For the purposes of the General Data Protection Regulations (“GDPR”) Mitchell Oswald Limited, 28 James Young Road, Bathgate, EH48 2UP is the data controller.
Our data protection officer can be contacted at firstname.lastname@example.org.
We collect, use, process and store the information you provide to us to enable us to discharge the Services (as defined in our Letter of Engagement).
When you log into our client portal you provide us with limited personal information such as your name, email address and IP address to allow us to provide you with an individual profile which enables us to share information with you via the client portal. You can update these details by logging into the portal and editing your profile.
Non-logged in visitors to the website
We only use the anonymised data collected via cookies and Google analytics to monitor the use of the website and improve the user experience.
We will only use your personal information to provide the Services you have requested from us, detailed in your Letter of Engagement, as we have identified above. We will only use this information subject to your instructions, data protection law and our duty of confidentiality.
To undertake money laundering checks, we may receive personal data from you, such as a copy of your passport. This data will only be processed for the purposes of preventing money laundering and terrorist financing, or as otherwise permitted by law or with your express consent.
As part of our engagement with you we may be required to pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing the Services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the Services and we have contracts in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
We send regular technical updates and newsletters to clients. Clients can choose to stop receiving these emails by contacting us.
We will never share your information for marketing purposes with companies so that they may offer you their products and services.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We will not send personal data (other than your email address) by insecure or unencrypted forms of communication. This information will be available via our client portal which uses an encrypted connection using 256 bit encryption on SSL.
If you choose to communicate with us using an insecure or unencrypted form of communication we cannot guarantee the security of the information you send to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
If you believe that your account has been compromised, you should inform us immediately.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or regulatory requirements.
Our regulator requires us to retain information for a certain period of time, depending on the Services we provide to you. If you require more information please contact our Data Protection Officer.
If you cease to be a client we will delete your profile and all personal information held by us on our client portal. As noted above, we will still be required to keep certain information for regulatory and legal reasons.
We will review the personal information that we hold on an annual basis to ensure that it is accurate. We ask that you inform us of changes to your personal information.
You have legal rights over how your personal data is collected, used and stored.
These legal rights are as follows;-
Please contact our data protection officer (email@example.com) should you wish to exercise any of these legal rights. There is no charge in respect of legitimate requests to access data.
In order to process any such request, we may require additional information from you to confirm your identity.
We will respond to all requests within 28 days.
Where it is necessary for us to transfer data to outside of the EU we will take steps to make sure the right security measures are taken so that your privacy rights continue to be protected. Where our third-party supplies are in the US we have ensured that their services fall under the “Privacy Shield” whereby participating companies are deemed to have adequate protection and therefore facilitate the transfer of information from the EU to the US.
If you use our services while you are outside the EU, your information may be transferred outside the EU to give you those services.
This policy was last updated on 4 May 2018.