Quintessentially(“Quintessentially” “we” or “us”) is committed to protecting your personal data when you choose to interact with us. This Privacy Notice describes the data we will hold about you, what we will do with it and why, and how we will protect it. It also describes your rights and how to exercise them. 

This Privacy Notice applies globally, regardless of where you reside or access our website or services. We recognise that different jurisdictions may use varying terminology to describe similar concepts—such as Data Controller or Personal Data.  Wherever that’s the case, those terms should be understood the way your local data protection laws define them. If you are located in California or another state in the United States (USA) that provides for individual privacy rights, you can review additional information that will apply to you in the section titled “Privacy Notice for Residents of Certain USA States”.

By accessing or using https://quintessentially.com and various related websites and services (collectively, the “Quintessentially Services”) and/or submitting or collecting any personal data via the Quintessentially Services, you accept and agree to our practices surrounding the collection, use, and sharing of your personal information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, you cannot, and we do not authoriSe you to, access, browse, or use the Quintessentially Services. 

Who Are We? 

Quintessentially is a group of companies. The ultimate parent company is Quintessentially (UK) Limited, registered in England & Wales with company number 03879072 with registered address being 29 Portland Place, London, W1B 1QB. 

Other Group Companies Are: 

  • Quintessentially & Co. (USA), Inc. a company under the laws of Delaware, United States having its business offices at 6060 Center Drive, Los Angeles, CA 90045 and 8 West 38th Street, Suite 501, New York, NY 10018.
  • Quintessentially DMCC, a company under the laws of United Arab Emirates having its business office at Unit No: 302,Reef Tower, Plot No: JLT-PH2-O1A Dubai, Dubai, United Arab Emirates.
  • Quintessentially Germany GmbH , registered in Germany with registered/correspondence address Uhlandstr. 32 10719, Berlin, Berlin, Germany.
  • Quintessentially (Hong Kong) Limited and (Quintessentially & Co. (APAC) Limited, a company under the laws of Hong Kong having its business office at 2/F TEDA Building, 87 Wing Lok Street, Sheung Wan, Hong Kong.
  • Quintessentially Poland Sp. z o.o. a company under the laws of Polandhaving its business office at Podchorążych 73/26, Warszawa 00-722, Poland.
  • Quintessentially Saudi Arabia, a company under the laws of Saudi Arabia, having its business office at 7540 Abi Bakr As Siddiq Rd, An Nafal, Riyadh 13312.
  • Singapore (Quintessentially Lifestyle (Singapore) PTE. LTD.), a company under the laws of Singapore, having its business office at 32 Pekin Street #05-01 Singapore, 048762 Singapore.
  • Quintessentially Travel Limited, a registered company under the laws of England & Wales with company number 06648649 with registered address being 19 Portland Place, London, W1B 1QB.

Privacy Notice Updates 

This Privacy Notice replaces any previous Privacy Notices published on our websites. Your continued use of the Quintessentially Services after the effective date of any amendment to this Privacy Policy constitutes your acceptance of the amended Privacy Policy.

We may update this Privacy Notice from time to time to ensure that the information we provide to you is up to date with any change of legislation and/or new business developments and in accordance with the relevant data protection laws. We encourage you to periodically review this page for the latest information on our privacy practices.

Any new version of this Privacy Notice will be published on our website. IF YOU DO NOT AGREE TO FUTURE CHANGES TO THIS PRIVACY POLICY, YOU MUST STOP USING THE Quintessentially SERVICES AFTER THE EFFECTIVE DATE OF SUCH CHANGES.

Our Privacy Notice was last updated on: July 6, 2026

 

What Personal Data Do We Collect?

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.

Contact Data includes billing address, delivery address, email address and telephone numbers.

Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences

Financial Data includes bank account and payment card details.

Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.

Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to interact with or access this website.

Profile Data includes your membership identification number, purchases or orders made by you, your interests, preferences, feedback and survey responses. 

Usage Data includes information about how you use our website, products and services, including the member portal. 

Audio Data includes any audio recordings captured during customer service interactions, along with any associated transcripts, text files, and metadata (such as call timestamps, durations, and phone numbers).

Educational and Professional Background Data includes job and career history, educational background, professional membership and other relevant information from your CV.

Visitor Log Data includes your name, relationship to Quintessentially and the times of your arrival and departure in our visitor log.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.

We may collect any Special Categories of Personal data about you should you provide us with it (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). If the definition of Special Categories of Personal data, is sometimes referred to as “sensitive personal data” varies in your jurisdiction,  those terms should be understood the way your local data protection laws define them.

