Privacy Policy

Privacy Policy Statement

Multevo Ltd is a supplier, trainer, maintenance provider of plant and equipment, facilities management & various highway maintenance activities. Some of the information we hold may be classified as “personal data” under European Union (EU) law as it is information relating to an individual (e.g. a sole trader, a partnership, a company director, a beneficial owner, a trustee, a professional contact etc). We only store this data in relation to business to business communications.This privacy notice provides the information we are required to give in relation to the processing of personal data under EU law.

What Information Do We Process and Why?

Multevo Ltd processes data so that it can service its customers and potential customers as well as suppliers. The purpose of this processing is to enable businesses to manage their operations more efficiently through introduction to our innovative range of products and services, keeping organisations informed of industry news and relevant case studies and communication important information. The data we hold on businesses and business professionals includes the following examples:

  • Company and business professional contact information, including name, job title and role, business address, phone number, fax number, business e-mail address
  • Company profiles and statistics, including background information regarding operational management and customer relations notes relating to our business activities, including territories, subsidiaries, affiliates, and lines of business

Multevo Ltd does not seek to collect any information in relation to a European resident’s race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, genetic or biometric data.

Multevo’s own data originates from:

Organisations Governmental and administrative public records such as business registrations, company filings Public sector information (e.g. Company Registrars) Regulatory bodies and law enforcement agencies Our Marketing Data originates from our customer base, previous customers, public sources, events, promotions and website visitors and inbound or outbound enquiries and referrals which has grown organically overtime. All data is our own and is in relation to businesses and business activity where individuals are concerned.

Who do we share Data with?

We may, on occasions share information with 3rd party companies who enable us to communicate with customers and potential customs. We ensure these 3rd party companies are GDPR compliant and hold Privacy Shield Certification. As required or appropriate in order to protect our website, business operations or legal rights, or in connection with a sale or merger involving Multevo or its businesses. (In the event that Multevo is purchased or sells parts or all of the business, the information collected will be considered an asset that can be transferred). If a court, tribunal administrative authority law enforcement agencies, regulatory authorities or government agencies, is based in a country outside the EU we would only comply with such a request if there was an international agreement (such as a mutual legal assistance treaty) in place.

Want to know more? Read our full privacy policy below:

INTRODUCTION 1. SCOPE

This policy describes how personal data is collected, handled and stored to meet Multevo Ltd data protection standards and to comply with the law. The Data Protection Act 1998 applies to every business that collects, stores and uses personal data relating to customers, staff or other individuals.

1.1 The policy applies to:

• Head office and all branches of Multevo Ltd

• All employees and/or volunteers of Multevo Ltd

• All sub-contractors, suppliers, Instructors, Assessors, and other people working (paid or unpaid) on behalf of Multevo Ltd

1.2 It applies to all data that the company collects and holds relating to: All individuals and or customers

• Postal addresses

• Email addresses

• Telephone numbers

• IP addresses, cookies, electronic data

• Plus, any other information relating to individuals, learners and or customers.

2. RESPONSIBILITIES

Multevo Ltd needs to gather and use certain information from customers, suppliers, businesses, employers, instructors and other people the company has a relationship with or may need to contact. Everyone who works for or with Multevo Ltd has some responsibility for ensuring data is collected, stored and handled appropriately.

2.1 Multevo Ltd IT/Data Protection Manager is responsible for: • Awareness of data protection responsibilities, risks and issues

• Reviewing all data protection procedures and related policies, in line with schedule • Arrange data protection training and advice for employees

• Handling data protection questions and dealing with customer requests • Checking for sensitive data in any contracts or agreements with third parties

• Ensuring all systems, services and equipment meet acceptable security standards • Ensuring safe and secure storage of training or assessment materials

• Achievement data is retained for the purposes of reporting to the regulatory authorities as required

• Preform regular hardware and software checks and scans • Evaluating any third-party services for the purpose of storing or processing data

• Approve any data protection statements attached to e-mails, letters, communication

• Provide guidance to use BCC box when sending emails to groups unless absolutely certain that permission was given for individual details to be made available to others

• Ensure marketing initiatives comply with the data protection principles

• Ensure forms have appropriate data protection notifications on them

3. DATA PROTECTION AND THE LAW

The Data Protection Act 1998 describes how organisations including Multevo Ltd must collect, handle and store personal data. These rules apply regardless of whether data is stored electronically, on paper or on other materials.

