Multevo Ltd is a supplier, trainer, maintenance provider of plant and equipment, facilities management & various highway maintenance activities. Some of the information we hold may be classified as “personal data” under European Union (EU) law as it is information relating to an individual (e.g. a sole trader, a partnership, a company director, a beneficial owner, a trustee, a professional contact etc). We only store this data in relation to business to business communications.This privacy notice provides the information we are required to give in relation to the processing of personal data under EU law.
What Information Do We Process and Why?
Multevo Ltd processes data so that it can service its customers and potential customers as well as suppliers. The purpose of this processing is to enable businesses to manage their operations more efficiently through introduction to our innovative range of products and services, keeping organisations informed of industry news and relevant case studies and communication important information. The data we hold on businesses and business professionals includes the following examples:
- Company and business professional contact information, including name, job title and role, business address, phone number, fax number, business e-mail address
- Company profiles and statistics, including background information regarding operational management and customer relations notes relating to our business activities, including territories, subsidiaries, affiliates, and lines of business
Multevo Ltd does not seek to collect any information in relation to a European resident’s race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, genetic or biometric data.
Multevo’s own data originates from:
Organisations Governmental and administrative public records such as business registrations, company filings Public sector information (e.g. Company Registrars) Regulatory bodies and law enforcement agencies Our Marketing Data originates from our customer base, previous customers, public sources, events, promotions and website visitors and inbound or outbound enquiries and referrals which has grown organically overtime. All data is our own and is in relation to businesses and business activity where individuals are concerned.
Who do we share Data with?
We may, on occasions share information with 3rd party companies who enable us to communicate with customers and potential customs. We ensure these 3rd party companies are GDPR compliant and hold Privacy Shield Certification. As required or appropriate in order to protect our website, business operations or legal rights, or in connection with a sale or merger involving Multevo or its businesses. (In the event that Multevo is purchased or sells parts or all of the business, the information collected will be considered an asset that can be transferred). If a court, tribunal administrative authority law enforcement agencies, regulatory authorities or government agencies, is based in a country outside the EU we would only comply with such a request if there was an international agreement (such as a mutual legal assistance treaty) in place.
INTRODUCTION 1. SCOPE
This policy describes how personal data is collected, handled and stored to meet Multevo Ltd data protection standards and to comply with the law. The Data Protection Act 1998 applies to every business that collects, stores and uses personal data relating to customers, staff or other individuals.
1.1 The policy applies to:
• Head office and all branches of Multevo Ltd
• All employees and/or volunteers of Multevo Ltd
• All sub-contractors, suppliers, Instructors, Assessors, and other people working (paid or unpaid) on behalf of Multevo Ltd
1.2 It applies to all data that the company collects and holds relating to: All individuals and or customers
• Postal addresses
• Email addresses
• Telephone numbers
• IP addresses, cookies, electronic data
• Plus, any other information relating to individuals, learners and or customers.
Multevo Ltd needs to gather and use certain information from customers, suppliers, businesses, employers, instructors and other people the company has a relationship with or may need to contact. Everyone who works for or with Multevo Ltd has some responsibility for ensuring data is collected, stored and handled appropriately.
2.1 Multevo Ltd IT/Data Protection Manager is responsible for: • Awareness of data protection responsibilities, risks and issues
• Reviewing all data protection procedures and related policies, in line with schedule • Arrange data protection training and advice for employees
• Handling data protection questions and dealing with customer requests • Checking for sensitive data in any contracts or agreements with third parties
• Ensuring all systems, services and equipment meet acceptable security standards • Ensuring safe and secure storage of training or assessment materials
• Achievement data is retained for the purposes of reporting to the regulatory authorities as required
• Preform regular hardware and software checks and scans • Evaluating any third-party services for the purpose of storing or processing data
• Approve any data protection statements attached to e-mails, letters, communication
• Provide guidance to use BCC box when sending emails to groups unless absolutely certain that permission was given for individual details to be made available to others
• Ensure marketing initiatives comply with the data protection principles
• Ensure forms have appropriate data protection notifications on them
3. DATA PROTECTION AND THE LAW
The Data Protection Act 1998 describes how organisations including Multevo Ltd must collect, handle and store personal data. These rules apply regardless of whether data is stored electronically, on paper or on other materials.
