01992 676064

Privacy Policy

(Updated 24th May 2018)

INTRODUCTION

Magazine Merchandising Services Limited (“MMS”, “we”, “us” or “our”) is registered in England and Wales with company number 03650393 and registered address at 35 High Road, Waterford, Hertfordshire, SG14 2PR.

MMS is a “data controller” registered with the Information Commissioner’s Office ("ICO") with registration number A8314182. This means that we collect, hold and are responsible for certain personal data. We are committed to protecting and respecting your privacy and personal data.

HOW TO CONTACT US

Questions, comments and requests regarding this Privacy Notice should be addressed to Katie Stocker, our Compliance Manager, as follows:

By post at:           35 High Road, Waterford, Hertfordshire, SG14 2PR;

By email at:         info@mmslondon.co.uk; and

By telephone:   01992 676064.

Please quote “data protection” in the subject matter of any correspondence or when telephoning.

 

INDEX

INTRODUCTION

HOW TO CONTACT US

1.  What is the purpose of this Privacy Notice?

2.  Who does this Privacy Notice apply to?

3.  Third party links

YOUR PERSONAL DATA

4.  What types of personal data will we collect from you?

5.  How is your personal data collected?

6.  On what basis do we process your data?

7.  Change of purpose

MARKETING

8.  Marketing and promotional offers

9.  Third-party marketing

10. Opting out

11. Cookies

DATA SHARING

12. Who do we share your personal data with?

13. Information we collect about you from others

14. International transfers

DATA SECURITY

15. What measures do we have in place to keep your data secure?

DATA RETENTION

16. How long will we use your personal data for?

YOUR DATA PROTECTION RIGHTS

17. What are your rights in connection with the data that we hold?

18. How can you exercise your rights?

CHANGES TO OUR PRIVACY NOTICE

COMPLAINTS

Appendix - Data Processing

 

1. What is the purpose of this Privacy Notice?

1.1 This Privacy Notice sets out the basis on which any personal data we collect about you, or that you provide to us, will be processed by us and informs you of your privacy rights and how the law protects you.

1.2 It is important that you read this Privacy Notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements the other policies and notices and is not intended to override them.

2. Who does this Privacy Notice apply to?

2.1 This Privacy Notice applies to all data subjects whose personal information we collect and use to include users of this website, our clients, prospective clients, business contacts, other professionals (e.g. accountants), contractors, suppliers, distributors, publishers, retailers and service providers.

2.2 This website and the services that we provide are not intended for children and we do not knowingly collect data relating to children.

3. Third party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website that you visit.

 

YOUR PERSONAL DATA

4. What types of personal data will we collect from you?

4.1 Personal data means any information about a living individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

4.2 We may collect personal data from you in the course of our business, including through your use of our website, when you contact or request information from us and when you engage us to provide you with our services.

4.3 The types of personal data we may collect from you will depend on the nature of our relationship with you, the work that we are carrying out for you and the context in which we obtain and use it. We have grouped together and summarised the types of personal data that we may collect from you (which is not exhaustive) as follows:

Type of data

Description and examples

Identity Data

data used to personally identify you such as your full name (including name prefix or title) or similar identifier.

Contact Data

data required to communicate with you during the course of our relationship with you to include business address(es), email address(es), telephone number(s) and mobile phone number(s) [– this may include both your business/work and personal contact details.

Professional Data

data that relates to your position and profession such as job title, professional qualifications, the entity that you work for and details of your professional online presence (LinkedIn profile, email signature and business website).

Finance Data

data necessary for processing payments (such as bank account details, billing address), fraud prevention and other related billing information.

Contract Data

provided to us by you or on your behalf or generated by us in the course of providing services to you, which will include details about your contract with us, information relating to the services that we are providing, the purchase or orders made and/or your communication preferences.

Transaction Data

details about payments to and from you and other details of products and services you have purchased from us.

Marketing Data

 

your preferences in receiving marketing from us and our third parties and your communication preferences.

