GDPR Policy

GDPR Customer facing

Media Matters Technology Ltd is committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data, which we collect about you and that you provide to us, will be processed by us.

We rely on the ‘soft opt-in’ to continue with communications with customers and possible customers The Privacy and Electronic Communications (EC Directive) Regulations 2003 outlaw the sending of unsolicited email and text marketing to individuals, unless the recipient has previously consented to receive the marketing.

This is, however, subject to an important caveat – email and text marketing can be sent if the sender has obtained the recipient’s details ‘in the course of a sale or negotiations for the sale of a product or service to that recipient’.

This is known as the ‘soft opt-in’. It is, though, subject to further qualifications; the marketing must be in respect of ‘similar products and services only’, and, crucially, at the point when the contact details are collected, and in all subsequent communications, the intended recipient must be given the chance to say ‘no’ to the marketing.

We also request the confirmation of ‘opt-in’ during the initial point of contact by the customer and then again during all organised consultation meetings to continue with future contact. This information is logged securely and kept for approximately 6 years.

Our website may, from time to time, contain links to and from partners’, advertisers’, affiliates’ and social network sites. If you follow a link to any of these websites, please note that these sites have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check their privacy policies before you submit any personal data to those websites as they may not be on the same terms as ours.

If you have questions about correcting or deleting your personal data please refer to sections 3 and 8 below.

References in this policy to “data protection law” mean (as applicable) the Data Protection Act 1998, the General Data Protection Regulation (Regulation (EU) 2016/679) and all related data protection legislation having effect in the United Kingdom from time to time.

References in this policy to “data or “information” include “sensitive personal data” and “special categories of data” (as defined under data protection law) where applicable.

Our details
The data controller with conduct of your personal information is Media Matters Technology Ltd

Company number 5013221 Registered address: 19 Wellsworth Lane, Rowlands Castle, PO9 6BX

For data protection queries please contact us at the above address.

How we use your information
The following sections explain what information we hold about you, why we are processing that information, the legal basis for the processing, the duration for which we keep your information and (if applicable) who your information will be shared with and where those recipients are based.

Which information do we process and for what purpose?    

We process the following information from you:

Information you give us. This is information about you that you give us by filling in forms on our website, registering with our website, using our live chat function on our website and when placing an order for our products and services (or otherwise corresponding with us), either online, over the phone, by email or in person. It also includes information you give to us if you are one of our sub-contractors or another third party or intermediary. The information you give us may include your name, address, email address and phone number.

We process information you give to us for the following purposes:

to provide you with more information about our products and/or services which you have requested from us;

to process your order and supply you with the products and/or services you have purchased from us;

to manage your account with us

that we can work together if you are a sub-contractor or other third party/intermediary; and

to send you marketing material about our business and products and services which we think will be of interest to you.

Information we collect about you. Like most other website operators, we collect non-personally identifying information of the sort that web browsers and servers typically make available. This includes technical information, such as your IP address and your login information and information about your visit, such as records of how you navigate the pages on our website and how you interact with the pages.

We also collect information via email interaction, phone calls and during consultations, this information is purely collected to enable the team to offer the appropriate service that you have requested from us.

We process information we collect about you for the following purposes:

to allow us to administer the account you hold with us and our website;

to improve our services and your browsing experience;

to ensure that content from our website is presented in the most effective manner for you and for your device; and

to measure or understand the effectiveness of advertising we serve to you and others, and possibly to deliver relevant advertising to you on our website.

to interact with you after your initial contact – we do not cold call, and then offer the service and information you have requested from us

What are the grounds for processing your information?

We are processing your data on the following grounds:

the processing is necessary for the performance of the contract between you and us. This includes where you have instructed us to take some pre-contractual steps (such as providing you with further information about our products/services and a quotation) prior to us formalising the contract.

the processing is necessary for achieving our legitimate interest of updating you regarding our business and products and services and ensuring you get a good user experience when using the website. In accordance with data protection law, we have carefully weighed your interests and fundamental rights and freedoms against our interest to process your information and are satisfied that we are justified in processing your information for this purpose. You can “opt out” from such marketing communications at any time by clicking “unsubscribe” if it is sent by email or by contacting our Data Protection Officer (contact details above).

Duration and further processing

We only keep your information for so long as it is reasonably necessary. Generally speaking, we retain your information for 6 years.

When setting our data retention periods, we consider the amount, nature, and sensitivity of the information we hold, the potential risk of harm from unauthorised use or disclosure of the information and the purposes for which we process the information (including whether we can achieve those purposes by other means). We also take into account our other legal obligations to keep or securely dispose of personal information.

If we need to keep your information for a longer period then we will notify you of the reason and grounds for doing so.

Who is your information shared with?

We do share information with sub-contractors engaged by us to carry out and operate in our workshop.

We do share anonymised, pseudonymised and non-personal information with sub-contractors engaged by us to help us operate our website, or to advertisers who we permit to place relevant adverts on the website, and to analytics and search engine providers that assist us in the improvement and optimisation of our website.

In order to achieve the purpose(s) set out in section 2.2 above, we will share your data with the following people or group of people:

our authorised sub-contractors, if a sub-contractor shall be providing the products and/or services to you;

our outsourced IT providers. Typically, your personal information will be encrypted before it is transferred to our hosts but in certain circumstances they may require access to unencrypted data, for example when we need to troubleshoot an issue with your account on our computer system. Our IT providers are subject to strict contractual obligations to treat your personal information with the utmost sensitivity, to keep it confidential and to comply with data protection law at all times;

our outsourced direct email marketing suppliers (for example a business like Mail Chimp, if we ever do that kind of marketing campaign, we will always inform you of this prior to commencement so you have the option to opt out); and

potential purchasers of our business, subject to those persons entering into strict confidentiality obligations with us and only to the extent permissible under data protection law; and

Mail Chimp is based outside of the EEA but has certified its compliance with the EU-US Privacy Shield Framework.

