EasyQMS
Book a demo
All policies

Privacy Policy

This policy explains how EasyQMS collects, uses, shares and protects personal data, and the rights you have under UK data protection law.

Last updated: Thursday 4th June 2026

This document is a working template. Specifics marked [REVIEW] must be confirmed by EasyQMS leadership and legal counsel before being relied upon contractually.

1. Who we are

EasyQMS is operated by [REVIEW: registered legal entity name], a company registered in England and Wales ([REVIEW: company number]), with registered office at [REVIEW: registered address]. For the purposes of UK GDPR we are the controller of personal data we collect about visitors and account holders, and a processor of personal data our customers upload into the platform.

2. Data we collect

  • Account data: name, work email, role, organisation, password hash.
  • Operational data uploaded by customers: officer competency records, job records, compliance records, signatures, photos, GPS metadata, occupier contact details, defect notes.
  • Usage data: pages visited, actions taken, device, browser, IP address, approximate location.
  • Communications: emails, support tickets, demo requests.

3. Lawful bases

  • Contract — to provide the EasyQMS service to you or your employer.
  • Legitimate interests — to secure the platform, prevent fraud and improve the product.
  • Legal obligation — to meet our statutory record-keeping and tax obligations.
  • Consent — for non-essential cookies and marketing communications.

4. How long we keep data

Account data is kept for the life of the account and [REVIEW: retention period, e.g. 12 months] after closure. Customer-uploaded compliance records are kept for the period required by the relevant scheme (e.g. AVSEC, MCS, CAA) or as configured by the customer. Backups are rotated on a [REVIEW: backup retention, e.g. 30-day] cycle.

5. Who we share data with

We share data only with vetted sub-processors listed in our Sub-processors page, with regulators where legally required, and with professional advisers under confidentiality. We do not sell personal data.

6. International transfers

Customer data is hosted in [REVIEW: hosting region, e.g. UK / EU]. Where data is transferred outside the UK, we rely on the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses.

7. Your rights

  • Access — request a copy of your personal data.
  • Rectification — correct inaccurate data.
  • Erasure — ask us to delete data we no longer need.
  • Restriction and objection.
  • Data portability.
  • Withdraw consent at any time, where consent is the lawful basis.

8. Complaints

If you are unhappy with how we handle your data, you can complain to the UK Information Commissioner's Office at ico.org.uk. We'd appreciate the chance to put things right first.

9. Changes to this policy

We will update this policy from time to time. Material changes will be notified by email to account holders.

Contact

Questions about this policy? Email privacy@easyqms.co.uk.