Technical Data

internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

Usage Data

information about how you use our website and (if you are an existing client) our services (including service and product preferences and subscriptions).

 

4.4 We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

5. How is your personal data collected?

5.1 We collect personal data for a variety of reasons and through different mediums to include:

5.1.1 through your use of this website, including when you email us with an enquiry at info@mmslondon.co.uk. As you interact with our website, we may automatically collect Technical Data and Usage Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our Cookie Policy, http://www.mmslondon.co.uk/cookie-policy, for further details;

5.1.2 through direct interactions with you such as meetings, corresponding with us by post, phone, email and/or by providing us with your business card;

5.1.3 if you are our client, when you enter into a contract with us to enable us to provide services to you or an entity that you are involved in;

5.1.4 if you are one of our suppliers, publishers or distributors, when we enter into a contract you and/or you place an order with us to ensure that the contractual arrangements between us can be properly implemented and performed;

5.1.5 direct from a third party such as from your employees, colleagues or other parties that we are dealing with in the course of our contract with you;

5.1.6 from our contractors when distributing and promoting our services to you;

5.1.7 if you are engaged as one of our contractors; and/or

5.1.8 if you make a complaint against us to enable us to deal with that complaint via our complaints process.

6. On what basis do we process your data?

6.1 We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

6.1.1 it is necessary for our performance of a contract with you such as for the distribution of magazine or for us to take steps prior to entering into a contract with you;

6.1.2 it is necessary for the purposes of our legitimate interests (or those of a third party such as our suppliers and publishers), and your interests and fundamental rights do not override those interests. To determine this we make sure that we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law); and/or

6.1.3 where we need to comply with a legal or regulatory obligation.

6.2 We may also issue you with a separate privacy notice giving more detail as to how the data you provide (and/or we obtain) may be processed.

6.3 Generally, we do not rely on consent as a legal basis for processing your personal data. If your consent is required, we will notify you separately and if you provide your consent, you will be able to withdraw it at any time by contacting us.

6.4 We have set out in the Appendix to this Privacy Notice, a more detailed description of the ways we may use your personal data and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate.

6.5 Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

6.6  We do not use your information for automated decision making.

7. Change of purpose

7.1 We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. It may not always be apparent at the outset of the business relationship what data we may require, who we may need to obtain it from and/or share it with.

7.2 If you wish to have an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

7.3 If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

7.4 Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

 

MARKETING

8. Marketing and promotional offers

8.1 We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

8.2 As part of the services we provide to our clients, we may use personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.

8.3 You will receive marketing communications from us if you have requested information from us or purchased products and/or services from us and, in each case, you have not opted out of receiving that marketing.

9. Third-party marketing

We will get your express opt-in consent before we share your personal data with any third party company for marketing purposes.

10. Opting out

10.1 You can ask us or third parties to stop sending you marketing messages at any time by contacting us.

10.2 Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, and a product/service experience or other transactions.

11. Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookies Policy http://www.mmslondon.co.uk/cookie-policy.

 

DATA SHARING

12. Who do we share your personal data with?

12.1 We may have to share your personal data with other third parties and they may also share the personal data they hold about you with us. This may include:

12.1.1 our contractors (to market, promote and distribute our services);

12.1.2 suppliers and publishers (when requesting orders on behalf of our clients, retailers and contractors);

12.1.3 other professionals (such as accountants, legal advisors and debt recovery);

12.1.4 distribution warehouse and operators, and couriers;

12.1.5 analytics and search engine providers that assist us in the improvement and optimisation of our website;

12.1.6 if we are under a duty to disclose or share your personal data in order to comply with any legal obligation;

12.1.7 our IT and telecommunications systems providers acting as data processors as a consequence of them providing support to us;

12.1.8 if in our reasonable opinion disclosure is required in relation to any criminal investigation or other investigation carried out by other public or government authorities;

12.1.9 in the event that MMS sell or buy any business or assets, with the prospective seller or buyer of such business or assets. If a change happens to the ownership of our business, then the new owners may use your data in the same way as set out in this Privacy Notice; and

12.2  We require all third parties to whom your data is shared to respect the security and integrity of your personal data and to treat it in accordance with the law. We also impose contractual obligations on service providers to ensure they can only use your personal information to provide services to us and to you.