Otherwise, to the best of our knowledge, understanding and belief, your information will not be transferred outside of the European Economic Area or to any country which is not approved by the European Commission. If this changes then we will let you know.

Your rights
Under data protection law you have the following rights:

the right to be informed as to what we do with your information. This includes but is not limited to the right to know what information we gather, process and store, what we do with it, who we share it with and how long we keep it for;

if we are processing your data on the basis of your consent then you have the right to withdraw that consent at any time.

the right to access a copy of your information which we hold. This is called a ‘subject access request’. Additional details on how to exercise this right are set out in section 5, below;

the right to prevent us processing your information for direct marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us using the details set out in section 8, below;

the right to object to decisions being made about you by automated means. We will inform you if your information is subject to automated processing;

the right to object to us processing your personal information in certain other situations;

the right, in certain circumstances, to have your information rectified, blocked, erased or destroyed if it is inaccurate; and

the right, in certain circumstances, to claim compensation for damages caused by us breaching data protection law.

From 25 May 2018 you will have the following additional rights under data protection law:

enhanced rights to request that we erase, rectify, cease processing and/or delete your information; and

in certain circumstances, the right to request the information we hold on you in a machine-readable format so that you can transfer it to other services. This right is called ‘data portability’. Additional details on how to exercise this right are set out in section 5, below.

You also have the general right to complain to us (in the first instance) and to the Information Commissioner’s Office (if you are not satisfied by our response) if you have any concerns about how we hold and process your information. Our contact details are set out in section 8, below. The Information Commissioner’s Office website is www.ico.org.uk.

For further information on your rights under data protection law and how to exercise them, you can contact Citizens Advice Bureau (www.citizensadvice.org.uk) or the Information Commissioner’s Office (www.ico.org.uk).

COOKIES
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website.

Visitors to our website who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using our website. This will mean that some features of our website and service may not function properly without the aid of cookies.

ACCESS TO INFORMATION
Under data protection law you can exercise your right of access by making a written request to receive copies of some of the information we hold on you. You must send us proof of your identity, or proof of authority if making the request on behalf of someone else, before we can supply the information to you. Requests should be sent to our data protection officer.

From 25 May 2018 you will:

no longer have to pay a £10 fee unless you are requesting copies of documents you already possess, in which case we may charge our reasonable administrative costs. We will also be allowed to charge you for our reasonable administrative costs in collating and providing you with details of the requested information which we hold about you if your request is clearly unfounded or excessive. In very limited circumstances, we are also entitled to refuse to comply with your request if it is particularly onerous; and

in certain circumstances, be entitled to receive the information in a structured, commonly used and machine-readable form.

Data security
We will always store your digital information on secure servers. Unfortunately, however, the transmission of information via the internet is not completely secure. Although we will do our best to protect your information, we cannot guarantee the security of your information transmitted to our website or otherwise to our servers (such as by email). Any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Changes to our privacy policy

Any material changes we may make to our privacy policy in the future will be uploaded to our website. Please check back frequently to see any updates or changes to our privacy policy.

Contact
Questions, comments and requests regarding this privacy policy are welcomed. Please contact us at: 19 Wellsworth Lane, Rowlands Castle, Hampshire PO9 6BX 023 92 412945

GDPR - STAFF FACING

May 25th 2018

Media Matters Technology Ltd is committed to protecting and respecting your privacy as staff (employed and sub-contractors alike). This policy sets out the basis on which any personal data, which we collect about you and that you provide to us, will be processed by us.

If you have questions about correcting or deleting your personal data please arrange a meeting us.

References in this policy to “data protection law” mean (as applicable) the Data Protection Act 1998, the General Data Protection Regulation (Regulation (EU) 2016/679) and all related data protection legislation having effect in the United Kingdom from time to time.

References in this policy to “data or “information” include “sensitive personal data” and “special categories of data” (as defined under data protection law) where applicable.

Our details

The data controller with conduct of your personal information is Media Matters Technology Ltd

The Data Protection Officer is Maureen Hardy

For data protection queries please contact us at:  19 Wellsworth Lane, Rowlands Castle, Hampshire PO9 6BX 023 92 412945.

How we use your information

The following section explains what information we hold about you, why we are processing that information, the legal basis for the processing, the duration for which we keep your information and (if applicable) who your information will be shared with and where those recipients are based:

a.    Your information is used purely to record staff data, for safety purposes and for payment requirements (wages, expenses).

b.    Any information that is stored on our computer systems is password protected.

c.    Your data will not be shared unless explicitly authorised by yourself (ie for insurance purposes, or in a medical emergency)

d.    Consent to use your image (as a model) for marketing purposes has been given, which allows the sharing of your image purely for marketing and advertising purposes

e.    Hard copy information is stored in a locked cabinet in a locked office.

f.    Hard copy information is stored safely and securely during your engagement.

g.    Hard copy information is stored safely and securely for a period of 6 years after engagement.

h.    Hard copy records after this time are incinerated.

Please note all staff financial records are also covered by AMPM’s (our instructed accountant, and registered office Wellesley House, 204 London Road, Waterlooville, Hampshire, PO7 7AN

We also enforce a STRICTLY no sub-contractor / staff data collection policy.  This means no staff member or sub-contractor should collect personal data from a customer on a mobile phone or engage on social media