 

How Do We Collect Your Personal Data?

We collect information when you use and interact with the Quintessentially Services, and in some cases from third party sources. The different methods to collect data from and about you include:

Data That You Directly Provide Us: 

You may give us your personal data when you actively interact with us by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you: 

  • Join the Quintessentially Membership Club
     
  • Request information or express interest in our services
     
  • Subscribe to our services, publications, or newsletters, or sign up to receive marketing communications
     
  • Create an account on the portal or website
     
  • Enter a competition, promotion, or survey
     
  • Sign up for webinars or other events
     
  • Contact us for support, feedback, or general inquiries (via post, phone, email, or online forms)
     
  • Apply for a job with us
     
  • Visit our offices or premises
     
  • Interact with us on platforms like Instagram, LinkedIn, Facebook, X (previously Twitter) and WhatsApp—for example, by commenting on posts or sending private messages—we may collect information you provide during those engagements.

 

Data That We Indirectly Collect From You:

We may gather certain information about you indirectly—such as through your use of our website, interactions with our emails, or through third-party providers.

  • Tracking tools We may use tools outlined below to provide the Quintessentially Services, advertise to, and better understand users.
    • Cookies: “Cookies” are small computer files transferred to your device that contain information such as user ID, user preferences, lists of pages visited and activities conducted while using the Quintessentially Services. We use Cookies to: (i) improve and tailor the Quintessentially Services, (ii) customise advertisements, (iii) measure performance, (iv) store authentication so re-entering credentials is not required, (v) customise user experiences, and for (vi) analytics and fraud prevention. For more information on Cookies, including how to control your Cookie settings and preferences, visit http://www.allaboutCookies.org. You can also manage Cookies in your web browser (for example, Edge, Explorer, Chrome, Safari). If you choose to change your settings, you may find that certain functions or features of the Quintessentially Services will not work as intended. The following details the types of Cookies we use and why we use them:
      • Absolutely Necessary Cookies. These Cookies are essential to enable you to move around a website and use its features. Without these Cookies, services you have asked for, like adding items to an online order, cannot be provided.
      • Performance Cookies. These Cookies collect information about how you use the Quintessentially Services. Information collected includes, the Internet browsers and operating systems used, the domain name of the website previously visited, the number of visits, average duration of visit, and pages viewed. Performance Cookies are used to improve the user-friendliness of a website and enhance your experience.
      • Functionality Cookies. These Cookies allow the Quintessentially Services to remember choices you make (such as your username, language preference, or the area or region you are in) and provide enhanced, more personal features. These Cookies can also be used to remember changes you have made to text size, fonts, and other customisable parts of the Quintessentially Services. The information these Cookies collect may be anonymised, and they cannot track your browsing activity on other websites.
    • Web Beacons: Web Beacons” (a.k.a. clear GIFs or pixel tags) are tiny graphic image files embedded in a web page or email that may be used to collect information about the use of the Quintessentially Services. The information collected by Web Beacons allows us to analyse how many people are using the Quintessentially Services, using selected publishers’ websites, or opening emails, and for what purpose.
    • Web Service Analytics:  We may use third-party analytics services in connection with the Quintessentially Services, including, for example, to register mouse clicks, mouse movements, scrolling activity and text typed into the Quintessentially Services. We use the information collected from these services to help make the Quintessentially Services easier to use and as otherwise set forth in Section 5 (How We Use Your Information). These analytics services generally do not collect personal information unless you voluntarily provide it.
    • Mobile Device Identifiers: As with other Tracking Tools, mobile device identifiers help Quintessentially learn more about our users’ demographics and Internet behaviors in order to personalise and improve the Quintessentially Services. Mobile device identifiers are data stored on mobile devices that may track activities occurring on and through it, as well as the applications installed on it.  Mobile device identifiers enable collection of personal information (such as media access control, address, and location) and Traffic Data.
  • Behavioral Advertising. We may use a type of advertising commonly known as interest-based or online behavioral advertising.  This means that some of our partners use Tracking Tools to collect information about a user’s online activities to display Quintessentially ads to the user based on the user’s interests (“Behavioral Advertising”). Our partners may include third-party advertisers and other third-party service providers, and such partners may collect information when you use the Quintessentially Services, such as IP address, mobile device ID, operating system, and demographic information. These Tracking Tools help Quintessentially learn more about our users’ demographics and Internet behaviors.

     

  • Social media platforms. We may obtain information from platforms like Instagram, LinkedIn, Facebook and X (previously Twitter) about how you interact and engage with our posts and pages on their platform.