12.3  We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our documented instructions.

12.4  We will not share your information with third parties for marketing purposes (unless you expressly consent to this).

13. Information we collect about you from others

13.1 Information about you may be passed to us by third parties and/or obtained from publicly available sources. Typically, these sources may include:

13.1.1 our contractors;

13.1.2 publishers;

13.1.3 professional services firms (such as accountants);

13.1.4 public sources where this relates to you or your organisation (for example Companies House, internet searches, your organisation’s website and public social media accounts).

14. International transfers

14.1 We do not usually transfer personal data outside of the European Economic Area (“EEA”).

14.2 The only exception is that some of our publishers are based outside of the EEA and we may, during the course of our business, send stockists lists to, and otherwise communicate with, those publishers. In such circumstances, any personal data required to be transferred to such publishers (if any) will be kept to the absolute minimum and only that personal data that is strictly necessary will be transferred. In those circumstances, we will ensure that appropriate safeguards are in place in relation to the transfer and that data protection laws are complied with. Please contact us if you require any further information on this.

 

DATA SECURITY

15. What measures do we have in place to keep your data secure?

15.1 We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those members of staff and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

15.2 We will hold your personal data on secure servers within the EEA with all reasonable technological and operational measures to safeguard unauthorised access.

15.3 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

16. How long will we use your personal data for?

16.1 We will keep your personal data for as long as we need it to provide you with your requested service(s) or to meet our commercial or legal obligations.

16.2 To determine the retention period of your personal data, we consider several criteria to make sure that we do not keep your personal data for long than is necessary or appropriate. These criteria include:

16.2.1 the purpose for which we hold your personal data;

16.2.2 our legal and regulatory obligations in relation to that personal data, for example any financial reporting obligations;

16.2.3 whether our relationship with you is ongoing, for example, you have an active account with us, you continue to receive marketing communications);

16.2.4 any specific requests from you in relation to the deletion of your personal data; and

16.2.5 our legitimate business interests in relation to managing our own rights, for example the defence of any claims.

16.3 When we no longer need to retain your personal data, it will be deleted or be anonymised so that you can no longer be identified from it.

16.4 By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.

16.5 In some circumstances you can ask us to delete your data. See below for further information.

 

YOUR DATA PROTECTION RIGHTS

17. What are your rights in connection with the data that we hold?

17.1 Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to request:

17.1.1 access to your personal data (commonly known as a "data subject access request"). This enables you to receive details of the personal data we hold about you and to check that we are lawfully processing it;

17.1.2 correction of the personal data that we hold about you. This enables you to have any incomplete, inaccurate or out-of-date data we hold about you corrected and/or updated, though we may need to verify the accuracy of the new data that you provide to us;

17.1.3 erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons (as explained above in relation to data retention) which will be notified to you, if applicable, at the time of your request;

17.1.4 object to processing of your personal data where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;

17.1.5 restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

(i) if you want us to establish the data's accuracy;
 
(ii) where our use of the data is unlawful but you do not want us to erase it;
 
(iii) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it; and

17.1.6  transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

18. How can you exercise your rights?

18.1 If you wish to exercise any of the rights set out above, please contact us by calling us on 01992 676064, emailing us at info@mmslondon.co.uk or writing to us at 35 High Road, Waterford, Hertfordshire, SG14 2PR. Please quote “data protection” on any correspondence and/or upon telephoning the office.

