We are aware of the trust you place in us and our responsibility to protect your privacy and keep your personal data secure in accordance with Data Protection legislation.
This privacy notice covers:
- How and why we process your personal information;
- The sources of information about you;
- The parties we may disclose it to;
- How long we will retain your information;
- What rights you have in respect of your personal data; and
- How you can contact us with any further queries or concerns.
The Data Controller:
Mirthy Ltd is the Data Controller for the purposes of the Data Protection Act 2018 and in relation to all the personal data provided to us. The primary legal basis for which we process this personal data, is for the performance of contracts or subscriptions we enter into (or may enter into) with you for services (governed by our Terms and Conditions).
Why do we collect personal information?
We collect your personal information for the following purposes:
- It is necessary to provide you with information about our services;
- It is necessary to allow you to go ahead and register for the Mirthy service and use it thereafter. This includes sending emails to you as part of the service, to give you initial information about our services, and to enable you to use the Mirthy website;
- It is necessary for the continued interactions between us whilst you are using our services;
- To respond to you over any queries you raise with us;
- To manage any third party arrangements;
- To comply with any legal and regulatory obligations.
Your personal information is only collected and used for these purposes. We will limit the collection of your personal information to only that which is needed in order to satisfy the intended purpose.
It is ultimately your decision as to whether to provide us with any of your information.
What information do we collect and how do we collect it?
In order to fulfil the purposes above, we may collect your personal information. We collect it from you when you initially provide it to us, every time you contact us during the administration of your relationship with us. Information is collected when you complete forms, correspond with us, telephone us, or send us an email.
This information can include all, or a combination of any of the items listed below:
- Your contact details (name, address, telephone numbers, e-mail);
- Payment information provided by you, for example, on registration for any particular part of our service, such as enhanced functionality which may require payment, or on placing an order for a particular product or service available on the Website;
- Information provided to us by you in relation to your relatives or friends;
- Other data you may provide on blogs, comments or reviews on the Website
Certain types of personal information are classed as “sensitive” under the Data Protection legislation, or otherwise referred to as “special categories” of data. This includes information about your health, race, ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation, trade union membership and genetic and biometric data.
We may sometimes collect sensitive personal data during the normal course of our business. In order to be able to process any sensitive personal data, we will always confirm your consent for its processing.
How do we use your personal information?
We store and process the personal information that you (or third parties) have provided to us in any or all of the following ways:
- Administrative in order to allow us to perform our obligations under our Terms and Conditions;
- To supply you with information about product(s) and/or service(s) that either you have requested from us, or wish to provide to us;
- To manage our relationship with you;
- For general business purposes and to prepare management and accounting information necessary for the conduct of our business, including audit;
- For the prevention and detection of crime or fraud;
- To comply with any and all statutory responsibilities.
Disclosure of Personal Information:
During the term of your relationship with us we may disclose your personal information to any of the following parties to allow us to properly manage our relationship with you:
- Our Suppliers should you wish to make an order for a product or service made available by that Supplier;
- To persons acting as our agents or sub-contractors on our behalf under a strict code of confidentiality where we outsource functions relating to our services (for example, our IT system providers, marketing or customer service assistance etc.);
- Back to you during the course of your relationship with us;
- To legal or regulatory bodies as required by law or regulation, for example, fraud prevention.
Otherwise we will keep all of your personal information confidential unless you give us consent to transfer it to a third party.
*Unless a customer has made an order or an enquiry for a product or service, we do not disclose information about identifiable individuals to our suppliers or advertisers, but we may provide them with aggregated or anonymised information about our users (for example, we may inform them that 100 women have clicked on their services page or advertisement on any given day). We may also use such aggregated or anonymised information to help advertisers reach the kind of audience they want to target (for example, people in SW4). We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience. However, that anonymised data will not be capable of identifying you personally.
It is not normally necessary during the usual course of business to transfer your personal data outside of the the UK, however, in the event it is necessary, it will be done so in accordance with the requirements of Data Protection legislation. These requirements include the provision that the recipient of your personal data must have the same level of protection in place as you are entitled to in the UK. We will advise you in the event that your personal data is to be transferred in this manner.
Fraud Prevention Agencies:
We may share your personal information with fraud prevention agencies if we feel fraud has been or might be committed. These agencies collect, maintain and share data on known and suspected fraudulent activity for the purposes of fraud prevention. These records may be searched and shared with other organisations by the fraud prevention agencies.
