Data Protection Policy

This Policy applies between you, the User of MEA Ltd, and MEA Ltd as a Service provider.

MEA Ltd takes the privacy of user information very seriously. This Policy is in line with the new GDPR policy that came into effect on 25th May 2018; and applies to our use of all Data collected by us or provided by you in relation to your use of the Agency.

The Data Controller is MEA Ltd, of the contact details already given in the Privacy Policy under Data Protection. The Data Protection Officer is The Service Manager who has responsibility for ensuring in an independent manner, that MEA Ltd applies the laws protecting individuals’ personal data.

Aims of the Policy

This policy aims:

  1. To state our commitment to compliance with data protection legislation and the principles of data protection;
  2. To discharge our obligations to have in place data protection policies as part of measures to secure compliance with data protection legislation;
  3. To provide a general appropriate policy document and an overarching appropriate policy document for processing of special categories of personal data, as may be required as part of data protection legislation;
  4. To outline how we will work to comply with the data protection legislation using technical and organisational measures and the principles of data protection by design and data protection by default;
  5. To state the responsibility of everyone working for us or on our behalf to comply with this policy and the data protection legislation;
  6. To identify some of the circumstances where we are exempt from certain general principles because of our functions as a service provider.

Policy Statements

The principles set out in data protection legislation require personal data to be:

I.
Processed lawfully, fairly and in a transparent manner (Lawfulness, fairness and transparency).
II.
Collected only for specified, explicit and legitimate purposes, and not further processed in a way which is incompatible with those purposes (Purpose limitation).
III.
Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (Data minimisation)
IV.
Accurate and where necessary kept up to date (Accuracy).
V.
Not kept in a form which permits identification of data subjects for longer than is necessary for the purposes for which the data is processed (Storage limitation).
VI.Processed in a way that ensures its security, using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage (Security, integrity and confidentiality).
VII.Not transferred to another country or third party without appropriate safeguards being in place (Transfer limitation).
VIII.Made available to data subjects; and data subjects allowed to exercise certain rights in relation to their personal data (data subject’s rights and requests). Requests for information will be executed without delay and at least within a month of the request. Where request for information is unfounded or excessive, there will be a small charge.
IX.We are responsible for, and must be able to demonstrate compliance with, the data protection principles listed above (Accountability). This policy sets out below, in general terms, how we approach these issues.

MEA Ltd Privacy Policy is about letting the users know: –

 1. What personal information we collectWe collect the name of the Organisation, Name of Director, Name of manager, name of service/business, full address, telephone number, Fax number, Skype ID, Email addresses, VAT certificate if applicable.
2.How & why we collect itWe collect details from industry specific lists or publications and websites. We collect the details so as we can inform the potential customer about our services of providing healthcare, catering and general recruitment services. We also collect the data for invoicing purposes once they become our customers.
3.How we use itWe use it to inform the customers of our services and promotions.
4.How we secure itAll data collected are kept secure in our database system with access limited to selected office staff.
 5.That we declare any third parties with access to it who must be an employee of MEA Ltd and is applicable either during their employment or while providing services to MEA Ltd and accessing the information for the provision of such Agency services.No other third party except our database system provider is allowed access for database maintenance and upgrade
 6. How users can control any aspects of this by opting out whenever they feel like. That is, all users have rights under GDPR which involves things like, the right to access data, request change, request deletions and corrections, of say, where providing data is essential as if users do not provide us with an email address and other contact details for communication purposes relating to financial information for payment purposes etc. All users are informed of their rights and they are free to request what information we hold about them, they are free at any point to request to remove their details or make changes.
   

Compliance

  • Everyone working for us or on our behalf is required to comply with this policy.
  • Staff will be required to complete mandatory data protection training.
  • We will regularly review the systems and processes under our control to ensure they comply with this policy.
  • We will investigate any alleged breach of this policy. An investigation could result in us taking action up to and including dismissal; removal from office; or, termination of a contract for services.

Storage and Security

MEA Ltd will ensure data is not kept for longer than is required and review the data it holds regularly and erase of anonymise it when it is no longer needed. Likewise, MEA Ltd will comply with individual requests to erase data.

How Long we Keep your Information

We will hold and use your information only for as long as necessary for our business purposes or to meet our legal requirements or in exercising our official authority as a regulator. The length of time for which we keep your information will vary depending on the type of information it is and why we hold it.

Data Breach
In the event of a data breach, the appropriate supervisory authority without undue delay will be notified within 72 hours of MEA Ltd becoming aware of it if; the breach is likely to result to the individuals involved being identified.

The Data Controller is MEA Ltd, of the contact details already given in the Privacy Policy under Data Protection.

MEA Ltd will only process and store your data subject to you having given your consent for our common business interest.

MEA Ltd, thus, request all our users to click the designated box next to this statement which says by clicking, the user is agreeing to our Privacy Policy terms.