Data Consultancy
Privacy Policy
Introduction
M&P Enterprises is committed to protecting your data and complying with our obligations under the GDPR and the USA Data Protection Act xxx. Under the GDPR, a Data Controller determines the purposes and means for processing personal data. A Data Processor processes personal data on behalf of a Data Controller.
M&P Enterprises is a Data Controller and a Data Processor. We process determine the means and purposes of processing data for our own business purposes – e.g. Processing employee and client data. We also process our clients’ data – e.g. employee data and customer data during system migrations etc. Further details about how we process personal data can be found throughout this statement. M&P Enterprises is referred to as “we”, “us”, “our”, “the company” throughout this privacy statement.
Our Contact Information
Company name: M&P Enterprises
Address: ??
Email address: jp@mandpenterprise.com
About This Privacy Notice
This privacy notice outlines the following:
- What personal data we collect and about whom
- Why we collect personal data
- How we use personal data
- The lawful basis for collecting personal data
- Your rights in relation to your personal data
- How we collect personal data
- How we store personal data
- Who we share personal data with
- How we keep personal data secure
- How long we keep personal data
- How we use personal data for marketing
- Transferring data internationally (outside the EEA)
- Our use of cookies
- Your right to complain
Your Personal Data
Under the GDPR, M&P Enterprises must be transparent about the data we collect, about whom and why we need it. Details of what personal data we collect, about whom, why we collect it, how we use it, the lawful basis, and where appropriate, the condition for processing can be found in the following section. Where we rely on consent as a lawful basis, you have the right to withdraw your consent at any time and can do this by contacting us at jp@mandpenterprise.com
Directors, Employees, Independent Consultants and Contractors
Data Captured: Name, address, email, date of birth, NI number, signature, proof of identification, qualifications & certificates, bank details, telephone number, job title/position, usernames and passwords
Existing and Potential Clients
Data captured: Employee name, employer name, address, email address, telephone number, job title, Employer name, Signature, communications, notes and minutes, communication preferences, username, password, unique identifier (when added to systems), financial details – e.g. company card / bank details, behavioural data – e.g. IP address, statistics and reports, website visits etc.
Providers (Data Processors) and Suppliers
Data captured: Name, company name, email address, address, telephone number, job title, signature, communications, notes and minutes, financial details – e.g. card / bank details
General public Data Captured: CCTV footage, date and time
Your rights in relation to your personal data
Under the GDPR you have the following rights in relation to your data. All requests can be made free of charge and we have one month to respond:
The right to be informed
You have the right to be informed when we collect your personal data from you directly or indirectly from another source.
The right of access
You have the right to request copies of the data we hold about you.
The right rectification
You have the right to request that we complete any information about you that you think is incomplete. You also have the right to request that we rectify any inaccurate information that we hold about you.
The right erasure
Also referred to as the “right to be forgotten”, you have the right to ask us, in certain circumstances, to erase your data.
The right to be informed
You have the right to be informed when we collect your personal data either directly from you or indirectly from another source.
The right to object to us processing your personal data
You have the right to object to us processing your personal data in certain circumstances. For example – for the purposes of direct marketing.
The right to restrict us processing your personal data
You have the right to restrict us processing your data in certain circumstances. This means that we may still be able to hold the data, but not process it.
How we collect personal data
We collect your personal data via the following methods:
- Directly from you – we collect your personal data directly from you for the purposes outlined in ‘Your Personal Data’ above. We collect personal data via a number of methods – e.g. email, telephone, during meetings and workshops etc. (using Zoom, Microsoft Teams and collaboration software, etc.), online via our website when you fill out forms, when you sign up to receive communications and marketing from us etc.
- Indirectly – where we have your consent, we collect personal data (such as emails, IP address and online behaviors) of visitors to our website using Cookies, Facebook Pixel, Click Funnels, Google Analytics and Active Campaign. We use this data so that we can display adverts to you – e.g. via Facebook and other Social Media platforms – and to send targeted communications and marketing about our products and services.
How we store personal data
M&P Enterprises store your personal data on our internal, paper and digital systems as well as on our Data Processor systems – e.g. Microsoft365, our customer relationship management database, Active Campaign, WordPress, Siteground and Google Analytics, Zoom, Microsoft Teams etc. Where we have your consent to display ads to you, your data will be stored third party platforms such as Facebook, Click Funnels and other Social Media platforms for the purposes of displaying relevant content to you.