Multevo Ltd is working towards new GDPR – General Data Protection Regulations regulatory requirements for data protection which come into force on 25 May 2018. “Personal data” is defined in both the Directive and the GDPR as any information relating to a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

Multevo Ltd makes no distinction between personal data about individuals in their private, public or work roles – the person is the person. Online identifiers including IP address, cookies and so forth are also regarded as personal data if they can be (or are capable of being) without undue effort linked back to the data subject.

Multevo Ltd is a supplier, trainer, maintenance provider of plant and equipment, facilities management & various highway maintenance activities. Some of the information we hold may be classified as “personal data” under European Union (EU) law as it is information relating to an individual (e.g. a sole trader, a partnership, a company director, a beneficial owner, a trustee, a professional contact etc). This privacy notice provides the information we are required to give in relation to the processing of personal data under EU law.

What Information Do We Process and Why?

Multevo Ltd processes data so that it can service its customers and potential customers. The purpose of this processing is to enable businesses to manage their financial risks, protect against fraud, know who they are doing business with, meet compliance and regulatory obligations and better understand organisations, industries and markets. The data we hold on businesses and business professionals includes the following examples: Company and business professional contact information, including name, job title, address, phone number, fax number, e-mail address, domain names, and trade associations; Detailed company profiles and statistics, including number of employees; Background information regarding company management, such as beneficial ownership/persons of significant control, Company operational histories, including territories, subsidiaries, affiliates, and lines of business; Detailed trade and business credit information, including payment histories and patterns; Business information regarding profitability, debts, assets, net worth, and business relationships; Business compliance information from public source government and professional records, media and business publications Credit/debit card information in order to process certain customer payments IP addresses of visitors to our website Contact details of actual or potential customers Multevo Ltd does not seek to collect any information in relation to a European resident’s race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, genetic or biometric data. Multevo’s own data originates from: Organisations Governmental and administrative public records such as business registrations, company filings Public sector information (e.g. Company Registrars) Regulatory bodies and law enforcement agencies

Our Marketing Data originates from our customer base, previous customers, public sources, events, promotions and website visitors. Who do we share Data with? We may, on occasions share information with 3rd party companies who enable us to communicate with customers and potential customs. We ensure these 3rd party companies are GDPR compliant and hold Privacy Shield Certification. As required or appropriate in order to protect our website, business operations or legal rights, or in connection with a sale or merger involving Multevo or its businesses. (In the event that Multevo is purchased or sells parts or all of the business, the information collected will be considered an asset that can be transferred). If a court, tribunal administrative authority law enforcement agencies, regulatory authorities or government agencies, is based in a country outside the EU we would only comply with such a request if there was an international agreement (such as a mutual legal assistance treaty) in place. Data Retention Personal data is stored for varying lengths depending on nature and purpose for which it was collected. We store personal data in line with any applicable statutory minimum periods, and then review it periodically (usually annually) to ensure it is still necessary to be retained for the purpose for which it was collected. Where there is a statutory maximum for which data can be retained, such as County Court Judgements we will delete accordingly on expiration. Grounds for Processing In technical legal terms we process personal data under the grounds of Legitimate Interest. Multevo Ltd.’s legitimate interest is as a supplier, trainer, maintenance provider of plant and equipment, facilities management & various highway maintenance activities (and the marketing of our business). The purpose of this processing is to enable businesses to manage their financial risks, protect against fraud, know who they are doing business with, meet compliance and regulatory obligations and better understand organisations, industries, and markets. Data Subject Access Request You have the right to request from us confirmation of whether we are processing your personal data, and if so access to that information. If any of your personal data is inaccurate you have a right to request rectification. We are very keen to ensure the data we hold is accurate and up to date. You have the right to object to our processing and/or request it is deleted or restricted. In considering our response we undertake to ensure your interests, fundamental rights and freedoms are properly balanced against our legitimate interests. We will also look at whether it is still necessary to process your data for the purpose it was collected. We will always observe your objection to receiving our marketing information: please contact info@multihog.co.uk, including the name, business name, address, telephone number and email address that you wish to have excluded. Multevo Ltd.’s Data Protection Officer is Stuart Allen and can be contacted at stuart.allen@multihog.co.uk Before we are able to provide you with any information or correct any inaccuracies we may ask you to verify your identity and to provide other details to help us identify you and respond to your request. Updating the Privacy Policy We strive for continuous improvement in our services, processes and protecting data subject rights. We will therefore update this privacy notice from time to time. Therefore, we advise you to check this notice on a regular basis, or if requested we will send it to you on a regular basis. Complaints All complaints or concerns and appropriate resolution relating to the practices of handling personal information will be logged. Any complaints of this nature should be made to: info@multihog.co.uk “Personal Data Breach’ is defined in the GDPR as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, transmitted, stored or otherwise processed”. Data breaches will be reported to ICO Commission within 72hrs Multevo Ltd is registered with the Information Commissioner’s Office (ICO) to process personal data. As a registered body, we determine the purposes for which, and the manner in which, personal data is to be processed. ICO Registration Reference is ZA188577, expires 7/6/18. The Scottish Information Commissioner and the UK Information Commissioner’s Office (ICO) have separate roles and responsibilities. The Scottish Information Commissioner is responsible for the freedom of information compliance of all public authorities in Scotland, while the ICO is responsible for public authorities in England, Wales, and Northern Ireland, and for any agencies operating in both Scotland and another part of the UK. The ICO also covers Data Protection rights (personal information) for the whole of the UK, including Scotland. The Data Protection Act 1998 is underpinned by eight important principles. Multevo Ltd regards the lawful and correct treatment of personal information as very important and therefore ensures that personal information complies with the principles of the Act. 3.1 The principles say that personal data must:

