GDPR Compliance

Qualee operates under a comprehensive privacy and security framework that is fully compliant with the requirements of GDPR.​ Clients always have access to their data and have direct control of their own access control, data anonymity and aggregation.

We state the obligations of Qualee (Data Processor) and clients (Data Controller). Together with our Terms of Use, this forms the contractual basis of GDPR compliance and the instructions under which we will collect, process, and protect client data.

Sub-processors & Control Options
All of our sub-processors are GDPR compliant and clients have control over data control functions in Qualee. User data can be stored solely inside the EEA, if required, by leveraging our partnership with AWS.
Sub-processor Logos
Access Control options within Qualee provide clients complete control of who can see, edit and delete employee data. Users have the right to update their information or request that their personal data is removed and deleted.
Data Qualee collects
​The data Qualee collects can be classified into four categories; information provided by clients' employees, employee information provided to us by employers, information Qualee collects, and information we receive from other sources. Employees provide information via the surveys they complete. Employers provide information about their employees such as length of tenure, department, job title, location etc. in addition to basic contact information, such as employee email address for the mobile app to be accessible from. ​

Qualee automatically collects information when the platform is used for systems administration purposes, and to ensure the right access is given to users based on the access rights that have been set by the account administrators. For more details on the data Qualee collects, please review our Privacy Policy.
How Qualee uses data
Information that a client's employees provide is aggregated with information from other clients' employees, and compared to data from past or future employee responses and/or industry benchmarks. This information is never used to personally identify individuals. All survey responses are completely optional and engagement related questions can be skipped. There is no requirement for employees to complete Qualee engagement surveys.

Qualee will provide information about products and services as requested from our users. Qualee may also contact clients to gain feedback on how to improve the product, as well as informing our clients of new features, versions of the product, or service offerings. We also use collected data to handle queries, concerns and complaints. For more details on how we use the information we receive and collect from you, please review our Privacy Policy.
Data storage
The primary operating capability of the Qualee platform is hosted outside the EEA, where clients' and their employees' data and survey responses are stored and processed, with reasonable and adequate actions being taken to ensure it is stored securely and safely.​

Some Qualee features may require that some of the information that we collect from users be transferred, processed, or stored at a destination within the European Economic Area ("EEA"). This may be required to support certain features of the platform. Full details of the use of sub-processors can be found in our Terms of Use.
Data retention
Qualee will store data for up to 7 years. In the event that your organization stops using Qualee, data will be fully anonymized within 6 months of the service period expiring. We do not store personal data for longer than is reasonably necessary to use it in accordance with our Privacy Policy, our contractual agreement with the client, or within our legal rights and obligations.

Personal data that we collect from employees through the platform, is subject to the following rights:
- Users have the right to access, rectify or erase personal data Qualee holds on them. 
- Users have the right to set preferences around how their data is processed, for example unsubscribing from engagement surveys.
- Employees have the right to obtain copies of their personal data for reuse or transmission to another platform, where feasible.  

A client employee requesting to delete personal data should contact their HR coordinator within their organization. Clients are also able to unsubscribe from Qualee emails, by clicking on the "unsubscribe" option in the email.
Data protection
Appropriate technical and organizational measures are in place to provide a level of security on data to mitigate against accidental, unauthorized or unlawful loss, destruction, alteration, disclosure or access to Personal Data. 

Measures Qualee take to ensure data is handled securely include:
- Encryption of Client and Personal Data
- Backup and disaster recovery arrangements
- The ability to ensure ongoing confidentiality, integrity, availability and resilience of the IT infrastructure and environment
- Periodic testing and evaluation of the effectiveness of such measures