Who we share personal data with
M&P Enterprises will never sell your personal data. We share your personal data with suppliers and providers – e.g. Data Processors – whose systems software we use (listed in ‘How we store personal data) – and any independent consultants / sub-contractors who we assist us to deliver services to you. In certain circumstances M&P Enterprises will be required to disclose personal data. Examples include:
- In an emergency situation (e.g. life or death) – i.e. to protect the vital interest of an individual(s)
- In the interest of national security
- To prevent or detect crime, including the apprehension or prosecution of offenders
- To prevent serious harm to an individual(s) – e.g. a health and safety concern
How we keep personal data secure
M&P Enterprises have appropriate physical and technical security measures in place to protect your personal data. We ensure that we have provisions in place to ensure that only authorized persons have access to personal data, that your data is kept secure, and that we have processes and procedures in place to prevent accidental loss, destruction, alteration, unauthorized access or disclosure of your personal data. We have incident and breach processes and procedures in place to deal with a respond to any suspected breaches of your personal data and will notify you and any relevant regulators in the event of a breach where we are required to do so. When engaging independent consultants, sub-contractors and Data Processors, we carry out due diligence to ensure that they employ appropriate levels of security and that they comply with the GDPR.
How long we keep personal data
M&P Enterprises have a Data Retention Policy and Retention Schedule in place to ensure that your data is only kept for a long a necessary, and in line with the purposes that it was collected. Retention timescales are outlined in the ‘Your Personal Data’ table above.
How we use personal data for marketing, profiling and automated decision making
Where we have your consent we will use your data to market our services and consultancy to you and display ads to you when browsing website, using apps and social media sites. Data will be aggregated automatically from different sources – e.g. website cookies, Facebook Pixel, open rates on emails etc. and will be used to deliver relevant content to you. You have the right to withdraw your consent at any time by contacting us at jp@mandpenterprise.com
Transferring data internationally (outside the EEA)
The GDPR places obligations on Data Controllers to ensure that provisions are put in place when data is being transferred outside of the EEA. When tendering for new suppliers and systems, M&P Enterprises will carry out due diligence to ensure that, where possible, data is not transferred outside of the EEA. In the event that data will be transferred outside of the EEA, we will ensure that appropriate safeguards and provisions – as outlined under the GDPR – are in place prior to transferring the data.
Our use of cookies
Introduction
Digital & Data Consultancy’s website and services, we will ask you to consent to our use of cookies when you first visit our website.
About cookies
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either “persistent/permanent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies may not contain any information that personally identifies a user, but personal data that we store about you may be linked to the information stored in and obtained from cookies.
Cookies that we use
We use cookies for the following purposes:
(a) tracking visits – to identify you when you visit our website and as you navigate our website. Cookies used for this purpose are: Session cookies;
(b) personalizing your visit – we use cookies to store information about your preferences and to personalize our website for you. Cookies used for this purpose are: permanent cookies;
(c) advertisements – we use cookies to help us to display advertisements that will be relevant to you on our website and on third party platforms such as Facebook and other social media platforms. Cookies used for this purpose are: permanent cookies;
(f) analysis – we use cookies to help us to analyses the use and performance of our website and services. Cookies used for this purpose are: permanent cookies; and
(g) cookie consent – we use cookies to store your preferences in relation to the use of cookies more generally. Cookies used for this purpose are: permanent cookies.
Cookies used by our service providers
Our service providers use cookies and those cookies may be stored on your computer when you visit our website. Service providers are:
- Google Analytics – Google Analytics gathers information about the use of our website by means of cookies. The information gathered is used to create reports about the use of our website. You can find out more about Google’s use of information by visiting https://www.google.com/policies/privacy/partners/ and you can review Google’s privacy policy at https://policies.google.com/privacy. The relevant cookies are: permanent cookies.
- Facebook – We use a Facebook pixel on our website. Using the pixel, Facebook collects information about the users and use of our website. The information is used to personalize Facebook advertisements and to analyses the use of our website. To find out more about the Facebook pixel and about Facebook’s use of personal data generally, see the Facebook cookie policy at https://www.facebook.com/policies/cookies/ and the Facebook privacy policy at https://www.facebook.com/about/privacy. The Facebook cookie policy includes information about controlling Facebook’s use of cookies to show you advertisements. If you are a registered Facebook user, you can adjust how advertisements are targeted by following the instructions at https://www.facebook.com/help/568137493302217
Managing cookies
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/ answer/95647 (Chrome);
(b) https://support.mozilla.org/en-US/kb/ enable-and-disable cookies-website preferences (Firefox);
(c) https://help.opera.com/en/latest/security-and-privacy/ (Opera);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac (Safari); and
(f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
Blocking all cookies will have a negative impact upon the usability of many websites. If you block cookies, this may impact the use of some of the features on our website.
Cookie preferences
You can manage your preferences relating to the use of cookies on our website by not accepting cookies.
Your right to complain
If you are unhappy with how we use your personal data you have the right to us at jp@mandpenterprise.com You also have the right to complain to the ICO:
Information Commissioners Office:
Telephone: