Data Protection Policy
This Policy applies between you, the User of MEA Ltd, and MEA Ltd as a Service provider.
MEA Ltd takes the privacy of user information very seriously. This Policy is in line with the new GDPR policy that came into effect on 25th May 2018; and applies to our use of all Data collected by us or provided by you in relation to your use of the Agency.
Aims of the Policy
This policy aims:
- To state our commitment to compliance with data protection legislation and the principles of data protection;
- To discharge our obligations to have in place data protection policies as part of measures to secure compliance with data protection legislation;
- To provide a general appropriate policy document and an overarching appropriate policy document for processing of special categories of personal data, as may be required as part of data protection legislation;
- To outline how we will work to comply with the data protection legislation using technical and organisational measures and the principles of data protection by design and data protection by default;
- To state the responsibility of everyone working for us or on our behalf to comply with this policy and the data protection legislation;
- To identify some of the circumstances where we are exempt from certain general principles because of our functions as a service provider.
The principles set out in data protection legislation require personal data to be:
|I.||Processed lawfully, fairly and in a transparent manner (Lawfulness, fairness and transparency).|
|II.||Collected only for specified, explicit and legitimate purposes, and not further processed in a way which is incompatible with those purposes (Purpose limitation).|
|III.||Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (Data minimisation)|
|IV.||Accurate and where necessary kept up to date (Accuracy).|
|V.||Not kept in a form which permits identification of data subjects for longer than is necessary for the purposes for which the data is processed (Storage limitation).|
in a way that ensures its security, using appropriate technical and
organisational measures to protect against unauthorised or unlawful
processing and against accidental loss, destruction or damage (Security,
integrity and confidentiality).|
|VII.||Not transferred to another country or third party without appropriate safeguards being in place (Transfer limitation).|
available to data subjects; and data subjects allowed to exercise
certain rights in relation to their personal data (data subject’s rights
and requests). Requests for information will be executed without delay
and at least within a month of the request. Where request for
information is unfounded or excessive, there will be a small charge.|
are responsible for, and must be able to demonstrate compliance with,
the data protection principles listed above (Accountability). This
policy sets out below, in general terms, how we approach these issues.|
|1.||What personal information we collect||We collect the name of the Organisation, Name of Director, Name of manager, name of service/business, full address, telephone number, Fax number, Skype ID, Email addresses, VAT certificate if applicable.|
|2.||How & why we collect it||We
collect details from industry specific lists or publications and
websites. We collect the details so as we can inform the potential
customer about our services of providing healthcare, catering and
general recruitment services. We also collect the data for invoicing
purposes once they become our customers.|
|3.||How we use it||We use it to inform the customers of our services and promotions.|
|4.||How we secure it||All data collected are kept secure in our database system with access limited to selected office staff.|
|5.||That we declare any third parties with access to it who must be an employee of MEA Ltd and is applicable either during their employment or while providing services to MEA Ltd and accessing the information for the provision of such Agency services.||No other third party except our database system provider is allowed access for database maintenance and upgrade|
|6.||How users can control any aspects of this by opting out whenever they feel like. That is, all users have rights under GDPR which involves things like, the right to access data, request change, request deletions and corrections, of say, where providing data is essential as if users do not provide us with an email address and other contact details for communication purposes relating to financial information for payment purposes etc.||All users are informed of their rights and they are free to request what information we hold about them, they are free at any point to request to remove their details or make changes.|
- Everyone working for us or on our behalf is required to comply with this policy.
- Staff will be required to complete mandatory data protection training.
- We will regularly review the systems and processes under our control to ensure they comply with this policy.
- We will investigate any alleged breach of this policy. An investigation could result in us taking action up to and including dismissal; removal from office; or, termination of a contract for services.
Storage and Security
MEA Ltd will ensure data is not kept for longer than is required and review the data it holds regularly and erase of anonymise it when it is no longer needed. Likewise, MEA Ltd will comply with individual requests to erase data.
How Long we Keep your Information
We will hold and use your information only for as long as necessary for our business purposes or to meet our legal requirements or in exercising our official authority as a regulator. The length of time for which we keep your information will vary depending on the type of information it is and why we hold it.
In the event of a data breach, the appropriate supervisory authority without undue delay will be notified within 72 hours of MEA Ltd becoming aware of it if; the breach is likely to result to the individuals involved being identified.
MEA Ltd will only process and store your data subject to you having given your consent for our common business interest.