This privacy notice explains how mXm Ltd (a company registered in England number 04103441) uses the personal information we collect from you, either through using our website, or in any other way, electronically, verbally or in writing.
mXm Ltd is the data controller, this is because we make decisions about what data is collected and how it is used and with whom it is shared with. We can be contacted at 13 Tonbridge Chambers Pembury Road, Tonbridge, Kent, United Kingdom, TN9 2HZ. Our telephone number is 01732 505282 or you can email firstname.lastname@example.org.
We process personal data for the purpose of providing contracted consultancy services to clients. Data Protection law defines the basis by which we can lawfully collect and process personal data for that purpose. To allow us to engage with you to provide our services, we will collect and process personal data where it is necessary to negotiate and / or enable a contract for services to be put in place and subsequently to deliver that service. We may also process personal data where it is in our legitimate interest to do so. In doing this we are careful to do this in a way that does not outweigh your own rights and freedoms. Our legitimate interests are to fulfill your requirements to the best of our ability, maintain our client base and third party contacts.
We will also process your data if we feel it is required to protect your vital interests, or the vital interests of another person. This might occur in serious life or death situations where immediate disclosure of personal data is required, and you are unable to give that information yourself.
This is the data we collect and the basis for doing so.
|Purpose||Data Type||Data Collected||Legal Basis|
|Provide required service||Identity details||Full name||Contract (Article 6(1)(b)) GDPR|
|Provide required service||Contact details||Telephone number(s)||Contract (Article 6(1)(b)) GDPR|
|Provide required service||Contact details||Email address||Contract (Article 6(1)(b)) GDPR|
|Provide required service||Identity details||Signature||Contract (Article 6(1)(b)) GDPR|
|Provide required service||Identity details||Job title||Contract (Article 6(1)(b)) GDPR|
|Provide required service||Contact details||Address||Contract (Article 6(1)(b)) GDPR|
We collect data in relation to your communications and interaction with us. This can include emails, text messaging, postal service delivery, social media posting or any other form of communication.
Some of the data we collect is deemed necessary to contractually deliver our service to you. If you do not provide this data, we will be unable to enter into an agreement with you.
We do not sell any of your personal data to any third party. We do share your information with trusted associates who carry out contracted services on our behalf. We use Microsoft 365 for email and storage of documents. We also transfer personal data to Dropbox, Hightail (opentext), Google Drive and WeTransfer for document storage and secure transfer of data.
Where required we will disclose your personal data with law enforcement and fraud prevention agencies. This is so we can help tackle fraud or where such disclosure is necessary for compliance with a legal obligation to which we are subject. Additionally, we will disclose your personal data in order to protect your vital interests or the vital interests of another natural person, or in connection with the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
Personal data in electronic form is held in UK, EU and US accredited data centres. If data must be transferred outside of the EEA, we ensure that the transfer is covered by an EU adequacy decision or through mechanisms such as standard contractual clauses as approved by the EU and UK’s Information Commissioner
mXm Ltd does not process sensitive data as defined by Article 9 of the GDPR.
The data we collect directly from you is the minimum we require to facilitate the lawful processing activity described above. Personally Identifiable Information processed by us will be deleted in accordance with legal obligations and or our retention policy to ensure personal data is held only for as long as is required for the purpose we collected it or for our legitimate purposes.
Full personal data of clients will be retained for a minimum of 3 years following the end of any commercial agreement. Personal data required for statutory reporting or HMRC audit purposes will be retained for 7 years.
We follow strict security procedures to ensure that your personal information is not damaged, destroyed, or disclosed to a third party without your permission and to prevent unauthorised access. We store both physical and electronic records. We have put in place technical and organisational measures to ensure our physical security as well as technical measures for data backup, authorisation and authentication onto systems. We use secure firewalls and other measures such as strong passwords to restrict electronic access, including anti-virus and anti-malware measures. If the data must be transferred to a third party, we require them to have in place similar measures to protect your personal data. We have a process in place to mitigate the impact of any data breach that should occur.
Only persons who need the information to fulfil their roles and responsibilities are granted access to personal data. We may require you to cooperate with our security checks before we disclose information to you. You can update the personal information that you give us at any time by contacting us directly.
The regulations provide a number of rights to you as the Data Subject. mXm Ltd is committed to upholding those rights and those applicable to the personal information we collect and process are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office https://ico.org.uk. A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/
You also have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office www.ico.org.uk
We do not use automated decision making to process personal data.
You can write to us at this address:
13 Tonbridge Chambers
Kent, United Kingdom,
You can telephone us on this number: 01732505282
You can email us at email@example.com