We design
Iconic.

MCCGLC Limited operates within the requirements of the General Data Protection Regulation (2016/679). We work within the principles of fair data processing, namely:

• We use information in a way that people would reasonably expect
• We think about the impact of our processing
• We are transparent and ensure that people know how we’ll use their information

This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us, as data controller and a data processor. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Applicability of this Notice

This notice covers how we treat any personal information that we collect and receive as part of our broader operating processes. This includes information from our clients, supplier and other third parties we come into contact with in the provision of our services.

We do not sell or pass on any personal information about our clients, suppliers, employees and other business associates. We only use any information shared with us for provision of our services and in that capacity operate as a data controller and, to the extent that we process the data, as a data processor.

This statement tells you what information we collect, the steps we take to protect and secure it, how we use and share information, and finally, how you can contact us with questions or concerns.

We have a privacy notice regarding our CCTV system. You can request a copy of this by contacting us at legal@mccglc.com.

Information we collect

(a) Personal Information. We collect personal information (e.g., name, email address, phone number, etc.) when you:

• Contact us by phone
• Send us an enquiry through our website
• Email us
• Work with us as a client, supplier or employee
• Exhibit at an event where we are appointed to design, organise and/or manage operations
• Sign-up to participate/attend an event where we are appointed to manage the registration process

Our services are not intended for children and we do not knowingly collect data relating to children.

We also maintain a database of prospective clients justified under a Legitimate Interest Assessment where we collate names and contact details of business to business decision makers who are known buyers of our services.

(b) Other User Information When you use our services, we may collect additional contextual information about your company as well as your design and aesthetics preferences. We do not link this additional data to any other information we collect about you and do not undertake any profiling activity from this type of data.

(c) Financial Information If you contract with either as a client or a supplier, we will require some financial information in order to process the financial transactions. This information includes your name, address, telephone number, bank details and other information necessary.

(d) Use of our Website The personal data or personal information we collect about you is made up of the information you give us or gained through our communications with you.

You can access and browse our website without disclosing your personal data.

(e) IP Addresses and Cookies. We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer.

Uses made of the information

We use this information held about you in the following ways:

• To ensure that content from our site is presented in the most effective manner to you and to your computer
• To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes
• To allow you to participate in interactive features of our service, when you choose to do so
• To cross reference information you have supplied with information supplied by our client for purposes of verifying whether you are an authorised user.
• To notify you about changes to our service.

We may also contact you by email, post or telephone. Please note that where you have provided sensitive data to us, we shall only use your sensitive data for the purpose for which the data was provided to us.

You have the right to withdraw consent to marketing at any time by sending an email to dpo@mccglc.com. We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please email dpo@mccglc.com if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Please note that at the time you contact us, it may be the case that we no longer process, hold or store your personal information/data as data processor, in which case we would advise you of this and the need to contact the data controller.

Disclosure of this information

We may disclose your personal information to third parties:

• If we need to do so to our selected suppliers to enable us to deal with your request.
• If MCCGLC or substantially all of our assets are acquired by a third party, in which case personal data held by it about our customers will be one of the transferred assets.
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions and other agreements; or to protect the rights, property, or safety of our clients, suppliers or others.

Information Use, Legal Basis, Sharing, Disclosure, and Retention

(a) Use and Legal Basis

Sales and Service Delivery. MCCGLC uses personal data for developing and issuing sales proposals and for providing its products and services – and justifies this under the legal basis of “Contract”.

Marketing Emails and Messages. MCCGLC uses personal data to update existing clients and prospective B2B client with information about our services. We justify this through a “Legitimate Interests” assessment and offer opt-out functionality for those no longer wishing to hear from us in this way.

Emails and other Communications to Third Parties MCCGLC uses data provided by clients to inform and enable their suppliers to perform key operational tasks. We justify this through a “Legitimate Interests” assessment.

Engagement Emails and Vital Information to Event Registrants. MCCGLC captures registration details of event attendees where it has been contracted to do so by clients and justifies this through “Consent”. This may include rudimentary medical data captured for an attendees vital interest, such as dietary requirements, allergies or accessibility / inclusivity requirements. Our processes provide full transparency that this data is then shared with the client.

Administrative and Legal. We process small amounts of employee and subcontractor data under the legal basis of “Contract” and, if in the Vital Interests of the data subject, or with specific consent, or to comply with Employment or Health and Safety or another Legal requirement will hold special category data such as medical history or driving convictions.

