Last Updated: September 20, 2023
- Information We Collect and Receive
- How We Protect Customer Information
- California Privacy Notice
- California Privacy Rights
- Data Protection Officer
- Identifying The Data Controller And Processor
- Your Rights Under the European Data Protection Laws
- Data Protection Authority
- Contacting QReserve
- Document Updates
When we refer to “we”, “us”, “our” or “QReserve”, we mean the QReserve entity that acts as the controller or processor (on behalf of the controller) of your information, as explained in more detail in the “Identifying the Data Controller and Processor” section below.
If you are a user in the UK or the European Economic Area ("EEA"), please refer to our section "Your Rights Under the European Data Protection Laws" below which provides information on the rights that you have specifically under the EU General Data Protection Regulation and the UK's Data Protection Act 2018 (collectively we call them the "European Data Protection Laws").
If you are under the age of 16, or any higher minimum age in the jurisdiction where you reside, you are not permitted to use the Websites or the Services unless your parent has consented in accordance with applicable law. If we learn that we have collected Customer Information (defined below) of a child under the relevant minimum age without parental consent, we will take steps to delete the information as soon as possible. If you learn that anyone younger than 16 has unlawfully provided us with Customer Information, please contact us and we will takes steps to delete such Customer Information.
This section describes how QReserve may share and disclose Customer Information. Customers determine their own policies and practices for the sharing and disclosure of Customer Information in connection with their use of the Services, and QReserve does not control how they or any other third parties choose to share or disclose Customer Information.
- Customer’s Instructions: QReserve will share and disclose Customer Information in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement, in connection with the Customer’s use of Services functionality, and as required by applicable law. This would also include sharing information on social media services with your permission.
- Operating Systems and Platforms: Displaying the Services. When an Authorized User submits Customer Information, it may be displayed to other Authorized Users in the same or connected Sites. For example, an Authorized User’s email address may be displayed with their Site profile. Please consult the Help Center for more information on Services functionality.
- Public QReserve User Profiles: Certain data is visible to any QReserve user including, but not limited to, visitors of the Websites who may not necessarily be Customers or Authorized Users, institutional administrators, partnering companies, and any other member of the public. QReserve may offer services to display this information in various formats with the understanding that it is available to any party through our search engine. QReserve is not obligated to provide this data except under terms agreed upon by both parties.
- QReserve Site Members: Semi-Private data. These fields are private to general users but could be available to any administrators members of a Site of which you are a member.
- QReserve Site Administrators: Private data. This data is only visibile to Site administrators and we will not share it with other parties without your permission.
- Collaborating with Others: The Services provide different ways for Authorized Users working in independent Sites to collaborate, such as shared portals which connect data from multiple sites. Customer Information, such as an Authorized User’s profile Customer Information, may be shared, subject to the policies and practices of the other Site(s).
- Customer Access: Site administrators, Authorized Users and other Customer representatives and personnel may be able to access, modify or restrict access to Customer Information. This may include, for example, the applicable Customer using features of the Services to export logs of Site activity, or accessing or modifying your profile details.
- Third Party Service Providers and Partners: We may engage third party companies or individuals as service providers or business partners to process Customer Information and support our business. These third parties include virtual computing and storage services (such as Google Cloud) and email delivery services (such as SparkPost). View our current service providers here.
- Third Party Services: Customer may enable or permit Authorized Users to enable Third Party Services. When enabled, QReserve may share Customer Information with Third Party Services. Third Party Services are not owned or controlled by QReserve and third parties that have been granted access to Customer Information may have their own policies and practices for its collection and use. Please check the privacy settings and notices in these Third Party Services.
- Corporate Affiliates: QReserve may share Customer Information with its corporate affiliates, parents and/or subsidiaries.
- Business Transactions: If QReserve engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of QReserve’s assets or shares, financing, public offering of securities, acquisition of all or a portion of our business, any similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all Customer Information may be shared or transferred, subject to appropriate confidentiality arrangements.