(1) Be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met

(2) Be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes

(3) Be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed

(4) Be accurate and, where necessary, kept up to date

(5) Not be kept for longer than is necessary for that purpose or those purposes

(6) Be processed in accordance with the rights of data subjects under the Act

(7) Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data

(8) Not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

4. GENERAL GUIDELINES

4.1 Multevo Ltd will, through appropriate management, strict applications of controls ensure:

• Confidential information is not shared informally

• Personal data is not disclosed to unauthorised people

• Collect and process appropriate information, only to the extent that is needed

• Employees keep all data secure and is only available to those who need it

• Strong passwords are used and regularly changed

• Appropriate security measures are in place to safeguard personal data

• Data is regularly reviewed, updated and archived in line with guidance and schedules

• When working with personal data, employees ensure screens of their computers are always locked when left unattended

• Hold good quality of information ensuring accuracy of data

• ICT systems will be designed, where possible, to encourage and facilitate the entry of accurate data • Training and assessment materials are kept on secure internal systems that are password protected. Printed assessment materials are locked in secure areas and only available to those intended

• Data is not transferred outside of the European area without suitable safeguards

• Everyone managing and handling personal information understands that they are contractually responsible for following good data protection practice • Everyone managing and handling personal information is appropriately trained

• Everyone managing and handling personal information is appropriately supervised

• Anybody wanting to make enquiries about personal information knows the process

• Enquiries are promptly and courteously dealt with

• Ensure that the rights of people about whom information is held can be fully exercised under the Act

• Methods of handling personal information are clearly described • Methods of handling personal information are regularly reviewed, assessed and evaluated

• Data protection risks are monitored through Multevo Ltd risk register

• Any breach of the rules and procedures identified in this policy is a potential breach of the Code of Conduct and may lead to disciplinary action.

5. DATA STORAGE

5.1 Multevo Ltd will ensure: • Paper, CD, DVD files are kept in a locked drawer, when not required • Printouts are not left where unauthorised people could see them • Data printouts are shredded and disposed of securely when no longer required • Electronic data is protected from unauthorised access and accidental deletion • Passwords are changed regularly • Data is backed up regularly • Servers and computers are protected by approved security software • Data is held in as few places as necessary • Makes every effort to ensure that data held is accurate and kept up-to-date • Regularly review data that is collected and cleansing of databases • Regular archiving of data.

