Mandata (Management and Data Services) Ltd. (ICO registration Z5804319) (“Mandata”) takes your privacy very seriously. This Privacy Notice is intended to set out your rights and answer any queries you may have about your personal data.
Our personal information handling policy and procedures have been developed in line with the requirements of the General Data Protection Regulation (in force from 25 May 2018)
Mandata may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
This policy is effective from 25th May 2018.
1. What information do we collect?
We collect and process personal data about you when you interact with us and when you purchase or supply goods and/or services from us. The personal data we process includes:
- your name;
- your work address, email address and phone number;
- records of calls you make to our customer service and sales team;
- and/or other information relevant to customer surveys and/or offers
2. How do we use this information and what is the legal basis for this use?
We process the personal data listed in paragraph 1 above for the following purposes:
- as required to establish and fulfil a contract with you, for example, if you make a purchase from us or enter into an agreement to receive or supply goods or services. This may include communicating with you, providing customer services, billing, and arranging the delivery or other provision of products or services. We require this information in order to enter into a contract with you and are unable to do so without it;
- to comply with applicable law and regulation;
- in accordance with our legitimate interests in protecting Mandata’s legitimate business interests and legal rights, including but not limited to, use in connection with legal claims, compliance, regulatory and investigative purposes (including disclosure of such information in connection with legal process or litigation);
- we may use information you provide to personalise (i) our communications to you; (ii) our website; and (iii) products or services for you, in accordance with our legitimate interests;
- to monitor use of our websites and online services. We may use your information to help us check, improve and protect our products, content, services and websites, both online and offline, in accordance with our legitimate interests;
- if you provide a credit or debit card, we may use secure POS payment providers to process payments;
- we may monitor any customer account to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law and our legitimate interests;
- we may use your information to invite you to take part in market research or surveys.
We may also send you direct marketing in relation to relevant products and services. Electronic direct marketing will only be sent where you have given your consent to receive it, or you have been given an opportunity to opt-out. You will continue to be able to opt-out of electronic direct marketing at any time by following the instructions in the relevant communication.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. Mandata is certificated for ISO 27001, the data protection standard.
The personal data that we collect from you is not transferred to, or stored outside of, the European Economic Area (“EEA”).
4. With whom and where will we share your personal data?
We may share your personal data with the below third parties:
- our professional advisors such as our auditors and external legal and financial advisors;
- search engine and web analytics.
- Personal data may be shared with government authorities and/or law enforcement officials, if mandated by law or if needed for the legal protection of our legitimate interests in compliance with applicable laws.
5. How long will we keep your personal data?
We will not keep your personal information for any purpose for longer than is necessary and will only retain the personal information that is necessary in relation to the purpose. We are also required to retain certain information as required by law or for as long as is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.
Where you are a customer or supplier, we will keep your information for the length of any contractual relationship you have with us and after that for a period of 3 years, excepting information that we are required to retain as above.
Where you are a prospective customer, we will only retain your data (a) until you unsubscribe from our communications; or, if you have not unsubscribed, (b) while you interact with us and our content; or (c) for 3 years from when you last interacted with us or our content.
In the case of any contact you may have with our customer services team, we will retain those details for as long as you remain a customer and for 3 years afterwards.
We will retain your data for a short time beyond the specified retention period, to allow for information to be reviewed and any deletion to take place.
6. What are my rights in relation to my personal data?
You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data or by contacting us.
Where you have consented to us using your personal data, you can withdraw that consent at any time.
You have the right to ask us to provide a copy of any personal data we hold about you.
If the information we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it.