Quipu Privacy Policy
Download document as PDF
This Privacy Policy aims to provide complete information about the conditions under which Quipu collects and processes Personal Data.
The Privacy Policy forms part of the GTC (where applicable) and the GTU of the Platform, and all terms defined in those documents shall have the same meaning as in the Privacy Policy.
By accessing our website and using the Quipu Platform, you agree to be aware of this Privacy Policy, which may be modified or updated at any time and without prior notice.
Any modification will be published on the Website, so we recommend consulting it regularly to stay up to date with the latest version.
1. Purposes of the processing and nature of the Personal Data processed
1.1. We collect and process the Personal Data you voluntarily provide so that you can access and use the Platform, request certain services from us (demos, free trials, etc.) and/or access our online resources. Specifically, we process your data to enable:
- the creation of accounts on our website in order to access the Platform and use our services;
- access to our website and its various features;
- the management of our commercial operations (organising events, sales activities, etc.);
- the management of referrals;
- the download of our online services;
- the management and follow-up of the commercial relationship (subscriptions, orders, payments, complaints and customer support);
- the improvement of our sales service. In this context, we may need to record the phone conversations you have with our sales teams;
- monitoring customer satisfaction (surveys, tracking customer feedback);
- the management of technological and commercial partnerships;
- the management of prospecting and information requests (sending commercial and marketing offers, newsletters, online demo requests, quote requests, etc.);
- the improvement of our services by placing cookies on customers' devices;
- managing the security of our websites and the Platform and improving it through testing;
- the management of requests regarding the exercise of customer rights: rights of access, rectification, erasure, portability, objection and restriction;
- the management of disputes and litigation.
When you open an Account, you must provide at least the following personal identification data if you wish to use the Platform:
- Name;
- Email address;
- Phone number.
You can complete your profile with other Personal Data (address, additional phone number, date of birth, photo, names of your clients or prospects, etc.). We will never collect or process sensitive Personal Data, in the regulatory sense, related to, for example, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health status, etc.
1.2. We collect data relating to the contractual relationship we have with You: history, subscribed Modules, billing and payment items, requests and incidents reported to the support service...
1.3. We also collect data related to You in connection with telephone communications, which may be recorded for the purpose of improving our service.
1.4. Through (or by means of) certain cookies automatically placed on your device or other cookies subject to your express consent, we collect certain Personal Data during your visits to our Website or during the use of the Platform: for example, the date, time and duration of your visit to our Website, the browsing path, the type of operating system, etc.
A cookie is a small text file that the website consulted by the customer sends to the Internet browser or device they have used. Its purpose is to enable the proper functioning of the website, facilitate navigation (saving technical choices and previous activity), improve the use of the website and the service, as well as allow a better understanding of the customer experience.
The maximum lifespan of a cookie is 13 months. Our Cookies Policy is available here.
2. Legal bases for the Processing we carry out
We only use Personal Data in the cases provided for by current regulations, which are:
- The performance of the service provision contract relating to the use of the Quipu Platform or to pre-contractual actions;
- Compliance with a legal obligation;
- Your consent for the use of the data: You may, at any time, withdraw your consent without this affecting the lawfulness of the processing based on the consent given prior to its withdrawal;
- Our legitimate interest in carrying out prospecting or promotional activities that concern us (data relating to our products and services, our promotions or events we organize...).
3. Processing of Personal Data
Quipu collects and processes your Personal Data fairly and lawfully and in compliance with the principles of European Union Regulation 2016/679 of 27 April 2016 (GDPR) and Organic Law 3/2018 of 5 December on the Protection of Personal Data and the guarantee of digital rights.
This Privacy Policy details Quipu's obligations as the controller of your Personal Data within the meaning of the GDPR.
Quipu has appointed a Data Protection Officer (DPO) who continuously monitors Quipu's compliance with the principles and rules of the GDPR and whom you can contact at privacy@getquipu.com.
The DPO's main missions are:
- To inform and advise the Data Controller or Data Processor on their obligations under the GDPR within the company;
- To raise awareness among Quipu's team members about the protection of clients' Personal Data;
- To support them during the implementation of processing operations;
- To respond to requests related to the exercise of your rights in accordance with article VIII.
4. Retention of Personal Data
4.1. Security
Quipu uses every means to prevent the loss, misappropriation, intrusion, unauthorized disclosure, alteration or destruction of the Personal Data you provide to us. Therefore:
- Data is stored on AWS servers in Europe. The security of the servers and the updating of our operating programs are monitored in real time.
- All the information you transmit to us is encrypted [TLS V1.3 protocol].
- Quipu's team members are subject to an obligation of confidentiality and non-disclosure, and all of them have signed a specific commitment regarding the protection of Personal Data.
