Warning: mysqli_query(): (HY000/1021): Disk full (/tmp/#sql_8ebf_0.MAI); waiting for someone to free some space... (errno: 28 "No space left on device") in /home/magdalene/public_html/wp-includes/wp-db.php on line 2007

Warning: mysqli_query(): (HY000/1021): Disk full (/tmp/#sql_8ebf_0.MAI); waiting for someone to free some space... (errno: 28 "No space left on device") in /home/magdalene/public_html/wp-includes/wp-db.php on line 2007
Privacy Policy.

Privacy Policy

  1. Introduction

    1. Magdalene fully understands the importance of protecting information that comes into its possession whether from customers, suppliers, contractors or staff. The company has formalised its approach to managing and protecting this information through its ISO27001 certification which provides a robust framework for the security and protection of all its information.

    2. Magdalene is also committed to complying with all Data Protection legislation including the General Data Protection Regulation (Regulation (EU) 2016/679) and to ensuring the appropriate safeguarding and processing of Personal Data.

    3. This Privacy Policy explains what and how Personal Data may be processed, retained and protected as a result of our ongoing, or potential, day-to-day business, including individuals visiting our website.

    4. This Policy complies with the General Data Protection Regulation (Regulation (EU) 2016/679).

  2. Your data and information

    1. In the course of our business, we collect information from individuals we deal with in relation to the provision of Magdalene’s products and services. In this context, we are the Data Controller.

    2. An “individual” might be any person representing an actual (or potential) customer, supplier or subcontractor or could be a visitor to our website. In the context of the GDPR, an identified or identifiable person is known as a “Data Subject”.

    3. Some of the information we gather can be Personal Data. “Personal Data” is information that relates to a Data Subject who can be identified from that data on its own, or when taken together with other information that comes into our possession. It can include any expression of opinion or indication of intention in respect of that person but does not include anonymised data.

  3. What do we need?

    1. The typical information collected through provision of our standard products and services includes;

      1. some Personal Data such as: name, job title, working location and contact details; it may also include bank details;

      2. contractual information such as: commercial contracts, technical information and site access information; and

      3. relevant business information such as: meeting notes, related documents and informal letters.

    2. From our website, we may collect;

      1. individual browser information such as: internet protocol (IP) address, computer operating system and browser type; and

      2. website information such as: general traffic patterns, address of any referring website, website areas visited most frequently and website services accessed the most.

  4. Why do we need it and what do we do with it?

    1. We only gather and process information (including Personal Data) that we need in order to conduct our day-to-day business. We do so under two of the lawful purposes specified in the GDPR:

      1. Performance of a contract. For example, we may process Personal Data to prepare commercial proposals, engage in contractual negotiations, undertake operational delivery of customer products and services, correspond with our suppliers and scope projects with contractors.

      2. For legitimate interests. For example, we may process Personal Data to assist general sales and marketing, including the retention of customer contact information in our CRM system). In addition, website visitors’ information, as explained above, may be gathered through Google-generated cookies and website analytics in order to improve the functionality of the website and the offerings we make through it.

    2. Personal Data related to website visitors is stored in the UK with ‘2i design’ who manage the website on Magdalene’s behalf. Personal Data processed as part of the provision of our standard products and services is stored by us in the UK.

    3. Data held in our CRM system is stored by Salesforce and may on occasions be held outside of the EEA. Please see the following link for further details.

  5. What don’t we do with it?

    1. Magdalene will not process Personal Data for purposes other than identified above without first informing the individual of the legal basis on which the processing will occur and gaining their consent.

    2. We do not take automated decisions about individuals using Personal Data or profiling.

    3. In certain circumstances, we will share Personal Data with other persons or companies where this is required in order to carry out a contract or where there is a legitimate interest. In all cases, we require Personal Data to be kept confidential, secure and to be protected in accordance with the law.

  6. How do we protect it?

    1. Magdalene has robust measures in place to ensure the security of Personal Data. Where reasonably practicable this includes:

      1. staff training and data processing guidelines;

      2. the anonymisation and/or encryption of Personal Data;

      3. in-built resiliency to processing systems;

      4. the ability to restore and access Personal Data in a timely manner in the event of a physical or technical incident; and

      5. processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

  7. How long do we keep it?

    1. Retention periods for Personal Data are determined by its nature and purpose and in accordance with the requirements of the GDPR. Data held for the purposes of performing a contract will be held for the period required by the contract or for as long as commercial relations remain between the parties.

    2. Personal Data processed for other legitimate interests will be retained for as long as it remains appropriate and relevant. Regardless of purpose, the continued relevance and accuracy of Personal Data will be reviewed and validated on a regular basis.

  8. What are your rights?

    1. Under the GDPR, you are entitled to a copy of any information we hold about you which can be done through a Subject Access Request (SAR). You can request correction of inaccuracies in data, erasure or restriction of processing of the information we hold about you. You can also object to processing. The request must be made in writing to us on privacy@magdalene.co.uk.

    2. Magdalene will normally respond to the SAR within one month unless the request is complex or numerous in which case the period in which we must respond can be extended by a further two months.

    3. In circumstances where a SAR is manifestly unfounded or excessive, Magdalene may legally charge a reasonable administrative fee or may legally refuse to act on the SAR.

  9. Who can you contact?

    1. If you have any questions about this Privacy Policy or the information we hold about you, please contact us by email on privacy@magdalene.co.uk or by post at Magdalene House, Compass Point Business Park, Stocks Bridge Way, St. Ives, Cambridgeshire, PE27 5JL.

    2. You may escalate your query to our Group Data Protection Officer (“DPO”), Nick Scott. The DPO can be contacted via 01438 743 744 or at Nick.Scott@mgroupservices.com.

    3. Finally, you can also obtain additional information about the GDPR and your rights under it on the Information Commissioner’s Office website here. You can also make a formal complaint to the ICO in the event that you feel we have not resolved any query to your satisfaction.

  10. Policy changes

    1. Magdalene will review this Policy periodically and reserves the right to update it as required. In any case the policy will be reviewed at such times as organisational or legislative changes impact upon its content. This policy was last reviewed on 14 October 2019.