The purpose of this page is to provide enterprise IT teams, legal teams and other key project stakeholders with information on how data is stored and used to support Information Security and GDPR assessments.
Contents of this page:
- How our solutions work
- Data definitions (as per GDPR)
- What data we capture and how we store it
1. About our solutions
Our core solutions work as follows (this context helps to explain how data is captured and used):
- Appointment Booking Software - Enables your customers to schedule appointments via their own website, store associates or contact center. Customers provide their name, mobile number and email address in order to receive appointment reminders by SMS and email. Appointments are made visible to store associates using our platform via desktop, tablet and smartphone. Contact center teams can also be given access to a Qudini interface to search for customers appointments to manage them on their appointment on their behalf.
- Virtual Queue Management System - Allows your customers to join a virtual queue through a store associate, a self-service kiosk, a web URL or by texting an SMS code. Customers provide their name and mobile number in order to receive queue status updates and post-visit surveys by SMS and email. The queue of customers is made accessible to store associates using our platform via any desktop, tablet or smartphone.
- Event Booking Software - Enables you to create events that customers can browse and book via their own website, store associates or contact center. To book events customers provide their name, mobile number and email address in order to receive event reminders by SMS and email. Event attendees are made visible to store associates using our platform via desktop, tablet and smartphone. Head office team members can also have access Qudini to view and manage event attendees.
- Task Management Software - Enables you to create tasks at head office and store level and to assign these to individual store associates to work on. Tasks can be accessed and managed by employees on any desktop, tablet or smartphone.
What Data can be captured and how is it stored
For reference: Data Definitions as per GDPR
Data type | What it means |
Personal Data | means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Art 4 GDPR). |
Sensitive Data | refers to data that enables you to understand the data subjects racial or ethnic origin, political opinions, religious beliefs, physical or mental health status, sex life, trade union membership, financial background, criminal background, genetic data and biometric data (Art 9 GDPR). |
Categorisation and processing of data within Qudini
This table explains the different types of data that the Qudini platform captures from different data subjects and how it is stored and used. Our sub-processor list is also included in the main table of contents below to provide a list of the different solutions sub-processing these different data types to perform services on our behalf (such as our server providers, SMS and email providers).
Data subject | How it is used | Type of data | Controller | Where stored | How long stored |
Customer personal data | To send your customers requiring services transaction-focused communications about the service they have requested. The communications sent are configured by you as the client. If stored (at your request), this personal data can also be used to look-up a customer’s loyalty status when they return. Data can also be exported to your CRM at your request. Some clients export this data into a CSV, we don't advocate this method but as you are the data controller we can provide your selected users with rights to do so. Our permission levels enable you to control who can access this and they must acknowledge the personal nature of the data and adherence to your privacy processes before doing so.
| Personal data: Using Qudini you can customise further questions to ask customers before, during or after service. This could be used to capture further customer data as your require. Sensitive Data: Not usually: Only if you request certain pieces of information using our customizable Customer Questions feature.
| You, as the client.
Your privacy policy is therefore relevant to customers. | Within the EEA or the USA (unless you as the controller request otherwise)
| We enable you to customise how long data is stored for within our platform. Most of our clients ask us to delete the personal data as soon as the customer has left the queue or finished their appointment. Anonymous "Client derived data" can still be retained for analytics purpose. Some clients export customer data into their CRM.
|
Client derived data | Qudini anonymises customer and employee records and passes their service information to our third party BI analytics tool in order to provide you with analytics on your operations and general customer activity. | Generic data: eg: Visit time Product/service interest Wait time Service time Service status Staff member who served Outcomes Survey feedback
| You, as the client. | Within the EEA or the USA (unless you as the controller request otherwise).
| Indefinitely or as requested by you. Some clients export this data into third-party applications via a secure SFTP file.
|
Customer payment card data (optional if you are accepting payments) | In order to take payment for the customer’s service, as required by you the client, we use a PCI compliant payment gateway who process the data. Qudini do not process any payment data ourselves. | Personal data and payment data: Customer name Billing address Credit/debit card number
| You as the client (or the payment provider in instances like paypal). | Within the EEA or the USA (unless you as the controller request otherwise). | As defined by you or the payment gateway used. |
Venue (store) level employee data | In order to provide a login for your store level users to access and use Qudini to manage and serve customers and their shop floor. Different users can be be provided with different access levels to:
|
| You as the client. | Within the EEA or the USA (unless you as the controller request otherwise). | As requested by you during your term using Qudini. We recommend an annual clean-up. No more than 6 months after the end of your Qudini contract.
|
Head office employee data | In order to create a login for your head office users to use Qudini to manage settings, bookings and analytics. Different users can be provided with different levels with stores they can access in order to:
|
| You as the client. | Within the EEA or the USA (unless you as the controller request otherwise). | As requested by you during your term of using Qudini. We recommend an annual clean-up. No more than 6 months after the end of your Qudini contract. |
Resource Content Table
A table of resources to read more about data subjects and data storage.
Currently not used due to links being provided on relevant pages linking to this page.
Content (hyperlink) | Purpose |
Our corporate privacy policy
| Our full company privacy policy expanding on the different types of data that we work with and how it is stored and processed (this includes corporate users of our own company website, job candidates and our client's customer and personal data). For consumers using our platform within your business your privacy policy should be displayed because you are the data controller.
|
| Booking interface Cookie policy | A cookie policy explaining how our online appointment booking interface and join the queue online interfaces use Cookies. These will be displayed to any customers booking and appointment or joining the queue using our standard online widgets.
|
Terms and privacy links | The central webpage with all our publicly available terms, policies and supplier statements. |
