QWB Lab Limited Privacy Policy

This Privacy Policy is current as of 26 September 2022

1. Introduction

1.1 Our Business 

QWB Lab Limited (“QWB Lab”) is a company that provides and operates an online platform service offering (the “QWB Lab Platform”) that through a specialised suite of tools enables cultural organisations to measure, understand, improve and articulate their impact on wellbeing, inspired by the OECD wellbeing framework.  

QWB Lab also, in relation to the QWB Platform, has a public website https://qwblab.com (the “QWB Lab Website”) subject to the Terms of Use at www.qwblab.com/terms-of-use, the QWB Lab Website is made available to a User. 


1.2 Our approach to Data Privacy  

QWB Lab respects your Personal Information that it collects and uses for the purposes stated below. 

This Privacy Policy sets out our, and your, rights and obligations in relation to Personal Information you may provide either in relation to:  

  • Potential or actual provision of the QWB Lab Platform Services by QWB Lab to a client (a “Client”).
  • A public (non-Client) user of the QWB Lab Website. 
  • Any other form of legitimate business engagement between us, and whether by face to face, or, by phone, letter, email or through the QWB Lab Website. 

Please read this Privacy Policy carefully.


2. Definitions

In this Privacy Policy, the following terms are defined:

  • “GDPR” means the General Data Protection Regulation (GDPR) (EU) 2016/679.
  • “QWB Lab” means QWB Lab Limited, a company incorporated under the laws of New Zealand (Company number 8229162) with its registered office at 1/18 Westwell Road, Auckland, 0622, New Zealand and it is also herein referred to as “our “ or “we” or “us”
  • “Personal Information” means information or an opinion about an identified individual or an individual who is reasonably identifiable. Under the GDPR, the similar definition is “Personal Data”.  
  • “Personnel” means, as applicable, employees or contractors of a Client. 
  • “Policy” means this Privacy Policy.
  • “QWB Lab Portal” means the access only authenticated ID and User password-based Client only (non-public) section of the QWB Platform. 
  • “QWB Lab Platform Services” means when you as a registered Client, via the QWB Lab Portal, engage in data provision and data analytic and reporting services provided by us. 
  • “QWB Lab Website“ means https://qwblab.com
  • “User” (or “You”) means: 

i. A potential or actual Client; or 

ii. A member of the public that visits the QWB Lab Website including where that person subscribes to our newsletter or downloads white papers, case studies or other educational or marketing materials; or 

iii. Any other person or organisation that we engage with in relation to a potential or actual business relationship or engagement with us (including in relation to services to be or provided by a service provider). 


3. What Personal Information we collect 

We may collect and hold the following Personal information, as applicable: 

  • First name and surname
  • Country of location 
  • Organisation
  • Phone number
  • Email address

When you as a Client or Client Personnel complete proprietary surveys we make available for the purpose of the QWB Lab Platform Services including via our service provider Mail Chimp (https://mailchimp.com/


4. How we collect Personal Information 

4.1 We collect in the following manner: 

  • When you commence discussions as Personnel of a potential Client for the provision of the QWB Lab Platform Services. 
  • as a Client, during the provision of QWB Lab Platform Services and arising from initial and ongoing contractual negotiation and engagement and then in accounts management. 
  • through the use of Mail Chimp as stated in Section 3, where we store your contact details via the Mail Chimp application. 
  • via the QWB Lab Website, when you, as a public user, subscribe to our newsletter or download white papers, case studies or other educational or marketing materials. 
  • in your capacity as Personnel of a proposed or actual service provider to QWB Lab; or
  • indirectly, without us asking for it, for example, if you engage with us on social media such as LinkedIn or Twitter.
  • in any other circumstances including face to face or by email or phone exchange. 


4.2 Aggregated anonymous information generated by our IT systems (operated and managed by our service providers), which may track and analyse traffic to the QWB Lab Website, but do not relate to you personally. This is further described in Section 5.1 herein (final paragraph). 