18.2 You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

18.3 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise your rights). This is a security measure to ensure that personal data is not disclosed to any person who may not have a right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

18.4 We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

18.5 Please note that if you:

(i) want us to restrict or stop processing your data;
 
(ii) fail to provide data that we have reasonably requested from you; or
 
(iii) withdraw consent at any time where we are relying on consent to process your personal data,
 
this may impact on our ability to provide our services to you and/or contract with you.

18.6 Depending on the extent of your request and/or the importance of any information we request from you that you do not provide, we may be unable to perform an order or fulfil any obligation to you. We will notify you if this is the case at the time. This will not affect the lawfulness of any processing carried out before your withdrawal of consent.

 

CHANGES TO OUR PRIVACY NOTICE

Any changes we make to our Privacy Notice in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Privacy Notice.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

 

COMPLAINTS

If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated by writing to our Compliance Manager at MMS, 35 High Road, Waterford, Hertfordshire, SG14 2PR or at info@mmslondon.co.uk.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the ICO, the UK supervisory authority for data protection issues.  Further details can be found at www.ico.org.uk or by calling 0303 123 1113. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

 

Appendix - Data Processing

No.

Purpose

Lawful basis for processing

1.

To register you as a new client

 

  • Performance of a contract with you (and in contemplation of)
  • Necessary for our legitimate interests (for running our business and maintaining our records)

2.

To provide you with our service and products, exclusive promotions and creative visual merchandising

  • Performance of a contract with you (and in contemplation of)
  • Necessary for our legitimate interests (to keep records updated, and to develop our products and services and grow our business)

3.

Taking instructions from you, managing the client relationship, corresponding and communicating with you to provide updates and information relating to our products and services, and to respond to your enquiries

 

  • Performance of a contract with you
  • Necessary for our legitimate interests (for running our business including but not limited to, effectively managing our business relationships, to improve service quality and to help us better understand your needs and expectations)

5.

Raising invoices and processing payments

  • Performance of a contract with you

6.

Process and respond to requests, feedback, enquiries or complaints received by you

 

  • Performance of a contract with you
  • Necessary for our legitimate interests (for running our business including but not limited to, effectively managing our business relationships, to improve service quality and to help us better understand your needs and expectations)

7.

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

  • Necessary for our legitimate interests (for running our business, provision of administration and IT services, and network security)

8.

To use data analytics to improve our website, services, client relationships and experiences

  • Necessary for our legitimate interests (to define types of clients for our services, to keep our website updated and relevant, and to develop our business)

9.

To provide access to our files for audit, review and general business conduct

  • Necessary to comply with our legal and regulatory obligations
  • Necessary for our legitimate interests (for running our business)

10.

Ensuring that our policies, procedures and standards are adhered to

  • Necessary for our legitimate interests (for running our business)
  • Necessary to comply with our legal and regulatory obligations (such as health and safety law)

12.

Updating and maintaining records

  • Performance of a contract with you or to take steps at a potential client’s request before entering into a contract
  • Necessary for our legitimate interests (to develop our business and services and grow our business)

13.

For the day to day operations of our business to include the use of third party service providers (including general office services, IT support, couriers, etc.)

  • Necessary for our legitimate interests (to develop our business and services and grow our business)

14.

Debt recovery – collecting and recovering sums owed to us

  • Performance of a contract with you
  • Necessary for our legitimate interests (for running our business)

15.

To make suggestions and recommendations to you about services that may be of interest to you, and advising you on ways we can assist

  • Performance of a contract with you
  • Necessary for our legitimate interests (to develop our services and grow our business)

16.

Making disclosures to government, regulatory or other public bodies where in our reasonable opinion the disclosure is appropriate and permitted by law

  • Necessary to comply with our legal and regulatory obligations

17.

To engage contractors and to enable us to assess the skills, qualifications and suitability of potential contractors for a particular role, including carry out background and reference checks, where applicable.

  • It is in our legitimate interests to decide whether to engage an individual as one of our contractors as it would be beneficial to our business
  • We also need to process personal information to decide whether to enter into a business relationship with a contractor