MDA - PRIVACY POLICY

 

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC which came into effect on 25 May 2018.

At MDA Consulting Ltd (MDA), we understand that we have a responsibility to protect and respect your privacy and look after your personal data.  This Privacy Policy, explains what personal data we collect, how we use your personal data, reasons we may need to disclose your personal data to others and how we store your personal data securely, came effective as from the 25 May 2018.

For clarity, MDA may be both Data Controller and Data Processor for your personal data under certain circumstances.  We advise that this Privacy Policy is non-contractual, regularly reviewed and may be subject to change, so please check our website on a regular basis for any further changes.

This Privacy Policy also provides you with information about how you can have control over the use of your data.

How the law protects you

Data protection laws state that we are only able to process personal data if we have valid reasons to do so.  The reasons we process your personal data include, but not limited to, your consent, performance of a contract, billing and to contact you.

What information do we collect ?

In general terms, we collect information about you to enable us to:-

• Administer our relationship with you, provide services and respond to enquiries.
• To comply with contractual obligations we have with you.
• Enable business development including sending newsletters and information updates.
• Process applications for employment.
• Deliver requested information to you about our services.
• Ensure the billing of any services and obtain payment.
• Process and respond to any complaints.
• Enable us to meet our legal and other regulatory obligations imposed on us.

The information we need for these purposes is known as “personal data”.  This includes your name, company, address (work or home), email address, telephone and other contact numbers and financial information.  We collect this in a number of different ways, for example, by email, via our website, telephone or letter.

We also process sensitive information such as Racial or ethnic origin.

We will seek your permission if we need to record any of your sensitive personal data on our systems.

How do we use the information

We use the data we collect from you for the specific purpose listed in the table below:-

Purpose for processing data

Legal basis for processing data

Third party organisations with whom data is shared

 

To administer our relationship with you, to provide services and respond to enquiries

 

 

To meet the requirement of a contract.

 

Only where a project requires it and only after prior consent is given.

 

To ensure the billing of any procured services by you and obtain payment.

 

 

To meet the requirement of the contract.

 

Government VAT and tax inspectors, external auditors, internal auditors, insurance companies.

 

 

To communicate with you on newsletters and event invitations which are relevant to your interests.

 

 

To seek explicit consent prior to sending individuals the information and in line with preferences.

 

None

 

To process and respond to complaints

 

 

To meet a legal obligation

 

Legal Entities

Insurance companies, Accredited bodies

 


Retention Periods

We will keep your personal data for the duration of the period you are a client/employee of MDA.  We shall retain your data only for as long as necessary in accordance with applicable laws.

We may keep your data for between 6 to 12 years.  We may not be able to delete your data before this time due to our legal/regulatory and/or accountancy obligations.  We assure you that your personal data shall only be used for the purposes stated herein.

Marketing

We may send you marketing material where you are a business client and we consider the marketing material to be relevant to you or where you are a business client we have previously provided you with our services and you have not opted out of receiving such communication.

Where you are an individual prospective client we will only provide you with marketing material where you have provided your express consent.

You can update your marketing preferences by emailing marketing@mdaconsulting.co.uk.

Your rights

Under the terms of the data protection legislation, you have the following rights:-

Right to be informed

This Privacy Policy fulfils our obligations to tell you about the ways in which we use your information.

Right to Access

You have the right to ask us for a copy of any personal data that we hold about you.  This is known as a “Subject Access Request”.  Except in exceptional circumstances (which we would discuss and agree with you in advance), you can obtain this information at no cost.  This information with be sent within one month of your request.

To make a Subject Access Request, please write to our Group Data Protection Officer, at MDA Consulting Ltd., 15 Greycoat Place, London SW1P 1SB, DPOenquiries@mdaconsulting.co.uk .

Right to Rectification

If any of the information that we hold about you is inaccurate, you can contact the Group Data Protection Officer, at MDA Consulting Ltd., 15 Greycoat Place, London SW1P 1SB DPOenquiries@mdaconsulting.co.uk.

