MThree Corporate Consulting Limited - Contractor Data Protection Privacy Notice
This non-contractual notice explains what personal data (personal information) we hold about you, how we collect it, and how we use and may share personal information during your engagement (or the engagement with the company supplying you) and after it ends. Please ensure that you read this notice (sometimes referred to as a ‘privacy notice’) and any other similar notice we may provide to you from time to time when we collect or process personal information about you.
Who collects the personal information
MThree Corporate Consulting Limited (‘Company’) is a ‘data controller’ and gathers and uses certain personal information about you. This personal information is also used by our affiliated entities, namely MThree Singapore, MThree China, MThree Hong Kong, MThree Americas, MTrois, MThree France, MThree Poland and MThree Australia (our ‘affiliated companies’) and so, in this notice, references to ‘we’ or ‘us’ mean the Company and our affiliated companies.
Data protection principles
The data protection principles which we will apply when gathering and using personal information, are set out in our Data Protection Policy which is available from the HR Department at MThree Consulting.
About the personal information we collect
A table summarising the personal information we collect and hold, how and why we do so, how we use it and with whom it may be shared, is available here.
We may also need to share some of the categories of personal information set out in this document with other parties, such as external contractors and our professional advisers, including legal and finance advisors, HR advisors and payroll providers, and potential purchasers of some or all of our business or on a re-structuring. The recipient of the personal information will be bound by confidentiality obligations. We may also be required to share some personal information with our clients, our clients’ regulators or as required to comply with the law.
We seek to ensure that our personal information collection and processing is always proportionate. We will notify you of any changes to personal information we collect or to the purposes for which we collect and process it.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing personal information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Where personal information may be held
Personal information may be held at our offices and those of our affiliated companies, and third-party agencies, service providers, representatives and agents as described above and in cloud-based IT services. Personal information may be transferred internationally to, United States of America, Hong Kong, Singapore, France, and Australia and other countries around the world, including countries that do not have data protection laws equivalent to those in the UK, for the reasons described above. We have security measures in place to seek to ensure that there is appropriate security for personal information we hold.
How long we keep your personal information
We keep personal information during and after your engagement for no longer than is necessary, which will normally be for no more than six years.
Who should I contact if I have any queries?
You should contact the Head of HR who can be contacted at firstname.lastname@example.org (our Data Protection Contact).
Your rights to correct and access your personal information and to ask for it to be erased
Please contact our Data Protection Contact if (in accordance with applicable law) you would like to correct or request access to personal information that we hold or if you have any questions about this notice. You also have the right to ask our Data Protection Contact for some, but not all, of the personal information we hold and process to be erased (the ‘right to be forgotten’) in certain circumstances. Our Data Protection Contact will provide you with further information about the right to be forgotten, if you ask for it.
How to complain
We hope that we can resolve any query or concern you raise about our use of your personal information. If not, contact the Information Commissioner at ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.