Studio MB Ltd understands that your privacy is important to you and you care about how your personal data is used. We respect and value the privacy of all of our employees, clients, contractors, sub-contractors, suppliers, manufacturers, agents, support providers, other third parties and visitors to our website. We will only collect and use personal data in ways which are described here and in a way that is consistent with our obligations and your rights under the law.
1. Information About Us
Company name: Studio MB Ltd
Address: Studio MB Ltd, 20 Hill Street, Edinburgh, EH2 3JZ
Telephone: +44 (0)131 555 9355
Business type: Private Limited Company
Company number: SC366590 (registered in Scotland)
VAT number: 829842489
Website: www.studiomb.co.uk This website is operated by Studio MB Ltd.
2. What Does This Policy Cover?
By visiting our website, you are accepting and consenting to the practices described in this Policy. Our website may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
To view our Privacy Notice for Employees and Contractors and our Special Access Request (SAR) form, please contact us using the details in Part 14.
3. Data Protection Principles
We comply with Data Protection Law. This means that any personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes that we have explained to you clearly and not used in any way that is incompatible with these purposes;
- Relevant to the purposes we have told you about and limited to those purposes only;
- Accurate and kept up-to-date;
- Kept only for such time as is necessary for the purposes we have told you about; and
- Kept securely.
4. What Is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
The personal data that we use is set out in Part 6, below.
5. What Are My Rights?
Under GDPR and the Data Protection Legislation, you have the following rights, which we will work to uphold:
- The right to access the personal data we hold about you. Part 13 will tell you how to do this.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Part 14 to find out more.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold. Please contact us using the details in Part 14 to find out more.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data for a particular purpose or purposes.
- The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
- The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
- Rights relating to automated decision-making and profiling. Note: The Company does not at the time of writing process personal data using automated decision-making or profiling.
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 14.
It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first, using the details in Part 14.
6. What Data Do You Collect and How?
6.1 Information you give us: You may provide us with information about you by subscribing to our mailing list through the website, submitting enquiry forms through our website, applying for a post or internship with us, contacting us by telephone, mobile, email, post, social media or otherwise and/or meeting us at meetings, conferences and events. The information you give us may include:
- Identifiable data - full name, address, email address, telephone number, mobile number and any other optional information you choose to give us.
- Business or employment related information - job title, department, profession/industry sector, business name, business address, business email address, business telephone/mobile number, business card, website and/or social media details, curriculum vitae (CV), employment application, covering letter, portfolio and any other optional information you choose to give us.
- Other information related to your business, employment or engagement with us - bank details, payment details, VAT number, insurance details, testimonials or references, dietary requirements and/or access requirements (if you are attending a meeting, training and development, interview or event organised by or through us).
6.2 Information we collect about you automatically: We may automatically collect data from Cookies and other tracking technologies each time you visit our website or social media, this may include:
- Information about your computer and your visits to and use of our website – IP address, geographical location, browser type and version, operating system, referral source, number of visits, length of visit, page views, number of clicks on links, website navigation paths, timing, frequency and patterns of use.
6.3 Information we collect from other sources: We may obtain information about you from third-party sources, examples of this would include HMRC, Companies House, other information that is made publicly available through third-party sources, professional referrals and industry specialists.
- We may also obtain information about you through your engagement with us across our social media platforms including Facebook, Twitter, LinkedIn, Instagram, Vimeo and Pinterest to connect with you, monitor engagement and identify potential trends and leads to enable us to enhance our services and communications.
- If you make a public comment or statement on a website or through social media regarding Studio MB, any of our projects or services, we may collect, store and use this information to publicly promote our projects and services on our website, social media, emails, e-newsletters and other documentation including but not limited to tender documentation, awards documentation and marketing materials.
- Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. Any information you include in a comment or post on a website or a social media platform may be read, collected and used by anyone. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with this policy.
7. How Do You Use My Personal Data?
Under GDPR and the Data Protection Legislation, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it.
We believe there is a contractual interest, legal interest or legitimate interest in communicating with our employees, clients, contractors, sub-contractors, suppliers, manufacturers, agents, support providers and visitors to our website and social media. Therefore, we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you require further information about the specific legal ground we are relying on to process your personal data.
Your personal data may be used for one or more of the following purposes:
- Communicating with you about our projects, services, events, employment or internship opportunities. This may include responding to emails, website enquiry forms, calls from you or via post (legitimate interest).
- Supplying our services to you and performing our obligations under our contract to which you are party. Your personal details may be required in order for us to enter into and fulfil a contract with you (contractual, legal obligations and legitimate interest).
- Obtaining services from you. Your personal details may be required in order for us to enter into and fulfil a contract with you (contractual, legal obligations and legitimate interest).
- Marketing purposes about our company, projects and services which may include using publicly available comments, statements or testimonials you have made to us or online e.g. via websites or social media to publicly promote our business, projects or services, contacting you by e-newsletter, email, telephone, post and/or social media (consent and legitimate interest).
- Providing you with news and updates including e-newsletters, articles, blogs and emails on Studio MB, our projects and services or industry/sector related topics (consent and legitimate interest).
- Providing you with information regarding our projects, services, events and offers, or other information which we think may interest you via e-newsletter, email, telephone, post and/or social media (consent and legitimate interest).
- Providing you with information regarding employment, internship, placement, training and development opportunities via e-newsletter, email, telephone, post and/or social media (legitimate interest).
- Tracking online engagement, improve users’ online experience and communications, monitor usage and identify leads via Google Analytics, Mailchimp and social media platforms (legitimate interest).
