Providing a service for user with digital technology at the heart of everything we do, online safety for our customers is mission. RQ Data Company Limited, makers of RoomQuest, comply with the General Data Protection Regulation.
Who owns your data?
When you use the RoomQuest site, you own and control your data, including data relating to your clients. We do not ask clients directly for their data, but users may do so, for example, through the setting of admin and the creation of property. You should ask for permission before you collect this data and delete it when appropriate to do so.
We license RoomQuest to both User and creator. We do not license RoomQuest to User and require credit card details and/or a school purchase order to subscribe to our service.
We consider the data controller and owner to be the individual user (e.g. a User) rather than any corporate body that might employ the individual. Therefore, we will not grant access to data made on behalf of individuals, unless the corporate body have contracted with us for the provision of the service.
RoomQuest provides a personalized experience for creators to use our site.
We recommend that you do not disclose your password to anyone to keep your data secure. We will never ask you for your password when contacting you by phone or email. RoomQuest automatically logs users out after one hour of inactivity if they are logged in as an individual user. When you have finished using RoomQuest, we recommend that you log out. This is to ensure that others cannot access your account information if you share a computer with someone else or are using a computer in a public place such as a library.
RoomQuest enables creators to create and set up their own account. This allows creators to create their own resources, share them with other creators (giving us a license to use the resource) and assign them to Users. We ask creator users for their title, first name, last name, email address, username and password, with the collection of their role and subject interests as optional. We may also collect financial information, including credit card information, for the processing of subscriptions.
At all times, within the definition of the General Data Protection Regulation (GDPR), the user (creator or school) retains the status of Data Controller for the data stored on our cloud service. The data obtained from the Users always remains in the ownership of the platform, or that of the individual creator users.
We do not provide user accounts to Users or ask them to provide us with their contact details.
RoomQuest’s services, allow the collection of a User data:
– admin may set security settings that collect the User’s name and response to questions
– user-created activities may include annoucement or report which collect the User’s name and score
Users should ensure that in collecting such information they have obtained permission from whoever is completing the report or feedback activity (and if necessary, parental permission).
Data Collection and Use
On our website, we request personal information in the following areas:
Mailing List – Your email address in order to send you relevant news and updates. This requires an additional and explicit opt-in.
Support – Your title, first name, last name, email address, and telephone number. We use this information to link your question to your user account so that we can contact you with a relevant and timely response.
User accounts – Your title, first name, last name, email address, and telephone number. We also require credit card details for paid subscriptions.
Updating Your Information
You can update or remove your account information by emailing us at [email protected]
Data kept for marketing purposes can be changed at any time by clicking on the unsubscribe link on any email from us.
How long does RoomQuest keep data?
Why We Delete Data
RoomQuest stores data for its users. To ensure that RoomQuest does not hold user information in perpetuity, it has set criteria for the deletion of unused data.
RoomQuest holds data for user accounts. If these accounts are left inactive for seven years they will be deleted, however resources shared with the RoomQuest community may be retained, in accordance with our terms.
Results data for Users may be deleted at any time by users (who remains the data controller for this information). The user will be deleted in accordance with the provision above, if held in a dormant account.
Financial & credit card data
We collect information from users for accounting purposes, which will be retained for seven years (as required by tax regulations). Credit card information is held securely by the payment gateway (provided by merchant) and is only retained during a subscription period.
Usage statistics of RoomQuest will be kept in perpetuity. No personal/user level information can be extracted from this data.
RoomQuest will not share data with third parties unless explicit instruction is given by the user in question, for example, to integrate with a 3rd party provider or the purposes of royalty programme, and we will never sell user information or data collected from our website.
Security and Protection of Your Information
All remote access to RoomQuest is conducted over HTTPS, an encrypted web link secured using Secure Sockets Layer (SSL). This is the same method used by banks and commercial entities to secure sensitive data from interception. We encrypt user data.
External Data Storage
RoomQuest stores data on our secure database servers, operated by Amazon (Aws). Physical access to our servers is strictly limited. Access to the servers in the data centre requires proof of identify (photo ID). Remote access to the data is limited to the tools needed by the IT support staff to maintain and operate the servers and is restricted to known users (identified by usernames and secure keys) connecting from known locations (IP addresses).
Access to Information
The General Data Protection Regulation gives you the right to access information held about you. We will endeavour to make all possible data available to you immediately via your “my account” settings (by clicking on your user profile when logged in, in the top right of your web browser). You may also file a subject access request. Your right of access can be exercised in accordance with the regulations. We will endeavour to reply to all subject access requests within one month.
To ensure that the user receives the best customer care, RoomQuest’s staff have access to user data (dependent upon their role). Staff access is controlled and only granted on a need-to-know basis.
RoomQuest and Cookies
A cookie (also called a HTTP cookie, web cookie or browser cookie) is a small piece of data sent from a website and stored in a user’s web browser while the user is browsing that website, which is subsequently sent back to the same website by the browser.
To function, a cookie asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and will subsequently recognize you when you return to a particular site and/or help RoomQuest analyses its web traffic.
Overall, cookies help us provide you with a better product, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
RoomQuest is operated by RQ Data Company Limited. (registered in Thailand). If you have questions about how we use your data, our compliance with GDPR or wish to file a subject access request, you can do so via email ([email protected]).