- Google Calendar Integration: If you choose to connect your QReserve account to your Google account for our integration with Google Calendar then QReserve will store an OAuth Refresh token that allows us to communicate with Google on your behalf. QReserve does not store any information from your Google Calendar that did not originate from QReserve other than a unique ID of Google Calendar events generated from QReserve. When connecting to Google Calendar, QReserve temporary retreives a list of calendars for you to choose from to link to; however, only the chosen calendar ID is stored in QReserve after this step in order to facilitate the pushing of events to that calendar moving forward. Your authorized connection to Google can be revoked at any time either through your Profile page in QReserve or through your Google account settings.
- Microsoft 365 Integration: If you choose to connect your QReserve account to your Microsoft 365 account for our integration with Outlook Calendar then QReserve will store an OAuth Refresh token that allows us to communicate with Microsoft on your behalf. QReserve does not store any information from your Outlook Calendar that did not originate from QReserve other than a unique ID of Outlook Calendar events generated from QReserve. When connecting to Outlook Calendar, QReserve temporary retreives a list of calendars for you to choose from to link to; however, only the chosen calendar ID is stored in QReserve after this step in order to facilitate the pushing of events to that calendar moving forward. Your authorized connection to Microsoft 365 can be revoked at any time either through your Profile page in QReserve or through your Microsoft 365 account settings.
- Aggregated or De-identified Data: We may disclose or use aggregated or de-identified Customer Information for any purpose. For example, we may share aggregated or de-identified Customer Information with prospects or partners for business or research purposes, such as telling a prospective QReserve customer the average number of users or reservations made through a typical Site.
- To Comply with Laws: If we receive a request for information, we may disclose Customer Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
- To enforce our rights, prevent fraud, and for safety: We may disclose Customer Information to protect and defend the rights, property or safety of QReserve or third parties including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
- With Consent: QReserve may share Customer Information with third parties when we have consent to do so. For users outside of the UK and EEA, when you provide us with Customer Information in connection with your use of the Services or the Websites, you are deemed to consent to our collecting it and using it for the reasons outlined above.
QReserve does not sell individuals' personal information to anyone and QReserve does not share individuals' personal information with third parties for those parties' commercial use. The law also requires us to explicitly state that we do not sell the personal information of minors under 16 years old.
QReserve takes security of data very seriously. QReserve works hard to protect Customer Information you provide from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Customer Information we collect, process and store, and the current state of technology. Given the nature of communications and information processing technology, QReserve cannot guarantee that Customer Information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others.
We will retain your information for the period necessary to fulfill the purposes outlined in this Privacy Statement, to make our products and services available to you, or as instructed by you, unless a longer retention period is required or permitted by law.
Our data hosting center is currently located in Montréal, Québec, Canada and Toronto, Ontario, Canada. Should this change, please note that, should you continue to use the Websites and the Services, you may be transferring your Personal Data to countries outside of Canada, whose legal systems do not offer the same protection for your data as the laws of Canada.
The law requires QReserve to tell you about how we collect, use, and share your information in a certain way – specifically, we need to tie it back to "legal categories" of personal information that are listed in the law. To do this, we bundled up the information we gave you above in the sections titled Information We Collect and Receive; How We Use Customer Information; and How We Share and Disclose Information, and matched the different examples of personal information we collect about you with the legal categories. To make things easier to understand, we've put this information in a chart that shows you five things:
- The legal category of personal information,
- The types of personal information we collect about you for each legal category,
- The sources from which we collect each category of information,
- The purpose for why we collect and use your personal information for each category, and
- The business purpose for which we share your personal information, and who we share it with.
In certain circumstances, California residents may have the following rights regarding their personal information:
- The right to know what personal information we collect about you,
- The right to know how we share your personal information,
- The right to deletion of your personal information,
- The right to access and get a copy of the personal information we have about you, and
- The right to non-discrimination, or the right to equal service and price even when you exercise your privacy rights.
How to Make a Request: If you wish to exercise any of the rights we've described above, please contact us using any of the methods in the Contacting QReserve section below. Be ready to provide your name and email address, and if you have authorized an agent to make a request on your behalf, we will need you to provide the agent's name and email address, as well as your written authorization appointing the agent to make a request on your behalf.
You can contact us to make a request by email, phone, or regular mail.
