Website logo
GDPR Statement and Privacy Policy
Our GDPR Statement
The new EU General Data Protection Regulation (GDPR) comes into force on 25th May 2018 and will impact every organisation which processes personal data of EU citizens. It introduces new responsibilities, empowers businesses to be accountable for their processing of personal data as well as enabling EU citizens to protect their privacy and control the way their data is processed. Even though the UK will be leaving Europe, the GDPR still applies and will replace the UK’s Data Protection Act 1998 when it comes into force.
Data protection definitions
Personal data is any information that relates to a living individual. It also includes any data that can be used with other sets of data to identify an individual. Typical examples of personal data are name, identification number, location data, online identifier and email address.

Processing relates to any operation carried out on personal data including collection, recording, organising, structuring, storing and using. Processing also doesn’t have to be by automated means which means that processing includes paper-based, non-digital systems.

A Data Subject is the individual whose personal data is being processed

A Data Controller is the organisation which determines how personal data is processed

A Data Processor is an organisation which processes data on behalf of a Controller. This typically means a third party who is used by the Controller to process their data (e.g. a marketing company used to send out marketing materials)

For detailed information about the GDPR and data protection, visit the Information Commissioner’s Office website:
Your GDPR responsibilities
When you use our services to store or process your personal data (including customer’s or user’s data), you are the Data Controller and we are a Data Processor. This will be true for any personal data you place on our servers either directly, via a hosted website or by use of any of our other services.

The GDPR requires you, as a Data Controller, to ensure that any Data Processor services you use to process personal data are GDPR compliant. This means that when you use any of our services to process your personal data you need to carry out due diligence on our services and ensure certain contractual terms are in place.

This GDPR statement is our way of helping you meet these GDPR regulatory requirements and to offer you an assurance that we take GDPR and the security of your personal data as part of the everyday running of our services.
Our GDPR Commitment
As an Australian company operating within the EU, QiQ Communications PTY LTD (QiQ) are committed to ensuring our business, services and internal processes are GDPR compliant. This GDPR Statement provides our assurances to GDPR compliance.

By the GDPR implementation deadline, we will have put in place:
  • Employee data protection training to ensure all staff understand their role in data protection compliance
  • Updated internal policies relating to data protection and responsibilities within our businesses for ongoing GDPR compliance
  • Check all our systems, processes and services to ensure they meet the requirements of GDPR, particularly around security of data and our use of any external third-party services
  • Procedures to ensure ongoing compliance past the GDPR deadline
  • Updated terms and conditions of services that meet the contractual requirements of GDPR in the Data Controller – Data Processor relationship
Our services are compliant because:
  • We have fully assessed our GDPR compliance both regarding the services we offer to our customers and regarding our internal policies and procedures
  • We have appropriate technical and personnel protocols in place to ensure the security of your data
  • We carry out due diligence against any sub-processors or other third party processors we use to ensure their GDPR compliance (such as data centres)
  • We only allow specific members of staff access to our servers and what access that is available is limited to specific circumstances
  • Our staff are trained in GDPR compliance and understand their responsibilities for managing the systems that process your data
Our role as a Data Processor
You are the owner of the data you submit to our servers.

When your data is placed on our servers, you are the Data Controller and QiQ, the Data Processor. We do not access the data you store on our services and any processing (as a Data Processor) is only regarding the hosting services we provide to you. We do not use your data for any processing of our own.

We do not share or provide access to any of your data with third parties unless required to do so to provide our service or by law. Where law enforcement or other authorised parties request access to our servers, we follow strict internal policies for dealing with such requests in line with existing law. Furthermore, the third parties are required to demonstrate they have a lawful reason to access the data and under what authority.

Data location

QiQ operate servers at:

– Lansing Data Center, Lansing, Michigan, USA.


Each data centre we operate from has hardware security access for example:

24/7/365 Manned Facilities CCTV Security Cameras Covering Inside, Outside and All Entrances of Data Centers Site Entrances Controlled By Electronic Perimeter Access Card System Sites Remotely Monitored By 3rd Party Security Company Entrances Secured by Mantraps with Interlocking Doors SSAE-16 & HIPAA Compliant, Safe Harbor Certified

Maintaining Security

All our employees keep up to date with all technical aspects of security and ensure the ongoing security of our servers and systems. This means that any security patches are applied to our systems as a matter of priority and any changes or updates to our own systems are done so, always, with data protection and privacy in mind and where appropriate, in discussion with our customers. Where we have an agreement in place with our customers to do so, we also maintain the security of our customer’s own servers or hosted applications.

