MDA - PRIVACY POLICY
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and came into effect on 25 May 2018.
At MDA Consulting Ltd (MDA), we understand that we have a responsibility to protect and respect your privacy and look after your personal data. This Privacy Policy, explains what personal data we collect, how we use your personal data, reasons we may need to disclose your personal data to others and how we store your personal data securely, and also became effective on 25 May 2018.
For clarity, MDA may be both Data Controller and Data Processor for your personal data under certain circumstances. We advise that this Privacy Policy is non-contractual, regularly reviewed and may be subject to change, so please check this website on a regular basis for any further changes.
This Privacy Policy also provides you with information about how you can have control over the use of your data.
How the law protects you
Data protection laws state that we are only able to process personal data if we have valid reasons to do so. The reasons we process your personal data include, but not limited to, your consent, performance of a contract, billing and to contact you.
What information do we collect?
In general terms, we collect information about you to enable us to:-
• Administer our relationship with you, provide services and respond to enquiries.
• To comply with contractual obligations we have with you.
• Enable business development including sending newsletters and information updates.
• Process applications for employment.
• Deliver requested information to you about our services.
• Ensure the billing of any services and obtain payment.
• Process and respond to any complaints.
• Enable us to meet our legal and other regulatory obligations imposed on us.
The information we need for these purposes is known as “personal data”. This includes your name, company, address (work or home), email address, telephone and other contact numbers and financial information. We collect this in a number of different ways, for example, by email, via our website, telephone or letter.
We also process sensitive information such as racial or ethnic origin.
We will seek your permission if we need to record any of your sensitive personal data on our systems.
How do we use the information
We use the data we collect from you for the specific purpose listed in the table below:-
|
Purpose for processing data |
Legal basis for processing data |
Third party organisations with whom data is shared |
|
To administer our relationship with you, to provide services and respond to enquiries |
To meet the requirement of a contract. |
Only where a project requires it and only after prior consent is given. |
|
To ensure the billing of any procured services by you and obtain payment. |
To meet the requirement of the contract. |
Government VAT and tax inspectors, external auditors, internal auditors, insurance companies. |
|
To communicate with you on newsletters and event invitations which are relevant to your interests. |
To seek explicit consent prior to sending individuals the information and in line with preferences. |
None |
|
To process and respond to complaints |
To meet a legal obligation |
Legal Entities |
Retention Periods
We will keep your personal data for the duration of the period you are a client/employee of MDA. We shall retain your data only for as long as necessary in accordance with applicable laws.
We may keep your data for between 6 to 12 years. We may not be able to delete your data before this time due to our legal/regulatory and/or accountancy obligations. We assure you that your personal data shall only be used for the purposes stated herein.
Marketing
We may send you marketing material where you are a business client and we consider the marketing material to be relevant to you or where you are a business client we have previously provided you with our services and you have not opted out of receiving such communication.
Where you are an individual prospective client we will only provide you with marketing material where you have provided your express consent.
You can update your marketing preferences by emailing marketing@mdaconsulting.co.uk.
Your Rights
Under the terms of the data protection legislation, you have the following rights:-
Right to be Informed
This Privacy Policy fulfils our obligations to tell you about the ways in which we use your information.
Right to Access
You have the right to ask us for a copy of any personal data that we hold about you. This is known as a “Subject Access Request”. Except in exceptional circumstances (which we would discuss and agree with you in advance), you can obtain this information at no cost. This information with be sent within one month of your request.
To make a Subject Access Request, please write to our Group Data Protection Officer, at MDA Consulting Ltd, 13-15 Carteret Street, London SW1H 9DJ DPOenquiries@mdaconsulting.co.uk.
Right to Rectification
If any of the information that we hold about you is inaccurate, you can contact the Group Data Protection Officer, at MDA Consulting Ltd, 13-15 Carteret Street, London SW1H 9DH DPOenquiries@mdaconsulting.co.uk.
