MCCE EXECUTIVES LIMITED: ONLINE PRIVACY STATEMENT
This is the privacy statement for MCCE Services (UK) Limited (MCCE or We). MCCE Services (UK) Limited is a private company limited by shares registered in England and Wales under company number 11537353 whose trading address is at 83 Victoria Street, Westminster, SW1H 0HW, UK.
For the purpose of the Data Protection Act 2018 and the General Data Protection Regulation 2016/679, the data controller is MCCE.
THE GENERAL DATA PROTECTION REGULATION 16/679
In this statement We have used certain terms which are set out in the EU’s General Data Protection Regulation (GDPR or the Regulation):
- personal data means: any information relating to an identified or identifiable natural person (data subject)
- an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
- controller means: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
- processor means: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
- processing means: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
What is the lawful reason We use to process personal data?
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes (Article 6 (1) (a) (Consent)
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Contract Performance);
- processing is necessary for compliance with a legal obligation which We are subject to (Legal Obligations); or
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child (Article 6 (1) (f) (Legitimate Interest)
Where We process personal data as a result of data subject consent, We ensure that consent is freely given, specific and informed, and established by a clear affirmative act. Where consent is withdrawn, we have set out (below) how this may be undertaken by the data subject.
Where We enter into a contract with third parties, processing of personal data may, as a matter of course, be necessary in order to execute such contract or take pre-contract preparation steps.
Where We have legal obligations which apply to MCCE, processing of personal data may be required by law.
Where We process personal data as it is necessary for the purpose of our legitimate interests, We do so on the basis of a balanced evaluation of our interests and the rights and freedoms of the data subject which require protection. Presently, We have concluded that the way We manage the processing of personal data results in a cumulation of data subject protections which show that the balance is in favour of MCCE being able to rely on Article 6.1(f) of the Regulation as a lawful reason to process personal data.
Your right to request that We stop processing personal data for our legitimate interests and withdrawal of your consent
As required by the Regulation, consent should be as easy to withdraw, as it is to give. Data subjects may request that MCCE does not process your personal data, at any time. You may contact us to withdraw your consent using the contact details at the end of this privacy statement, using the following statement:
WITHDRAWAL OF CONSENT
I [STATE YOUR NAME] hereby withdraw my consent for MCCE to process my personal data.Signed by data subject: [STATE YOUR NAME]
Our Status; How We use personal data
- We may act a processor of personal data for our clients pursuant to contract terms and conditions, with whom we have signed a data processing agreement which is compliant with the Regulation.
- We may act as a controller; and where MCCE acts as a controller, any personal data We collect after profiling is treated and managed according to the approach We have set out above.
Why does MCCE need to collect and store personal data?
We collect and store personal data to provide our clients, suppliers or third parties with the service they require as a party to a contract with us, or a third party with an interest in our company. We do not process personal data for any reason other than this purpose.
We only keep personal data for as long as is necessary in order to undertake this purpose. We are committed to ensuring that the information We collect and use is appropriate for this purpose, and does not constitute an invasion of the data subject’s right to privacy.
Will MCCE share my personal data with anyone else?
MCCE may pass your personal data on to third-party service providers contracted to MCCE. In these circumstances, the third party may be another controller, processor or sub-processor.
Where the third party is a processor or a sub-processor, they are obliged amongst other things, to keep your details securely, and to use them only to fulfil their contractual obligations to MCCE under a processing agreement or terms which comply with Article 28 of the Regulation.
Where MCCE collects credit card details with respect to payment services provided by partners such as PayPal, we do not store credit card details nor do we share financial details with any third parties.
When they no longer need your personal data to fulfil this service, they will dispose of the details in line with MCCE’s data retention policy, or as otherwise set out in the processing agreement.
How will MCCE use the personal data it collects about me?
MCCE will process personal data in a manner compatible with the Regulation. We will keep information accurate, up to date, and not keep it for longer than is necessary.
MCCE is required to retain certain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
Under what circumstances will MCCE contact me?
The personal data We process is subject to rigorous measures and procedures to minimize the risk of unauthorized access or disclosure. We will get in touch with you where this is required under the Regulation.
Can I find out the personal data that the organisation holds about me?
At your request and where this is technically possible, MCCE will confirm the information We hold about you and how it is processed. As set out in the Regulation you can request the following information:
- Identity and the contact details of the person or organisation that has determined how and why to process your data. In some cases, this will be a representative in the EU.
- Contact details of the data protection officer, where applicable.
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests of MCCE or a third party, information about those interests.
- The categories of personal data collected, stored and processed.
- Recipient(s) or categories of recipients that the data is/will be disclosed to.
- If We intend to transfer the personal data to a third country or international organisation, information about how We ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, We will ensure there are specific measures in place to secure your information.
- How long the data will be stored.
- Details of your rights to correct, erase, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- How to lodge a complaint with the supervisory authority.
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as Well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
What forms of ID will I need to provide in order to access this?
MCCE accepts the following forms of ID when information on your personal data is requested: passport, driving licence, birth certificate, utility bill from the previous 3 months.