This is your guide as to how your personal data is managed by Qobrix. Data privacy is taken very seriously by us. This document outlines our approach under the General Data Protection Regulation 2018 (GDPR). In this policy we explain how we collect personal information about you, including any data you may provide through this website, how we use it and how you can interact with us about it.
This website is not intended for children and we do not knowingly collect data relating to children.
1. Who is Qobrix?
Qobrix is the product name for the Real Estate CRM Software and other Software under this name which belongs to Qobo Ltd (hereafter referred to as “Qobo”) with registration number HE320336 and registered office at 21 Amfitritis Street, Unit 201, 2000 Strovolos, Nicosia, Cyprus.
Qobo provides, inter alia, this CRM Software and other software and related services to the real estate industry, including real estate agents, property developers and asset management firms.
For the purposes mentioned in point 2 below, Qobo is the “data controller” for your data. When you enter your customer and other data in the CRM Software you act as “data controller” and we act as “data processor”. More specifically, we provide customer relationship management services to you as our clients and collect and process information under the direction of you as our clients. We do not have any direct relationship with the persons whose personal information is processed through the CRM Software.
2. What does Qobrix process your personal data for?
We process your personal data, inter alia:
- to create your CRM account and to provide other related services to you.
- for customer administration and to manage customer relationships including:
- Emailing for purposes of account activation, verification, support, customer service, maintenance and upgrades
- Processing of forms, events, workflows and transactions
- Understanding which products you may be interested in;
- Development of new features, modules, products;
- Preventing activities that may be prohibited or may be illegal
- Verifying the identity of an individual
- Assuring compliance to our Terms
- Quality Assurance
- for processing payments for subscriptions and possibly other services provided in this website.
- to identify prospective opportunities.
- to inform you of any new Qobrix products and services, Qobrix company news, and any other information that we think you will find interesting.
- to comply with all legal obligations and regulations.
- to prevent any fraudulent or unlawful behaviour.
3. Why do you collect information about me?
Qobrix only collects information that is absolutely necessary for the purpose of us providing our service. There are several reasons why Qobrix collects information. We need to know how to contact you, we need to be certain of your identity and we need to understand your circumstances so that we can offer you the best possible customer experience.
4. What information will you collect?
The type of information that Qobrix may collect from you includes:
- Your full name, company or organization name, email address, postal address, capacity, position and profession.
- Your representative contact details and position, if applicable.
- In case of a legal entity (e.g. company), the company’s lawful representative’s contact details such as name, email address, postal address, capacity, position and profession.
- Your username and password you create.
- Copies of ID (which may include your date of birth), and other identification information if required to obtain such information under applicable law.
- Online user identifiers (such as your log on details), IP addresses, cookie identifiers, email addresses and contact phone numbers.
- Bank account details, credit/debit card details, billing address and payment method.
- Information you provide to us about others or others provide to us about you. Before you disclose information to us about another person, you need to be sure that you have their agreement/consent to do so.
- Sensitive categories of data – we may hold information about you which includes sensitive personal data. We will only hold this data when we need to for the purposes of the service we provide to you or where we have a legal obligation to do so. We are required to process sensitive personal data when we seek your identification in the context of compliance with applicable anti-money laundering obligations.
- We use technologies to automatically collect information about your internet browser settings or Internet Protocol (IP) address, log in information, location-based data and Google Analytics to improve our website offerings to you and to enhance your online visit to us.
- We will also hold information on data access, correction, restriction, deletion, porting and complaints relating to you.
5. How long does Qobrix hold onto my information?
The length of time we hold your data depends on several factors, such as regulatory and statutory requirements. Other considerations are the type of data we hold about you, whether the data is required for a legal dispute and whether you or a regulatory authority ask us to keep it for a valid reason.
We only store your data and your customers’ data for the duration of the service provided. We will erase your personal information 120 days after your account with Qobrix has been cancelled. All information of your customers that is stored with Qobrix will also be deleted. The only information retained is that which is necessary from a compliance perspective. However, if you request that Qobrix deletes your data (prior to this period elapsing) we shall process your request unless there is a valid reason not to delete the data (such as a requirement to hold onto your data as we have a legal obligation to do so).
6. How do you collect information about me? And when do you do so?
We collect information about you in several different ways. Some examples include:
- When you set up an account with us online.
- When you make a request to be added to our marketing database.
- When you use our website.
- When you or others give us information verbally or in writing. This information may be by way of registration forms, through correspondence with us or if you make a complaint.
- From your online activities with third parties where you have given us your consent (e.g. when entering your customer data in our software or by consenting to our use of certain cookies or other location tracking technologies).
