Last Updated [24 May 2018]
QS Unisolution provides web-based solutions, enabling the management of incoming and outgoing students, staff mobilities and the management of international partnerships. The nature of the operations performed on the data is collecting, importing, exporting and modifying data via online forms, Excel spreadsheets, CSV files, and APIs (“the System”) to education institutions (“Clients”), and to prospective or current students (“Students”).
QS Unisolution is owned and operated by QS Quacquarelli Symonds Ltd.
QS Unisolution is a processor of data on behalf of our Clients and we are a controller for data concerning the contacts at our client institutions and other institutions with whom we are engaged.
We collect personal information from Clients who contract with us to provide QS Unisolution services (including, without limitation, when they access the System to review the information they have provided to us and the services we are completing on their behalf.
We also collect personal information from Client employees who are authorised to access or use the System (each an “authorised user”), and Client Students who have provided the relevant Client with lawful and required consents to share their information with us for the purpose of us providing the services.
The following types/categories of data (enumeration/description of data categories) shall be subject to processing of personal data:
Following are the categories of persons that are affected:
Clients are contractually obligated to comply with the Privacy Act which includes obtaining all lawful and necessary permissions for all information provided to us for the purpose contemplated in those contracts, including, but not limited to, lawful permissions to service their Students in the manner contemplated by the contract and agreed to by the Client as part of us providing the services.
Information received from third parties
We collect personal information in the manner set out above. If we receive personal information about you from someone else other than as described above, we will take reasonable steps to ensure you are aware that we have collected such information and the circumstances of the collection. Where we receive information about you from a Client, such reasonable steps involve us obliging the Client to take steps to notify you that such information has been provided to us, where such notice is required by Privacy Laws.
The information we collect is stored in the System, and is used to provide our services which include:
Information that is provided by Clients or their authorised users and held in the System may also be accessed and used by Clients for their own purposes (as determined by the Client), which may include internal review, analysis and reporting of progress and success of admissions, mobilities and partnership agreements. Such information may include Student ages, visa status, location and data reflecting the individual’s engagement with the Client.
If you are an authorised user of a Client and you do not allow us to collect the information described above or stored in the System, we may not be able to fulfill our Main Purposes or supply the services (including access to and use of the System) to you or the Client with whom you are associated.
We use and disclose your personal information only in compliance with applicable Privacy Laws and our agreements with the Client with whom you are associated, and only for one of the Main Purposes or for a related purpose, unless you have consented to a different use or that is otherwise allowed by the Privacy Laws.
We do not use personal information collected through the System for any other reason than to deliver the service on behalf of our Clients. In addition, we do not disclose, distribute, access or reference any personal information except as noted at the time that we collect the information or in the following circumstances:
We may use or disclose information that is not personal information, including aggregated, de-identified data, for a variety of purposes subject to applicable law, including:
We will, if practicable, allow you to use a pseudonym or to not identify yourself (unless this is impractical or against the law). In many instances, if you do not provide us with certain personal information we may not be able to provide you (including a Client) with the relevant product, service or information.
When a Client or any of its authorised users use the System, our servers automatically collects the Internet Protocol (“IP“) address associated with the user’s computer. We may also collect additional information such as the login timestamp, the user’s browser type and version, and the operating system of the user’s computer. This information is logged to help us to diagnose technical problems and to administer the System.
We and our third party partners operating QS Unisolution services on our behalf, also use pixel tags (also known as “clear GIFs” or “web beacons”.) A pixel tag is a tiny image, typically just one pixel – that can be placed on a Web page or in an email to tell us when you have displayed that page or opened that email.
By using the System, you agree to the use of these tracking technologies.
We use third party service providers to facilitate delivery of the QS Unisolution services and the System on our behalf, and may share personal information with those parties as is reasonably necessary for delivery of those services.
Subject to applicable Privacy Laws, Clients and their authorised users as well as students may have the following rights in relation to the personal information we process:
Clients and their authorised users may exercise any of these rights by contacting our appointed Privacy Officer, Subhashree Seshadri on firstname.lastname@example.org. For your protection, we may require you to confirm your identity before satisfying the request you have made.
We are committed to protecting the security, integrity and confidentiality of the data we hold through the use of physical and technical safeguards. We use SSL (this is a standard security technology for establishing an encrypted link between a web server and a browser) and server authentication technology to protect data when the System is accessed using a supported web browser.
We host the data that we collect in secure server environments that use a firewall and other industry-standard technology in an effort to prevent interference or access from outside intruders. The Internet, however, is not perfectly secure and we are not responsible for security breaches not reasonably within our control.
We retain information gathered from managing customer service enquiries at the sole discretion of our Clients, and in accordance with our contractual obligations with those Clients. We delete personal information collected from a Client and their associated individuals when the Client’s agreement with us terminates and the relevant Client has complied with all of its obligations as a consequence of termination, other than as required by law. We may retain de-identified information for the purposes described in section 4 above.
Information we collect or receive via our services is stored in the EU, but may be processed in Canada for North American clients. All other information we collect or receive may be temporarily stored and processed in the EU, UK or Canada. By providing us with your information, you understand that your information is being used, stored and disclosed in the above locations. You also acknowledge that the privacy laws of those countries in which we disclose information may not provide the same level of protection as the privacy laws of the country from which the personal information was collected. However, this does not change our commitments to safeguard your privacy and we will comply with all applicable laws relating to the cross-border data disclosure.
In most cases we will ask that you put your request in writing to us. We will investigate your complaint and will use reasonable endeavours to respond to you in writing within a reasonable period after receiving the written complaint. If we fail to respond to your complaint within a reasonable period or if you are dissatisfied with the response that you receive from us, you may have the right, depending on the jurisdiction, to make a complaint to the applicable regulator.