Access to Servers

Remote admin access to our servers is strictly restricted to key personnel within our Technical Support team. Our team will access a server only to resolve an issue reported by the client. Or to ensure that the Managed Hosting Service Level opted for by a client is met.

Data centre staff have physical access to the servers, but have strict protocols in place to ensure they only do so, if requested by a member of our technical support team and such a request will only be in cases when they need to carry out a visual check of a server or carry out physical maintenance on the server itself.

QiQ Employees

All QiQ employees are trained and made aware of their responsibilities under GDPR including their duties with regards to access, security and processing of any personal data stored on our servers. Security and data governance are covered in our employee handbooks and actively discussed as part of quarterly meetings to ensure all staff are up to date.

Changes to our approach

Should our approach to any aspect covered by this statement change we will make sure, where your data is impacted, that we notify you within a reasonable timeframe and in line with any contractual terms in place between us.

Data Breaches

In the unlikely event of a breach occurring (as defined in the GDPR) we will notify you within 48 hours of the breach coming to our attention. This will be enough time for you to consider your requirements, under GDPR, for reporting the breach to the ICO and Data Subjects.
We help you to comply with GDPR
Our approach to our own compliance also helps you comply with your own GDPR compliance requirements. This statement should go some way to explain our approach to GDPR compliance. By using our services, you can be assured that your use is GDPR compliant.

If required we will assist you or the Information Commissioner’s Office with any query relating to the GDPR compliance of our services.
Data Protection Contact
Any questions, queries or requests for further information regarding our GDPR compliance should be sent to:

Peter Harris
QiQ Communications PTY LTD
Office 1, 45 Ena Street
Terrigal NSW 2260
Our Privacy Policy
1. Introduction
QiQ Communications PTY LTD (QiQ) respects your privacy and understands that privacy is essential to all our clients. This privacy policy sets out details about what data we collect and how we use it.
2. Visitors to our websites
This policy relates to how QiQ operates &

Where we collect personal data via our website, we will be upfront about it, and it will be apparent to you that you’re providing personal data and how we will be using it.
2.1 Google Analytics
When someone visits our websites (see section 2) we make use of the Google Analytics service to collect standard information about visitors to the sites and their behaviour (e.g. what pages they viewed). The data provided by Google Analytics is anonymised and in no way enables us to identify individual visitors. However, Google Analytics will place a cookie on your device to allow the service. For more information about how Google Analytics cookies work on websites visit:
2.2. Use of cookies
As well as the Google Analytics cookies we also use cookies in the following ways:

If you click on a link in one of our marketing emails, we may place a tracking cookie in your browser which we use to help improve the usability of our website and also to help determine the services that we believe will be most useful to you.

If you select the option to remember your username on our customer portal, the username is stored in a cookie, so you don’t need to type it again next time your visit. If you don’t select this option at login, we will not use the cookie. Your password is never stored (unless you opt to do so via your browser).
2.3. LiveChat
We sometimes provide a LiveChat service via our website. The service is provided by ( You are only required, initially, to give a name to use the service, but if you give more information either at the signing on stage or during the live chat this information will be recorded. A transcript of the chat session is emailed to QiQ for quality control. We may also keep an anonymised version of the chat session for analysis purposes. The third-party provider of this service does not store your data once they have emailed the transcript.
2.4. Online forms
If you fill out one of our contact forms on our website, a notification email is sent to the relevant team within QiQ, but the data you supply is stored within a database on the same server network as our website. As our site uses SSL (https), any information you submit is encrypted on its way to the database.
2.5. Online orders
When you place an order via our website, we will ask for your name, address, contact information and other information relevant to the request. This information will only be used to deliver the services we are providing; however, data may be shared with third-party service providers to provide the service (e.g. your details will be shared our mailing partners when they print and post your letters). Third parties have signed confidentiality agreements with QiQ and do not store data beyond a reasonable time to process documents.
2.6. Hosting
Where your data is stored on our server, it is located at:

Lansing Data Center, Lansing, Michigan, USA.