Multevo Ltd is working towards new GDPR – General Data Protection Regulations regulatory requirements for data protection which come into force on 25 May 2018. “Personal data” is defined in both the Directive and the GDPR as any information relating to a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
Multevo Ltd makes no distinction between personal data about individuals in their private, public or work roles – the person is the person. Online identifiers including IP address, cookies and so forth are also regarded as personal data if they can be (or are capable of being) without undue effort linked back to the data subject.
Multevo Ltd is a supplier, trainer, maintenance provider of plant and equipment, facilities management & various highway maintenance activities. Some of the information we hold may be classified as “personal data” under European Union (EU) law as it is information relating to an individual (e.g. a sole trader, a partnership, a company director, a beneficial owner, a trustee, a professional contact etc). This privacy notice provides the information we are required to give in relation to the processing of personal data under EU law.
What Information Do We Process and Why?
Multevo Ltd processes data so that it can service its customers and potential customers. The purpose of this processing is to enable businesses to manage their financial risks, protect against fraud, know who they are doing business with, meet compliance and regulatory obligations and better understand organisations, industries and markets. The data we hold on businesses and business professionals includes the following examples: Company and business professional contact information, including name, job title, address, phone number, fax number, e-mail address, domain names, and trade associations; Detailed company profiles and statistics, including number of employees; Background information regarding company management, such as beneficial ownership/persons of significant control, Company operational histories, including territories, subsidiaries, affiliates, and lines of business; Detailed trade and business credit information, including payment histories and patterns; Business information regarding profitability, debts, assets, net worth, and business relationships; Business compliance information from public source government and professional records, media and business publications Credit/debit card information in order to process certain customer payments IP addresses of visitors to our website Contact details of actual or potential customers Multevo Ltd does not seek to collect any information in relation to a European resident’s race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, genetic or biometric data. Multevo’s own data originates from: Organisations Governmental and administrative public records such as business registrations, company filings Public sector information (e.g. Company Registrars) Regulatory bodies and law enforcement agencies
(1) Be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met
(2) Be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes
(3) Be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed
(4) Be accurate and, where necessary, kept up to date
(5) Not be kept for longer than is necessary for that purpose or those purposes
(6) Be processed in accordance with the rights of data subjects under the Act
(7) Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
(8) Not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
4. GENERAL GUIDELINES
4.1 Multevo Ltd will, through appropriate management, strict applications of controls ensure:
• Confidential information is not shared informally
• Personal data is not disclosed to unauthorised people
• Collect and process appropriate information, only to the extent that is needed
• Employees keep all data secure and is only available to those who need it
• Strong passwords are used and regularly changed
• Appropriate security measures are in place to safeguard personal data
• Data is regularly reviewed, updated and archived in line with guidance and schedules
• When working with personal data, employees ensure screens of their computers are always locked when left unattended
• Hold good quality of information ensuring accuracy of data
• ICT systems will be designed, where possible, to encourage and facilitate the entry of accurate data • Training and assessment materials are kept on secure internal systems that are password protected. Printed assessment materials are locked in secure areas and only available to those intended
• Data is not transferred outside of the European area without suitable safeguards
• Everyone managing and handling personal information understands that they are contractually responsible for following good data protection practice • Everyone managing and handling personal information is appropriately trained
• Everyone managing and handling personal information is appropriately supervised
• Anybody wanting to make enquiries about personal information knows the process
• Enquiries are promptly and courteously dealt with
• Ensure that the rights of people about whom information is held can be fully exercised under the Act
• Methods of handling personal information are clearly described • Methods of handling personal information are regularly reviewed, assessed and evaluated
• Data protection risks are monitored through Multevo Ltd risk register
• Any breach of the rules and procedures identified in this policy is a potential breach of the Code of Conduct and may lead to disciplinary action.
