Media Bounty Ltd a company incorporated in England and Wales whose registered office is at Unit G, 11 Bell Yard Mews, London, England, SE1 3TN (registered number 06755924) (“we/us/our”) holds personal data about our employees, clients, suppliers and other individuals for a variety of business purposes. We are committed to respecting your privacy and to complying with applicable data protection and privacy laws.
This policy applies to all products and services provided by us and sets out how we seek to protect personal data and ensure that staff understand the rules governing their use of personal data to which they have access in the course of their work. This policy is effective from 15.05.18.
You give us your information either through this website or by any other means. We may seek to use your personal data for business purposes that may include the following:
Any and all information passed to us by any third party will be treated in accordance with this policy.
This is defined as information relating to identifiable individuals, clients, suppliers, marketing contacts, job applicants, current and former employees, agency, contract and other staff.
The type of personal data we may gather might include: individuals’ contact details, educational background, financial and pay details, details of certificates and diplomas, education and skills, marital status, nationality, job title, and CV.
This is defined as personal data about an individual’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceedings. Any use of sensitive personal data will be strictly controlled in accordance with this policy.
This policy applies to all of our staff and we will ensure that they are familiar with this policy and comply with its terms.
We may supplement or amend this policy by additional policies and guidelines from time to time. Any new or modified policy will be circulated to staff before being adopted.
Our Operations & HR Director has overall responsibility for the day-to-day implementation of this policy.
We will always seek to process personal data fairly and lawfully in accordance with the rights of the individuals’. This generally means that we will not process personal data unless the individual whose details we are processing has consented to this happening.
In most cases where we process sensitive personal data we will require the data subject’s explicit consent to do this unless exceptional circumstances apply or we are required to do this by law (e.g. to comply with legal obligations to ensure health and safety at work). Any such consent will need to clearly identify what the relevant data is, why it is being processed and to whom it will be disclosed.
We will seek to ensure that any personal data we process is accurate, adequate, relevant and not excessive, given the purpose for which it was obtained. We will not process personal data obtained for one purpose for any unconnected purpose unless the individual concerned has agreed to this or would otherwise reasonably expect this.
Individuals may ask that we correct inaccurate personal data relating to them. If you believe that information is inaccurate you should record the fact that the accuracy of the information is disputed and inform the Operations & HR Director.
You must take reasonable steps to ensure that personal data we hold about you is accurate and updated as required. For example, if your personal circumstances change, please inform the Operations & HR Director so that they can update your records.
We keep personal data secure against loss or misuse. We are committed to protecting the confidentiality of your information and will take all reasonable measures to secure your information, including encryption, third party audits, access controls and security testing.
Where other organisations process personal data as a service on our behalf, our Operations & HR Director will establish what, if any, additional specific data security arrangements need to be implemented in contracts with those third party organisations.
There are restrictions on international transfers of personal data. Your personal data will not be transferred anywhere outside the UK without first consulting the Operations & HR Director.
We will abide by any request from an individual not to use their personal data for direct marketing purposes and notify the Operations & HR Director about any such request.
We will not send direct marketing material to anyone electronically (e.g. via email) unless they have given us positive consent to receiving our marketing material and that consent will be recorded and stored.
Joiners will receive training as part of the induction process. Further training will be provided at least every year or whenever there is a substantial change in the law or our policy and procedure.
Training is provided through an in-house seminar on a regular basis. It will cover:
Completion of training is compulsory.
We use the information we collect in order to understand your needs and provide you with a better service and in particular for the following purposes:
The personal data that we collect is subject to active consent by the data subject. This consent can be revoked at any time.
Your personal data is an important part of our business. We do not sell your information to third parties. We will only share your information as set out below and with your express consent. All information sharing is only done on the basis of being necessary and to fulfil legitimate business purposes. For example:
We may disclose your personal information to third parties in limited circumstances as follows:
We will retain personal data for no longer than is necessary and in any event no longer than 1 year from the date of last usage. What is necessary will depend on the circumstances of each case, taking into account the reasons that the personal data was obtained, but will be determined in a manner consistent with our data retention guidelines.
We will also need to take into consideration any regulations that we must fulfil, for example for auditing purposes or for legitimate business purposes and may retain your information after your relationship with us has ended.
If you would like a copy of your personal data or would like us to correct any inaccurate information held about you please contact the Operations & HR Director.
We would like to send you information, from time to time about our products and services but we will only do so when we have your positive consent, which you can revoke at any time.
You have the right to access information held about you. If you would like a copy of your personal data, please contact the Operations & HR Director as detailed below.
You can ask us to correct any inaccurate information held about you by contacting us.
We will process personal data collected in connection with our Surveys, Newsletters and Events as a necessary legitimate interest.
Upon request, you will have the right to receive a copy of your data in a structured format. These requests will be processed within one month, provided there is no undue burden and it does not compromise the privacy of other individuals. You may also request that your data is transferred directly to another system. This will be done for free.
You may request that any information held on you is deleted or removed, and any third parties who process or use that data must also comply with the request. An erasure request can only be refused if an exemption applies.
Privacy by design is an approach to projects that promote privacy and data protection compliance from the start. The Operations & HR Director will be responsible for conducting any Privacy Impact Assessments and ensuring that all IT projects commence with a privacy plan.
When relevant, and when it does not have a negative impact on the data subject, privacy settings will be set to the most private by default.
Regular data audits to manage and mitigate risks will inform the data register. This contains information on what data is held, where it is stored, how it is used, who is responsible and any further regulations or retention timescales that may be relevant.
All members of staff have an obligation to report actual or potential data protection compliance failures. This allows us to:
Although we take every reasonable step to protect the information that you provide, we cannot guarantee the security or accuracy of the information that we gather. Please be assured that all our staff must observe this policy. The Operations & HR Director has overall responsibility for this policy. They will monitor it regularly to make sure it is being adhered to.
If you have any questions or concerns about anything in this policy, do not hesitate to contact the Operations & HR Director.
Please contact our Operations & HR Director at:
Post: Media Bounty, Unit G, 11 Bell Yard Mews, London, SE1 3TN.
Telephone: 0207 260 2600