(b) Sharing

MCCGLC does not share, sell, rent or trade personal information with any third parties for marketing or promotional purposes. It will only share limited data with suppliers where required operationally and with clients (where the data has been collected on their behalf in the first instance).

It does share employee data for administrative and legal purposes.

It also reserves the right to share data with relevant authorities if compelled to do so to comply with legal obligations.

(c) Disclosure

• In certain situations, we may disclose personal data in response to lawful requests by public authorities, including but not limited to national security or law enforcement requests. We may also disclose your personal information as required by law, such as to respond to court orders, or similar legal processes, to establish or exercise our legal rights or, defend against legal claims, or if in our judgment in such circumstances disclosure is required or appropriate.
• If we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our various terms of use, or as otherwise required by law.

(d) Retention

We will retain existing client information for as long as a client is with us or as needed to provide our services – and where required to comply with our legal obligations, resolve disputes, and enforce our agreements. We will retain all client data until any such time that we receive a request to opt-out.

Details of retention periods for different aspects of your personal data are available upon request.

General Principles

(a) Confidentiality and Security

We use physical, electronic, and procedural safeguards to protect personal information – our IT arrangements aspire to “Data Protection by Design” and should be able to detect a significant data breach. Where such a breach could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage we will notify the ICO, if we are the Controller, or our client, in the event they are the Controller. Where a breach is likely to result in a high risk to the rights and freedoms of individual data subjects, we will also notify those concerned directly and at the earliest practical opportunity. We shall then fully investigate a data breach and implement corrective action to prevent recurrence.

By using our services or providing personal information to us, you are consenting to MCCGLC communicating with you electronically regarding security, privacy, and administrative issues related to your use of our services. We may email you if a security breach occurs at the email address you have provided to us.

Data transmissions over the Internet are not 100% secure. Consequently, we cannot guarantee or warrant the security of any information you transmit to us and you do so at your own risk. Once we receive your transmission, we use reasonable efforts to ensure security on our systems.

(b) Right to Be Informed

We strive to ensure that all those engaging with us are informed of our arrangements for processing personal data through this Notice.

(c) Right of Access

We will respond to data requests within 1 month and will only charge for requests that are manifestly unfounded or excessive. If we have grounds to refuse a request we will inform the data subject and make them aware of their right to complain to the ICO or to seek civil action – again within 1 month of receiving the request

(e) Right to Erasure

For personal data obtained directly from a data subject under the legal basis of consent – and obtained indirectly from a data subject under the legal basis of legitimate interest – we will erase a data subject’s personal data upon receipt of a request / opt-out notification. For personal data held under the legal basis of “Contract” or “Vital Interests” or “Legal Obligations” we will endeavour to erase data upon request but will not be able to do so if holding the data is necessary to fulfil our legal obligations or may be necessary as evidence in a future legal action involving us. In cases where we cannot erase the data for these reasons we shall inform the data subject and make them aware of their right to complain to the ICO or to seek civil action.

(d) Right to Restrict Processing

For personal data obtained directly from a data subject under the legal basis of consent – and obtained indirectly from a data subject under the legal basis of legitimate interest – we will restrict the processing of a data subject’s personal data upon receipt of a request / opt-out notification. For personal data held under the legal basis of “Contract” or “Vital Interests” or “Legal Obligations” we will endeavour to facilitate the requested restriction upon request but will not be able to do so if restricting the processing of the data prevents us from fulfilling our legal obligations or the current processing of the data may be necessary as evidence in a future legal action involving us. In cases where we cannot restrict the processing of the data for these reasons we shall inform the data subject and make them aware of their right to complain to the ICO or to seek civil action.

(e) Right to Data Portability

For personal data obtained directly from a data subject under the legal basis of consent – we shall provide, upon receiving a request, the data that we hold in a standard, widely accessible format

(f) Right to Object

For personal data obtained directly from a data subject under the legal basis of consent – and obtained indirectly from a data subject under the legal basis of legitimate interest – we will cease to process a data subject’s personal data upon receipt of a request / opt-out notification

Changes to this Privacy Statement

MCCGLC reserves the right to revise, modify, or update this notice at any time. We will notify you via email about material changes in the way we treat personal data or by placing a prominent notice on this website.

Contacting MCCGLC

If you have a privacy concern regarding MCCGLC, or this notice, you may contact us via legal@mccglc.com.