To communicate with our Data Protection Officer, please refer to the section below titled "Contacting QReserve".
For the purposes of the European Data Protection Laws, the Customer is the controller of Customer Information and QReserve Inc., a Canadian company based in Hamilton, Ontario, Canada, is the processor of Customer Information relating to Authorized Users who use Sites established for Customers within and outside of the U.S. and Canada.
Individuals located in certain countries, including the UK and the EEA, have certain statutory rights as provided below in relation to their Personal Data processed by QReserve as controller. In relation to Personal Data for which QReserve acts as processor, data subjects must reach out to the relevant controller of that Personal Data to exercise their rights.
- Object To Processing. You may object to us processing your Personal Data where we rely on a legitimate interest as our legal grounds for processing your Personal Data.
- Rectification. You have the right to have inaccurate Personal Data rectified, or completed if it is incomplete.
- Automated Decision Making. These rights do not apply as we do not make any automated decisions about you.
- Restriction. You have the right to restrict us from processing your Personal Data in certain circumstances such as where you are contesting the accuracy of your Personal Data or you have objected to us processing your Personal Data. Whilst the restriction is in place we cannot do anything with the Personal Data in any way except to store it.
- Data Portability. You have the right to receive Personal Data that you have provided us a separate controller in a structured, commonly used and machine readable format. You can also request us to transmit this information directly to another controller. This is only applicable where the lawful basis we rely on to process your Personal Data is consent or for the performance of a contract.
- Erasure. You have the right to request that we erase your Personal Data in certain circumstances such as where your Personal Data is no longer necessary for the purpose for which we originally collected it, or we are relying on consent as the lawful basis for holding your Personal Data and you have withdrawn your consent.
- Withdraw Your Consent. Where we have relied on your consent to process your Personal Data, you have the right to withdraw the consent you have given us at any point. This is a vital and necessary aspect of consent. To withdraw your consent, you can contact us at the details in the "Contacting QReserve" section.
For you to exercise these rights, you can usually do this using the settings and tools provided in your Services account. If you cannot use the settings and tools, contact the Customer for additional access and assistance. Please check https://my.qreserve.com/memberships for Customer contact information. Alternatively please get in touch with us using the information in the section "Contacting QReserve". We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex and/or if we receive a high number of requests, in which case we will respond within three months.
Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the applicable laws.
Similarly, you may complain to the relevant supervisory authority in your country. In the UK this is the Information Commissioner's Office, information about how to contact this regulator can be found at www.ico.org.uk.
Any transfer of your Personal Data outside the UK and the EEA will be carried out in accordance with the European Data Protection Laws to safeguard your privacy rights and give you remedies in the unlikely event of a security breach or to any other similar approved mechanisms.
To the extent that QReserve’s processing of your Personal Data is subject to the European Data Protection Laws, we are allowed to process your Personal Data for the following reasons and on the following legal bases:
- To pursue our legitimate interests. We have good, sensible, practical reasons for processing your Personal Data as described in the section "How We Use Customer Information", which is in our interests; and
- To comply with our legal obligations and establish, exercise or defend our legal rights.
If you are outside of the UK or EEA, subject to applicable law, you have the right to (i) restrict QReserve’s use of Customer Information that constitutes your Personal Data and (ii) lodge a complaint with your local data protection authority or the Office of the Privacy Commissioner of Canada. If you are a resident of the UK or EEA and believe we maintain your Personal Data within the scope of the European Data Protection Laws, you may direct questions or complaints to the data protection regulator in your jurisdiction.
Office of the Privacy Commissioner of Canada
Phone: (819) 994-5444
Fax: (819) 994-5424
TTY: (819) 994-6591
30 Victoria Street
or on the Web at:
QReserve Privacy Inquiry
You may also contact us at firstname.lastname@example.org or at our mailing address below:
1063 King Street West, Suite 405
Hamilton, Ontario L8S 4S3
- Added a section to Information We Collect and Receive describing the type of information required to create and sustain a connection to Microsoft 365.
- Added a sentence to How We Protect Customer Information describing our retention policy being that required to provide services.
- Added a section to Information We Collect and Receive describing the type of information required to create and sustain a connection to Google Calendar.