Privacy Policy

June 2023

Privacy Policy Summary

This Privacy Policy explains what information we gather about you, what we use that information for and to whom we give that information to. It also sets out your rights in relation to your personal information and who you can contact for more information or queries.

– Who this Privacy Policy applies to and what it covers?
– What information we collect?
– How we use information about you?
– The legal grounds we use for processing personal information.
– Who we disclose your information to?
– Protection of your personal information.
– How long we keep your information for?
– Your rights.
– Right to complain.
– Changes to this Privacy Policy.

Who this Privacy Policy applies to and what it covers

This Privacy Policy applies to:

  • Qarad BV, with registered office address at Cipalstraat 3, 2440 Geel, Belgium
  • Qarad EC-REP BV, with registered office address at Pas 257, 2440 Geel, Belgium
  • Qarad UK Ltd, with registered office address at 8 Northumberland Ave, Westminster, London WC2N 5BY, United Kingdom 
  • Qarad Suisse S.A, with registered office address at World Trade Center, Av. de Gratta-Paille 2, CH 1018 Lausanne, Switzerland (“Qarad”, “we”,”us” or “our”).

Each Qarad entity is a separate and independent legal entity, and this Privacy Policy applies to each separately and unseverally.
We are committed to protecting your privacy and handling your information in an open and transparent manner.
This Privacy Policy sets out how we will collect, handle, store and protect information about you when:

  • providing services to you or our clients;
  • you use “our Website” or
  • performing any other activities that form part of the operation of our business, as described in further detail below.

When we refer to “our Website” or “this Website” in this policy we mean the specific webpages with a URL commencing and
This Privacy Policy also contains information about when we share your personal data with third parties (for example, our service providers).
In this Privacy Policy, your information is sometimes called “personal data” or “personal information”. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal information as “processing” such personal information.

What information we collect

In the course of providing services to you or our clients and performing due diligence checks in connection with our services (or discussing possible services we might provide), we will collect or obtain personal data about you.
We may collect or obtain such data because you give it to us (for example in a form on our Website), because other people give that data to us (for example your employer or adviser, or third-party service providers that we use to help operate our business) or because it is publicly available.
The personal data that we collect or obtain may include:

  • your first name;
  • your last name;
  • your date of birth;
  • your age;
  • gender;
  • e-mail address;
  • telephone number;
  • work address;
  • country of residence;
  • employment details (for example, the organization you work for and/or your job title).

The types of personal data that we collect may vary depending on the nature of the services that we provide to you or our client.
Where we are provided with personal data about you by our client, we use reasonable efforts to include clauses into the contract with the client that will require them to comply with the privacy laws and regulations relevant to that information; this may include, for example, that the client has provided you with notice of the collection (and other matters) and has obtained any necessary consent for us to process that information as described in this Privacy Policy.
We understand the importance of protecting children’s privacy. Our Website and services are not designed for, or intentionally targeted at, children. It is not our policy to intentionally collect or store information about children.

How we use information about you

We will use your personal data to provide you or our client with the requested services. As part of this, we may also use your personal data in the course of correspondence relating to the services. Such correspondence may be with you, our client, our service providers or competent authorities. We may also use your personal data to conduct due diligence checks relating to the services. Because we provide a wide range of services to our clients, the way we use personal data in relation to our services also varies.
For example, we might use personal data:

  • to establish and fulfill a contract with you, for example, if you enter into an agreement to provide or receive services. This may include verifying your identity, taking payments, communicating with you, providing customer services and arranging the provision of products or services. We require this information in order to enter into a contract with you and are unable to do so without it;
  • about a client’s employees and customers in the course of conducting an audit (or similar activity) for a client;
  • about a client to contact him during the performance of our services and keep them informed of the project’s progress or in order to communicate them our projects’ deliverables.

We may also use your personal data for the purposes of, or in connection with:

  • applicable legal or regulatory requirements;
  • requests and communications from competent authorities;
  • administrative purposes;
  • financial accounting and invoicing purposes;
  • client relationship purposes, which may involve: (i) sending you details on our products and services that we think might be of interest to you; (ii) contacting you to receive feedback on our services; (iii) contacting you for other market or research purposes; and (iv) invite you to events organised by Qarad or the QbD Group. In all above cases, we give you the opportunity to decline our offers and requests at any time. In specific cases if needed, for example in case you are not yet a client, we will make sure to obtain your prior consent before sending you communications’ materials or other marketing requests (see also below, “The legal grounds we use for processing personal information”).

The legal grounds we use for processing personal information

We are required by law to set out in this Privacy Policy the legal grounds on which we rely in order to process your personal data.
As a result, we use your personal data for the purposes outlined above because:

  • of the legal and regulatory obligations that we are subject to, such as keeping records for regulatory or tax purposes or providing information to a public body or law enforcement agency;
  • execution of preparation of a contract;
  • the information is required in order to provide our services to you or our client;
  • of our legitimate interests in the effective delivery of our services to you or our client;
  • of our legitimate interests in the effective and lawful operation of our business so long as such interests are not outweighed by your interests.

Where we are legally required to obtain your explicit consent to provide you with certain marketing materials, we will only provide you with such marketing materials where we have obtained such consent from you or when we have entered into an agreement to provide services to you.

If you do not want to continue receiving any marketing materials from us, you can click on the unsubscribe function in any such communication.

Who we disclose your information to

We may share your personal data with the below third parties:

  • other entities of the QbD Group for the purpose of operating the global business;
  • our professional advisors such as our auditors and external legal and financial advisors;
  • marketing and communications agencies where they have agreed to process your personal data in line with this Privacy Policy;
  • our suppliers, business partners and sub-contractors; and/or
  • search engine and web analytics;
  • competent authorities;
  • other third parties that reasonably require access to personal data relating to you for one or more of the purposes outlined in the “How we use information about you?” section above.

Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if needed for the legal protection of our legitimate interests in compliance with applicable laws.
Personal data may also be shared with third party service providers who will process it on behalf of Qarad for the purposes above. Such third parties include, but are not limited to, providers of website hosting, maintenance and call centre operation.

Protection of your personal information

We use a range of physical, electronic and managerial measures to ensure that we keep your personal data secure, accurate and up to date. These measures include:

  • education and training to relevant staff to ensure they are aware of our privacy obligations when handling personal data;
  • technological security measures, including fire walls, encryption, anti-virus software and restricted access to recruitment information;
  • physical security measures,
    such as staff security badges to access our premises and
    locked cabinets for recruitment information in paper format.

Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect personal data, we will endeavor to protect this information to the best of our ability.

How long we keep your information for

We will hold your personal data on our systems for the longest of the following periods:

  • as long as is necessary for the relevant activity or services;
  • any retention period that is required by law; or
  • the end of the period in which litigation or investigations might arise in respect of the services
  • fifty (50) years.

Where is my data stored

The personal data that we collect from you is stored within the European Economic Area (“EEA”), however in some specific cases it may be transferred to and stored outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers, in which case the third country’s data protection laws will have been approved as adequate by the European Commission or other applicable safeguards are in place.

Your rights

You have various rights in relation to your personal data. In particular, you have a right to:

  • obtain confirmation that we are processing your personal data and request a copy of the personal data we hold about you;
  • ask that we update the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete;
  • ask that we delete personal data that we hold about you, or restrict the way in which we use such personal data;
  • withdraw consent to our processing of your personal data (to the extent such processing is based on consent);
  • receive a copy of the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit such personal data to another party (to the extent the processing is based on consent or a contract);
  • object to our processing of your personal data.

To exercise any of your rights, or if you have any other questions about our use of your personal data, please email 
or call our office at +32(0)14 49 04 22. You may also use these contact details if you wish to make a complaint to us relating to your privacy.

Right to complain

If you are unhappy with the way we have handled your personal data or any privacy query or request that you have raised with us, you have a right to complain to the Data Protection Authority (“DPA”) in your jurisdiction.

The Belgian Data Protection Authority is supervisory authority for Qarad BV (Belgium) and Qarad EC-REP BV and can be contacted via:

Belgian Data Protection Authority Gegevensbeschermingautoriteit (GBA)
Rue de la Presse 35 / Drukpersstraat 35
1000 Bruxelles / 1000 Brussel
Tel. +32 2 274 48 00

The English Data Protection Authority is supervisory authority for Qarad UK Ltd (United Kingdom) and can be contacted via:

Information Commissioner’s Office (ICO)
Wycliffe House Water Lane
Telephone: 0303 123 1113
Textphone: 01625 545860

The Federal Data Protection and Information Commissioner is the supervisory authority for Qarad Suisse S.A. can be contacted via:

Federal Data Protection and Information Commissioner
Feldeggweg 1
CH – 3003 Bern
Tel. : +41 (0) 58 462 43 95
Email : see online submission form on below website

Changes to this Privacy Policy

We may modify or amend this Privacy Policy from time to time.

To let you know when we make changes to this Privacy Policy, we will amend the revision date at the top of this page. The new modified or amended Privacy Policy will apply from that revision date. Therefore, we encourage you to periodically review this statement to be informed about how we are protecting your information.


ISO 13485 and ISO 27001 certified
Pas 257, 2440 Geel BELGIUM
+32 (0)14 49 04 22

Ⓒ2022 QARAD. All right reserved

IFUcare and Qarad are part of the