7. How do you use my information?
We may use your personal data for matters such as confirming your identity, to help us in the processing of an application for one of our services or to improve your customer experience with us.
Your data is used to manage and administer your account. Your data is also used to process transactions. An example is where you have provided us with your credit or debit card information or if you have provided us with your bank account details.
We may use your data to contact you by post, phone, text message, email or social media, using our website or other means but not in a way that is contrary to your instructions to us, legitimate interest or contrary to law. We may monitor and record our conversations when we speak on the telephone (to check your instructions to us and for training and quality purposes) but will advise you if we are doing so. Your data may also be used to recover debts you may owe and to manage and respond to a complaint or appeal that you have.
The processing of your data may be necessary for the performance of an existing contract we have with you or to take steps prior to entering into such a contract.
We may also use your data to manage our business for our legitimate interests, such as gathering location information from your mobile phone or other electronic device you may use to interact with us. Another legitimate interest of Qobrix is to conduct marketing activities such as direct marketing (provided that you have not objected to us using your details in this way) and research, including customer surveys, analytics and related activities.
Your data may be used to carry out strategic planning and business portfolio management. This could include compiling and processing your information for audit, statistical or research purposes (including, in some instances, making your data anonymous) in order to help us understand trends in our customers’ behaviour and to understand our risks better, including providing management information, operational and data risk management.
Qobrix may use analytics for statistical purposes. This enables us to make more informed business decisions, including improving the quality of services we can offer.
We may use your data to protect our business, reputation, resources and equipment, to manage network and information security (developing, testing and auditing our websites and other systems, dealing with accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services).
We protect your information with security measures under laws that apply, and we meet international standards in doing so. We keep our equipment, files and buildings secure. Personal data could be used to prevent and detect fraud, dishonesty and other crimes (such as preventing someone trying to steal your identity).
Qobrix may in the future wish to sell, transfer or merge part or all its business or assets or to buy a new business or the assets of another business or enter into a merger with another business. If so, we may disclose your personal information under strict duties of confidentiality to a potential buyer, transferee, merger partner or seller and their advisers, so long as they agree to keep it confidential and to use it only to consider the possible transaction.
We need to use your information to manage and administer legal and compliance matters within Qobrix, including compliance with regulatory, legislative and voluntary codes of practice to which we have committed. We use your data to comply with your information rights, to establish your identity and to comply with laws and regulations concerning the prevention of money laundering, fraud and terrorist financing. As a result, we may need to disclose information to government and other statutory bodies. Your data may be used to comply with binding court orders, search warrants, requests to assist regulatory or police authorities with the investigation or prevention of an offence and orders relating to requests for mutual legal assistance in criminal matters received from foreign law enforcement agencies.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that it is required to use it for another reason, which is compatible with the original purpose. If you would like us to explain to you as to how the processing for the new purpose is compatible with the original purpose, please contact us. However, if we need to use your personal data for an unrelated purpose, we will get in touch with you and explain the legal basis which allows us to do so.
Sometimes, we may process your personal data without your knowledge or consent, but only in compliance with the rules abovementioned and when it is required or permitted by law.
It is of high importance that the personal data you give us is accurate and up-to-date. Please keep us posted if there is any change.
8. Do you share my information with anyone else?
We only share your information with a certain number of other parties and only as necessary. Examples of information sharing here include:
- Your authorised representatives including any party authorised by you to receive your personal data.
- Third parties we need to share your information with in order to facilitate payments (for example, Chargebee, Stripe, PayPal, SWIFT, credit card issuers and merchant banks) and those you ask us to share your information with.
- Companies that provide support services for the purposes of protecting our legitimate interests. Your personal information remains protected when our service providers use it. We only permit service providers to use your information in accordance with our instructions, they will have appropriate measures in place to protect your information. Our service providers include marketing and market research companies, IT and telecommunication service providers, software development contractors, data processors, debit/credit card companies, computer maintenance contractors, printing companies, property contractors, document storage and destruction companies, business advisers, debt collection agencies, auditors and other consultants, including legal advisers.
- Statutory and regulatory bodies and law enforcement authorities. These bodies include the likes of: the Commissioner for Personal Data Protection, police /enforcement agencies, the Tax Department, the Crime Combating Department/Cyprus Investigation Department and US, EU and other designated authorities in connection with combating financial and other serious crime.