5. DATA STORAGE
5.1 Multevo Ltd will ensure: • Paper, CD, DVD files are kept in a locked drawer, when not required • Printouts are not left where unauthorised people could see them • Data printouts are shredded and disposed of securely when no longer required • Electronic data is protected from unauthorised access and accidental deletion • Passwords are changed regularly • Data is backed up regularly • Servers and computers are protected by approved security software • Data is held in as few places as necessary • Makes every effort to ensure that data held is accurate and kept up-to-date • Regularly review data that is collected and cleansing of databases • Regular archiving of data.
6. DATA SHARING
All documents created by Multevo Ltd are checked for accessibility and compatibility prior to pubic sharing; documents are also inspected for sensitive and personal data within: • Comments, revisions, version, annotations • Document properties and personal information • Customised ML data • Invisible content • Hidden Text 7.
8. REQUEST FOR DATA An individual is entitled to be given a description of the data being processed or held about them and to be provided with the information constituting personal data and the source.
8.1 Multevo Ltd will supply information where: • A request in writing has been made • A fee not exceeding £10 is received (no VAT applied) • We are satisfied as to the identity of the applicant • We are able to locate the requisite data. Where these criteria have been met we will comply within 20 working days. Where complying with the request would lead to disclosing data about another identifiable person we are not able to comply unless the other individual has consented, or it is reasonable to comply without consent. Where
Multevo Ltd has previously complied with a request, subsequent or similar requests for data will not be supplied unless a ‘reasonable interval’ has elapsed. As a non-public body, Multevo Ltd is not covered by the Freedom of Information Act.
9. ARCHIVING AND RETENTION
Multevo Ltd has an obligation, in line with the data protection policy, to implement and preserve good archiving procedures and processes. Archival records can be in any format; they can exist electronically or paper versions.
9.1 Files are summarised as: • Operational files – that are in use daily • Reference files – that are not in use daily, but are used for reference • Inactive files – that are no longer active • Remove files – that are removed after a period of inactiveness • Preserved files – that are preserved permanently or for a specified length of time.
9.2 Multevo Ltd aims to ensure: • All records that are kept as archives will be included in a records retention log • All records that are kept as archives will have a review date • The length of their retention will be appropriate to the record – normally 3 years for training / assessment documents and normally 7 years for financial records • Adhere as far as possible to BSI recommendations for the keeping of its archival records • Individual staff members are responsible for the management of archival records in their areas of work.
9.3 Email archive and retention • Messages are retained on the server until the user either archives locally or deletes the message(s) • Messages that have been deleted will be retained on the server for up to 6 months from the deleted date. • Any Messages that are archived will be done so to the users’ local computer. (see point 11)
10. Access to data • Multevo Ltd will provide the Regulators, within a reasonable notice period (usually 7 days), access to premises, people and records as required, and fully co-operate with their monitoring activities, including those requested by Lantra.
11. Laptop/Home-Working Guidance / Personal Equipment Use • Use the laptop as a dial-in facility where possible to minimise the information and work stored on the hard drive of the laptop • Do not put personal data on a laptop • Do not send reports or information to home computers via the internet unless you are using a secure connection • Do not download reports or information onto removable storage devices to take work at home • Do not take data relating to contacts out of the office. This includes internal and external contacts; hardcopy and softcopy files must not be kept at home. Information must not be kept on company mobile phones. • If data relating to contacts is held/stored outside of the office environment then all personnel must take appropriate security measures to safeguard personal information. • If personal details relating to contacts is held/stored on equipment that does not belong to Multevo Ltd (this includes information as basic as a name, phone number or address) it is up to the member of staff to ensure that nobody else has access to that information (including family members). All equipment should be password protected.
This policy is reviewed regularly and updated annually or as and when required.
If you want anymore information or wish for us to remove you from our database please contact firstname.lastname@example.org