We have a legal obligation to report suspected fraud to law enforcement agencies. The fraud prevention and law enforcement agencies we share data with are:
Please telephone or write to us at the address stated below if you would like further details of the fraud prevention agencies.
How long do we retain your personal information?
We are permitted by law to retain your information for as long as is necessary in relation to the purposes for which the information was originally provided. This includes our right to hold some information for at least six years following the termination of a customer relationship or transaction in case it is required for legal conflicts.
We will hold the personal information of our customers, for a minimum of six years, except where records are required for investigation by law enforcement, where they will be retained for as long as required by the constable or competent authority.
Once your information is no longer necessary in accordance with the above, it shall be destroyed in line with Data Protection legislation.
Under Data Protection legislation you have the following rights free of charge:
1. Access to Personal Data
Subject to exceptions detailed in Data Protection legislation, you have a right of access to all personal data we hold about you. If you wish to exercise this right, or you have any questions regarding your personal data, please write to the Data Protection Officer at the address below. We will respond within one month from receipt of a valid request, and in any event, without undue delay.
2. Automated Decision Making
Mirthy do not use any auto-decision making technology.
You have the right to the rectification of inaccurate data, and to obtain completion of incomplete personal data. To correct or amend your personal data, please contact the Data Protection Officer at the address below with the details. We will make the required changes as soon as possible.
In certain situations you have the right to request that your personal data is erased, however, there are limitations to this right.
Examples of grounds for exercising your right to erasure include:
- Personal data is no longer necessary for the purpose of the performance of a contract between us and you;
- Where data has been unlawfully processed;
- Where data has to be erased to comply with a legal obligation;
- Where a right to object to direct marketing or the right to object to processing has been exercised.
Examples of limitations to your right of erasure include:
- It is necessary for the performance of a contract between us and you;
- Our compliance with legal obligations to retain client records for certain periods of time (as detailed above); and
- Establishment, defence or exercise of legal claims.
5. Restriction of Processing
You have the right to restrict our processing of your personal data in the following circumstances:
- If you contest the accuracy of personal data processed by us, (we may restrict processing for a limited period to enable us to verify the accuracy and amend the data as necessary);
- We no longer require your information for the purposes we originally obtained it;
- We have no legitimate grounds for processing your information or your information has been processed unlawfully.
6. Data Portability
You have a right to receive your personal information that you have provided to us, in a structured, commonly used and machine readable format. You also have a right to have this personal data transmitted to another data controller (i.e. another business), where technically feasible to do so.
7. Right to Object
You have the right to object to us processing your personal data in the following circumstances:
- For direct marketing purposes;
- Profiling in relation to direct marketing.
8. Right to Lodge a Complaint
If you have a complaint regarding the way we are processing your personal data, please address it with us in the first instance in the hopes that we will be able to resolve the matter with you. However, if you do not want to address your concerns to us, or we have failed to satisfactorily respond to your data protection complaint, you have the right to complain to the Data Protection Supervisor. The contact details are below:
Information Commissioners Office
Tel: +44(0) 303 123 1113
Marketing and Direct Mailing:
We may occasionally send out newsletters, offers or alerts to our members or business contacts. We may provide you with information about new products and services or any other feature that may be of interest to you. We will only send you this information if you have specifically opted to receive it.
If you wish to receive information about our products or services or wish to change your marketing preferences (opt-out from any service) please let us know by any of the contact options provided below.
- To estimate our audience size and usage pattern;
- To store information about your preferences, and so allow us to customise the Website according to your individual interests and spending patterns;
- To speed up your searches;
- To recognise you when you return to the Website; and
- To enable us to target opportunities in accordance with your interests and spending patterns and to collate the information you have provided in order to strengthen our buying power with third party suppliers.
If you want to find out more information about cookies, go to http://www.allaboutcookies.org or to find out about removing them from your browser, go to http://www.allaboutcookies.org/manage-cookies/index.html.
The Data Protection Officer and Contact Details:
If you have any questions or concerns regarding this notice or you wish to exercise your rights, please contact us, addressing your query to the Data Protection Officer:
Writing: Mirthy Limited, 27 Severn House, 19 Enterprise Way, Wandsworth, London, SW18 1GD
Telephone: 020 3318 3522
This Policy was last updated 1st February 2019