9. What about links on your website to other sites and social media?
Our Site may, from time to time, contain links to and from other websites and web platforms. In addition, third parties’ websites may also provide links to our Site. If you follow a link to any of those websites or web platforms, please note that we do not control those websites and web platforms, which have their own privacy policies and therefore, we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites. We do not accept, and we disclaim, any responsibility for the privacy statements and information protection practices of any third-party website (whether such website is linked on or to the Site). These links are provided to you for convenience purposes only, and you access them at your own risk. It is your responsibility to check the third-party website’s privacy statements before you submit any personal data to their websites.
10. What happens if I do not provide information requested by Qobrix?
Sharing information with us is in both your interest and ours. We need your information to provide our services to you, fulfil any contracts we have with you, to manage our business for our legitimate interests and to comply with our legal obligations.
You can choose not to share information with us, but you must understand that this may limit the services we are able to provide to you. We may not be able to provide you with certain services that you request. For example, if you do not provide us with all requested information when registering for the Qobrix system, we may not be able to create an account for you.
11. What is the legal basis for Qobrix using my information?
We will use your data and may share that data where:
- Its use is necessary in relation to a service or a contract that you have entered into or because you have asked for something to be done so that you can enter into a contract with us or so that we can provide a service to you.
- Its use is in accordance with our legitimate interests. Where we process your information for our legitimate interests, we ensure that there is a fair balance between our legitimate interest and your fundamental rights and freedoms. We may use your personal information to manage our everyday business needs including internal reporting, market research, to progress and respond to legal claims, to ensure appropriate IT security and to prevent fraud. Our legitimate interest here is the effective management of our business. We may use your personal information for marketing reasons, i.e. to update you in relation to upgrades of your system or new services. Our legitimate interest here is to connect with you and to update you on services we provide which may be of interest to you. You will always have an option to unsubscribe from marketing communications every time we contact you.
- Its use is necessary because of a legal obligation that applies to us.
- You have consented to the using of your data (including special categories of data) in a specific way.
- Where you have made clearly sensitive categories of data about yourself public.
- Where the processing of special categories of data is necessary for the establishment, exercise or defence of legal claims.
12. Does Qobrix process my information outside the European Economic Area (EEA)?
Your information is stored on secure systems within the premises of Qobrix in Cyprus and the servers for which we have concluded a special relevant agreement (located in Ireland) as well as with providers of secure information storage in general. Qobrix does not generally transfer information about you outside the EEA.
13. What rights do I have under GDPR?
You have several rights in relation to how we use your information and we have significant obligations in this regard.
You have the right to:
- Find out if we use your information, to access your information and to receive copies of the information we have about you. When you contact us to ask about your information, we may ask you to identify yourself. This is to help protect your data. If you make your request electronically we will, where possible, provide the relevant information electronically unless you ask us otherwise.
- Request that inaccurate information is corrected, and incomplete information updated.
- Object to particular uses of your personal data where the legal basis for our use of your data is our legitimate business interests. However, doing so may have an impact on the services we can / are willing to provide.
- Object to use of your personal data for direct marketing purposes.
- Have your data deleted or its use restricted – you have a right to this under certain circumstances.
- Obtain a transferable copy of certain data which can be transferred to another provider, known as “the right to data portability”. This right applies where personal information is being processed based on consent or for performance of a contract and the processing is carried out by automated means. The right also permits the transfer of data directly to another provider where technically feasible.
- Withdraw consent at any time, where any processing is based on consent. If you withdraw your consent, it will not affect the lawfulness of processing based on your consent before its withdrawal.
We shall process your request without undue delay. In most instances, we will process your request within one calendar month. If we are unable to deal with your request fully within a calendar month (due to the complexity or number of requests), we may extend this period by a further two calendar month period. Should this be necessary, we will explain the reasons why.
You also have the right to complain to Qobrix, the Commissioner for Personal Data Protection or another supervisory authority. If you have a complaint about the use of your personal information, please let Qobrix know and we shall seek to resolve your issue as soon as possible. If you wish to make a complaint to Qobrix you may do so in person, by telephone, in writing or by email. Please be assured that all complaints received by us will be fully investigated. We ask that you supply as much information as possible to help us to resolve your complaint quickly.
14. How do I contact Qobrix and/or your Officer for Personal Data Protection?
15. Can I contact anyone else?
If you are not satisfied with how Qobrix is dealing with your complaint you can contact the Office of the Commissioner for Personal Data Protection at:
Office address: Iasonos 1, 1082 Nicosia, Cyprus
Postal address: P.O.Box 23378, 1682 Nicosia, Cyprus
Tel: +357 22818456 Fax: +357 22304565
Email: [email protected]
However, it will be highly appreciated if you give us the opportunity to deal with your concerns before you approach the Commissioner for Personal Data Protection so please contact us in the first instance.