Privacy Policy

Privacy Policy

Effective Date: October 2025

ServQual Limited (“ServQual”, “we”, “our”, “us”) values your privacy and is committed to protecting your personal data.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with applicable data-protection laws in the United Kingdom, United States, Singapore, Canada, Australia, New Zealand, South Africa, India, and the United Arab Emirates (UAE).

1. Information We Collect

1.1 Personal Data

We may collect information such as your name, email address, postal address, phone number, job title, organization, and payment or billing details when you use our services, request a demo, or contact us.
This information is collected during account creation on SUSAN, demo requests, training registration, and customer support interactions.

1.2 Usage Data

We collect technical data about how you interact with our website and platforms (IP address, browser type, device ID, pages viewed, timestamps, and referring URLs).

1.3 Cookies

We use cookies and similar technologies to personalize content, analyze usage, and improve your experience. You can manage or disable cookies in your browser settings.

2. How We Use Your Information

2.1 To Provide Services

To create and manage your SUSAN account, provide access to the platform and training content, process orders, deliver requested services, respond to inquiries, and provide technical support.

2.2 To Improve Our Services

To analyze performance, monitor uptime, detect fraud, and enhance cybersecurity controls across our platforms.

2.3 Marketing and Communication

We will only send product updates, newsletters, event invites, or promotional materials if you have explicitly opted in.
You may withdraw your consent at any time through unsubscribe links in emails, from your SUSAN profile settings, or by emailing susan@srql.com

2.4 Legal Compliance

To comply with applicable laws, regulations, and lawful requests from public authorities.

2.5 Lawful Basis for Processing (GDPR)

We process personal data based on:

  • Contractual necessity (to provide SUSAN services and training you request)
  • Legitimate interests (security monitoring, fraud prevention, service improvement)
  • Consent (for marketing and promotional communications)

3. Sharing Your Information

3.1 Third-Party Service Providers

We share data only with trusted partners (e.g., payment processors, hosting providers, analytics tools) that help us operate our business. These partners are contractually obligated to protect your information.

3.2 Legal Requirements

We may disclose data when required by law or to respond to valid legal processes.

3.3 Business Transfers

In case of a merger, acquisition, or sale of assets, your information may be transferred under the same privacy commitments.

4. Data Security

We employ administrative, technical, and physical safeguards—including encryption, SSL/TLS, access controls, and periodic security assessments—to protect your data from unauthorized access, alteration, or loss.
No online system is entirely secure, but we continually update our controls to meet industry standards.

5. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access and Correction – request access to or correction of your data.
  • Data Portability – obtain a copy in a structured, machine-readable format.
  • Deletion (“Right to be Forgotten”) – request deletion when data is no longer needed.
  • Restriction / Objection – limit or object to processing.
  • Withdraw Consent – revoke consent where processing is based on consent.
  • For users in India, you may withdraw consent at any time in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act). Upon withdrawal, we will cease processing for that purpose unless required by law.

To exercise these rights, email susan@srql.com.

6. International Data Transfers

Your data may be stored or processed outside your country. We ensure all transfers comply with applicable laws using Standard Contractual Clauses, adequacy decisions, or equivalent safeguards.

7. Data Retention

We retain personal data for as long as your account is active and for a reasonable period thereafter to comply with legal, security, audit, and dispute-resolution obligations. When no longer required, data is securely deleted or anonymized.

8. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect children’s data.
If you believe we have done so inadvertently, contact us to remove it.

9. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements.
The latest version will always be available on our website, showing its effective date.

10. Contact Us

Email: susan@srql.com
Postal Address: ServQual Limited. 31 Dashers Close, Crowthorne, England RG45 6GX, GB, United Kingdom
Phone: +44 7784981168

11. Jurisdiction-Specific Information

11.1 United Kingdom / European Union

Compliant with the UK and EU GDPR.
You may lodge complaints with the Information Commissioner’s Office (ICO) or your local data-protection authority.

11.2 United States

Certain states (e.g., California, Virginia) grant additional rights under the CCPA/CPRA or similar laws.
See our U.S. State Privacy Notice for details.

11.3 India

Compliant with the Digital Personal Data Protection Act 2023 (DPDP Act) and related IT Rules.
For grievances, contact our Data Protection Officer (DPO) at susan@srql.com.

11.4 United Arab Emirates (UAE)

Compliant with the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL).
UAE residents may exercise rights to access, correction, deletion, or objection by contacting susan@srql.com.
We ensure local-law compliance for data hosting and cross-border transfers where applicable.

11.5 Singapore

Compliant with the Personal Data Protection Act 2012 (PDPA).
Singapore residents may reach us at susan@srql.com for privacy matters.

11.6 Canada

Compliant with PIPEDA.
Canadian residents may request access or correction via susan@srql.com.

11.7 South Africa

Compliant with POPIA.
Residents may request access, correction, or object to processing by contacting susan@srql.com.

11.8 Australia

Compliant with the Privacy Act 1988 and Australian Privacy Principles (APPs).
Complaints may be made to the Office of the Australian Information Commissioner (OAIC).

11.9 New Zealand

Compliant with the Privacy Act 2020.
Complaints may be lodged with the Office of the Privacy Commissioner (OPC).