    We are not responsible for the privacy practices of social media platforms. If you wish to obtain more information about how LinkedIn, Instagram, Facebook, X (previously Twitter) and WhatsApp collect and manage your personal data, please visit the privacy notices on their websites. 

  • Profiling 

When sending invitations to events we will do some profiling of you to select events that we think will be relevant to you.  

This profiling will use data you have provided directly to us, data we have gathered from the public domain limited to the location of your office, your business or organisational role, the nature of your business or organisation, and data we gather from your behaviour in opening emails, accepting invitations and attending events.  

Quintessentially via its 3rd parties under contract, may also use your personal data to search for similar profiles and inferences in order to appropriately provide services to current and future customers. 

You can opt out of this profiling at any time by contacting us and advising us of your preferences.  

Data That We Collect From Third Parties:

We may receive personal data about you from various third parties as set out below: 

  1. Technical Data from analytics providers such as Google based outside the EU. 
  2. Identity and Contact Data where webinars or events are hosted by a third party.

 

We may also receive Identity and Contact Data from publicly available sources.

Where we receive your personal data from third-party sources, we will make every reasonable effort to ensure that such data is provided to us under a valid and lawful agreement without breach of any confidentiality clause and with all necessary approvals and authorisations, in accordance with applicable law.

Options for Opting Out of Cookies and Mobile Device Identifiers

If we process Cookies based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any point in time by contacting us at [email protected]. Please note, if you exercise this right, you may have to provide your consent on a case-by-case basis to enable you to utilise some or all of the Quintessentially Services.

You may be able to reject Cookies and/or mobile device identifiers by activating the appropriate setting on your browser or device. Although you are not required to accept Quintessentially’s Cookies or mobile device identifiers, if you block or reject them, you may not have access to all features available through the Quintessentially Services. Even after opting out of Behavioral Advertising, you may still see Quintessentially advertisements that are not targeted towards you. 

This Privacy Notice does not cover the use of Cookies and other Tracking Tools by any third parties, and we are not responsible for the privacy practices of any third party. Please be aware that some third-party Cookies can continue to track your activities online even after you have left the Quintessentially Services.

“Do Not Track” (DNT) and Universal Opt-Out Preference Signals

Some web browsers (including Safari, Internet Explorer, Firefox, and Chrome) incorporate a “Do Not Track” (DNT) or similar feature that signals to web services that a visitor does not want to have their online activity and behavior tracked. If a web service operator elects to respond to a particular DNT signal, the web service operator may refrain from collecting certain personal information about the browser’s user. Not all browsers offer a DNT option and there is currently no industry consensus as to what constitutes a DNT signal. For these reasons, many web service operators, including Quintessentially, do not proactively respond to DNT signals.  For more information about DNT signals, visit https://fpf.org/thank-you-for-visiting-allaboutdnt-com/

New standards are being developed for a Universal Opt-Out Mechanism, such as the Global Privacy Control (GPC), which allow users with GPC-enabled browsers and devices to send a signal that will communicate the user’s request to opt-out of sales of their personal information and to opt-out of certain sharing of their personal information. The CPRA and other laws allow for the acceptance of Opt-Out Preference Signals such as the GPC, as an option for users to transmit an Opt-Out of selling/sharing personal information. If we detect and recognise such a signal from your device or browser, we will honor it.

Artificial Intelligence

We may employ artificial intelligence (AI) technologies (“AI Systems”) to enhance the performance and functionality of the Quintessentially Services and/or support certain internal operations and customer facing services which includes tailoring your experience through automated processing based on your activity using the Quintessentially Services. The AI Systems work by analysing your usage patterns, preferences, and other interactions within our services to predict your interests and preferences. The insights gathered allow us to improve our service offerings, improve efficiency and accuracy, provide personalised content and advertising, and enhance user satisfaction and service quality. By using the Quintessentially Services, you agree to the use of AI as described in this Privacy Policy. We encourage you to review your privacy settings regularly to ensure they continue to reflect your preferences. 

Our AI Systems may collect data that you provide directly or indirectly through your interactions with the Quintessentially Services. We are committed to using AI responsibly. To this end, we regulatory audit our AI Systems for accuracy, fairness, and effectiveness; employ human oversight to monitor AI decision-making and intervene as necessary to address anomalies or biases; and maintain compliance with privacy regulations, ensuring that data used by AI is processed lawfully, transparently, and securely.

For more information on your rights and how we use AI, please contact us using the contact details provided in the section “Raise A Concern & Contact The DPO”.

Purposes Of Processing & Legal Basis

We will only use your personal data when the law allows us to. Under some data protection laws, there are certain lawful bases that allow a Data Controller, like Quintessentially, to process your personal data.