- Access to your Data is governed by a strict access control policy, reserved for authorized persons, under defined conditions.
- If we use processors to handle Personal Data, we first verify that these processors guarantee an equivalent level of security protection.
- For more information, contact us at privacy@getquipu.com.
4.2. Duration
Quipu retains your Personal Data in accordance with the following legal and regulatory provisions:
- We retain data related to customer account management, orders, invoicing and payments for 10 years after the end of the contract or the last contact from an inactive customer;
- We retain data related to the creation and management of prospecting records for 3 years from the last contact from the prospect;
- We retain the Data of inactive Customers for the purpose of sending information about our commercial and marketing offers for 3 years after the end of the Commercial relationship;
- We retain recordings of phone calls between you and our sales teams for a period of six (6) months.
- We are required to retain the following Personal Data resulting from the creation, modification or deletion of customer Content for 1 year:
the connection identifier;
the identifier assigned by the terminal;
protocol types;
nature of the operation;
date and time of the operation;
identifier used by the author of the operation.
We will securely delete your Personal Data when its retention is no longer justified by the management of a customer account, by a legal obligation, by commercial requirements, by the establishment, exercise or defense of our rights before the courts, or when you request it as part of exercising your rights (Article VIII).
4.3. Deleting an Account
Likewise, you can also request the deletion of your Account by applying the CGC.
Your Data will be deleted under the conditions of article 4.2. above.
5. Recipients of Personal Data
5.1. Access to your Data by Quipu staff
Depending on the purposes defined in article I, Quipu staff responsible for customer services, support, administration, accounting, legal, technical, marketing and sales at Quipu may have access to Personal Data, each within the scope for which they are responsible.
Access to your data is granted based on individual access authorizations, as specified in article 4.1.
5.2. Transmission of Data to third parties
Quipu may subcontract the following services:
- Hosting;
- Sending of postal or digital mail;
- Customer relationship management;
- Maintenance;
- Technical development.
In accordance with article 28 of the GDPR, access to your Data by subcontractors will be provided for and set out by means of a contract. Should such subcontracting take place, this contract must list the various regulatory obligations borne by the subcontracted companies regarding the protection of customers' Personal Data.
Likewise, Quipu may transmit Data to third parties (for example, to business partners) in compliance with its regulatory obligations.
6. Transfers of Personal Data outside the European Union
Your Personal Data is hosted within the European Union (article 4.1).
However, should we be required to transfer certain Personal Data to our subcontractors located outside the European Union, we first ensure that appropriate safeguards are respected so that all transfers of Personal Data (such as the European Commission's Standard Contractual Clauses combined with additional security safeguards) comply with the GDPR and the recommendations of the European Data Protection Board.
There is a possibility that we may be compelled to disclose your Personal Data to a third party due to legal obligations, a regulatory provision, a court order, or if such disclosure is necessary for matters relating to an investigation, request or legal proceeding initiated by a national authority, on national territory or abroad.
7. Communications from Quipu
7.1. We may send communications to the email addresses you have provided to us that are linked to customer Accounts regarding matters related to our business relationship, i.e. for technical or security reasons, administrative reasons relating to your Subscription to the Platform or your participation in our events, or to inform you about developments in our service offering.
7.2. Likewise, we may also send you SMS messages or emails containing promotional and marketing offers, which the customer can opt out of according to the conditions described in article VIII. If you carry out such opt-outs, you will continue to receive the communications described in article 7.1 that are necessary for the proper functioning of the contracted services.
8. Exercising Users' rights
In accordance with Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights and European Regulation 2016/679 of 27 April 2016 (GDPR), in force since 25 May 2018, you have the following rights regarding data processing:
- Right of access and rectification;
- Right to object;
- Right to erasure;
- Right to data portability;
- Right to restriction of processing.
You may:
- Modify your Personal Data directly from your Quipu Account, provided you have one;
- Manage the receipt of promotional communications (not related to a transaction) simply by clicking the "unsubscribe" link found at the bottom of the emails sent by Quipu;
- Manage the receipt of SMS messages by sending the text message "STOP" or through the unsubscribe link provided for this purpose if necessary;
- Object to the recording of our phone calls by informing the person you are speaking with or requesting that the recording be deleted by email at: privacy@getquipu.com.
You may exercise these rights by writing to us at the following postal address: Calle Àlaba, 61 5º-2ª, 08005, Barcelona (Spain) or by writing directly to our DPO at: privacy@getquipu.com.
All requests must be justified and accompanied by a copy of a valid identity document of the applicant, and if submitted by a representative, the document proving the representation must be attached, along with the identity document of the latter.
We remind you that you have the option to file a complaint at www.aepd.es