But seriously, it’s a pretty important policy to read and understand because it tells you how we use the data you give to us. There might be one or two jargon-y terms we need to use (like “performance cookies”-yum!) but we’ve had many a meeting with our legal eagle to make sure it’s very easy to understand.
Have a read, and if you have any questions, give us a shout.
Who we are, and how to get in touch
Let’s start with the basics, we’re officially called Mazaru Limited, but that’s our Sunday name. Usually, we’re just called Mazaru, and that’s the name we’ll use for the rest of this policy. We’re a provider of Communication services.
Although our main office is in London, our registered office is: 3 Brook Business Centre, Cowley Mill Road, Uxbridge, Middlesex, UB8 2FX. Our telephone number is: 0330 123 9930
In General Data Protection Regulation (GDPR) terms, we’re the data controller, which sounds fancy, but just means that we’re responsible for deciding why we store your information, and what it’s used for.
To us “Personal Data” means any information that can identify you (such as your name, your telephone number or your address).
A “Data Subject” is the person that might be identified from the Personal Data (which could be you).
Who do we collect information from?
We collect Personal Data from our:
- clients (existing and prospective);
- suppliers (existing and prospective);
- employees; and
- candidates who apply to work for Mazaru.
The type of data we collect, why we collect it, and how we use it
The type of personal information we typically collect is “reasonably necessary” in order for us to help manage the delivery of our services. For example, it could include contact information like your name, title, email address, business address, or telephone and fax number(s).
We might store your personal Data on our databases if it helps us improve our services. We’ll also keep it to make sure we have clear and complete records.
We will not collect any Personal Data from you that is unnecessary or irrelevant, such as your shoe size or where you went on holiday last year.
When we might contact you
Because of what we do, we need to keep and store data about our clients and suppliers. This will include our client or suppliers’ contact details (such as email addresses and phone numbers) so we can effectively deliver our services.
We’ll use this data to maintain contact with our clients and suppliers and to let you know about any company updates or relevant information about support services. We’ll only do this during the agreed length of our contract.
Other than that, we might contact our current clients, and any prospective clients, through a targeted marketing campaign or with a survey to fill in. Surveys are really important to us because they give us the information we need to develop business strategies. Of course, you don’t need to respond to our surveys if you don’t want to, we’ll still like you anyway.
Should you (or any Data Subject) no longer wish to receive communications about our services (through SMS, phone, email, post), or other marketing information (such as newsletters) and relevant information (such as industry publications) then get in touch with us and we’ll take you off our list.
Also, just so you know, telephone conversations or emails may also be stored in our systems, in case it is needed to refer back to them at any point.
Why we’re allowed to contact you (our so called Legitimate Interests)
After taking a look at how we use Personal Data, we believe that we have a “legitimate interest” to use your data. That means we think processing your data is relevant and important for our business. We think we have a legitimate interest because:
- the success of our business depends on the requirement to gather information in order to help deliver our products and services to clients and to help further improve and develop
- the Personal Data held is minimal, and restricted to a name and email address
- all information is held at a business level, so there should be no impact upon the individual’s home life and rights to privacy
- as individuals have job roles connected with the services we supply, it would not be surprising or intrusive for them to receive marketing or other information
- we believe that the marketing information provided to the individuals carries a potential benefit to them, and the business that employs them, which outweighs the minimal effect of receiving occasional emails
- individuals whose details are held by Mazaru have been contacted via email on numerous occasions and are likely to be reasonably aware that they are on Mazaru’s marketing/mailing list
- Data Subjects will be afforded an unsubscribe/opt out option which will always be honoured as appropriate
- any unsubscribes are held in a separate database so that they cannot be added back into the Mazaru directory in the future.
IP addresses and cookies
Mazaru might collect information about your computer, including where your IP address is available from, your operating system and browser type, for system administration. The data we collect is statistical and used to give us an idea of our users’ browsing actions and patterns. It does not identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our Site and to deliver a better and more personalised service.
There are different types of cookies. The ones used by Mazaru are:
- Performance Cookies: these collect information about how visitors use our website, for example which pages are visited most. These cookies do not collect information that identifies visitors to our website.
- Functionality Cookies: these cookies allow our website to remember choices you make and changes you have made to things that you can customise such as personal features. These cookies may also be used to provide services you have asked for. The information these cookies collect is anonymised and they cannot track your browsing activity on other websites.
Who will we share your Personal Data with?
As part of our global operations, we might share your Personal Data with other entities within the Mazaru group.
We may also be required to share your Personal Data with third party service providers for the provision of insurance, facilitation of payments, tax authorities and administration support services for facilitating communications and surveys.
We take reasonable steps to ensure that the terms of service with our third-party service providers recognise that we are bound by obligations to protect the privacy of your personal information.
Any Personal Data provided to us may be stored on our database and/or systems and transferred between any of the locations in which we operate, including those countries outside of the European Economic Area (“EEA). Countries outside of the EEA may not have data protection laws which are as stringent as those countries which form part of the EEA, however Mazaru has processes in place to ensure your information and privacy are protected when information is transferred to other countries.
International Data Transfers
Typical safeguards deployed to protect your Personal Data during international transfers consist of:
- Third party data processing agreements;
- Inter-company data processing agreements;
- Encryption of sensitive and confidential data;
- Password protected folders;
- Strict access controls;
- Defined retention periods; and
- Secure email transfers.
The Personal Data Mazaru collects is only retained for as long as it is needed. The criteria we use to determine the period can vary for each type of data, which depends on statutory or contractual obligations. Following expiry of this designated period, your Personal Data will be securely deleted.
Data Subject Rights
Mazaru are committed to facilitating your rights, where you are fully entitled to the following:
- Obtain or gain access to the Personal Data we hold about you on our records.
- Editing or updating Personal Data which you believe is inaccurate.
- The restriction of processing your Personal Data.
- Object to processing of Personal Data, where processing is based on legitimate interests (unless Mazaru have compelling legitimate grounds for the processing) public interests and direct marketing purposes.
- Have your data erased from our records.
- Have your data ported in electronic, machine readable format from Mazaru to yourself or another organisation
You can get in touch by email at firstname.lastname@example.org and we’ll spring into action without delay – the longest we’ll ever take is within one month of hearing from you. If your request is particularly complex, or you’ve asked a lot of questions, we might extend this by 2 further months.
We might request your consent for processing your Personal Data of a sensitive nature, which relate to racial or ethnic origin, biometric data or data concerning health. If your consent is given, you have the right to withdraw it at any time.
The Right to Lodge a Complaint
In the event you are not satisfied with our response or believe we are processing your Personal Data not in accordance with the law you can raise a complaint to the Information Commissioner’s Office (ICO) in addition to maintaining the right to complain to a supervisory authority.
Statutory and Contractual Requirements
Mazaru are committed to providing high levels of service and it is necessary that the Personal Data you provide is sufficient in order for us to not only manage our relationship efficiently but also to enable Mazaru to fulfil our statutory and contractual obligations.
Mazaru will always explain what Personal Data we require from you and the reasons we need it. Should it be determined at a later date that we need to process your data for an additional purpose which you are not aware of at point of collection, we will ensure you are fully informed of our intentions and your rights as explained above will be fully applicable.
Well done, you made it through! Thanks for reading.