Most often the lawful bases Quintessentially relies on to manage your personal data are:

  • Where we have a legal obligation to do so.
  • Where it is part of fulfilling our contract with you.
  • If we have your consent.
  • Where it is in Quintessentially’s  legitimate interest to process your personal data and it is consistent with your own rights and interests.

The table below sets out a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. 

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.  

Purpose/Activity 

Type of data 

Lawful basis/bases for processing including basis of legitimate interest 

To use data analytics to analyse website traffic and user behaviour, which is used to improve website performance

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.

(a) Identity  

(b) Contact  

(c) Profile  

(d) Usage  

(e) Marketing and Communications  

(f) Technical  

(a) Consent

 

To keep you logged in as you navigate the website and remember information you’ve provided during your session.

To identify users through their login credentials, confirm their identity, and securely remember account details.

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)   

(a) Identity 

(b) Contact 

(c) Technical 

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) 

 

To send you marketing communications—such as emails or SMS messages—about our products, services, events, and promotions that we believe may be of interest to you if you have:

  • requested information from us;

  • provided your details in connection with a competition or promotional registration; or 

  • interacted with one of our newsletters (in which case we may send you similar newsletters),

provided you have not opted out of receiving such messages.

Additionally, if you have subscribed to our newsletters, we may send you communications related to that subscription.

(a) Identity 

(b) Contact 

(c) Technical 

(d) Usage

(e) Profile  

(f) Marketing and Communications  

 (a) Consent where required by law

(b) Legitimate Interests (to develop our products/services and grow our business).

(c) Performance of a contract with you 

To send you marketing communications—such as emails or SMS messages—regarding products or services that are similar to those you have previously purchased, and you have not opted out of receiving marketing messages.

(a) Identity  

(b) Contact  

(c) Technical  

(d) Usage  

(e) Profile  

(a) Consent where required by law or Legitimate Interests (to develop our products/services and grow our business).

The specific basis we use may vary depending on your local laws around direct marketing.

To use Lookalike Audience services by Google, Facebook and LinkedIn  to deliver more relevant advertising. This involves uploading existing customer lists to these platforms to identify users with similar characteristics and interests and deliver more relevant advertising to them.

  (a) Identity  

 (b) Profile  

 

Consent where required by law

 

To share your personal data with any company outside the Quintessentially group of companies for marketing purposes.

(a) Identity  

(b) Contact  

(c) Technical  

(d) Usage  

(e) Profile  

(a) Consent where required by law

To register you as a new member or customer 

To create a new member/customer account for you, including verifying your identity and helping you log into the services.

To communicate with you regarding existing services you have subscribed to including notifications of any alerts or updates.

(a) Identity  

(b) Contact 

(a) Performance of a contract with you 

To respond to your comments, queries, or questions, if any where you fill out forms on our website, contacts us, speak to our sales representatives or request customer support services.

(a) Identity  

(b) Contact  

(c) Transaction  

 

  1. Performance of a contract with you 

To process payments and deliver your requests and orders including: 

  • Fulfilment of requests placed by you or on your behalf 

  • Manage payments, fees and charges 

  • Collect and recover money owed to us 

(a) Identity  

(b) Contact  

(c) Financial  

(d) Transaction  

(e) Marketing and Communications 

(a) Performance of a contract with you   

(b) Necessary for our legitimate interests (to recover debts due to us) 

To manage our relationship with you and deliver our services, including sending service-related communications, responding to your inquiries, and notifying you about updates to our terms, policies, or practices.

(a) Identity  

(b) Contact  

(c) Profile  

(d) Marketing and Communications 

(a) Performance of a contract with you  

(b) Necessary to comply with a legal obligation 

 

To gather feedback and improve our services, including by inviting you to leave a review, complete a survey, share your user experience, or provide comments when contacting us or speaking to our representatives.

(a) Identity  

(b) Contact  

(c) Profile  

(d) Marketing and Communications 

(e) Audio 

(a) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) 

To communicate during customer and client service calls, which includes utilising real-time noise cancellation technology to ensure audio clarity.

Additionally, we retain and review these recordings for internal staff training, service quality monitoring, and to maintain an accurate record of verbal agreements or transactions.

(a) Identity  

(b) Contact  

(c) Audio

 

a) Necessary for our legitimate interests (to ensure clear and intelligible communication during interactions, maintaining an accurate and reliable record of verbal agreements, and continuously improving our service delivery through internal staff training and robust quality monitoring.)

