General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a new European privacy regulation which replaces the EU Data Protection Directive called Directive 95/46/EC. The GDPR aims to strengthen the security and protection of personal data in the EU and harmonise EU data protection law. The effective date for GDPR is May 25, 2018. It provides data subjects with an array of privacy rights, which provide individuals with greater transparency into and control over uses of their personal information.

1. What is Qdos Sales Limited doing for the GDPR?

As a new organisation reliant on data, we are huge advocates GDPR because we think it gives individuals important rights over their data. It helps us provide an even better level of trust with users regarding how their data is processed and stored over the internet. We also believe GDPR is the new global standard for data protection and we continuously work to maintain compliance with GDPR. Qdos Sales Limited is committed to always operating in the best interests of our customers and this includes compliance with GDPR.

We are constantly learning from external GDPR experts who specialise in compliance, gathering information, and making the needed investments as required by law.

2. GDPR Key Principles

Several major principles underpin many of the requirements found in the GDPR in regards controlling and processing the personal data:

Fairness and Transparency

Organisations must always process personal data lawfully, fairly, and in a transparent manner.

Purpose Limitation

Organisations can collect personal data only for specified, explicit, and legitimate purposes. They cannot further process personal data in a manner that’s incompatible with those purposes.

Data Minimisation

Organisations can collect only personal data that’s adequate, relevant, and limited to what’s necessary for the intended purpose.


Personal data must be accurate and, where necessary, kept up to date.

Data Deletion

Personal data must be kept only for as long as it’s needed to fulfill the original purpose of collection.


Organisations must use appropriate technical and organisational security measures to protect personal data against unauthorised processing and accidental disclosure, access, loss, destruction, or alteration.


A data controller is responsible for implementing measures to ensure that the personal data it controls is handled in compliance with the principles of the GDPR.

3. Data Controller vs. Data Processor

In order to fully understand who is responsible for which personal data, you need to understand the difference between the data processor and the data controller.

Data processor

You are the data processor when you process personal data on behalf of a data controller.

Data controller

You are the data controller when you decide the "purposes" and "means" of any processing of personal data.

Qdos Sales Limited as a Data Processor

The places and people you store in Qdos Sales Limited as accounts and/or contacts are your data subjects, and you are considered the data controller for this personal data. Using the Qdos Sales Limited app to manage your customers means that you have engaged Qdos Sales Limited as a data processor to carry out certain processing activities on your behalf. According to Article 28 of the GDPR, the relationship between the controller and the processor needs to be made in writing (electronic form is acceptable under subsection (9) of the same Article).

This is where our User Agreement and Privacy Policy are relevant. These two documents also serve as your data processing contract, setting out the instructions that you are giving to Qdos Sales Limited with regard to processing the personal data you control and establishing the rights and responsibilities of both parties. Qdos Sales Limited will only process your client data based on your instructions as the data controller.

Qdos Sales Limited as a Data Controller

Additionally, Qdos Sales Limited acts as the data controller for the personal data we collect about you, the user of Qdos Sales Limited services including website, web app, mobile apps. We process your personal data necessary for us to perform our contract with you (GDPR Article 6(1)(b)). We process your personal data to meet our obligations under the law (GDPR Article 6(1)(c)). This primarily involves financial data and information that we need to meet our accountability obligations under the GDPR.

We process your personal data for our legitimate interests in line with GDPR Article 6(1)(f).

4. Individual Rights

The GDPR grants you a number of rights regarding how Qdos Sales Limited handles your personal data.

Data Access

You have the right to confirm with Qdos Sales Limited whether Qdos Sales Limited is processing your personal data.

Right to Object

You can, in certain cases, object at any time to the processing of your personal data, in particular if the processing is for direct marketing purposes.

Data Rectification

You can send us a request to correct or complete personal data if the data is inaccurate or incomplete.

Restriction of Processing

You can request Qdos Sales Limited to stop access to and modification of your personal data.

Data Portability

Qdos Sales Limited provides functionality on the dashboars to export your data for your users, accounts, and activity in CSV format so that you can transmit your own personal data to another company. In certain cases, you have the right to ask Qdos Sales Limited to provide additional personal data, also in a structured, commonly used, and machine-readable format such as a CSV file.

Right to Erasure

This is also known as "the right to be forgotten." This right empowers you to request that Qdos Sales Limited delete or remove your personal data in situations such as when the data is no longer needed for the original purpose, when the data subject withdraws consent, or when the data subject objects to the processing and the controller has no overriding legitimate interest in the processing. Qdos Sales Limited provides you this functionality in the settings section of the Qdos Sales Limited web app.


If you have any questions or feedback, or need to reach our Data Protection Officer, please reach out to our support team by email