Privacy Policy

1. Introduction and Data Controller

AQS IT Solutions (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy will inform you about how we handle your personal data, your privacy rights, and how the law protects you.

1.1 Data Controller

For the purposes of applicable data protection laws, AQS IT Solutions is the data controller responsible for your personal data.

Contact Details:

• Company Name: AQS IT Solutions
• Email: info@aqsitsolutions.com
• UK Phone: +44 7511 566436
• Pakistan Phone: +92 333 5016604
• Website: https://aqsitsolutions.com

1.2 Our Commitment

We are committed to:

• Processing your personal data lawfully, fairly, and transparently
• Collecting data only for specified, explicit, and legitimate purposes
• Ensuring data accuracy and keeping it up to date
• Retaining data only as long as necessary
• Processing data securely with appropriate technical and organizational measures

2. Scope and Application

This Privacy Policy applies to:

• Website Visitors: Anyone who visits aqsitsolutions.com or any of our web properties
• Clients and Customers: Individuals and businesses who engage our services
• Newsletter Subscribers: Those who subscribe to our mailing lists
• Contact Form Users: Individuals who submit inquiries through our website
• Service Users: Users of our web development, CCTV systems, digital marketing services, and other offerings
• Job Applicants: Individuals who apply for positions with AQS IT Solutions

2.1 Geographic Scope

AQS IT Solutions operates in multiple jurisdictions:

• United Kingdom: Subject to UK GDPR and Data Protection Act 2018
• European Union: Subject to GDPR (for EU clients)
• United States: Subject to applicable federal and state laws including CCPA (California)
• Pakistan: Subject to local data protection regulations
• Other Jurisdictions: We comply with applicable local laws where we operate

3. Information We Collect

We may collect, use, store, and transfer different kinds of personal data about you, categorized as follows:

3.1 Identity Data

• First name and last name
• Username or similar identifier
• Title (Mr., Mrs., Ms., Dr., etc.)
• Date of birth (when relevant for age verification)
• Job title and company name (for business clients)

3.2 Contact Data

• Email address
• Telephone numbers (mobile and landline)
• Billing address
• Business address
• WhatsApp contact information

3.3 Financial Data

• Bank account details (for payment processing)
• Payment card information (processed securely through third-party payment processors)
• Billing and transaction history
• Tax identification numbers (when required)

3.4 Transaction Data

• Details about payments to and from you
• Services purchased or inquired about
• Project specifications and requirements
• Service agreements and contracts

3.5 Technical Data

• IP address
• Browser type and version
• Device type and operating system
• Time zone setting and location data
• Browser plug-in types and versions
• Screen resolution
• Other technology on devices used to access our website

3.6 Usage Data

• Information about how you use our website and services
• Pages visited and time spent on pages
• Links clicked and documents downloaded
• Search queries on our website
• Service interaction logs

3.7 Marketing and Communications Data

• Your preferences for receiving marketing communications
• Communication preferences (email, phone, post)
• Newsletter subscription status
• Responses to surveys and feedback forms

3.8 Special Categories of Data

We do not generally collect special categories of personal data (such as health information, religious beliefs, or biometric data) unless specifically required for certain services and with your explicit consent.

3.9 Service-Specific Data

For CCTV Services:

• Property layouts and security requirements
• Access credentials for camera systems
• CCTV footage (stored as per your instructions and legal requirements)

For Web Development Services:

• Website content and materials provided
• Login credentials for hosting and CMS platforms
• Analytics and performance data

For Medical Billing Services:

• Patient data (processed on behalf of healthcare providers)
• Insurance information
• Medical coding data
• Note: We act as a data processor for medical data, with healthcare providers as controllers

4. How We Collect Information

4.1 Direct Interactions

You provide data directly when you:

• Fill out contact forms or request quotes
• Sign service agreements or contracts
• Subscribe to newsletters or mailing lists
• Request marketing materials or information
• Provide feedback, reviews, or testimonials
• Contact us via email, phone, WhatsApp, or social media
• Create an account or user profile
• Submit job applications

4.2 Automated Technologies

We automatically collect data as you interact with our website using:

• Cookies: Small files stored on your device
• Server Logs: Automatically recorded by our web servers
• Analytics Tools: Google Analytics and similar platforms
• Pixel Tags: Transparent graphic images for tracking

4.3 Third-Party Sources

We may receive data from:

• Analytics Providers: Google Analytics, similar tools
• Advertising Networks: Google Ads, Facebook Ads, LinkedIn Ads
• Payment Processors: PayPal, Stripe, bank payment gateways
• Social Media Platforms: LinkedIn, Facebook, Twitter (when you interact with our content)
• Business Directories: Public business information databases
• Referral Partners: When referred by business partners with your consent

5. How We Use Your Information

We use your personal data for the following purposes:

