whether or not you
have visited before, what functionality you are interested in and how
successful your experience was. We involve third-party analytics
companies to perform these services for us.
It is possible to switch off cookies by setting your browser preferences and
settings. Turning cookies off may result in a loss of functionality when using our
website.
To find out more about cookies, you can visitthis site or the ICO’s page on cookies
(Cookies | ICO).
12.Links to other websites
Our website and web-based and native app may contain links to other websites.
This privacy notice applies only to our website and system (www.qlog.co) so when
you visit other websites please read their privacy notices, as we cannot accept
www.qlog.co Ha-Melacha St 6, Binyamina Israel 12
any responsibility for breaches or issues you may have in relation to data privacy
once you leave our site.
13.How to make a complaint
We encourage you to contact us at dpo@qlog.co if you think that any collection
or use of your personal data by us is unfair, misleading or inappropriate.
If you make a complaint to us and think we have not dealt with it to your
satisfaction, you have the right to make a complaint to your local supervisory
authority. For UK data subjects the supervisory authority is the Information
Commissioner’s Office (ICO) and the link to make a complaint is provided here,
for EU data subjects, a full list of EU supervisory authorities is available here.
14. Changes to this Privacy Notice
We keep our privacy notice under regular review. If we change our privacy policy
we will post the changes on www.qlog.co, so that you may be aware of the
information we collect and how we use it at all times. All changes will apply with
immediate effect.
www.qlog.co Ha-Melacha St 6, Binyamina Israel 13