Right to be Forgotten
From the 25 May 2018, you can ask that we erase any/all personal information that we hold about you. Where it is appropriate that we comply, your request will be fully actioned within one month.
Right to Object
You have the right to object to:
1. The continued use of your data for any purpose listed above for which consent is identified as the lawful basis for processing i.e. you have the right to withdraw your consent at any time.
2. The continued use of your data for any purpose listed above for which the lawful basis of processing is that it has been deemed legitimate.
Right to Restrict Processing
If you wish us to restrict the use of your data because:
1. You think it is inaccurate but this will take time to validate
2. You believe our data processing is unlawful but you do not want your data erased
3. You want us to retain your data in order to establish, exercise or defend a legal claim
4. You wish to object to the processing of your data but we have yet to determine whether this is appropriate
Please contact the Group Data Protection Officer, at MDA Consulting Ltd, 13-15 Carteret Street, London SW1H 9DJ DPOenquiries@mdaconsulting.co.uk
Right to Data Portability
If you would like to move, copy or transfer the electronic personal data that we hold about you to another organisation, please contact our Group Data Protection Officer, at MDA Consulting Ltd, 13-15 Carteret Street, London SW1H 9DJ DPOenquiries@mdaconsulting.co.uk
Right to Withdraw Consent
If you would like to withdraw consent, please contact our Group Data Protection Officer, at MDA Consulting Ltd, 13-15 Carteret Street, London SW1H 9DJ DPOenquiries@mdaconsulting.co.uk
Overseas Transfers
None of the information that we collect, process or store is transferred outside of the European Economic Area (EEA). We do not normally share your personal data with anyone outside the EEA, however, we may do so when a particular circumstance or the Services we provide to you requires us to do so.
Third Parties
For the avoidance of doubt, we do not and never shall sell your personal data to third parties for marketing or advertising purposes. However, we will only ever share information about you that is necessary to provide the service and we have specific contracts in place, which ensure your personal data is secure.
Data Privacy and Security
We ensure that data protection is a key consideration for all new and existing IT systems that hold personal data. Where any concerns, risks or issues are identified, we conduct relevant impact assessments in order to determine any actions that are necessary to ensure optimum privacy and an active information security work programme.
This helps us to:-
a. Ensure all IT facilities are protected against damage, loss or misuse
b. Protect against potential breaches of confidentiality
c. Awareness of the requirements for information security, confidentiality and integrity of the information that is handled
d. Optimum security of our Website
Where we Store Your Personal Data
We follow accepted ISO standards to store and protect the personal data we collect including the use of encryption if appropriate. All information you provide to us is stored on our secured servers within the UK/EEA
Cookies and Links to Other Websites
We do not currently use Cookies or Links to other websites, we may in the future have this facility. You have the right to refuse or disable these and recommend that you visit your browser’s help menu for further information. Please note that if you do not set your browser and e-mail settings to disable cookies, you will be indicating your consent to receive them. Please also note that we do not have control over other websites. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and are not governed by this privacy statement.
Email Hosting
We process your data for administration, billing, support and the provision of services. This is achieved mainly by use of email and written communications.
Office 365 for email.
Office 365 email shares data with third party infrastructure in the EEA.
We use standard email all UK based.
Dedicated Servers, Virtual Servers, CloudNX platform
We process your data for administration, billing, support and the provision of services.
General
Any questions or comments regarding this Privacy Policy are welcomed and should be sent to our Group Data Protection Officer at MDA Consulting Ltd, 13-15 Carteret Street, London SW1H 9DJ DPOenquiries@mdaconsulting.co.uk.
Or you have the right to lodge a complaint with the Information Commissioner’s Office who may be contacted at www.ico.org.uk/concerns/
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113
Our Privacy Policy shall be made clear to you at the point of collection of your personal data.
MDA Consulting Ltd
Head Office: 13-15 Carteret Street, London SW1H 9DJ
