Insights. Inspiration. Ideas.
Insights. Inspiration. Ideas.
Lee Frangiamore | April 2021
Hannah Tivey | March 2021
MCCGLC Limited operates within the requirements of the General Data Protection Regulation (2016/679). We work within the principles of fair data processing, namely:
This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us, as data controller and a data processor. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
This notice covers how we treat any personal information that we collect and receive as part of our broader operating processes. This includes information from our clients, supplier and other third parties we come into contact with in the provision of our services.
We do not sell or pass on any personal information about our clients, suppliers, employees and other business associates. We only use any information shared with us for provision of our services and in that capacity operate as a data controller and, to the extent that we process the data, as a data processor.
This statement tells you what information we collect, the steps we take to protect and secure it, how we use and share information, and finally, how you can contact us with questions or concerns.
We have a privacy notice regarding our CCTV system. You can request a copy of this by contacting us at email@example.com.
(a) Personal Information. We collect personal information (e.g., name, email address, phone number, etc.) when you:
Our services are not intended for children and we do not knowingly collect data relating to children.
We also maintain a database of prospective clients justified under a Legitimate Interest Assessment where we collate names and contact details of business to business decision makers who are known buyers of our services.
(b) Other User Information When you use our services, we may collect additional contextual information about your company as well as your design and aesthetics preferences. We do not link this additional data to any other information we collect about you and do not undertake any profiling activity from this type of data.
(c) Financial Information If you contract with either as a client or a supplier, we will require some financial information in order to process the financial transactions. This information includes your name, address, telephone number, bank details and other information necessary.
(d) Use of our Website The personal data or personal information we collect about you is made up of the information you give us or gained through our communications with you.
You can access and browse our website without disclosing your personal data.
(e) IP Addresses and Cookies. We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer.
Uses made of the information
We use this information held about you in the following ways:
We may also contact you by email, post or telephone. Please note that where you have provided sensitive data to us, we shall only use your sensitive data for the purpose for which the data was provided to us.
You have the right to withdraw consent to marketing at any time by sending an email to firstname.lastname@example.org. We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please email email@example.com if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Please note that at the time you contact us, it may be the case that we no longer process, hold or store your personal information/data as data processor, in which case we would advise you of this and the need to contact the data controller.
Disclosure of this information
We may disclose your personal information to third parties:
Sales and Service Delivery. MCCGLC uses personal data for developing and issuing sales proposals and for providing its products and services – and justifies this under the legal basis of “Contract”.
Marketing Emails and Messages. MCCGLC uses personal data to update existing clients and prospective B2B client with information about our services. We justify this through a “Legitimate Interests” assessment and offer opt-out functionality for those no longer wishing to hear from us in this way.
Emails and other Communications to Third Parties MCCGLC uses data provided by clients to inform and enable their suppliers to perform key operational tasks. We justify this through a “Legitimate Interests” assessment.
Engagement Emails and Vital Information to Event Registrants. MCCGLC captures registration details of event attendees where it has been contracted to do so by clients and justifies this through “Consent”. This may include rudimentary medical data captured for an attendees vital interest, such as dietary requirements, allergies or accessibility / inclusivity requirements. Our processes provide full transparency that this data is then shared with the client.
Administrative and Legal. We process small amounts of employee and subcontractor data under the legal basis of “Contract” and, if in the Vital Interests of the data subject, or with specific consent, or to comply with Employment or Health and Safety or another Legal requirement will hold special category data such as medical history or driving convictions.
MCCGLC does not share, sell, rent or trade personal information with any third parties for marketing or promotional purposes. It will only share limited data with suppliers where required operationally and with clients (where the data has been collected on their behalf in the first instance).
It does share employee data for administrative and legal purposes.
It also reserves the right to share data with relevant authorities if compelled to do so to comply with legal obligations.
We will retain existing client information for as long as a client is with us or as needed to provide our services – and where required to comply with our legal obligations, resolve disputes, and enforce our agreements. We will retain all client data until any such time that we receive a request to opt-out.
Details of retention periods for different aspects of your personal data are available upon request.
We use physical, electronic, and procedural safeguards to protect personal information – our IT arrangements aspire to “Data Protection by Design” and should be able to detect a significant data breach. Where such a breach could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage we will notify the ICO, if we are the Controller, or our client, in the event they are the Controller. Where a breach is likely to result in a high risk to the rights and freedoms of individual data subjects, we will also notify those concerned directly and at the earliest practical opportunity. We shall then fully investigate a data breach and implement corrective action to prevent recurrence.
By using our services or providing personal information to us, you are consenting to MCCGLC communicating with you electronically regarding security, privacy, and administrative issues related to your use of our services. We may email you if a security breach occurs at the email address you have provided to us.
Data transmissions over the Internet are not 100% secure. Consequently, we cannot guarantee or warrant the security of any information you transmit to us and you do so at your own risk. Once we receive your transmission, we use reasonable efforts to ensure security on our systems.
We strive to ensure that all those engaging with us are informed of our arrangements for processing personal data through this Notice.
We will respond to data requests within 1 month and will only charge for requests that are manifestly unfounded or excessive. If we have grounds to refuse a request we will inform the data subject and make them aware of their right to complain to the ICO or to seek civil action – again within 1 month of receiving the request
For personal data obtained directly from a data subject under the legal basis of consent – and obtained indirectly from a data subject under the legal basis of legitimate interest – we will erase a data subject’s personal data upon receipt of a request / opt-out notification. For personal data held under the legal basis of “Contract” or “Vital Interests” or “Legal Obligations” we will endeavour to erase data upon request but will not be able to do so if holding the data is necessary to fulfil our legal obligations or may be necessary as evidence in a future legal action involving us. In cases where we cannot erase the data for these reasons we shall inform the data subject and make them aware of their right to complain to the ICO or to seek civil action.
For personal data obtained directly from a data subject under the legal basis of consent – and obtained indirectly from a data subject under the legal basis of legitimate interest – we will restrict the processing of a data subject’s personal data upon receipt of a request / opt-out notification. For personal data held under the legal basis of “Contract” or “Vital Interests” or “Legal Obligations” we will endeavour to facilitate the requested restriction upon request but will not be able to do so if restricting the processing of the data prevents us from fulfilling our legal obligations or the current processing of the data may be necessary as evidence in a future legal action involving us. In cases where we cannot restrict the processing of the data for these reasons we shall inform the data subject and make them aware of their right to complain to the ICO or to seek civil action.
For personal data obtained directly from a data subject under the legal basis of consent – we shall provide, upon receiving a request, the data that we hold in a standard, widely accessible format
For personal data obtained directly from a data subject under the legal basis of consent – and obtained indirectly from a data subject under the legal basis of legitimate interest – we will cease to process a data subject’s personal data upon receipt of a request / opt-out notification
MCCGLC reserves the right to revise, modify, or update this notice at any time. We will notify you via email about material changes in the way we treat personal data or by placing a prominent notice on this website.
If you have a privacy concern regarding MCCGLC, or this notice, you may contact us via firstname.lastname@example.org.