Privacy Policy

This privacy policy for Short Path Limited (doing business as QSO Director) ("Company," "we," "us," or "our"), describes how and why we might collect, store, use, and/or share ("process") your information when you use our service(s).

Our Details

Registered Name: Short Path Limited
Company Number: 08145016
ICO Registration Number: ZB178007

The types of information we collect

1. Information we collect and process for all users

• Callsign
• Name
• Email Address

2. Information we may optionally collect and process if a user chooses to provide it

• Any information you may provide in your profile biography
• Any images you may upload as part of your profile
• Any links to your social media profiles
• Any credentials to 3rd party services (QRZ, ClubLog etc.)

How we collect this information

All the personal information we collect is provided directly by you.

Why we collect this information

We use the information that you have provided to us so that we may provide amateur radio related services via qso-director.com and its associated software and services. Under the EU General Data Protection Regulation (GDPR) and UK General Data Protection Regulation (UK GDPR) our lawful bases for collecting and processing this information is:

• Your Consent This can be removed at any time by emailing us at [email protected] with your request
• Contractual Obligation we have to collect or use the information so we can enter into or carry out a contract with you
• Legitimate interests

We rely on consent for optional profile information (such as images, biography, and links).

We rely on contractual obligation for providing the core services (callsign, name, email address).

We rely on legitimate interests for security monitoring, fraud prevention, and service improvement.

We rely on legitimate interests for retaining the log data (QSO records) on the following bases:

• Amateur radio logs are by nature public and shared.
• Deleting logs would harm other users’ records.
• We minimise risk by delinking the logs from personally identifying details once an account is closed.

Sharing of data with third parties

In order to deliver our services to you, it may be necessary to share some information with third parties such as qrz.com, clublog.com etc.

This will always be at your request as a result of you providing the necessary credentials and information in order to connect with the third parties and the data shared will be the minimum necessary to deliver the service to you.

Your data is never sold to any third party

How we store your information

Your data is stored in a secure encrypted database hosted by Microsoft Azure and operated by Short Path Limited. It is physically located within the UK.

Where data may be transferred outside the UK or EU, we ensure that adequate safeguards are in place, such as the use of standard contractual clauses approved by the UK/EU

How we protect your information

We implement appropriate technical and organisational measures, including encryption and access controls, to protect your personal data

Third party data processors

We may share your personal data with trusted service providers who help us operate our services (e.g., cloud hosting, email delivery). These providers are bound by contractual obligations to keep your information secure and only use it for the purposes specified by us.

Your data protection rights

Your data protection rights allow you to have control over your personal information. These rights are generally established by laws like the EU General Data Protection Regulation (GDPR) and the UK General Data Protection Regulation (UK GDPR).

• The Right to be Informed: You have the right to be informed about how your data is used, who it's shared with, and why.
• The Right of Access: You can request copies of your personal data that an organization holds about you.
• The Right to Rectification: You can request that incorrect or inaccurate data be updated.
• The Right to Erasure ("Right to be Forgotten"): You can request that your personal data be deleted, subject to certain limitations (typically we are legally required to retain that data for a period of time).
• The Right to Restrict Processing: You can ask an organization to stop or limit the way it processes your personal data under specific circumstances.
• The Right to Data Portability: You have the right to receive your personal data in a portable format and to transfer it to another service.
• The Right to Object: You can object to the processing of your personal data in certain situations, including for marketing purposes.
• Rights Related to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling.

Due to the nature of amateur radio logging, the right to erasure may not apply to QSO records that have been submitted, as deletion of such records would affect the integrity of other users’ logs. In such cases, we rely on legitimate interests to retain the data.

If you are accessing our services from outside the UK or EU, please note that your information will still be processed in accordance with this policy, however your legal rights relating to your data may differ depending on your local laws.

Should you have any queries or requests relating to your personal data you can email us at [email protected]

Data relating to Children

Our services are not directed at individuals under the age of 16, and we do not knowingly collect data from children. Our Terms and Conditions state that our services cannot be used by anyone under the age of 16 and should we become aware of an account having been created by someone under the age of 16 then we will securely erase their account and personal data at the earliest opportunity.

Cookies and Tracking Technologies

We use cookies and similar technologies to provide and improve our services. You can review the full details of our use of cookies in our Cookies Policy, which forms part of this Privacy Policy.

We use the following cookies

• Application Cookies: These are essential for the correct functioning of our services.
• Google Analytics Cookies: We use this for monitoring site and service usage.
• Azure Application Insights Cookies: We use this for monitoring service performance.

Marketing Emails

From time to time we may send you marketing emails relating to our services such as newsletters or product updates.

We rely on your consent (or, where applicable, the ‘soft opt-in’ under the UK Privacy and Electronic Communications Regulations) to send you marketing communications. You can withdraw your consent or opt-out at any time.

You can opt-out of these emails by updating your contact preferences in your account profile. Doing so will not prevent you from receiving essential transactional emails such as password resets.

How long we retain your information for

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data can be requested from us by emailing us at [email protected].

In any event, by law we may be required to retain certain basic information (such as contact details and identity data) for an extended period for legal, accounting, or tax purposes.

In addition, when we rely on the legitimate interest lawful basis to process your data, we will keep the data until that legitimate interest subsists (unless another lawful basis continues to apply).

In some circumstances you can ask us to delete your personal data

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

When you close your account, we will delete or anonymise your personal data. However, we may retain amateur radio contact log data (QSO records) that you have submitted, as these records are part of the collective amateur radio logging system and may be necessary for other users’ records. These records may include callsigns and contact details of other operators, which are by their nature publicly shared as part of the amateur radio service. Where retained, such records will no longer be linked to your personal account profile.

Data Breaches

In the unlikely event of a data breach occurring, we will assess the breach and if we determine it is likely to result in a risk to your rights and freedoms, we will notify the ICO (UK Information Commissioner's Office) within 72 hours of becoming aware of the breach. We will additionally notify all individuals affected by any such breach.

How to complain

If you have concerns about our use of your personal information, you can make a complaint in writing by emailing us at [email protected]

You may also make a complaint to the ICO if you are unhappy with how we have used your personal data.

The ICO's address
Information Commissioner's Office
Customer Contact
Wycliffe House
Water Lane
Wilmslow
Cheshire
United Kingdom
SK9 5AF

The ICO's website: https://www.ico.org.uk

Updates

From time to time we may update this Privacy Policy. Any changes will be posted on this page with an updated ‘Last updated’ date.