- Personalising and tailoring our services for you and your interests (legitimate interest).
- Research purposes regarding projects, services, business contacts, improving online experiences and communications which may include contacting you by email, telephone, post, social media or opt-in SurveyMonkey surveys (legitimate interest).
- Requesting a testimonial or professional reference from or about you in connection with our projects and/or employment or internship opportunities via email, telephone or post (legitimate interest).
- Professional referrals (contract or legitimate interest).
- To meet legal requirements (legal obligations).
- Other purposes to carry out other legitimate business purposes, as well as other lawful purposes about which we will notify you.
We will only use your personal data for the purposes for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purposes and need to use your personal data for that purpose. If we do use your personal data in this way and you wish us to explain how the new purpose is compatible with the original, please contact us using the details in Part 14.
If we need to use your personal data for a purpose that is unrelated to, or incompatible with, the purposes for which it was originally collected, we will inform you and explain the legal basis which allows us to do so.
You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection Legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003. You have a right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted, please email email@example.com
By subscribing via our mailing list, you expressly consent to receive communications from us. We may send you our e-newsletter, updates and emails regarding our latest news, projects or services, or other information that we think may interest you. This information is collated using a third party service, Rocket Science Group LLC (trading as Mailchimp). Mailchimp will have access to and will store and process your name and email, but will only do so on our instructions. Mailchimp helps us to track the reception of our e-newsletters. If you have not signed up to our mailing list we will not disclose your personal information to Mailchimp. You may opt-out at any time by clicking unsubscribe in the email footer or emailing firstname.lastname@example.org
8. How Long Will You Keep My Personal Data?
We will not keep your personal data for any longer than is necessary in light of the reasons for which it was first collected. The periods for which your personal data will be held are stated within our data retention policy. This is available upon request.
9. How and Where Do You Store or Transfer My Personal Data?
Data collected through our website or social media: If you subscribe to our mailing list via our website, the information is collated using a third party service, Rocket Science Group LLC (trading as Mailchimp). Mailchimp will have access to and will store and process your name and email, but will only do so on our instructions. Mailchimp helps us to track the reception of our e-newsletters. If you have not signed up to our mailing list we will not disclose your personal information to Mailchimp. You may opt-out at any time by clicking unsubscribe in the email footer or emailing email@example.com
If you contact us through the enquiry form on our website, the information will be collated and stored on our website and computers.
If you contact us through our social media channels, the information will be stored on the social media platform. Please be aware, any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. Any information you include in a comment or post on a website or social media platforms may be read, collected and used by anyone. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them
Data collected by other means: The information you provide to us will be held on our computers and Server in the UK and may be accessed by or given to our staff, our contractors and agents who act for us, for the purposes set out in this policy or for other purposes approved by you or as otherwise permitted by law. This may mean that your information is sent to computers outwith the UK.
By submitting your information to us, you agree that it may be transferred outside the European Economic Area. Countries outside the European Economic Area do not always have strong data protection laws. However, wherever practicable we will take steps to ensure that your information is used by third parties in accordance with this policy.
We shall never sell or rent your personal information gathered in accordance with this policy to third parties for their marketing purposes.
We also reserve the right to disclose any of the information you provide to us where required to do so by law, or to comply with a regulatory obligation, or to assist in any investigation into alleged illegal or criminal conduct.
10. Do You Share My Personal Data?
We do not disclose any data to third parties, other than the following circumstances:
We work with a number of trusted partners and third parties who support us to deliver our projects, services and business functions or act on our behalf, for example, contractors and sub-contractors, payroll and pension agents, travel consultants, IT and website support and event suppliers. In some cases, these third parties may require access to some or all of your personal data that we hold, for example: sharing data of clients and sub-contractors as part of project management. These will only hold the minimum amount of personal data needed in order to provide a service on our behalf.
If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely and in accordance with your rights, our obligations and the third party’s obligations under the law.
If you are a client, contractor or sub-contractor that we have worked with, we may put your business contact details forward to third parties for professional referral reasons in relation to upcoming projects and/or opportunities.
We will not use the information submitted via our mailing list for any other purpose if you indicate you do not want us to, and we will not pass on your contact details to any third party for the purpose of making any marketing communication to you without having first received your explicit consent.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
We take the security of your data seriously. The company has internal policies and generally accepted industry controls in place to prevent your data being lost, accidentally destroyed, misused or disclosed, and is not accessed except by those in performance of their duties.
If any personal data is transferred outside of the EEA, we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR.
When the Company engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
You should be aware however that it is technically impossible to provide a totally secure system and you are responsible for ensuring your own systems are adequately protected from access by unauthorised persons.
11. How Can I Control My Personal Data?
In addition to your rights under the GDPR and Data Protection Legislation, set out in Part 5 and Part 13, when you submit personal data via our website, you may be given options to restrict our use of your personal data.
12. Can I Withhold Information?
You may access our website without providing any personal data. However, to use all features and functions available on our website you may be required to submit or allow for the collection of certain data.
13. How Can I Access, Update or Delete My Personal Data?
If you want to know what personal data we have about you or if you would like to delete or make any necessary changes to the personal data held about you to ensure it is accurate and up-to-date, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request” (SAR).
All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 14. To make this as easy as possible for you, a Subject Access Request Form is available for you to use. You do not have to use this form, but it is the easiest way to tell us everything we need to know to respond to your request as quickly as possible.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We aim to respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
14. How Do I Contact You?
Telephone: +44(0)131 555 9355
Address: Studio MB Ltd, 20 Hill Street, Edinburgh, EH2 3JZ
15. Changes to this Policy