To raise awareness of our brand, promote our activities and events, and contact potential customers through the use of LinkedIn and in some regions Instagram, Facebook, X (previously Twitter) and WhatsApp based on information obtained from social media platforms about how you interact and engage with our posts and pages on their platform. 

To target, measure, and improve certain personalised (not contextual) ads on and off social media platforms based on data we obtain from third parties (which may include profiling). 

(a) Identity  

(b) Contact  

(c) Profile  

(d) Marketing and Communications 

(a) Consent where required by law

(b) Necessary for our legitimate interests (in promoting our business, increasing audience engagement on social media)

 

To communicate with you when you comment on our posts or send us a private message on LinkedIn, Instagram, Facebook, X (previously Twitter) and Whatsapp or any other social media platform.

 

(a) Identity  

(b) Contact  

 

 

(a) Performance of a contract with you  

 

To enable you to partake in a prize draw or other competitions.

 

(a) Identity  

(b) Contact  

(c) Profile  

(d) Usage  

(e) Marketing and Communications 

(a) Consent

To discuss a possible contract of employment with you when you apply for a job at Quintessentially 

To verify certain information you have provided e.g. your workplace, educational institution or your identity.

(a) Identity  

(b) Educational and Professional Background Data 

(a) Performance of a contract with you   

 

To ensure your safety in Quintessentially’s physical offices in the event of an evacuation of the building for any reason. 

 

 

  1. Visitor Log Data 

(a) Necessary to comply with a legal obligation under Health and Safety at Work Act. 

 

 

  To support the operation of our services, including by engaging sub-contractors to perform tasks on our behalf—such as operating data centres, providing technical infrastructure, and supporting service delivery. This may require transferring your personal data to them.

(a) Identity  

(b) Contact  

(c) Profile  

(d) Usage  

(e) Financial  

(f) Transaction  

(g) Marketing and Communications 

 (a) Necessary for our legitimate interests (to ensure the efficiency and scalability of our business operations, maintain high service quality, and meet the expectations of our users).

To disclose information about you when required by law, or if we have a good faith belief that disclosure is reasonably necessary for any of the following reasons:

  • To comply with legal obligations, court orders, subpoenas, or other lawful requests.

  • To cooperate with government or law enforcement agencies in accordance with applicable laws.

  • To enforce our agreements and contractual obligations with users and customers.

  •  To investigate and defend against legal claims or allegations, including those made by third parties.

  •  To protect the security, integrity, and availability of our services, including through collaboration with other entities facing similar risks.

  • To safeguard the rights, safety, and wellbeing of our users, staff, and the public.

  • To detect, address, and mitigate harmful, unfair, or unlawful activity related to the use of our services.

(a) Identity  

(b) Contact  

(c) Profile  

(d) Usage  

(e) Financial  

(f) Transaction  

(g) Marketing and Communications 

(f) Technical 

(a) Necessary to comply with a legal obligation 

(b) Necessary for our legitimate interests (to ensure legal compliance, protect our business operations, enforce our rights, and safeguard the security and safety of individuals and our services)

To retain and share relevant information with our legal counsel and qualified experts for the purposes of obtaining legal advice or managing litigation, regulatory inquiries, or disputes.

To protect our company, affiliates, employees, and associated brands from legal claims, regulatory investigations, or criminal activity.

(a) Identity  

(b) Contact  

(c) Profile  

(d) Usage  

(e) Financial  

(f) Transaction  

(g) Marketing and Communications 

(h) Technical

(a) Necessary to comply with a legal obligation 

(b) Necessary for our legitimate interests (to ensure legal compliance, protect our business operations, enforce our rights, and safeguard the security and safety of individuals and our services)

 

Change Of Purpose  

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.  If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us via our details provided below.  

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. 

Please note that we will only process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. 

 

How Do We Protect Your Personal Data? 

We take the security of your data very seriously. All entities covered by this notice are PCI-DSS audited for compliance. PCI DSS stands for Payment Card Industry Data Security Standard, which is a set of security requirements designed to ensure all companies that accept, process, store or transmit credit card information maintain a secure environment. With the aim to protect cardholder data from theft and fraud by setting security controls and best practices for organisations handling payment cards.

We have strict contracts with anyone with whom we share information to ensure they take appropriate care of your data. We will always obey both the letter and the spirit of the data protection laws that apply to us, including but not limited to the General Data Protection Regulation 2016, the UK Data Protection Act 2018 and the Data (Use and Access) Act 2025.

Personal data can be processed anywhere in our group of companies. 

 

Who Do We Share Your Personal Data With? 

