Privacy Policy

Who Are We?

Quill is part of Dye & Durham (UK) Holdings Limited (“Dye & Durham”), a company incorporated in England and Wales with registered number 11844231 at Companies House and whose registered office is at Imperium, Imperial Way, Reading, Berkshire, United Kingdom, RG2 0TD.

Our Data Protection Officer can be reached by emailing dpo@quill.co.uk.

Quill plays multiple roles when it comes to processing your data. In some situations, we act as a Controller, in others we are the Processor. In circumstances where we are just a Processor of personal data, we are doing so purely on the instruction the client you are engaged with, or are an employee of (the Controller).

Quill does on occasion, act as a Controller. That will usually be the data of potential and existing employees, clients, potential clients, investors, and website users and then technical data when you use our tools.

Being a Controller means that we are trusted to look after and deal with your personal information in accordance with this notice. We determine the ways and means of processing your data and must therefore be accountable for it.

This privacy notice refers to the data we process data as Controller only.

Your Rights

As a data subject, you have a number of rights over your personal data under the Data Protection Laws:

Right of access: You can request access to a copy of the personal data which we hold about you as well as details about why and how we use.
Right to rectification: You can ask us to change or complete any personal data we hold about you which is inaccurate or incomplete.
Right to be forgotten/erasure: You have a right, under certain circumstances to ask us to delete any personal data we hold out you. Please note that there may be situations where we must retain your personal data after a request for erasure where we have a lawful basis for doing so.
Right of restriction: You can ask us to restrict (ie prevent) the processing of your personal data where you have objected to our use of it and we have no lawful basis to continue processing your personal data.
Right to data portability: In certain circumstances, you can ask us to transfer the data we hold about you to another. This would be sent in a structured, commonly used, electronic form.
Right to object: You can object to us using your personal data for particular purposes.
Automated decision making: You have a right not to be subjected to automated decision making and profiling in certain circumstances.

If you want to exercise any of these rights, please just contact us on dpo@quill.co.uk.

You also have the right to lodge a complaint about our processing with a supervisory authority – in the UK that is the ICO whose details are here.

Potential Client Privacy Notice

Data that we hold and how we use it
As a potential client, we hold your name, job title and business contact details so we can build a relationship with you. This data will have been sourced directly from you at an event, or from your company website or a similar publicly available source. We only hold your data if we legitimately think you will have an interest in using our software or services and send you information on webinars or other marketing materials. You are welcome to opt out at any time. If we call you, we sometimes record the calls to help ensure that we are giving you the best experience and to help train our staff and analyse our performance. If we do this, we will always ask for your consent.

Lawful basis for processing
Our lawful basis for processing your data is a Legitimate Interest for marketing purposes. As you are a corporate entity, we also abide by the Privacy and Electronic Communications Regulations (PECR). We give you the change to opt-out of all marketing on anything that we send you. We only share details of our own software and services in our marketing. If your data was not sourced directly from you, then we contact you once we have the data to let you know that we have your data and give you the chance to opt-out. Our legitimate interest balancing test indicates that this is a legitimate purpose: you would not be surprised to hear from us based on the nature of your job role, and our processing does not cause any harm or risk to you as a data subject. If we record calls, we do so only with your consent.

Data sharing and transfers
Like most companies, we use a number of other companies as part of our data processing, for example, cloud services and technology services. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example, Standard Contractual Clauses or the UK’s International Data Transfer Agreement. We do not sell your data to anybody, and we do not share it with anyone other than our contracted processors.

Retention periods
We hold data on potential clients for as long as we think you are likely to be interested in our software and services, or until the point at which you opt out of communications. At this point you are added to a suppression list, so we do not contact you again. When you become a client, then the privacy notice for clients will apply.

Client Privacy Notice

Data that we hold and how we use it
As a client, we hold the contact and payment details required to carry out our contract with you, manage our relationship and keep you up to date with changes and improvements to our software and services. This data would have been sourced from you directly. We also use your data to send you marketing material on our own upcoming software and services.

Lawful basis for processing
Our lawful basis for processing your data is a combination of Contract and Legitimate Interest. We use legitimate interest when we use your data to keep you up to date with changes and improvements to our software and services. Results of a legitimate interest balancing test indicate that this use is pursuing a legitimate interest, is necessary for the purpose of keeping you updated and growing our business, and unlikely to cause you risk or harm.

Data sharing and transfers
Like most companies, we use a number of other companies as part of our data processing, for example, cloud services and technology services. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example, Standard Contractual Clauses or the UK’s International Data Transfer Agreement. We do not sell your data to anybody, and we do not share it with anyone other than our contracted processors.

Retention periods
We hold data on clients for the length of time that you are a client of ours, then another 7 years in case of any dispute.

Potential Employee Privacy Notice

Data that we hold and how we use it
As a potential employee we hold the following information on you: Name, CV/resume, industry qualifications/experience, salary expectations, contact details, interview notes, references, educational background/qualifications and pre-employment check results.

Lawful basis for processing
Our lawful basis for processing your data is a combination of contract, legitimate interest, legal obligation and consent, depending on the process. On the whole, we are processing the data to create and maintain a relationship with you and test your suitability for the role. As the journey towards onboarding progresses, we are obliged by law to do certain checks, such as your eligibility to work in the UK. We use consent only to maintain your data in the event that the job you applied for is not ideal at the time and we want to stay in touch with you. You can withdraw consent at any time.

The data we hold on you would have come directly from you or from an agency, where you have applied for the role. If we did not source the data directly from you then we will contact you within one month to let you know the details of processing.

Data sharing and transfers
Like most companies, we use a number of other companies as part of our data processing, for example, cloud services and technology services. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example, Standard Contractual Clauses or the UK’s International Data Transfer Agreement. We do not sell your data to anybody, and we do not share it with anyone other than our contracted processors.

Retention periods
We hold data on potential employees for various periods, depending on the situation. If you were unsuccessful and we want to stay in touch then we will ask your consent to hold that data for a further 12 months, in case of another role being suitable in that time.

If you were not a good fit for the role and not short listed then your data is deleted as soon as it is no longer needed.

If you were shortlisted, but did not get the role then we keep your data until the successful candidate passes their probation period (8 months). After that we will ask your consent to hold the data for a further 12 months. If consent is not given then the data will be deleted.

If you did get the role you applied for then you become an employee and the employee privacy notice will apply.

Employee Privacy Notice

If you are an employee of Quill, please refer to the Fair Processing Notice that is stored in the Staff Portal.

Website Browsing Privacy Notice

Data we process
When you browse our website, we drop only essential cookies that make our site work without consent. When we drop analytics or tracking cookies, we do so only with your consent, gained via the cookie banner. You can withdraw your consent at any time. You can read more about cookies in our Cookie Policy.

Data sharing and transfers
Like most companies, we use a number of other companies as part of our data processing, for example, cloud services and technology services. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example, Standard Contractual Clauses or the UK’s International Data Transfer Agreement. We do not share your data to anybody without your consent unless it with our contracted processors.

Read cookie policy

Quill User Privacy Notice

Data that we hold and how we use it
As a user of Quill, we process data about the way you use our application, including your IP address and browsing time. This helps us to optimise the performance of Quill, monitor it for security purposes and drive improvements for our users.

We also process your data so we can drive improvements to Quill and to allow bug reporting and analysis. We ask your consent for this. We use your contact details to send you service updates.

Lawful basis for processing
We use legitimate interest when we use your data to improve the performance of Quill, process your data for service messages, and protect it from illegal use. Results of a legitimate interest balancing test indicate that this use is pursuing a legitimate interest, and unlikely to cause you risk or harm.

Data sharing and transfers
Like most companies, we use a number of other companies as part of our data processing, for example, cloud services and technology services. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example, Standard Contractual Clauses or the UK’s International Data Transfer Agreement. We do not sell your data to anybody and we do not share it with anyone other than our contracted processors.

Retention periods
We delete your data 12 months after you cease using the application.

Potential Supplier and Third Party Privacy Notice

Data that we hold and how we use it
As a potential supplier, we hold your name, job title and business contact details so that we can build a relationship with you in case we need something that we believe you many be a good fit to provide. This data will have been sourced directly from you at an event, or from your company website, referral or similar publicly available source.