Right to be forgotten

From the 25 May 2018, you can ask that we erase any/all personal information that we hold about you.  Where it is appropriate that we comply, your request will be fully actioned within one month.

Right to Object

You have the right to object to: 

1. The continued use of your data for any purpose listed above for which consent is identified as the lawful basis for processing i.e. you have the right to withdraw your consent at any time.

2. The continued use of your data for any purpose listed above for which the lawful basis of processing is that it has been deemed legitimate.

Right to Restrict Processing

If you wish us to restrict the use of your data because:

1. You think it is inaccurate but this will take time to validate
2. You believe our data processing is unlawful but you do not want your data erased
3. You want us to retain your data in order to establish, exercise or defend a legal claim
4. You wish to object to the processing of your data but we have yet to determine whether this is appropriate

Please contact the Group Data Protection Officer, at MDA Consulting Ltd., 15 Greycoat Place, London SW1P 1SB DPOenquiries@mdaconsulting.co.uk

Right to Data Portability

If you would like to move, copy or transfer the electronic personal data that we hold about you to another organisation, please contact our Group Data Protection Officer, at MDA Consulting Ltd., 15 Greycoat Place, London SW1P 1SB DPOenquiries@mdaconsulting.co.uk

Right to withdraw Consent

If you would like to withdraw consent, please contact our Group Data Protection Officer, at MDA Consulting Ltd., 15 Greycoat Place, London SW1P 1SB  DPOenquiries@mdaconsulting.co.uk

Overseas Transfers

None of the information that we collect, process or store is transferred outside of the European Economic Area (EEA).  We do not normally share your personal data with anyone outside the EEA, however, we may do so when a particular circumstance or the Services we provide to you requires us to do so.

Third Parties

For the avoidance of doubt, we do not and never shall sell your personal data to third parties for marketing or advertising purposes.  However, we will only ever share information about you that is necessary to provide the service and we have specific contracts in place, which ensure your personal data is secure.

Data Privacy and Security

We ensure that data protection is a key consideration for all new and existing IT systems that hold personal data.  Where any concerns, risks or issues are identified, we conduct relevant impact assessments in order to determine any actions that are necessary to ensure optimum privacy and an active information security work programme.

This helps us to:-

a. Ensure all IT facilities are protected against damage, loss or misuse
b. Protect against potential breaches of confidentiality
c. Awareness of the requirements for information security, confidentiality and integrity of the information that is handled
d. Optimum security of our Website

Where we store your personal data

We follow accepted ISO standards to store and protect the personal data we collect including the use of encryption if appropriate.  All information you provide to us is stored on our secured servers within the UK/EEA

Cookies and Links to other Websites

We do not currently use Cookies or Links to other websites, we may in the future have this facility.  You have the right to refuse or disable these and recommend that you visit your browser’s help menu for further information.  Please note that if you do not set your browser and e-mail settings to disable cookies, you will be indicating your consent to receive them.  Please also note that we do not have control over other websites.  Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and are not governed by this privacy statement.

Email Hosting

We process your data for administration, billing, support and the provision of services.  This is achieved mainly by use of email and written communications.

Office 365 for email.

Office 365 email shares data with third party infrastructure in the EEA.

We use standard email all UK based.

Dedicated servers, virtual servers, CloudNX platform

We process your data for administration, billing, support and the provision of services.

General

Any questions or comments regarding this Privacy Policy are welcomed and should be sent to our Group Data Protection Officer at MDA Consulting Ltd, 15 Greycoat Place, London SW1P 1SB  DPOenquiries@mdaconsulting.co.uk.

Or you have the right to lodge a complaint with the Information Commissioner’s Office who may be contacted at www.ico.org.uk/concerns/

Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

Tel: 0303 123 1113

Our Privacy Policy shall be made clear to you at the point of collection of your personal data.

  

MDA Consulting Ltd
Head Office: 15 Greycoat Place, London SW1P 1SB

 

Steve Jones

Managing Director
MDA Consulting Ltd

February 2024