Skip to Navigation


Privacy and Security Policy

Effective date: 1 May 2018

Here we set out our data privacy and security principles and commitments for users of our website and web services, our clients whom we undertake work on behalf of and those who communicate with our business by any means.

If you are a user of Quesmedia Sites we have an additional document covering Quesmedia Sites Security and Privacy Policies.

Quesmedia is a registered trading name of Nick Thornley, number 018179B. All first person pronouns in this document should be taken to mean "Nick Thornley trading as Quesmedia"

Cookie Policy

HTTP Cookies ("Cookies") are small pieces of text that a website can store with a visitor's web browser when they view a page, if the browser is set to allow it. The web browser will then send the cookie data back to the website when another page is visited.

We don't use any Cookies ourselves on our website ( We do however use two third party services that themselves set Cookies: Google Analytics and Cloudflare.

Google Analytics Cookies

Google Analytics is used (without Google Analytics Advertising Features) to monitor basic site activity, which helps us understand user behaviour and improve our website and services. Cookies are set under our domain by the Google Analytics code. You can identify Google Analytics Cookies as their names start with __gtm.

Here are some useful links:

Cloudflare Cookies

Cloudflare's services are also used by us to improve performance, reliability and increase the security of our website. Cloudflare sets a cookie under our domain named __crduid to enable them to provide this service.

View Cloudflare's privacy policy here.

Personal Data

Information provided to us

We may store any communications with us along with any supporting information and resources passed to us where it may be required in order to carry out our work.

We will never sell or disclose your information to third parties without first gaining consent or unless compelled to do so by law.

We may also accept data collected for and on behalf of our clients and/or as a result of the hosting and management services we provide for them. In this role we act as a Data Processor and the responsibility and policies for ensuring data privacy and security is that of the client, the Data Controller.

In whatever role we act, we take great care to respect the confidentiality of any data we hold and are careful to keep it safe and secure.

Web Server Logs

Maximum retention period is 12 months plus the lifetime of any related backups, which we may retain for a maximum of another 12 months.

Server Logs are a valuable tool to help us manage our website and services. By visiting the website a log file entry may be generated that could contain the following PII: the IP Address making the request and the User-Agent and any HTTP Referer information provided in the HTTP Request Headers.

Example data from a web server access log: - - [05/Apr/2018:09:10:16 +0100] "GET /example.txt HTTP/1.1" 200 3386 "" "Mozilla/4.08 [en] (Win98; I ;Nav)"

From this we can derive the following information:

Date and time of event

05/Apr/2018:09:10:16 +0100

Request made by the client

GET /example.txt HTTP/1.1

HTTP Status Code

HTTP Referer

Mozilla/4.08 [en] (Win98; I ;Nav)

The responsibility of those who use our services

Those who use our services are responsible for the content of any website, service or product created or hosted by us on their behalf. They must ensure that they comply with Data Protection and Security and Privacy laws and regulations.

Subject Access Requests

We will act on any legitimate request for a copy of all personal and supplementary data held on our systems in compliance with GDPR. Once the identity of the person making the request has been verified, and if that request is legally valid, we will provide the data in a well structured and accessible format. Note that security sensitive information or information containing other user PII will be redacted.

Note that we will not check for data stored within backups unless there is legitimate need to do so.

Right to Erasure

A request may be made to us to erase personal data. Once we have been able to verify the identity of the person making the request, and if that request is legally valid, we have procedures and methods in place to erase information.

Reporting Security Concerns

If you have a concern or information regarding the security of our sites and systems, we want to know. Please email [email protected].

If you have sensitive information to share please do not include it with your initial contact, we will work with you to ensure the information is transferred to us in the most appropriate and secure way.

Updates to this Policy

We may modify this Policy from time to time, and will publish the most current version on our site. To help you we include the last updated/effective date at the start of the document.

back to the top

version 1.0