Lawful basis for processing
Our lawful basis for processing your data is legitimate interest and contract. When we connected it was with a view to entering into a service contract together. If either party decides not to go forward, then we use legitimate interest to retain the data should we require additional services. Our legitimate interest balancing test indicates that this is a legitimate purpose: we are sure you will want to hear from us when we might require additional services, and it is unlikely to cause you risk or harm.

Data sharing and transfers
Like most companies, we use a number of other companies as part of our data processing, for example cloud services and technology services. We have Data Processing Agreements in place with these providers. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example, Standard Contractual Clauses or the UK’s International Data Transfer Agreement. We do not sell your data to anybody, and we do not share it with anyone other than our contracted processors.

Retention periods
We hold data on potential suppliers for 2 years after our last contact.

Supplier and Third-Party Privacy Notice

Data that we hold and how we use it
As a supplier, we hold the contact and payment details required to manage our relationship and pay you for the services you provide. This data would have been sourced from you directly.

Lawful basis for processing
Our lawful basis for processing your data is a combination of Contract and Legitimate Interest. We use legitimate interest when we use your date to let you know about other services we might require. Our legitimate interest balancing test indicates that this is a legitimate purpose; we are sure you will want to hear from us when we might require additional services, and it is unlikely to cause you risk or harm. We use contract when we process data to manage our relationship with you (e.g. to pay you).

Data sharing and transfers
Like most companies, we use a number of other companies as part of our data processing, for example cloud services and technology services. We have Data Processing Agreements in place with these providers. We also transfer your data to our accountants to ensure you are paid appropriately. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example, Standard Contractual Clauses or the UK’s International Data Transfer Agreement. We do not sell your data to anybody, and we do not share it with anyone other than our contracted processors.

Retention periods
We hold data on our suppliers for the length of time that we are engaged together, then another 7 years in case of any dispute.

Automated Decision Making

We do not use your personal data in any automated processes to make decisions about you.

Technical and Operational Security

All data is password protected, access controlled, backed up securely and encrypted when appropriate.

All employees are trained in data protection and are aware of their obligations to ensure the privacy of all data subjects.

Data Privacy by Design and Default is an integral part of our development processes.

All devices are protected by a leading enterprise mobility management technology. For detailed security information, please see our security documentation.

Changes To Our Privacy Notice

We may change this Privacy Policy from time to time (for example, if the law changes). We recommend that you check this page regularly to keep up-to-date. If we make any material changes to the manner in which we process and use your personal data, we will contact you to let you know about the change.

What Happens If Quill Changes Hands?

We may, from time to time, expand or reduce our business and this may involve the sale and/or transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, depending on the lawful basis, be permitted to use that data only for the same purposes for which it was originally collected by us.

In the event any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes.

Cookie	Duration	Description
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
AWSALBCORS	7 days	This cookie is managed by Amazon Web Services and is used for load balancing.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	1 year	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to store the user consent.
JSESSIONID	6 hours	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
OptanonConsent	1 year	OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category.
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
alr	30 minutes	No description
AnalyticsSyncHistory	1 month	No description
asst	30 minutes	No description available.
cass	2 hours	No description available.
gdId	10 years	No description
gdsid	6 hours	No description
GSESSIONID	2 hours	No description available.
li_gc	2 years	No description
m	2 years	No description available.
referrer_user_id	14 days	No description available.
SameSite	past	No description available.
trs	1 year	No description available.
zte2095	session	No description

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_*	1 minute	Google Analytics sets this cookie to store a unique user ID.
_gat_gtag_UA_4983152_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
ajs_anonymous_id	never	This cookie is set by Segment to count the number of people who visit a certain site by tracking if they have visited before.
ajs_group_id	never	This cookie is set by Segment to track visitor usage and events within the website.
ajs_user_id	never	This cookie is set by Segment to help track visitor usage, events, target marketing, and also measure application performance and stability.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
ln_or	1 day	Linkedin sets this cookie to registers statistical data on users' behaviour on the website for internal analytics.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__zlcmid	1 year	__zlcmid is a cookie set by Zopim to help identify a user's chat session between page loads.
__zlcstore	never	Zopim sets this cookie to store information about the current status of the chat.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.