5.1 Service Delivery

• Providing requested services (web development, CCTV installation, SEO, etc.)
• Managing client accounts and relationships
• Processing payments and managing billing
• Delivering projects and support services
• Troubleshooting and technical support
• Communicating about services, updates, and changes

5.2 Business Operations

• Managing and improving our website and services
• Conducting data analysis and research
• Testing new features and functionality
• Maintaining security and preventing fraud
• Administering business operations
• Enforcing terms and conditions

5.3 Marketing and Communications

• Sending promotional materials about our services (with consent)
• Displaying targeted advertising
• Newsletter distribution
• Conducting surveys and gathering feedback
• Marketing campaign management
• Social media engagement

5.4 Legal and Compliance

• Complying with legal obligations
• Responding to legal requests and preventing legal misuse
• Protecting our rights, property, and safety
• Enforcing contracts and agreements
• Conducting audits and compliance reviews

5.5 Analytics and Improvement

• Understanding how visitors use our website
• Analyzing trends and user behavior
• Improving service quality and user experience
• Developing new services and features
• Measuring marketing campaign effectiveness

6. Legal Basis for Processing (GDPR)

6.1 Consent

We process certain data based on your explicit consent, such as:

• Marketing communications and newsletters
• Non-essential cookies
• Testimonials and case study participation
• Special categories of data (if applicable)

You have the right to withdraw consent at any time.

6.2 Contractual Necessity

Processing is necessary to perform our contract with you, including:

• Delivering services you’ve purchased
• Processing payments
• Providing customer support
• Managing your account

6.3 Legal Obligation

We process data to comply with legal obligations, such as:

• Tax and accounting requirements
• Responding to lawful requests from authorities
• Compliance with employment laws
• Anti-money laundering regulations

6.4 Legitimate Interests

We process data based on our legitimate business interests, including:

• Improving and developing our services
• Marketing and business development
• Network and information security
• Fraud prevention
• Business analytics and insights

We balance our legitimate interests against your rights and freedoms.

6.5 Vital Interests

In rare cases, we may process data to protect vital interests (yours or another person’s), such as in emergency situations.

7. Data Sharing and Third Parties

We may share your personal data with the following categories of recipients:

7.1 Service Providers (Data Processors)

We work with trusted third-party service providers who process data on our behalf:

All service providers are contractually bound to protect your data and use it only for specified purposes.

7.2 Business Partners

We may share data with business partners for:

• Joint marketing initiatives (with your consent)
• Referral programs
• Co-delivery of services
• Technology partnerships

7.3 Professional Advisors

We may share data with:

• Lawyers and legal advisors
• Accountants and auditors
• Business consultants
• Insurance providers

7.4 Legal and Regulatory Authorities

We may disclose data to:

• Law enforcement agencies
• Regulatory bodies
• Tax authorities
• Courts and tribunals

Only when required by law or to protect our legal rights.

7.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections.

7.6 We Do NOT Sell Your Data

8. International Data Transfers

AQS IT Solutions operates in multiple countries (United Kingdom, United States, and Pakistan). Your personal data may be transferred to, stored in, and processed in countries outside your country of residence.

8.1 Transfer Mechanisms

When we transfer data internationally, we ensure appropriate safeguards are in place:

• Adequacy Decisions: Transfers to countries deemed to provide adequate protection by the UK Information Commissioner’s Office (ICO) or European Commission
• Standard Contractual Clauses (SCCs): EU-approved contractual terms for data transfers
• Binding Corporate Rules: Internal data protection policies approved by supervisory authorities
• Your Consent: Explicit consent for specific transfers where appropriate

8.2 Data Storage Locations

Your data may be stored in:

• United Kingdom: Primary data centers for UK/EU clients
• European Union: Cloud infrastructure within the EU
• United States: Cloud services (AWS, Google Cloud) with appropriate safeguards
• Pakistan: Administrative and support operations

8.3 Data Protection Standards

Regardless of where your data is processed, we maintain the same high standards of data protection in compliance with GDPR and UK data protection laws.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations.

9.1 Retention Periods

9.2 Secure Deletion

When data is no longer needed, we securely delete or anonymize it using industry-standard methods to prevent recovery or reconstruction.

9.3 Legal Holds

Data subject to legal holds, investigations, or litigation will be retained until the matter is resolved, regardless of standard retention periods.

10. Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration.

