GDPR Compliance Statement

This Statement refers to the GDPR and the UK GDPR collectively as the “GDPR”.

QATESTLAB LIMITED (hereinafter - “QATESTLAB”, “we”) is the controller for this website and our client and suppliers' contact information that is required to manage and deliver services under contracts.

QATESTLAB is the processor for our hosted client data.

For detailed or contact information, see our Privacy Notice.


QATESTLAB is committed to ensuring the security and protection of the personal information that we process, and to providing a compliant and consistent approach to data protection. We have a data protection program in place that complies with existing law and abides by the data protection principles.

We are dedicated to safeguarding the personal information under our remit and to developing a data protection regime that is effective, fit for purpose, and demonstrates an understanding of and appreciation for GDPR. Our preparation and objectives for GDPR compliance have been summarised in this statement and include the development and implementation of new data protection roles, policies, procedures, controls, and measures to ensure maximum and ongoing compliance.

Safeguarding and Security Measures 

We protect personal data against unauthorized access, use, modification, or loss by implementing appropriate technical and organizational measures. We take appropriate steps to protect your privacy and implement reasonable security measures to protect your personal information in storage. For detailed information, see our Privacy Notice

Purposes for the personal data processing

Privacy Notice describes the personal data we collect, use, process, and purposes for that processing in the course of operating our business.  

Lawful basis for the processing

QATESTLAB process personal data provided by visitors through our website or other interactions with us on the basis of our legitimate interests in conducting our business.  In instances where we request your approval, we engage in the processing of personal data strictly on the basis of the explicit consent you have granted. We may also process personal information on other bases permitted by the GDPR, such as when the processing is necessary for us to enter into and perform the contract and comply with our legal obligations.

Categories of personal data we process

The categories of personal information that we process are described in Privacy Notice.

Transfers of personal data outside of the European Economic Area (EEA)

We will only share personal data with third parties when we are legally permitted to do so. When we share personal data, we put contractual arrangements and security mechanisms in place to protect it and comply with our data protection, confidentiality, and security standards.  We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the EEA are done lawfully. 

The retention period for personal data

The retention period varies according to the type of information and the purpose for which it is used.  We delete personal information within a reasonable period after we no longer need to use it for the purpose for which it was collected (or for any subsequent purpose that is compatible with the original purpose).  We may archive personal data (which means storing it in inactive files) for a certain period prior to its final deletion, as part of our ordinary business continuity procedures.

Data subject rights

You have the right to request access to your personal data, to have your personal data corrected, restricted, or deleted, to withdraw any consent that you have given to the processing of your personal data (without affecting the lawfulness of the processing prior to your withdrawal of consent) and to object to our processing of your personal data.  You also have the right of data portability in certain circumstances, which means that you can request that we provide you (or a third party you designate) with a transferable copy of the personal information that you have provided to us.  Your rights may be subject to various limitations under the GDPR.  If you wish to exercise any of these rights, or if you have any concerns about our processing of your personal data, please contact us in any of the ways listed in the section How to Contact Us in Privacy Notice.

You have the right to file a complaint concerning our processing of your personal data with your national or regional data protection authority.