Privacy Policy

Qunote understands the importance to privacy to our clients and visitors to our website. We are committed to protecting any personally identifiable information we hold and process, and fulfilling our obligations under the General Data Protection Regulation (GDPR).

Under the GDPR, Qunote acts as both a data controller, in respect of information we collect and process about you, and a data processor, in respect of information you store within your Qunote system that we process on your behalf.

This Privacy Policy describes what personal information we collect and process as a data controller, how and why we use this information, and the options we provide to you to access, update and request erasure of the information we hold about you. It also describes the arrangements we have in place to protect personal data that we process on your behalf, and ensure this processing activity complies with the GDPR.

By continuing to use the Qunote system or our website, you are accepting the terms and conditions set out within this Policy.

Who we are

Qunote is a flexible case management system designed for Case Managers, Occupational Therapists and others working within the care and rehabilitation industry. The system streamlines the day-to-day tasks of clinicians, including the entry and storage of clinical notes, timesheets, reporting, expenses and invoicing your time. 

The Qunote system and website,, are the property of The Bubblegate Company Ltd whose registered address is Cage Farm Studio, Stowting Hill, Stowting, Kent.

Personal data that we collect and process (as a data Data Controller)

If you use the Qunote system, communicate with us by email or telephone, or visit our website, we may collect and process personal information about you. Qunote acts as a Data Controller in respect of this information. We control what information is collected, how this information is used, and how long the information is retained for. 

We strongly believe in minimising the data we collect only to that which is necessary to deliver our services to our clients (users of the Qunote system) and visitors to our websites.

Personal data we collect and hold about about you, includes:

  • your name
  • your business address
  • your email address
  • your telephone and fax numbers
  • your position
  • records of your communication with us (i.e. emails, phone calls and meetings)
  • personal data provided by you within any forms or surveys you complete
  • information about your internet connection, the equipment you use to access our websites and applications, and usage details. This may include personally identifying information like your Internet Protocol (IP) address.

Purposes for which we process your personal data

The purposes for which we process your information are:

  • perform the functions expected of us by our clients and users
  • carry out our obligations arising from any contracts entered into us and our clients
  • send you information related to the services we provide, or notify you of any changes to these services
  • respond to any communication and enquiries from you, and provide you with information that you request from us
  • verify the identity and authority of individuals requesting support via telephone or email
  • provide you with support in using our services
  • present the Qunote system and website to you
  • understand how you use our services, and improve and optimise these services
  • promote and market our services
  • invoicing and accounts
  • detect any misuse of our services, applications and systems
  • comply with any court order, law enforcement, or legal process, including to respond to any government or regulatory request.

In the event that we collect any of your personal data for purposes besides those listed above, these purposes will be disclosed to you when you provide your information. If we decide to process information we have already collected from you for purposes besides those listed, we will notify you by email. You will then have a choice as to whether or not we use your information in this different way.

Processing activities are lawful on the basis of their necessity to contractual performance, or in serving legitimate interests pursued by Qunote, our clients and visitors to our website.

Personal data that we process on your behalf (as a Data Processor)

As a client of Qunote and user of the Qunote system, you have exclusive access to your own account within the system where you can store and process personal data related to your clients, staff and third parties. Any data you store within your Qunote account belongs to you, and you act as the Data Controller in respect of this data. You control what data is processed, the purposes for which you process this data, and how long data is retained for. It is your responsibility to ensure that you have a legal basis for collecting and processing the data held within your Qunote account. 

Qunote acts as a data processor in respect of data held within your Qunote account. We do not make decisions regarding the purposes for which data stored in your account is processed, and will only process your data in accordance with your instructions and to the extent necessary to support you in your processing activities.

From time to time, we may access personal data held within your Qunote account in order to:

  • perform system maintenance
  • investigate and resolve issues and bugs
  • verify your identity and authority if you contact us to discuss or request changes to your account
  • provide you with support when you request this
  • maintain the security of the system and respond to any security breaches

We will not access data within your account for any reason besides those listed above, or make changes to any personal data held within your account, unless you explicitly instructed to do so by you.

Who has access to your personal data

Personal data that we process about you (as Data Controller) or process on behalf of you (as Data Processor) is accessed only by authorised employees of Qunote and trusted third parties within our supply chain. All Qunote employees are subject to confidentiality agreements.  

We only share the personal data we collect and process about you (as Data Controller) with third parties when this is strictly necessary to fulfil the purposes set out within this Policy. Any third parties appointed to process your personal data act only in accordance with our documented instruction and are prohibited from utilising, sharing, or retaining your data or any purposes besides which they have been specifically contracted for. We make every effort to ensure any contracted third party processors comply with the GDPR, and implemented controls necessary for keeping personal data they process secure and confidential.

The suitability of third party processors is reviewed on an ongoing basis, taking into account:

  • The level of risk the third party presents
  • The third party’s data protection procedures and adherence with established standards
  • Known incidents related to the third party’s services
  • Security within the third party’s supply chain
  • Disaster recovery and contingency arrangements

We only share information we process on your behalf (as Data Processor) with our system hosting provider. Our hosting provider has confirmed its compliance with GDPR to us, and are certified to ISO27001.

Qunote may, at its sole discretion, disclose the data we hold about you, or process on your behalf, to meet legal obligations or respond to any valid government or regulatory request; prevent or mitigate fraud; protect against imminent harm to the rights, property or safety of Qunote, its employees, its customers and/or the wider community; or to prevent or stop any activity we consider to be illegal or unethical.

