QWB Lab Limited Privacy Policy

This Privacy Policy is current as of 1 January 2025

1. Introduction

1.1 Our Business 

QWB Lab Limited, a New Zealand incorporated limited liability company (company number 8229162) and related entity QWB Lab FlexCo (company number FN636143f), anAustrian incorporated limited liability company  (each or together referred to herein as “QWB Lab” or as “our“ or “we” or “us”) provide and operate an online platform service offering (the “QWB Lab Platform”) that through a specialised suite of tools enables cultural organisations to measure, understand, improve and articulate their impact on wellbeing, inspired by the OECD wellbeing framework.

QWB Lab also has a public website https://qwblab.com (the “QWB Lab Website”) – it and the QWB Platform are both subject to the Terms of Use at www.qwblab.com/terms-of-use.

1.2 Our approach to Data Privacy  

QWB Lab respects your Personal Information that it collects and uses for the purposes stated below. 

This Privacy Policy sets out our, and your, rights and obligations in relation to Personal Information you may provide either in relation to:  

  • Potential or actual provision of the QWB Lab Platform Services by QWB Lab to a client (a “Client”).
  • A public (non-Client) user of the QWB Lab Website. 
  • Any other form of legitimate business engagement between us, and whether by face to face, or, by phone, letter, email or through the QWB Lab Website. 

Please read this Privacy Policy carefully.

2. Definitions

In this Privacy Policy, the following terms are defined:

  • “GDPR” means the General Data Protection Regulation (GDPR) (EU) 2016/679.
  • “Personal Information” means information or an opinion about an identified individual or an individual who is reasonably identifiable. Under the GDPR, the similar definition is “Personal Data”.  
  • “Personnel” means, as applicable, employees or contractors of a Client. 
  • “Policy” means this Privacy Policy.
  • “QWB Lab Portal” means the access only authenticated ID and User password-based Client only (non-public) section of the QWB Platform. 
  • “QWB Lab Platform Services” means when you as a registered Client, via the QWB Lab Portal, engage in data provision and data analytic and reporting services provided by us. 
  • “QWB Lab Website“ means https://qwblab.com
  • “User” (or “You”) means:  

i. A potential or actual Client; or

ii. A member of the public that visits the QWB Lab Website including where that person subscribes to our newsletter or downloads white papers, case studies or other educational or marketing materials; or

iii. Any other person or organisation that we engage with in relation to a potential or actual business relationship or engagement with us (including in relation to services to be or provided by a service provider).

3. What Personal Information we collect

We may collect and hold the following Personal information, as applicable: 

  • First name and surname
  • Country of location 
  • Organisation (if applicable)
  • Phone number
  • Email address

when you subscribe to our newsletter via our service provider Mail Chimp (https://mailchimp.com/). 

4. How we collect Personal Information 

4.1 We collect in the following manner: 

  • When you commence discussions as Personnel of a potential Client for the provision of the QWB Lab Platform Services. 
  • As a Client, during the provision of QWB Lab Platform Services and arising from initial and ongoing contractual negotiation and engagement and then in accounts management. 
  • Through the use of MailChimp as stated in Section 3, where we store your contact details via the MailChimp application for the purpose of sending newsletters. 
  • Via the QWB Lab Website, when you, as a public user, subscribe to our newsletter or download white papers, case studies or other educational or marketing materials. 
  • In your capacity as Personnel of a proposed or actual service provider to QWB Lab; or
  • Indirectly, without us asking for it, for example, if you engage with us on social media such as LinkedIn or Twitter.
  • In any other circumstances including face to face or by email or phone exchange. 

4.2 Aggregated anonymous information generated by our IT systems (operated and managed by our service providers), which may track and analyse traffic to the QWB Lab Website, but do not relate to you personally. This is further described in Section 5.1 herein (final paragraph). 

5. How we use your Personal Information

5.1 We expect to use the Personal Information we collect from you in the following manner:

  • to provide you as a Client with (and assist you with using) the QWB Lab Platform Services including fulfilling administrative functions associated with the provision of the QWB Lab Platform Services (for example, entering into contracts with you and invoicing); or 
  • where you have opted in to receiving such information (see Section 10 of this Policy) by way of subscription to our newsletter or you download case studies, white papers or other educational or marketing materials; or
  • for any other use that you expressly authorise by email or our opt-in process (see Section 10 of this Policy).
  • to comply with mandatory legal requirements whether via the court or a government agency; or
  • as we reasonably determine necessary to prevent illegal activity; or 
  • in the reasonable protection and/or enforcement of our legal rights and interests including defending any claim. 

5.2 Other technical based purposes

In addition, we may automatically collect certain non-Personal Information concerning the QWB Lab Website pages when you visit from your device in order to display and provide and optimise the provision of webpages to you. This includes date and time of access, the identity of your web browser, the type of operating system you use, your IP address and the identity of the website host or host’s name. We may also use such non-Personal Information for improving the content of the QWB Lab Website or QWB Lab Platform (as applicable). This information may come from server log files (temporarily stored) and/or cookies (where permitted, see Section 7).

5.3 Data retention

We will keep Personal Information (or Personal Data) about you, to use for the above purposes, for a reasonable period of time necessary for the operation and management of our business but subject to our obligations under Sections 9 and 10.

6. Will we permit access to your Personal Information with anyone else?

We will only permit access to your Personal Information with other organisations or individuals or government agencies strictly for the following purposes, where necessary and incidental in the provision of:

i. QWB Lab platform services;

ii. QWB Lab website;

by our service providers.

As at the date of this policy, our service providers are:

- Webflow, a service provider who hosts and operates the QWB Lab Website from its data centre in the USA;

- MailChimp, a service provider who hosts and provides its service from its data centre in the USA;

- IT Effect Limited (a New Zealand incorporated company) being a service provider that manages and supports the MS Azure hosted QWB Lab Platform. 

Our service providers provide their services to us in accordance with applicable privacy policies and laws. 

Where we need to disclose your Personal Information pursuant to a court or government agency in order to satisfy any mandatory applicable law, regulation, judicial or other legal process or government agency request provided, we will use our reasonable endeavours to give you advanced written notice of such requirements in the USA.

7. Cookies 

7.1 Cookies 

We may use cookie files containing information that can identify the computer you are working from (as referred to in Section 4.2 and Section 5.2). A cookie file is anonymous and is only used to identify visits from the same web browser.

We may use the information generated by such cookie files to: (i) track traffic patterns to and from the QWB Lab Website; and (ii) enable you to enter the QWB Lab Platform

7.2 How to turn Section 7.1 cookies off?

You can choose to refuse cookies by turning them off in your web browser and/or deleting them from your hard drive. Some QWB Lab Website pages may not function properly if the cookies are turned off.

8. Security 

We use our reasonable commercial efforts to ensure the security, integrity and privacy of your Personal Information and avoid unauthorised loss, use or disclosure.

This includes a variety of measures including Client authenticated ID and password-based use of the QWB Lab Client Portal and otherwise encryption of data, use of IT firewalls and certain cyber-attack protections

As no data transmission over the internet can be guaranteed to be completely secure, we cannot ensure the security of any information you transmit or receive through the QWB Lab Website and or QWB Lab Platform (as applicable). While, as stated, we take precautions to minimise related risks, you use the internet for transmission at your own risk.

It is also important that you take steps to protect your Personal information like:

• Using a strong password with numbers, letters and special characters;

• Not sharing your password with anyone, ever;

• Remembering to close the browser after using our Webpages.

In addition, if you post your Personal information on the QWB Lab Website in any publicly accessible fields or in our LinkedIn page, you acknowledge and agree that the information you post is publicly available.

9. Your Personal Information rights

How to access or correct your Personal Information?

9.1 Data subject Users not located in the European Economic Area (EEA)

9.1.1 Subject to applicable laws, you have the right to access your Personal Information and to receive a copy of that information. We may need to verify your identity to respond your access request (and similarly were made under Section 9.1.2). We will respond to any access request within a reasonable time period. We will give you access in a media form requested provided it is reasonable and practical. We do not expect to need to charge our time for this provided the access request is reasonable. If we cannot give you access, due to mandatory legal grounds, then we will inform you of this in writing.

9.1.2 You also have the right to request the correction of the Personal Information we hold about you. We will take reasonable steps to make appropriate corrections to Personal Information so that it is accurate, complete and up to date.  Unless a lawful exception applies, we must update, correct, amend or delete the Personal Information we hold about you within a reasonable time period. If we have shared that Personal Information to others, as contemplated under Section 6, we will use our reasonable commercial efforts to contact them and arrange the relevant change. We do not charge for making corrections.

To seek access to, or correction of, your Personal Information, please contact our Data Privacy Officer as set out below in Section 12.

9.2 Users located in the EEA and GDPR data subjects – Information and exercising specific data subject rights

9.2.1. Name and Address of the controller with respect to the GDPR

In relation to an applicable data subject user the Controller for the purposes of the GDPR and other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

QWB Lab FlexCo

Address: c/o Impact Hub Vienna, Lindengasse 56/18-19, 1070 Vienna, Austria

Email: contactus@qwblab.com

Website: www.qwblab.com

9.2.2 GDPR lawful processing grounds

The ‘lawful processing’ grounds on which QWB Lab will rely to collect and use Personal Data about you will be (as applicable):

• where you are a Client in relation to potential or actual contractual engagements for the provision of QWB Lab Platform Services; or

• where you as a public user have opted in to receiving such information (see Section 10 of this Policy) by way of subscription to our newsletter or you download case studies, white papers or other educational or marketing materials

• in relation to potential or actual contractual engagements with you as Personnel of a service provider to QWB Lab

• based on your express consent to the proposed use obtained prior to our processing.

9.2.3 Your data and disclosure

QWB Lab will only disclose your data to entities situated within the EEA, thereby subject to EU data protection laws, or, to those mandated to adhere to an equivalent level of protection, as determined by an adequacy decision from the European Commission.

Per Section 6 our service providers in non-European countries, have reasonable measures in place to ensure a sufficient level of data protection during the transfer of personal information including by implementing additional technical and organizational safeguards.

9.2.4 Specific data subject rights

If you a data subject under the GDPR are located in country that is a member of the EEA, you have a number of other GDPR rights in relation to our collection and use of your Personal Data. In particular these are:

• Right to Access

You can request confirmation as to whether Personal Information concerning you is being processed by us and if so, to which extent. You have the right to request information as to whether the Personal Information concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

• Right to rectification

You have a right to rectification and/or completion of your data towards the controller if the processed Personal Information concerning you is incorrect or incomplete. The controller must make the rectification without undue delay.

• Right to Restriction of Processing

You may request the restriction of the processing of your Personal Information pursuant to Art. 18 GDPR.

If the processing of Personal Information concerning you has been restricted, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or one of its Member States. If the processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

• Right to Erasure

You have the right to obtain from the controller the erasure of Personal Information concerning you without undue delay and the controller shall have the obligation to erase Personal Information without undue delay where one of the grounds of Art. 17 GDPR applies.

Where the controller has made the Personal Information concerning you public and is obliged pursuant to Art. 17 (1) GDPR to erase the Personal Information, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the Personal Information that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those Personal Information The right to erasure does not apply if the processing falls within an exception pursuant to Art. 17 (3) GDPR.

• Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the Personal Information concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right towards the controller to be informed about these recipients.

• Right to Data Portability

You have the right to receive the Personal Information concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data or have it transmitted to another controller without hindrance from the controller to which the Personal Information has been provided.

• Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of Personal Information concerning you which is based on Art. 6 (1) GDPR, including profiling based on those provisions. The controller will no longer process the Personal Information concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

• Right to withdraw Consent

You have the right to withdraw your declaration of consent law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

• Automated decision-making in individual cases, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

• Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of Personal Information relating to you infringes the GDPR

Any request in relation to the exercise any of those rights, please contact our Data Privacy Officer as set out below in Section 12.

10. Opt in/out 

10.1 We will give you the option to:

(i) opt in to agree to be contacted by us in relation to our newsletter or where you download case studies, white studies or other educational or marketing materials; and

(ii) opt out and not receive the same.

10.2 We advise that if you exercise you opt out rights per Section 10.1 this may result in any of the content referred to in Section 10.1 not being provided or made available to you.

11. Updates

We will review this Policy regularly, and we may update it from time to time by publishing the latest version on the QWB Lab Website or the QWB Lab Platform (as applicable). You will ensure that you have read the most recent terms posted on the QWB Lab Website or the QWB Lab Platform (as applicable).

12. To contact our Data Privacy Officer

If you have a request or enquiry or a complaint about the way we handle your Personal Information (or Personal Data) or to seek to exercise your privacy rights herein in relation to the Personal Information (or Personal Data) we hold about you, you may contact our Data Privacy Officer as follows:

Name: Sabine Doolin

Title: Director, QWB Lab Limited and QWB Lab FlexCo (as applicable)

Email: Sabine@QWBLab.com 

Posting:

- QWB Lab Limited, 1/18 Westwell Road, Belmont, Auckland 0622, New Zealand

- QWB Lab FlexCo, c/o Impact Hub Vienna, Lindengasse 56/18-19, 1070 Vienna, Austria

While we endeavour to resolve complaints quickly and informally, if you wish to proceed to a formal privacy complaint, we request that you make your complaint in writing to our Data Privacy Officer, by mail or email as above. We will acknowledge your formal complaint within 10 business days.

If we do not resolve your privacy complaint to your satisfaction, you may lodge a complaint with the New Zealand Privacy Commissioner by making a complaint online at https://www.privacy.org.nz/your-rights/complaint-form/, or writing to them at Privacy Commissioner PO Box 10094, Wellington 6143.

If you are a data subject in the EEA, you can choose to instead lodge a complaint with your local Data Protection Authority (DPA), in Austria this is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde), Barichgasse 40-42, 1030 Vienna, Austria.

The list of DPAs in h EEA can be fund at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm