1. Objective

The Quantumsabre Appropriate policy document explains QuantumSabre’s approach to processing, safeguarding, retaining, and deleting sensitive personal information, including special category data (SCD) and criminal offence (CO) data.

It establishes how QuantumSabre ensures compliance with the principles outlined in Article 5 of the UK General Data Protection Regulation (UK GDPR) and aligns with the requirements of the Data Protection Act 2018 (DPA 2018), specifically Schedule 1 Part 1.

2. Regulatory Framework

The DPA 2018 mandates the presence of an Appropriate Policy Document (APD) when handling special category and criminal offence data under specified conditions.

QuantumSabre adheres to this requirement, especially when relying on conditions outlined in Schedule 1 Part 2 of the DPA 2018, such as processing related to employment, social security, or significant public interest.

3. Types of Data Processed

QuantumSabre processes personal information essential for providing services and fulfilling contractual obligations. This includes special category and criminal offence data for purposes such as employment, social security, and compliance:

  • Gender, sexual orientation, or related information
  • Biometric and genetic data for unique identification
  • Health, sickness, and disability details
  • Race, ethnicity, and religious or philosophical beliefs
  • Trade union memberships
  • Background checks and security clearance information

Criminal offence data is handled as defined under Article 10 of the UK GDPR and clarified in section 11(2) of the DPA 2018.

4. Conditions for Processing

QuantumSabre relies on specific legal conditions under Schedule 1 of the DPA 2018, including:

  • Schedule 1 Part 1, para 1: For fulfilling employment-related obligations or social protection guarantees.
  • Schedule 1 Part 2: For initiatives such as equal opportunities monitoring and pensions, in alignment with employee notices and processing records.

5. Accountability Framework

QuantumSabre ensures compliance with data protection principles through:

  • Dedicated Oversight: A Data Protection Officer (DPO) oversees all data activities to ensure compliance.
  • Records Management: Maintaining detailed Records of Processing Activities (RoPA) that document categories of data processed, purposes, legal bases, retention periods, and data recipients.
  • Transparency: Privacy notices clearly communicate how and why data is processed.
  • Impact Assessments: Conducting Data Protection Impact Assessments (DPIAs) for processes that pose potential risks to individual rights.
  • Policies and Agreements: Implementing robust data protection policies and securing contracts with processors.
  • Design Principles: Integrating “privacy by design and default” into operational frameworks.

QuantumSabre ensures data is:

  • Processed lawfully, fairly, and transparently.
  • Collected for clear, legitimate purposes and processed accordingly.
  • Accurate, relevant, and minimized for necessity.
  • Retained only as long as required.
  • Protected with robust security measures.

6. Lawfulness, Fairness, and Transparency

QuantumSabre processes personal data under clearly defined lawful bases. High-risk processing undergoes DPIA evaluations, and all activities are logged in RoPA.

Privacy notices ensure individuals understand why their data is processed, with details tailored for specific activities or available through QuantumSabre’s central privacy hub.

7. Purpose Limitation

QuantumSabre processes data strictly for the purposes it was collected. These purposes are documented in RoPA and communicated through privacy notices.

If the processing purpose changes, QuantumSabre ensures a lawful basis exists, evaluates risks, and informs affected parties appropriately.

8. Data Minimization

Data collection is limited to what is strictly necessary for the intended purposes.

Periodic reviews ensure data relevance, and data exceeding retention periods is securely deleted as outlined in QuantumSabre’s Retention Schedule.

9. Accuracy

QuantumSabre ensures the accuracy of all processed data through regular audits and enables mechanisms for correction. Systems allow for rectification of errors while maintaining records of changes.

Complaints and breaches are managed through established procedures to safeguard data integrity.

10. Storage Limitation

Data is retained in line with QuantumSabre’s Retention Schedule, which balances regulatory, contractual, and operational needs. The schedule specifies how data is securely deleted, anonymized, or archived when no longer necessary.

Rights such as data erasure are respected, and requests are handled promptly under applicable legal frameworks.

11. Security and Confidentiality

QuantumSabre employs advanced physical, electronic, and technical safeguards to protect personal data, with regular training provided to all staff.

Systems are designed with access controls to restrict data to authorized personnel only. Risk assessments and procedures ensure adequate protection for sensitive data.

12. Additional Information

For queries or further details, please contact QuantumSabre’s Data Protection Officer:

  • Email: quantumsabre@protonmail.com
  • Address: Quantumsabre Ltd, 27 Gloucester street, London, United Kingdom, WC1N 3AX

13. Review and Updates

This document is reviewed biennially or sooner if significant processing changes occur. The current version was last updated in 03.12.2024