We share your personal data with the parties set out below for the purposes set out in the table above:

  • Other companies in the Quintessentially Group listed above acting as joint controllers or processors and provide services pursuant to a contract we have with you (or a view to enter into a contract with you) into, or IT and system administration services, or to undertake leadership reporting. 
  • Quintessentially’s franchise partners acting as joint controllers or processors who may provide services pursuant to the contract we are about to enter into or have entered into with you. 
  • Service providers acting as processors who provide IT and system administration services. 
  • Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services. 
  • Third parties such as our insurers, law enforcement, government agencies, and regulators when legally required to do so.
  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice. 

We will only ever give these third parties the minimum information that they need and it will always remain under our control. This means that they can only do with your data what we tell them to and can’t keep it once they no longer need it or pass it on to anyone else. We conduct careful due diligence on all data sharing partners and ensure that appropriate protections are in place to keep your personal data secure. If you would like a list of the partners and countries with whom your data has been shared, please contact us.

 

How Long Will You Use My Personal Data For? 

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.  

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

For example, by law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes. 

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. 

 

Transfers Of Data To Other Countries                                                         

When we share your personal data with the third parties listed above, this may involve transferring your data outside your country of residence, including outside the United Kingdom and the European Economic Area (EEA). In such cases, we implement appropriate safeguards to ensure your data remains protected. These safeguards may include transferring data only to countries recognised as providing an adequate level of data protection by the relevant authorities, or by using lawful mechanisms such as the European Commission’s Standard Contractual Clauses, the UK’s International Data Transfer Addendum, or, where applicable, other permitted legal derogations. For transfers to the United States, we may also rely on the EU–US Data Privacy Framework, where the recipient is certified under the framework. 

If you are an EEA or UK resident, you may request a copy of the Standard Contractual Clauses or the UK’s International Data Transfer Addendum by contacting us on our details provided below.

If you would like more information on our internal transfers and safeguards as they apply to you, please contact us.

 

Your Data Protection Rights 

Your personal data belongs to you. We use it to provide products and services to you, to obey the law and to improve our services.

To make things simple, wherever you live and whatever your relationship with us, we give you the following rights over your data:

  1. “Transparency”

You have the right to a detailed explanation of what data we have about you, how and where we use it, how long we keep it and with whom it is shared. 

That information is contained in the details of our data processing below.

  1. “Access” 

You have the right to a copy of the data we hold about you. 

We will not charge you for providing this information in electronic form; we may charge you for providing it on paper to reflect the costs and environmental impact of doing so. 

We may ask you to prove your identity before we release your data to you. If you want the data for a specific reason, you can help us by letting us know. 

Please be aware that no-one can force you to get a copy of your data and no-one should ask you to share it with them.

  1. “Correction” 

You have the right to have your data corrected. 

If you believe we have incomplete or incorrect information about you, please let us know. 

We may ask you to provide your identity and to provide evidence supporting the changes you would like made.

  1. “Erasure and the right to be forgotten” 

You have the right to have your data erased if we no longer need it. 

Note that in many cases we need to retain data about you in order to honour our obligations to you, because we are required to by law, or to protect your and our interests.

  1. “Review of automated decision making”

You have the right to a human review of decisions we have made about you by purely automated means. 

Please note that almost all of our decision-making is already reviewed by a person – we use automation to support our team members.

  1. “Objection to processing on the basis of legitimate interest” 

You have the right to object to the processing of your data where we use it to help us improve our services and develop our business. 

Technically, this is known as processing on the basis of our legitimate interests and there is more information about this processing in the Privacy Notice. 

We are required carefully to consider and respond to your objection and show that we have taken care to protect you when doing such processing; you may also require that we do not process your data while we are considering your objection.

  1. “Restriction of processing” 

You have the right, in certain other circumstances, to require us to stop processing your data. These circumstances are:

  • Where we disagree about the accuracy of the information we hold about you and while we are verifying that information.
  • Where we no longer require personal data that we hold about you and would normally erase it, but you wish us to retain it without otherwise processing it, for instance where you believe that you may need the information for your own purposes in a legal claim.
  • You believe that the processing of your data may cause you substantial harm or distress and that our processing is not justified in accordance with the law.

 

  1. “Direct marketing” 

You have the right to opt out of direct marketing. Note that if you do not specify which marketing you no longer wish to receive, we will stop sending you any marketing information. If you choose to opt out of receiving marketing communications, this will not affect the use of your personal data provided in connection with a purchase, experience, or subscription, where such data is used to send you communications based on our contractual obligations with you. 

You will need to tell us the email addresses, phone numbers and other relevant details, and you will understand that we will need to keep these details so that we can be sure not to add you back to marketing lists in error. 

You also, of course, have the right to opt back into marketing at any time.

  1. “Data portability”

In some circumstances, you have the right to ask us to transfer your data to another service provider directly. 

This can only be done where it is technically possible both for us and for the other service provider; we and they will let you know when this is the case.

 

  1. “Withdrawal of consent” 

Most of our processing of your data is performed for one of three reasons:

  • in service of a contract between you and us, or in order to enter into such a contract;
  • to comply with legal obligations placed on us by the government and our regulators; or
  • to help us improve our services by better understanding our customers and their needs.

However, in some cases we will ask you for your consent to processing. 

Where we have done so, you have the right to withdraw your consent at any time and we will stop processing. We will explain the consequences of withdrawing consent at the time we ask for it and when you ask to withdraw it.

If you would like to know more about our processing of your data or would like to exercise any of Your Rights, you can contact us on our details provided below.

Raise A Concern & Contact The DPO

If you would like to know more about our processing of your data or would like to exercise any of your rights, you can contact us at the details given below:

  • Full name of legal entity:                  Quintessentially (UK) Limited
  • Name or title of DPO:                          Securys Limited 
  • Email address:                                         [email protected]
  • Postal address:                                       29 Portland Place, London, W1B 1QB
  • Telephone number:                              00 44 203 073 6600

You have the right to lodge a complaint with the relevant data protection authority in your country of residence. Below is a list of countries where our group has key offices, along with the corresponding supervisory authorities. You may also contact any other competent authority in your jurisdiction.

Country

Data Protection Authority and Contact Information

 

 

 

 

United Kingdom

 

Information Commissioner’s Office 

Wycliffe House 

Water Lane 

Wilmslow 

Cheshire 

SK9 5AF 

Email: [email protected]

Telephone: 0303 123 1113 

 

 

 

 

 

Germany 

 

Federal Commissioner for Data Protection and Freedom of Information

 

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Graurheindorfer Str. 153
53117 Bonn

Telephone: +49(0)228 997799-0
E-mail: [email protected]

 

 

Hong Kong

 

Office of the Privacy Commissioner for Personal Data

Websitehttps://www.pcpd.org.hk/ 

 

 

 

 

 

Poland

 

Personal Data Protection Office


Urzad Ochrony Danych Osobowych
Stawki 2
00-193 Warsaw
Poland
Email: [email protected]
Tel. +48 22 531 03 00
Fax +48 22 243 05 69

 

 

Saudi Arabia

 

The Saudi Authority for Data and Artificial Intelligence

 

You can file complaints via the National Data Governance Platform here: File a Complaint

 

 

 

 

Singapore

 

Personal Data Protection Commission Singapore

 

Address: 10 Pasir Panjang Road, #03-01 Mapletree Business City Singapore 117438
Main Line: +65 6377 3131
Fax: +65 6577 3888

 

 

 

 

 

United States of America (USA)

 

It varies by state, but for convenience we have listed out the states where Quintessentially offices are located.

 

California - California Privacy Protection Agency

Website: https://cppa.ca.gov/

 

New York- New York Office of the Attorney General (OAG)

Website: https://ag.ny.gov/file-complaint

 

 

 

 

United Arab Emirates (UAE)

 

UAE Data Office (not established at the date of updating this Privacy Notice)

 

You may reach out to the Telecommunications and Digital Governance Regulatory Authority here: Contact us - TDRA

Email[email protected]

Telephone: +971 800 12

 

 

Privacy Notice For Residents Of Certain USA States (Including California residents per the CCPA)

If you are a resident of California or another  USA state that provides for individual privacy rights, , this section supplements our general Privacy Notice and describes how we collect, use, and disclose your personal information (as defined under the California Consumer Privacy Act, as amended, “CCPA”), along with your rights.

 

What Personal Information Do We Collect?

To understand the types of personal data we collect and how we obtain it, please refer to the “What personal data do we collect?” section of our general Privacy Notice.

The CCPA identifies eleven categories of “personal information”. Below is a summary of the categories of personal information we have collected within the past twelve (12) months:

CategoryWe CollectCategories of Recipients
  1. Identifiers
Real name, alias, postal address, unique personal identifier, IP address, email addressOrganizations providing services to Quintessentially
  1. Categories of personal information in Cal. Civ. Code Section 1798.80(e)
Telephone number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial informationOrganizations providing services to Quintessentially
  1. Characteristics of protected classifications under California or federal law
Age, citizenship, marital status, sexOrganizations providing services to Quintessentially
  1. Commercial information
Products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendenciesOrganizations providing services to Quintessentially
  1. Biometric Information
N/AN/A
  1. Internet or other electronic network activity information
Browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisementOrganizations providing services to Quintessentially
  1. Geolocation data
N/AN/A
  1. Audio, electronic, visual, thermal, olfactory, or similar information
AudioN/A
  1. Professional or employment-related information
Job and career history, professional membership and other relevant information from your CVOrganizations providing services to Quintessentially
  1. Non-Public Education information
Educational background and other relevant information from your CVOrganizations providing services to Quintessentially
  1. Inferences Drawn from Personal Information
Inferences drawn to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudesOrganizations providing services to Quintessentially

 

How We Collect Your Personal Information

We use and disclose the  personal information we collect for our commercial purposes, as further described in  the “How Do We Collect Your personal data?” sections of our general Privacy Notice, including for our business purposes and with our partners and service providers as follows:

  • Legal compliance and auditing related to our interactions with you.
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and exercising our related rights.
  • Performing and improving our services (by us or our service providers).
  • Internal operations.
  • Other one-time or short-term uses.

Additionally, we may collect Identity and Contact Data from a third-party data broker in the USA for USA residents only for the purposes of targeted marketing, customer acquisition, and lead generation. We will make every reasonable effort to ensure that such data is provided to us under a valid and lawful agreement without breach of any confidentiality clause and with all necessary approvals and authorizations, in accordance with applicable law.

When you visit or log in as a USA visitor to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or online profiles. We (or service providers on our behalf) may then send communications and marketing to these emails or profiles. You may opt-out of receiving such communications by emailing [email protected] or by visiting Retention.com (USA visitors only).

Purposes Of Collection

We collect and use your personal information for the business purposes described in the “Purposes of Processing & Legal Basis” section of our general Privacy Notice. 

Security And Retention Of Personal Information

To learn more about how we safeguard your personal information and the duration for which we retain it, please refer to the “How Do We Protect Your Personal Data?” and “How Long Will You Use My Personal Data For?” sections of our general Privacy Notice.

Sale Of Personal Information

 When you visit or log in to our website, our online data partners or vendors may collect personal information through cookies and similar technologies. This information can include identifiers such as IP addresses and details about your browsing activity, which we use to support our marketing efforts. Under the CCPA, such sharing may be considered a “sale” of personal information. Please refer to the “Do Not Sell My Personal Information” section below to learn more about how you can opt-out of such sharing.

Disclosure Of Personal Information For A Business Purpose

We share personal information with third parties described in the section Who Do We Share Your Personal Data With?. We have shared personal information with such third parties consistent with the business purpose(s) for which the information was collected, as described above.

Your Rights 

In addition to the rights described in the section “Your Data Protection Rights” of the general Privacy Notice, you are entitled to the following rights:

“Shine the Light” Request: You are entitled once a year, free of charge, to request and obtain certain information regarding our disclosure, if any, of certain categories of personal information to third parties for their own direct marketing purposes in the preceding calendar year. 

Do Not Sell My Personal Information: You may have the right to opt-out of the sale of your personal information  when  Quintessentially allows certain third parties to collect your personal information via tracking and advertising cookies. To opt-out of these cookies, visit Quintessentially’s cookie preference centre and follow the instructions. After opting-out of such cookies, if you clear the cookies on your browser that are associated with a Quintessentially website, this will remove your opt-out preferences and you will need to opt-out again from relevant cookies.

Right of Access: You have the right to request access, as described in the section “Your Data Protection Rights”, twice in a 12-month period, to personal information we have collected, used, disclosed and sold about you during the past 12 months. 

Right to Restrict the Use of Sensitive Personal Information: You have the right to restrict the use of your sensitive personal information. 

Freedom from Discrimination: You have the right to be free from unlawful  discrimination for exercising any of your privacy rights.

Information Provided on Behalf of Children and Others

The Quintessentially Services are not intended for use by children. Individuals under the age of 18 may not use the Quintessentially Services. Quintessentially does not knowingly collect any information from children. If you are under 18, do not attempt to register for the Quintessentially Services or send us any personal information. By accessing, using and/or submitting information through the Quintessentially Services, you represent that you are not younger than 18 and that you have authority to do so. If you are a parent or legal guardian of a minor child, you may, in compliance with this Privacy Policy, use the Quintessentially Services on behalf of such minor child. Information you provide through the Quintessentially Services on behalf of a minor child will be treated as personal information as provided herein. If you use the Quintessentially Services on behalf of another person, regardless of age, you represent and warrant that you have authority to do so. 

Make an enquiry