GDPR (External) Privacy Notice
Prepared by Derek Mann RISC, MSyI(Dip), CMgr FCMI - December 2018
This privacy notice explains how Midnight Communications Ltd uses the personal information we collect from Data Subjects, either through using our website or in any other way, electronically, verbally or in writing.
Midnight Communications Ltd is a data controller as defined by the General Data Protection Regulations. This means we decide what data is collected, in what manner it is collected and with whom we share that data. We can be contacted by telephone number:+44 (0)1273 666200.
We are committed to protecting your privacy and will ensure that personal data collected by us will be used lawfully, fairly and in a transparent way. We will only collect personal data for valid purposes and not use it in any way that is incompatible with those purposes.
Data collected will be relevant to the purposes we have told you about and be limited to those purposes. We will ensure personal data is accurate and kept up to date, keep it securely and only as long as necessary.
On what basis do we collect and process your data? (known as lawful processing)
Data Privacy law defines the basis by which we can lawfully collect and process personal data. For our data processing purposes, we have determined the following:
To enter into or in pursuance of a Contract:
We will collect personal data from you when engaging with you to enter into a commercial agreement by way of a contract, for example suppliers. We will continue to process that data for the duration and subsequently after the contract expires or is terminated.
We will collect and process personal data where it is in the legitimate interest of Midnight Communications Ltd to do so. Specifically, we use legitimate interest in relation to processing the personal data of our clients and for our direct marketing operations. We will continue to process personal data to manage our commercial relationships and this will include but not be limited to the continued processing (retention) of records of our transactions and interactions. The data collected will not be used for any unlawful or unethical purpose.
Data recipients and data transfers
We do not sell any of your personal data to any third party. Midnight Communications Ltd shares personal data with service providers such as accountants, payroll providers, insurance brokers and professional advisors.
Also, we may share your personal information with printing and mailing companies, as well as email service providers and other delivery companies.
We may disclose your personal data with law enforcement and fraud prevention agencies, so we can help tackle fraud or where such disclosure is necessary for compliance with a legal obligation to which we are subject, in order to protect your vital interests or the vital interests of another natural person, or in connection with the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
Data is occasionally transferred outside of the EEA to the USA for the purpose of utilising cloud storage solutions and collaborative working platforms. In doing so, we ensure these providers have appropriate organisational and technical measures to retain the data we share.
Midnight Communications Ltd does not collect or process sensitive data (as defined by Article 9 GDPR) as a data controller
Categories and types of data we collect
We process the following personal data of our clients:
· Job title
· Phone number
· Email address
· Online identifiers such as LinkedIn URL
We process the following personal data of our suppliers:
· Phone number
· Email address
· Bank Account
The data we collect directly from you is the minimum we require to facilitate the lawful processing described above. Personally Identifiable Data placed on our system will be deleted in accordance with legal obligations, such as HMRC rules. Outside of that Midnight Communications Ltd has developed a retention policy to ensure personal data is held only for as long as is required for the purpose we collected it or for our legitimate purposes. Generally, financial data will be held for 7 years and client data held for as long as we have a legitimate interest to process it or, you object to us processing your data.
Data storage and security
We take the security of data very seriously and have put in place organisational and technical measures to ensure that security of data. This includes two factor authentication, firewalls, anti-virus and anti-malware as well as active security patch management.
We store data within our own physical network which is subject to regular back up. For additional security and disaster recovery purposes, we back up our data to accredited data centres in the United Kingdom via cloud managed solutions. These cloud providers provide encryption for our data both in transit and at rest.
Your rights as a data subject
The regulations provide a number of rights to you as the Data Subject. Midnight Communications Ltd is committed to upholding those rights and those applicable to the personal information we collect and process is listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioner’s Office https://ico.org.uk. A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/
- Right of Access– you have the right to know what personal information is held, by whom and why.
- The Right to Rectification – If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified.
- Right to Erasure – You have the right to have your personal data erased and to prevent processing in some specific situations.
- Right to Restrict Processing– If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified.
- Right to Data Portability – You have the right to move, duplicate or transfer your data easily from one IT environment to another in a safe and secure way.
- Right to Object –You have the right to object to profiling and direct marketing
- You also have rights in relation to automated decision making.
You also have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioner’s Office www.ico.org.uk
Automated decision making
Midnight Communications Ltd does not conduct automated decision making.
Third party websites
How to contact us
You can write to us at this address:
Midnight Communications Ltd.
28 Foundry Street
Or, email firstname.lastname@example.org