This policy covers personal data processed when you:
Visit our website
Contact us
Use our Services as a client
Are a caller whose call is processed through a client's Qreach system
Roles under UK GDPR
Client Deployments
In most client deployments:
The client is the data controller for caller data
Qreach acts as a data processor for the client
Our Operations
For our own marketing, sales, and website operations:
Qreach is the data controller for that data
What data we may process
Depending on context, we may process:
Contact details
such as name, phone number, email address
Business details
such as company name and role
Call metadata
such as call time, call ID, call reason category
Call content
such as transcripts and recordings if enabled by the client
Operational fields
such as property address, issue type, urgency flags, notes
Website analytics data
such as IP address, device, and pages viewed
We do not ask for special category data unless a client specifically requests such fields and has a lawful basis to process them.
How we use data
We use data to:
Provide and maintain the Services
Configure and support client systems
Improve system reliability and safety
Provide support and troubleshoot issues
Respond to enquiries
Maintain security and prevent misuse
Meet legal obligations where applicable
Lawful bases
Depending on the context, we rely on:
Contract performance
Legitimate interests
Consent
where required for cookies
Legal obligations
where applicable
Sharing and processors
We may share data with:
Third Party Providers
used to deliver Services such as telephony, transcription, storage, and automation tooling
Professional advisers
such as accountants and legal advisers
Authorities
where required by law
We only share what is needed to provide Services and we restrict access where possible.
International transfers
Some Third Party Providers may process data outside the UK. Where this happens, we aim to use appropriate safeguards, such as standard contractual clauses, depending on provider support.
Data retention
Data Retention Policy
We retain data only as long as needed for:
Service delivery
Support and troubleshooting
Legal and accounting needs
Client retention periods may vary by deployment and client instructions.
Security
We take reasonable steps to protect data, including:
Access controls
Least privilege where practical
Secure storage practices within our tools
No system is perfectly secure. Clients should avoid placing unnecessary sensitive information into call flows.
Your rights
Where Qreach is the controller, you may have rights including:
Access
Rectification
Erasure
Restriction
Objection
Data portability
where applicable
Where Qreach is the processor, requests should be directed to the client controller. We will assist where appropriate.