6. DATA SHARING

All documents created by Multevo Ltd are checked for accessibility and compatibility prior to pubic sharing; documents are also inspected for sensitive and personal data within: • Comments, revisions, version, annotations • Document properties and personal information • Customised ML data • Invisible content • Hidden Text 7.

PRIVACY STATEMENT

Multevo Ltd is committed to protecting the privacy and confidentiality of information provided by ‘users’ who access our website. In order for ‘users’ to use some of our online services and to respond to enquiries we need to collect and process various personal data. Users may be asked to complete an online form(s) which request, name, address, e-mail and telephone number. The personal data we collect is used to process your request for our services. By submitting personal information, individuals consent to Multevo Ltd processing personal information in accordance with our data protection policy. All information provided will be treated as confidential and will only be used for the purpose intended. Anyone can contact Multevo Ltd to correct or update personal information in our records. We may use cookies on our website. Users may disable the use of cookies, but this may limit the functionally of the website. The site and our computer systems have security measures in place with the aim of protecting the loss, misuse or alteration of the information ‘users’ provide to us.

8. REQUEST FOR DATA An individual is entitled to be given a description of the data being processed or held about them and to be provided with the information constituting personal data and the source.

8.1 Multevo Ltd will supply information where: • A request in writing has been made • A fee not exceeding £10 is received (no VAT applied) • We are satisfied as to the identity of the applicant • We are able to locate the requisite data. Where these criteria have been met we will comply within 20 working days. Where complying with the request would lead to disclosing data about another identifiable person we are not able to comply unless the other individual has consented, or it is reasonable to comply without consent. Where

Multevo Ltd has previously complied with a request, subsequent or similar requests for data will not be supplied unless a ‘reasonable interval’ has elapsed. As a non-public body, Multevo Ltd is not covered by the Freedom of Information Act.

9. ARCHIVING AND RETENTION

Multevo Ltd has an obligation, in line with the data protection policy, to implement and preserve good archiving procedures and processes. Archival records can be in any format; they can exist electronically or paper versions.

9.1 Files are summarised as: • Operational files – that are in use daily • Reference files – that are not in use daily, but are used for reference • Inactive files – that are no longer active • Remove files – that are removed after a period of inactiveness • Preserved files – that are preserved permanently or for a specified length of time.

9.2 Multevo Ltd aims to ensure: • All records that are kept as archives will be included in a records retention log • All records that are kept as archives will have a review date • The length of their retention will be appropriate to the record – normally 3 years for training / assessment documents and normally 7 years for financial records • Adhere as far as possible to BSI recommendations for the keeping of its archival records • Individual staff members are responsible for the management of archival records in their areas of work.

9.3 Email archive and retention • Messages are retained on the server until the user either archives locally or deletes the message(s) • Messages that have been deleted will be retained on the server for up to 6 months from the deleted date. • Any Messages that are archived will be done so to the users’ local computer. (see point 11)

10. Access to data • Multevo Ltd will provide the Regulators, within a reasonable notice period (usually 7 days), access to premises, people and records as required, and fully co-operate with their monitoring activities, including those requested by Lantra.

11. Laptop/Home-Working Guidance / Personal Equipment Use • Use the laptop as a dial-in facility where possible to minimise the information and work stored on the hard drive of the laptop • Do not put personal data on a laptop • Do not send reports or information to home computers via the internet unless you are using a secure connection • Do not download reports or information onto removable storage devices to take work at home • Do not take data relating to contacts out of the office. This includes internal and external contacts; hardcopy and softcopy files must not be kept at home. Information must not be kept on company mobile phones. • If data relating to contacts is held/stored outside of the office environment then all personnel must take appropriate security measures to safeguard personal information. • If personal details relating to contacts is held/stored on equipment that does not belong to Multevo Ltd (this includes information as basic as a name, phone number or address) it is up to the member of staff to ensure that nobody else has access to that information (including family members). All equipment should be password protected.

This policy is reviewed regularly and updated annually or as and when required.

If you want anymore information or wish for us to remove you from our database please contact info@multevo.co.uk

Our Accreditations