5. How we use your Personal Information

5.1 We expect to use the Personal Information we collect from you in the following manner:

  • to provide you as a Client with (and assist you with using) the QWB Lab Platform Services including fulfilling administrative functions associated with the provision of the QWB Lab Platform Services (for example, entering into contracts with you and invoicing); or 
  • where you have opted in to receiving such information (see Section 10 of this Policy) by way of subscription to our newsletter or you download case studies, white papers or other educational or marketing materials; or
  • for any other use that you expressly authorise by email or our opt-in process (see Section 10 of this Policy).
  • to comply with mandatory legal requirements whether via the court or a government agency; or
  • as we reasonably determine necessary to prevent illegal activity; or 
  • in the reasonable protection and/or enforcement of our legal rights and interests including defending any claim. 


Note - in addition, when we collect certain non-Personal Information concerning the QWB Lab Website pages you visit from your device (e.g., the identity of your web browser, the type of operating system you use, your IP address and the identity of the host or host’s name), we may use such non-Personal Information for internal purposes, including, but not limited to, improving the content of the QWB Lab Website. This information may come from server logs and or cookies (see Section 7).


5.2 GDPR lawful processing grounds 

The ‘lawful processing’ grounds on which QWB Lab will rely to collect and use Personal Data about you will be (as applicable):

  • where you are a Client in relation to potential or actual contractual engagements for the provision of QWB Lab Platform Services; or 
  • where you as a public user have opted in to receiving such information (see Section 10 of this Policy) by way of subscription to our newsletter or you download case studies, white papers or other educational or marketing materials
  • in relation to potential or actual contractual engagements with you as Personnel of a service provider to QWB Lab 
  • based on your express consent to the proposed use obtained prior to our processing. 


5.3 Data retention

We will keep Personal Information (or Personal Data) about you, to use for the above purposes, for a reasonable period of time necessary for the operation and management of our business but subject to our obligations under Sections 9 and 10. 


6. Will we permit access to your Personal Information with anyone else?

We will only permit access to your Personal Information with other organisations or individuals or government agencies strictly for the following purposes, where necessary and incidental in the provision of:

i. QWB Lab platform services;

ii. QWB Lab website - by our service providers.

As at the date of this policy, our service providers are:

i. Webflow, a service provider who hosts and operates the QWB Lab Website from its datacentres in the USA;

ii. Mail Chimp, a service provider who hosts and provides its service from its data centre in the USA. 


Our service providers provide their services to us in accordance with applicable privacy policies and laws. 

Where we need to disclose your Personal Information to third parties including pursuant to a court or government agency in order satisfy any mandatory applicable law, regulation, judicial or other legal process or government agency request provided we will use our reasonable endeavours to give you advanced written notice of such requirement 


7. Cookies 

7.1 Cookies 

We may use cookie files containing information that can identify the computer you are working from (as referred to in Section 4.2 and the Note at the end of Section 5.1). A cookie file is anonymous and is only used to identify visits from the same web browser. 

We may use the information generated by such cookie files to: (i) track traffic patterns to and from the QWB Lab Website; and (ii) enable you to enter the QWB Lab Website. In particular our service provider Webflow sets out the following information concerning cookies and widgets: https://webflow.com/legal/cookie-policy

We also disclose that other sites and services (including, for example, advertising networks, providers of external services like web site hosting or traffic analysis services and content recommendation engines) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.


7.2 How to turn Section 7.1 cookies off?

You can choose to refuse cookies by turning them off in your web browser and/or deleting them from your hard drive. Some QWB Lab Website pages may not function properly if the cookies are turned off.


8. Security 

We use our reasonable commercial efforts to ensure the security, integrity and privacy of your Personal Information and avoid unauthorised loss, use or disclosure-this includes a variety of measures including Client authenticated ID and password-based use of the QWB Lab Client Portal and otherwise encryption of data, use of IT firewalls and certain cyber-attack protections 

As no data transmission over the internet can be guaranteed to be completely secure, we cannot ensure the security of any information you transmit or receive through the QWB Lab Website. While, as stated, we take precautions to minimise related risks, you use the internet for transmission at your own risk.

If you post your Personal information on the QWB Lab Website in any publicly accessible fields or in our LinkedIn page, you acknowledge and agree that the information you post is publicly available.


9. Your Personal Information rights

9.1 How to access or correct your Personal Information 

9.1.1 Subject to applicable laws, you have the right to access your Personal Information and to receive a copy of that information. We may need to verify your identity to respond your access request (and similarly were made under Sections 9.1.2 and 9.2). We will respond to any access request within a reasonable time period. We will give you access in a media form requested provided it is reasonable and practical. We do not expect to need to charge our time for this provided the access request is reasonable. If we cannot give you access, due to mandatory legal grounds, then we will inform you of this in writing.  

9.1.2 You also have the right to request the correction of the Personal Information we hold about you. We will take reasonable steps to make appropriate corrections to Personal Information so that it is accurate, complete and up to date.  Unless a lawful exception applies, we must update, correct, amend or delete the Personal Information we hold about you within a reasonable time period. If we have shared that Personal Information to others, as contemplated under Section 6, we will use our reasonable commercial efforts to contact them and arrange the relevant change. We do not charge for making corrections

To seek access to, or correction of, your Personal Information, please contact our Data Privacy Officer as set out below in Section 12.


9.2 GDPR data subjects – exercising your other rights

If you (a data subject under the GDPR) are located in country that is a member of the European Economic Area (EEA) you have a number of other GDPR rights in relation to our collection and use of your Personal Data. You have the right to:

  • opt-out of direct marketing and profiling for marketing – please note Section 10 below. 
  • opt-out of processing for research / statistical purposes, or processing on the grounds of ‘public interest’ or ‘legitimate interest’ – please note Section 10 below. 
  • erasure of your Personal Data. 
  • Personal Data portability. 
  • Object to or restrict processing of your Personal Data. 

Any request in relation to the exercise any of those rights, please contact our Data Privacy Officer as set out below in Section 12


10. Opt in/out 

10.1 We will give you the option to: (a) opt in to agree to be contacted by us in relation to our newsletter or where you download case studies, white studies or other educational or marketing materials; and (b) opt out and not receive the same.


10.2 We advise that if you exercise you opt out rights per Section 10.1 this may result in any of the content referred to in Section 10.1 not being provided or made available to you.


11. Updates

We will review this Policy regularly, and we may update it from time to time by publishing the latest version on the QWB Lab Website. You will ensure that you have read the most recent terms posted on the QWB Lab Website.


12. To contact our Data Privacy Officer

If you have a request or enquiry or a complaint about the way we handle your Personal Information (or Personal Data) or to seek to exercise your privacy rights herein in relation to the Personal Information (or Personal Data) we hold about you, you may contact our Data Privacy Officer as follows:

Name: Sabine Doolin

Title: Director, QWB Lab Limited 

Email: Sabine@QWBLab.com 

Posting: QWB Lab Limited, 1/18 Westwell Road, Belmont, Auckland 0622, New Zealand

While we endeavour to resolve complaints quickly and informally, if you wish to proceed to a formal privacy complaint, we request that you make your complaint in writing to our Data Privacy Officer, by mail or email as above. We will acknowledge your formal complaint within 10 business days.

If we do not resolve your privacy complaint to your satisfaction, you may lodge a complaint with the New Zealand Privacy Commissioner by making a complaint online at https://www.privacy.org.nz/your-rights/complaint-form/, or writing to them at Privacy Commissioner PO Box 10094, Wellington 6143.

If you are a data subject in the European Economic Area, you can choose to instead lodge a complaint with your local Data Protection Authority (DPA). The list of DPAs is at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm