Privacy Policy

Last updated: May 29, 2026

This Privacy Policy describes how QIP MemberZone ("we", "us") collects, uses, and protects information when you use the customer account portal at qiphelp.com (the "Service"). We respect your privacy and only collect what is necessary to operate the Service.

1. Information We Collect

We collect the following information directly from you or as part of providing the Service:

  • Account information: email address, name, shipping address, phone number, and similar profile data needed to fulfil your orders.
  • Order data: identifiers, status, totals, currency, and shipping information for orders associated with your account.
  • Authentication data: session tokens used to keep you signed in, and per-customer login hashes used by magic-link sign-in.
  • Communication preferences: whether you opted into the newsletter, and the timestamp of any double-opt-in confirmation.
  • Server logs: IP address, user-agent, request URLs, and timestamps. Retained for limited periods for security and abuse prevention.
2. How We Use Information

We use the information for the following purposes:

  • operating the Service — letting you sign in, view orders, manage your account, and receive support;
  • sending transactional emails (login links, order status notifications, support replies);
  • operating the cashback wallet — calculating, crediting, and debiting cashback associated with your account;
  • sending newsletter communications — only if you have explicitly opted in;
  • protecting the Service from abuse, fraud, and security threats;
  • complying with legal obligations.
3. Legal Basis (EU/UK Residents)

If you are in the European Union or United Kingdom, we process your personal data on the following legal bases:

  • Performance of a contract — to operate your account and deliver Service functionality;
  • Consent — for newsletter communications, which you can withdraw at any time;
  • Legitimate interest — for security, fraud prevention, and improving the Service;
  • Legal obligation — when required by applicable law.
4. Sharing of Information

We do not sell your personal data. We share information only with the following categories of recipients, and only as needed to operate the Service:

  • Hosting providers — for storing data and serving the Service.
  • Email-delivery providers — for sending transactional and newsletter emails. Such providers act as data processors under data processing agreements.
  • Customer-relationship platforms — used internally to manage support communications.
  • Legal authorities — when required by valid legal process.
5. Cookies

We use a small number of cookies, all strictly necessary for the Service:

  • PHPSESSID — server-side session identifier required for sign-in.
  • hash — long-lived authentication token tied to your account, allowing the Service to recognise you on return visits.
  • lang — your selected interface language preference.

We do not use third-party advertising or cross-site tracking cookies on the Service.

6. Data Retention

Account and order data is retained for as long as you maintain an account with us, plus any period required by applicable accounting and legal regulations. Server logs are retained for a limited period (typically 30–90 days) for security purposes. You can request earlier deletion as described below.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — receive a copy of the personal data we hold about you;
  • Rectification — request that we correct inaccurate or incomplete data;
  • Erasure — request deletion of your data ("right to be forgotten"), subject to legal retention requirements;
  • Restriction — request that we limit how we process your data;
  • Portability — receive your data in a structured, machine-readable format;
  • Objection — object to processing based on legitimate interest;
  • Withdraw consent — for newsletter and other consent-based processing;
  • Lodge a complaint — with your local data-protection authority.

To exercise any of these rights, please contact us via the Contact page. We respond within 30 days.

8. International Transfers

If we transfer personal data outside your country of residence, we apply appropriate safeguards (such as standard contractual clauses) to ensure the same level of protection as in your home jurisdiction.

9. Security

We protect your data using industry-standard security practices: TLS for all in-transit data, hashed and stored authentication credentials, restricted internal access, and audit logging. No system can be guaranteed 100% secure; if we become aware of a breach affecting your data, we will notify you and the relevant authorities as required by law.

10. Children

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or by a prominent notice in the Service. The "Last updated" date at the top of this page reflects the most recent revision.

12. Contact

For privacy-related questions or to exercise any of the rights described above, please use the Contact page.