We will not sell or rent your information to third parties, or share your information with third parties for their own marketing purposes.

How long do we keep your personal data for

Qunote will retain the personal data we collect and process about you (as Data Controller) only for as long as necessary to fulfil the purposes for which the information has been collected, and thereafter for as long as retention serves our legitimate interest, legal or business purposes. This might include retaining personal data:

  • when mandated by law, contract or similar obligations applicable to our business operations
  • for preserving, resolving, defending or enforcing our legal/contractual rights
  • necessary for maintaining adequate and accurate business and financial records.

Personal data held is regularly reviewed to ensure its continued accuracy and necessity to our purposes.  Inaccurate or redundant data is updated or deleted as appropriate.

In respect of data held in your Qunote account, which we process on your behalf (as Data Processor), it is your responsibility to ensure personal information is retained only for as long as necessary to fulfil the purposes for which it has been collect or applicable legal obligations.

Should you wish to delete your Qunote account and the data held within, please send a request to We will deal with requests within 30 days.

Where do we process your data

Personal data that we collect and process about you (as Data Controller) will only be held and processed within the EEA, and outside of the EEA in countries deemed by the EU Commission to be providing adequate protection for the rights and freedoms of data subjects in connection with the processing of personal data (‘adequate juridictions’). Where third party companies based outside of the EEA that are engaged to process your personal data on behalf of Qunote (e.g, MailChimp, which we use to send system notifications), these are signatures to the EU-US Privacy Shield.  The Privacy Shield ensures data is protected to the same standards as used within the EEA.

Personal data held with your Qunote account, which we process on your behalf (as Data Processor) is stored and processed in the United Kingdom.

How do we keep your personal data secure

We implement all necessary technical and organisational measures to ensure personal data you provide to us, or that we process on your behalf, is held and treated securely. Qunote is certified to ISO27001, and operates a robust information security management system.

The security controls in place on the Qunote system, which protect the data we process on your behalf, include

  • password protected login
  • full role based access rights (permission based access to functionality and client files)
  • database logging of end-user activity
  • database logging of Qunote staff activity
  • encryption of data in transit by 2048bit Transport Layer Security
  • server centre protected by own compound, 24-hour manned security, firewalls, CCTV and access by named personnel only
  • vulnerability testing for cross site scripting, cross site forgery, SQL injection
  • daily database back-up to geographically separated cluster server
  • automatic inactivity time out

It is your responsibility to keep your system login credentials (username, password, passcode) secure, and protect this against unauthorised disclosure.

Please do not send us any sensitive personal information related to your Qunote account, including files or system screenshots, by email. Should you need to share sensitive personal information with us, please let us know and we will provide you with a link to upload this via Microsoft Sharepoint, our established secure portal for information sharing.


The Qunote system ( and our public facing website ( use cookies, which are strings of information placed on your device that your device provides to the website or application each time you return. We use two types of cookies within our applications: functionality cookies and performance cookies.

We use functionality cookies in order identify and track your usage and access preferences. Information collected may include the pages you visit, your interactions with features, functionality, the operating system and web browser you use; and your network and IP information.

We use performance cookies only on our public facing website ( Performance cookies gather anonymous data that help us improve our services. Performance cookies are generally placed be third party analytics companies (e.g. Google Analytics) who gather this data on our behalf. Data gathered through third party performance cookies does not contain any personally identifiable information.

If you do not wish to have cookies placed on your browser, or wish to delete your existing cookies, you can do this from your browser preferences. You should be aware that if you delete or disallow cookies, many websites will not work properly and you will lose some functionality. We therefore do not recommend turning cookies off when using the Qunote system or public facing website.

Your rights as a data subject

Under the GDPR, you have the following rights in respect of your personal data:

  • Right of access – you have the right to request a copy of information we hold about you.
  • Right of rectification - you have a right to correct information that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the information we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.
  • Right of portability – you have the right to have the information we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.

If you wish to request access to, rectification or erasure of personal data we hold about you, or you wish to raise an objection to our processing activities, you can do so at any time by contacting us via the methods below.

Telephone: +44 1303 863816


Post: Qunote, Cage Farm Studio, Stowting Hill, Stowting, Kent, TN25 6BE

For data we collect and process about you (as Data Controller) requests for erasure will only be honoured to the the extent that data is no longer necessary for us to hold in order to provide services to you, or meet our legal and contractual record keeping requirements. We reserve the right to refuse to change or erase data if we doing so would violate any law or legal requirement, or cause the information to be incorrect.  In the event that Qunote refuses a request made by you, we will provide you with a reason why, which you have the right to legally challenge.

For data held in your Qunote account which we process on your behalf (as Data Processor) we will support you fully in responding to requests from data subject for access, rectification or erasure, and meeting your obligations under GDPR.

You also have the right to make a complaint about our processing activities to the Information Commissioner’s Office (ICO). You can contact the ICO by calling +44 1625 545 700, or emailing

Questions about this Privacy Policy

If you have questions, concerns or complaints about our Privacy Policy, the personal data we collect and hold, or the purposes for which this data is used, you may contact us by emailing

Changes to this Privacy Policy 

We reserve the right to modify this Privacy Policy at any time. If we make changes to this Privacy Policy, the updated version will be made available via our website ( and the Qunote system ( The date that this policy was last revised is included below.


24 May 2018

Qunote is a trading name of The Bubblegate Company Limited.
Reg. office: Cage Farm Studio, Stowting Hill, Stowting, Kent TN25 6BE Reg. No:
Tel: 01303 863816   Fax: 01303 863820  Email:  Web.