10.1 Technical Measures

• Encryption: Data encrypted in transit (SSL/TLS) and at rest
• Firewalls: Network firewalls and intrusion detection systems
• Access Controls: Role-based access and multi-factor authentication
• Secure Servers: Regularly updated and patched systems
• Backup Systems: Regular encrypted backups with secure storage
• Security Monitoring: 24/7 monitoring for suspicious activity
• Antivirus/Antimalware: Enterprise-grade protection on all systems

10.2 Organizational Measures

• Staff Training: Regular data protection and security training
• Confidentiality Agreements: All staff sign confidentiality agreements
• Access Restrictions: Need-to-know basis for data access
• Vendor Management: Due diligence and contracts with processors
• Incident Response Plan: Procedures for data breach response
• Regular Audits: Periodic security and compliance reviews

10.3 Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours (as required by GDPR)
• Notify affected individuals without undue delay
• Provide information about the breach and recommended protective measures
• Take immediate action to contain and remedy the breach

11. Your Privacy Rights

11.1 Right to Be Informed

You have the right to clear, transparent information about how we use your data (provided in this Privacy Policy).

11.2 Right of Access

You can request a copy of the personal data we hold about you. We will provide this free of charge within one month of your request.

11.3 Right to Rectification

You can request correction of inaccurate or incomplete personal data. We will update your data within one month.

11.4 Right to Erasure (“Right to Be Forgotten”)

You can request deletion of your personal data in certain circumstances, such as:

• Data is no longer necessary for the purpose collected
• You withdraw consent (where consent was the legal basis)
• You object to processing and there are no overriding legitimate grounds
• Data was unlawfully processed
• Deletion is required for legal compliance

Note: This right is not absolute and may not apply if we have legal obligations to retain data.

11.5 Right to Restrict Processing

You can request that we limit how we use your data in certain situations:

• You contest the accuracy of the data
• Processing is unlawful but you don’t want data erased
• We no longer need the data but you need it for legal claims
• You’ve objected to processing pending verification of our legitimate grounds

11.6 Right to Data Portability

You can request a copy of your data in a structured, commonly used, machine-readable format and have it transferred to another organization where technically feasible.

11.7 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds that override your interests.

11.8 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produces legal effects or similarly significantly affects you. We do not currently use automated decision-making for such purposes.

11.9 Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

11.10 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: info@aqsitsolutions.com
• Phone: +44 7511 566436 (UK) / +92 333 5016604 (Pakistan)

We will respond to your request within one month (extendable by two months for complex requests). We may require proof of identity to process your request.

11.11 Right to Lodge a Complaint

If you’re unhappy with how we’ve handled your data, you have the right to lodge a complaint with the relevant supervisory authority:

• UK: Information Commissioner’s Office (ICO) – https://ico.org.uk
• EU: Your local data protection authority
• USA: Federal Trade Commission (FTC) – https://ftc.gov

12. Cookies and Tracking Technologies

12.1 What Are Cookies?

Cookies are small text files placed on your device when you visit our website. They help us provide a better user experience and understand how our website is used.

12.2 Types of Cookies We Use

12.3 Third-Party Cookies

We use third-party cookies from:

• Google Analytics: Website traffic and behavior analysis
• Google Ads: Advertising and remarketing
• Facebook Pixel: Social media advertising and tracking
• LinkedIn Insights: Professional network advertising

12.4 Managing Cookies

You can control cookies through:

• Browser Settings: Most browsers allow you to refuse or accept cookies
• Cookie Consent Tool: Use our cookie banner to manage preferences
• Opt-Out Tools: Google Analytics opt-out browser add-on

Note: Disabling certain cookies may affect website functionality.

12.5 Other Tracking Technologies

We also use:

• Web Beacons/Pixels: Transparent images to track email opens and page views
• Local Storage: Browser storage for preferences and data
• Session Storage: Temporary data storage during your visit

13. Children’s Privacy

Our services are not directed to children under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal data from children.

If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information as quickly as possible.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at info@aqsitsolutions.com.

14. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

14.1 Right to Know

You have the right to request information about:

• Categories of personal information collected
• Sources of personal information
• Business or commercial purposes for collection
• Categories of third parties with whom we share data
• Specific pieces of personal information we hold about you

14.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

14.3 Right to Opt-Out of Sale

Important: AQS IT Solutions does NOT sell personal information to third parties. We do not sell, rent, or trade your data for monetary or other valuable consideration.

14.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights, including:

• Denying goods or services
• Charging different prices or rates
• Providing different quality of services

14.5 Authorized Agents

California residents may designate an authorized agent to make requests on their behalf. The agent must provide written authorization and proof of authority.

14.6 Exercising CCPA Rights

To exercise your CCPA rights:

• Email: info@aqsitsolutions.com
• Phone: +44 7511 566436
• Include “California Privacy Request” in the subject line

We will respond to verifiable requests within 45 days (extendable by 45 days if necessary).

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

15.1 Notification of Changes

When we make material changes to this Privacy Policy, we will:

• Update the “Last Updated” date at the top of this page
• Post a notice on our website homepage
• Send email notifications to registered users (for significant changes)
• Obtain consent where required by law

15.2 Your Continued Use

Continued use of our services after changes take effect constitutes acceptance of the updated Privacy Policy. If you do not agree with changes, please discontinue use of our services.

15.3 Reviewing the Policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.