Mo-Sys Engineering Ltd Data Privacy Notice
The purpose of this privacy notice is to inform you how we collect any personal data, how any personal data will be processed, how we look after your personal data, inform you about your privacy rights and how the data protection law protects you. Mo-Sys Engineering Ltd respect your privacy and will endeavour to protect your personal data.
Who we are and important information
Mo-Sys Engineering Ltd is a Data Controller and will be responsible for your personal data (collectively referred to as “Mo-Sys”, “we”, “us” or “our” in this privacy notice). Our contact details are Mo-Sys Engineering, Thames Bank House, Tunnel Avenue, London SE10 0PA, +44 208 858 3205. For all data matters contact email@example.com. Our website may include links to third-party websites, using these links may allow the third-party to collect or share data about you. We have no control over these third-party websites and are not responsible for their privacy statements. We encourage you to read the privacy notice of every website you visit.
The Personal Data We Collect
Personal data is any information about an individual from which that person can be identified. You can find out more about personal data from the Information Commissioners Office.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data – This includes first name, last name, username, and job title.
- Contact Data – This includes billing address, delivery address, email address and telephone number.
- Aggregated Data – This data can be collected, used and shared for statistical or demographic purposes such as usage data to calculate the percentage of users accessing specific website features. Aggregated Data is not considered personal data as it does not reveal your identity, in the instance that it does reveal your identity, we would treat the data in accordance with this privacy notice.
You are under no obligation to provide us with your personal data but failure to do so may mean that we would be unable to provide you with the goods or services you require.
How We Collect Your Personal Data
We use different methods to collect data from and about you including:
- Directly – You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you apply for our products or services, register for a customer account, sign up for our newsletter or request information via the contact form on our website.
- Indirectly – Collecting data for statistical purposes.
How We Use Your Personal Data
We will only use your personal data when the law allows us to. Your personal data will be used in the following circumstances:
- Performance of Contract – when processing your data is necessary for the performance of a contract or to take steps to enter into a contract, for instance we store your data to be able to fulfil any purchase orders and provide the necessary invoices.
- Legitimate Interest – when it is the interest of the business in conducting and managing our business to enable us to provide the best service/product and the most secure experience. For instance, we will store client data to simplify any future orders, internal accounting processes, customer support and record keeping. Your personal data will not be used in cases where our interest is overridden by the impact on you.
- Comply with legal or regulatory information – When personal data is processed to comply with a legal or regulatory obligation that we are subject to.
- Marketing Materials – You may receive marketing communications from us if you have; requested information from us, enquired for or purchased goods and/or services from us, if we believe that information we provide could be beneficial for your business. You can unsubscribe from marketing newsletters at any time by following the instructions in the marketing communication or you can withdraw your consent to marketing communications via email at any time by contacting us firstname.lastname@example.org.
Change of Purpose
Your personal data will only be used for the purpose for which we collected it. If personal data needs to be used for a purpose that is deemed unrelated to the original purpose, we will notify you and explain the legal basis which allows us to do so.
Sharing your Personal Data
We may have to share your personal data with some external third parties in order to process an order or service. Third-party service providers are only permitted by us to process your personal data for specified reasons and will not be permitted to use your personal data for their own purposes. We will ensure that all third-party providers have the appropriate policies and measures in place to protect your personal data. Here are some examples of third parties that we may share personal data with:
- Processors providing IT and System Administration Services.
- Professional Advisers acting as processors including lawyers, bankers, auditors and accounting services.
- HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities.
Some of our external third parties are based outside of the European Economic Area (EEA), which may mean that some of your personal data will be transferred outside of the EEA. The data will only be transferred to third parties on a business need to know purpose. In this case, we will ensure that your personal data is being treated with a similar degree of security as it would within the EEA.
Access to your personal data will be limited to employees, contractors and third parties that have a need to know such data for business purposes.
Appropriate security measures have been put in place to prevent your personal data being accidently lost, used, accessed without authorisation, altered or disclosed. If we suspect any personal data breach, we will notify you and any applicable regulator where we are required to do so by law.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it, this includes for the purposes of satisfying any legal, accounting or reporting requirements. For tax purposes it is a legal requirement to retain customer information for six years after they cease being customers. This information includes contact, identity, financial and transaction data. In some cases, we may anonymise the personal data so that it can no longer be associated with a data subject. We will retain personal data in accordance with our data retention policy and schedule which is available at any time on request.
Your Legal Rights
Unless subject to an exemption under the data protection laws, you have the following rights with respect to your personal data:
- The right to be informed, this allows a data subject to understand how and why their personal data is being processed.
- The right of access, this allows a data subject access to the personal data being stored and processed and verify the lawfulness of processing the data.
- The right to rectification meaning that you can request that we correct any personal data that is not accurate or complete.
- The right to erasure, this allows a data subject to request that personal data is deleted in cases where it is no longer necessary to retain such information.
- Where consent is the lawful basis, the right to withdraw your consent for processing at any time.
- The right to data portability, meaning that you have the right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller. This is only applicable where our processing is based on consent or it is necessary for the performance of a contract with you or where we process your data by automated means.
- The right to request that a restriction is placed on further processing, this is only applicable if there is a dispute in relation to the accuracy or processing of your personal data.
- The right to object to our processing of personal data, where processing is based on our legitimate interest, direct marketing or processing for the purposes of historical research and statistics.
- The right to object to automated decision making. However, we do not use any form of automated decision making in relation to our clients, partners or website visitors.
If you wish to exercise any of these rights, please contact email@example.com.
You will not have to pay a fee to access your personal data or to exercise any other rights set out above. If your request is unfounded, repetitive or excessive, you may be charged a reasonable admin fee. We may request information from you in order to confirm your identity when requesting access to your personal data or any other rights, this is a security measure to ensure that your personal data is not being disclosed to any unauthorised person. We aim to respond to all legitimate requests within one month. If the request is complex or there are numerous requests, we may extend this for a further two months, in which case you would be notified.
Changes to this notice and your duty to inform us of any changes
This version become effective October 2020. Changes within the regulations will be closely monitored, any changes will be reflected in any updates of this policy. It is very important that the personal data we hold about you is accurate and current, please therefore keep us informed of any changes in your personal data during your relationship with us.
Queries, Requests or Complaints
To exercise your rights, queries or make a complaint in relation to this policy or any other data protection matter between you and us, please in the first instance contact firstname.lastname@example.org. If you feel unsatisfied with how your query or complaint has been resolved, you have a right to complain to the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England, UK.