MAS Privacy Statement
This notice describes how the Management Advisory Service (UK) Ltd., (MAS), as a data controller, collects, uses, shares and retains the personal information you provide and informs you about your choices regarding use, access and correction of your personal information. MAS is committed to ensuring that any personal data it receives is protected and handled in accordance with applicable data protection laws.
For the purposes of this Privacy Notice, references to “we”, “us” or “our” shall refer to MAS.
Who we are?
Management Advisory Service (UK) Limited is a provider of professional services to any business where a need to improve wellbeing and performance has been identified. We are registered in the UK as a Limited Company and our principal place of business is in Gloucestershire, UK.
Our company details are below:
- Our Company Registration Number is 05914060
- Our VAT Registration Number is 997 2952 49
- Directors: Derek Mowbray and Barbara Leigh
- Registered Address: Essex Lodge, 14 Windsor street, Cheltenham, GL52 2DE
- Website: www.mas.org.uk
- Email address: firstname.lastname@example.org
- Telephone No: +44 (0)1242 2441882
What personal information do we hold and process about you?
The personal information we hold is restricted to appropriate individual company contacts and information necessary in the course of doing business. Personal contacts (email addresses) are only kept where people have registered them with us to be included in our mailing list or have accessed our Article Library or Questionnaires, or personal details have been provided as opt in delegate data provided to us from exhibitions at which we have exhibited.
We usually hold on our database the company name, contact name, position, email address, regional code and analysis or marketing codes. We do not hold any other personal or financial information.
Company addresses and transactional information are only maintained where goods or services have been provided.
Why we collect your personal information and the lawful basis for processing
If the DPO has identified a company contact as being one that would benefit from our goods or services, usually by nature of their job title and company type or sector, details will be stored for direct marketing purposes, under the understanding of legitimate interest.
We provide unsubscribe functions in all our email marketing communication and take immediate action to remove and prevent any further communication with those who have unsubscribed.
Where a contact has visited our website, a cookie will be created on the browser for the session to allow the server and browser to co-ordinate activities. No personal data is stored during these sessions, the cookie will automatically be deleted within 24 hours.
Where a contact choses to contact MAS via the MAS website, the resulting email will transmit the contact’s email and IP address, as well as the message from the contact.
Credit card transactions are carried out by PayPal under their GDPR compliance. We do not hold credit card details for such transactions.
If a contact has purchased goods or services from MAS, transactional information will also be stored in off line spreadsheets, email records and accounting applications. In most cases we do not rely on consent as the legal basis for processing your personal information. If we do rely on your consent, we will make this clear to you at the time we ask for your consent.
The lawful basis for processing your information is legitimate interest. Where your business provides goods or services to MAS, we may process personal information as part of the following Procurement processes:-
- Vendor/Supplier Selection
- Purchase Order Management
- Vendor/Supplier Performance Management
Legitimate interests assessment for the direct marketing activity we carry out
Purpose. Our legitimate interest behind our direct marketing processing is to provide useful information for organisations around psychological wellbeing and performance and promote our related products and services.
Necessity. Processing is necessary for the purposes of the legitimate interests and purpose identified above.
Balancing. With regard to business-to-business marketing the Information Commissioner says: "business contacts are more likely to reasonably expect the processing of their personal data in a business context, and the processing is less likely to have a significant impact on them personally". So in the case of direct marketing and email marketing to business contacts, the legitimate interest is not overridden by the interests of the individual, who as a business person with decision making and budgetary responsibilities can reasonably expect to be contacted with marketing material relating to his or her professional role.
Sharing your data
We do not sell or share your Personal Data. We consider this information to be a vital part of our relationship with you. Therefore, we will not sell or give your Personal Data to third parties, including third party advertisers. There are, however, certain circumstances in which we may disclose, transfer or share your Personal Data with certain third parties, without further notice to you, such as to our associates during the process of providing our services to you. In addition, there might, in the future, be certain exceptions as set forth below.
How long do we keep your data?
We will retain your personal information for as long as is reasonably necessary to fulfil the relevant purposes set out in this Privacy Notice. The retention period will primarily be determined by relevant legal and regulatory obligation and/or duration of our business relationship with you, your employer or another associated party, or until such time as you unsubscribe.
We will securely delete or erase your personal information if there is no valid business reason for retaining your data or if you request us to. In exceptional circumstances, other valid business reasons may identify the need to retain some or all of the data for future use.
How we store your personal data
Transfers to service providers and other third parties will always be protected by contractual commitments and where appropriate further assurances. Currently we have two such providers:
- Paypal who provide secure financial services for clients requiring card or Paypal payment schemes
- Campaigner who provide our mailing service from their secure Canadian based servers.
You have certain rights as an individual which you can exercise in relation to the information we hold about you. If you make a request to exercise any of your rights, we reserve the right to ask you for a proof of your identity. We aim to acknowledge your request as soon as possible and will address your query within one week from your request.
You have the following rights:
The right to access
You are entitled to a confirmation whether we are processing your data, a copy of your data, and information about purposes of processing, who do we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, where we got your data from and how you can make a complaint.
The right to rectification
If you believe the personal information we hold about you is inaccurate or incomplete you can request for it to be rectified.
The right to erasure
If you withdraw your consent, terminate a contract with us or you believe the personal information is no longer necessary for the purposes for which it was collected, you may request your data to be deleted. However, this will need to be balanced against other factors, for example there may be certain regulatory obligations which mean we cannot comply with your request, for example where financial transactions are required to be retained for specific periods.
The right to restriction of processing
You can ask us to restrict (i.e. keep but not use) your personal data, but only where:
- Its accuracy is contested, to allow us to verify its accuracy; or
- The processing is unlawful, but you do not want it erased; or
- It is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- You have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal data following a request for restriction, where we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.
The right to object
You have the right to object at any time to processing of your personal data where processing is necessary for the performance of a task carried out in the public interest, or in the exercise of an official authority vested in the controller. You may also object where the processing is necessary for the purposes of the legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms, in particular where you are a child.
Contact details of the Data Protection Officer
If you have any questions relating to data protection that you believe we will be able to answer, please contact our Data Protection Officer:
Data Protection Officer
Telephone: +44 (0)1242 241882
If you are not satisfied with our response or believe we are not processing your personal data in accordance with legal requirements you can make a complaint to relevant Data Protection Authority. Our Lead Authority within the European Union is the UK Information Commissioner’s Office (https://ico.org.uk/concerns/).