Midson Ltd. is registered in England and Wales 13109115. The registered address for Midson Ltd. is 20-22 Wenlock Road, London, N1 7GU
- Who we are
- Data Protection
- Why we collect your data
- Types of personal data we collect
- Where does this information come from?
- How we use your data
- How the law applies to Midson Ltd.
- How long we store your information
- How we store your information
- Sharing your information
- International Transfers
- Your data protection rights
- What to do if you’re not happy
- Notification of changes to this Privacy Notice
1 Who we are
1.1 Midson Ltd. specialises in Behavioural Change and People Development consultancy. We combine the latest thinking in Applied Positive Psychology with our person-centred approach to Change Facilitation to create realities where people can flourish.
1.2 Midson which is a limited company, is the data controller.
2 Data Protection
2.1 We are committed to protecting your privacy and respecting any information you share with us. This Privacy Notice explains how and why we use your personal information when we send you information in the post, when we contact you electronically and when you access our website or social media platforms.
3 Why we collect your data
3.1 Midson Ltd. holds and processes certain information about individuals it has dealings with for various purposes, including developing and delivering our services and programmes, processing enquiries and keeping in touch.
4 Types of personal data we collect
4.1 Depending on your interaction with Midson Ltd., here is a list of the following types of information we may collect from you:
- Your first name or initial, and surname
- Your email address
- Your telephone number
- Your postal address
- A record of our communications with you
- Your communication preferences
- Your enquiry about our services
- Case studies
- Photography and videography, such as images at events, case studies and other marketing materials
5 Where does this information come from?
5.1 Direct from you, that is information that you provide voluntarily.
5.2 From your device. This may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our website, including the pages accessed and links clicked. Collecting this information enables us to better understand the visitors who come to our website, where they come from, and what content on our website is of interest to them. Some of this information may be collected using cookies and similar tracking technology.
6 How we use your data
6.1 We will not sell your personal information. We only wish to contact you in a way that is consistent with our relationship (how you would expect to be contacted and with materials you would expect to receive from us).
6.2 Our communications may include information about our objectives and activities, the projects we’re involved with and the impact of your support as well as requests for financial support at a corporate level. We will use your personal information to tailor and target our communications to you.
6.3 We use personal information about individuals for the following purposes:
6.3.1 To send you marketing communications by email, SMS or to contact you by phone for marketing and fundraising purposes where we have your consent.
6.3.2 To manage our work effectively and provide you with the best experience by tailoring and targeting our approach and provide the best service and experience according to your interests.
6.3.4 For research and analysis purposes – this may include inviting you to participate in surveys or research or analysing usage data from our website to improve our content or user experience.
6.3.4 For the provision of services or “administration” – this may include:
- a) Dealing with gifts in kind or corporate sponsorship, including communications to confirm and say thank you, or for other administrative reasons relating to your gift.
- b) Dealing with any transaction you enter into with us and for us to fulfil any contract with you (e.g. where you sign up to an event).
- c) Preparing reports about our work, services and events.
- d) When you contact us to ask questions.
- e) If you provide any content to us.
- f) Monitoring website use (to enable us to improve user experience).
- g) Responding to your enquiries, contacts or requests about your personal information.
- h) Notifying you about changes to the website or our services.
- i) For internal record keeping (we will keep a record of our relationship).
- j) Carrying out fraud prevention (and money laundering checks), undertaking credit risk activities and in relation to legal claims we take or defend.
- k) To safeguard those who work for or with us (or we otherwise engage with).
- l) To process and administer your application for a job.
6.3.5 When we enter into a working agreement with you, in some cases we may need to process your data in the following ways:
- a) To ensure we are complying with our legal obligations, e.g. checking your right to work in the UK.
- b) To manage the process of recruitment and assess and confirm your suitability for the role and decide who to offer a role to. We have a legitimate interest in processing your personal data during the recruitment process and for keeping records of the process.
- c) We may also need to process data from job applicants to respond to, and defend against, legal claims. Where we are relying on legitimate interest as a reason for processing data, we have considered whether or not those interests override the rights and freedoms of the applicant and have concluded that they do not.
- d) We process health information if we need to make a reasonable adjustment to the recruitment process for candidates who have a disability. This is to carry out our obligations and exercise specific rights in relation to employment.
- e) Midson Ltd. will not use your personal information for any purpose other than the recruitment exercise for which you have applied.
6.4 We use personal information about Directors to allow Midson Ltd. to fulfil its regulatory responsibilities.
7 How the law applies to Midson Ltd.
7.1 From 25 May 2018, the General data protection regulation (GDPR) applies to our collection and use of your personal data. Under GDPR Midson Ltd. is required to have a legal basis for processing for both collecting and using your personal data. We use the following legal bases for processing; Contract, Legitimate Interest & Consent.
7.2 We will normally collect personal information from you only where we have your consent to do so, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or (in some cases) where we need the personal information to perform a contract with you. We may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
7.3 If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
7.4 Sensitive data (such as information about health status, sexual orientation or religious beliefs) will not generally be obtained, held, used or disclosed, unless you have given explicit consent. This means we must let you know why we need the data and get your agreement to hold it.
8 How long we keep your information
8.1 We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
8.2 In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you no longer have a relationship with us, we will retain and securely destroy your personal information in accordance with applicable laws and regulations.
8.3 If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to avoid sending you unwanted materials in the future.
9 How we store your information
9.1 Midson Ltd. uses appropriate technical and organisational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information.
10 Sharing your information
10.1 Midson Ltd. will ensure that your personal information is not shared or disclosed to unauthorised third parties, unless otherwise permitted under the statements below:
10.1.1 You have given consent;
10.1.2 Where disclosure is required to allow a requested service to be provided (e.g. where you have specifically requested information about a particular service);
10.1.3 Where Midson Ltd. is legally obliged to disclose the data;
10.1.4 Where disclosure of data is required for the performance of a contract (although this will be unusual in relation to Midson Ltd.).
11 International transfers
11.1 Midson Ltd.’s database servers are located in the United Kingdom. However, your personal information may be transferred to, and processed in, countries other than the United Kingdom. These countries may have data protection laws that are different to the UK.
11.2 Specifically, our website servers are located in the United Kingdom and our third party service providers operate around the world. We have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Policy.
12 Your data protection rights
12.1 You have the following data protection rights:
12.1.1 If you wish to access, correct, update or request deletion of your personal information, object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information, you can contact us at any time by using the contact details provided below.
12.1.2 If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. This includes your right to opt out of any emails we may send you at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
13 What to do if you’re not happy
13.1 In the first instance, please talk to us directly so we can help resolve any problem or query. You can reach us on: firstname.lastname@example.org or 07577 324 153
13.2 You also have the right to contact the Information Commissioners Office (ICO) if you have any concerns about Data Protection using their helpline 0303 123 1113 or at www.ico.org.uk
14 Notification of changes to this Privacy Notice
14.1 We may update this Policy from time to time in response to changing legal, technical or operational developments. We will obtain your consent to any material changes if and where this is required by applicable data protection laws. You can see when this Policy was last updated by checking the “last updated” date shown at the end of this Policy.
Last updated: [Jan 2021]