Our suppliers (see section 2.6) manage the security of our services and therefore your data. This includes:
  • 24/7/365 Manned Facilities
  • CCTV Security Cameras Covering Inside, Outside and All Entrances of Data Centers
  • Site Entrances Controlled By Electronic Perimeter Access Card System
  • Sites Remotely Monitored By 3rd Party Security Company
  • Entrances Secured by Mantraps with Interlocking Doors
  • SSAE-16 & HIPAA Compliant, Safe Harbor Certified
3. Customer data
All the data we hold on a customer is available via our Customer Portal. Personal information is shown under the “Contact Details” section and can be edited here. Services that we provide to are shown under “Active Services”, and all invoice payments are available under the “Billing & Invoices” section. Support Ticket conversations and transactions can be viewed under the “Support” section of the Portal.
4. People who receive our newsletters
We use for delivering our email newsletters. As noted above we make use of a tracking cookie to track the way our newsletters are read.

Every time you receive our email newsletter we include a link to enable you to unsubscribe should you wish to stop receiving them.
5. People who we email us
Any emails we receive are stored on our servers within our support system. We scan the email for viruses when it arrives on our servers and again before it is delivered to our local machines.
6. Retention
Unless stated elsewhere in this document or in our terms of services we only store the data necessary to provide the services we provide to you. We will keep this data for as long as it is lawful for us to do so (this may be for as long as you are a customer or because of a legal obligation to retain the information, whichever is the longest).
7. Third party processors
We use to process our online payments. They only use the data within their systems for this purpose and will not use your data for any other purpose.
8. Your rights
Under current data protection legislation in the UK, you have rights as an individual which you can exercise about the data we store and process about you. You can find more information about your rights on the Information Commissioner’s website:
9. Complaints
If you want to make a complaint about the way we are processing your data, you can contact us, using the contact details below. You also have the right to complain to the Information Commissioner’s Office:
10. How to withdraw consent and object to the processing
Where we are processing your data and needed to ask your permission to do so, you can withdraw your consent at any time. If you wish to stop receiving our marketing emails, you can do so, by clicking on the “unsubscribe” link at the bottom or the email. Otherwise, you can contact us, using the contact details below.

If you wish to raise concerns about the way we are processing your data and would like to object, then please email us via with your concerns.
11. Keeping your data up to date
It is important that any of your data that we process is kept up to date. We will from time to time ask you to verify your contact details, but if you wish to update any information we hold about you, please do so through the client portal at
12. Erasure of your data (the “right to be forgotten”)
Under some circumstances, you may request us to delete your data from our systems. Where this is possible (e.g. we don’t have any legal purpose for continuing to process your data), we will erase it from our systems.

If you wish to exercise your right to be forgotten by our services, please do so through the client portal at
12.1 Erasure of letter content and letter recipients
If you wish to remove the letter recipient details (Name and Address) and the body of any letter you can request this on a per letter basis from within the administration system of both and

By default, L-Mail automatically removes the letter content after 90 days. Recipient information is retained, unless deleted as per the above paragraph, for a year.
13. Portability
Your right to portability allows you to request a machine-readable export of the data you supplied to us and associated service logs (where we store them). Please contact us via if you wish to receive an export of your data.
14. Access to your data
You have the right to ask us about what data we hold about you, how we process it and provide you with a copy of the information, free of charge and within one month of your request.

To request any personal information we hold and process about you, we would prefer it if you could put it in writing or an email to the addresses below. We will need to verify your identity before providing the information and where necessary may contact you further to ensure we understand what data you are requesting.

Alternatively, if you are a customer, you may find the information you need to access your account on our Customer Portal (
15. Disclosure of information
We do not share any personal data with any third parties unless it is lawful for us to do so or if we are required by law to do so.
16. More information
For more information about your data rights and privacy or data protection in general visit the Information Commissioner’s Office website:
17. How to contact us
If you have any questions about how we collect and use your information not covered in this privacy policy, or if you wish to speak to someone about our approach to data protection and privacy, please contact:

Peter Harris
QiQ Communications PTY LTD
Office 1, 45 Ena Street
Terrigal NSW 2260
18. Changes to our privacy policy
We may change or update elements of this privacy policy from time to time or as required by law. The most current version of our privacy policy is available on our website at © copyright reserved 2023.