GDPR will replace current data privacy law, giving more rights to you as an individual and more obligations to organisations holding your personal data.
How we use your information
This privacy notice tells you what to expect when M4 Digital Group Limited collects personal information. It applies to information we collect about:
- visitors to our websites
- people who email us, including suppliers and customers
- people who use our services, e.g. consultants or candidates who apply for employment/project positions/contract opportunities or send their CVs to us speculatively
Visitors to our websites
When someone visits www.m4digitalgroup.com we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is processed in a way that does not disclose visitor identity. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
People who email us
We will monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
Suppliers and customers: We need a small amount of information from our suppliers and customers to ensure that things run smoothly. We need contact details of relevant individuals at your organisation so that we can communicate with you. We also need other information such as your bank details so that we can pay for the services you provide (if this is part of the contractual arrangements between us).
People who use our services, e.g. consultants or candidates who apply for employment/contract opportunities or send their CVs to us speculatively
M4 Digital Group are the data controller for the information you provide during the process unless otherwise stated. If you have any queries about the process or how we handle your information please contact us at careers@m4digitalgroup.com.
What will we do with the information you provide to us?
All information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors.
We will use the contact details you provide to us to contact you to progress your application or for further suitable opportunities. We will use the other information you provide to assess your suitability for the role you have applied for.
What information do we ask for, and why?
We do not collect more information than we need to fulfil our stated purposes. The information we ask for is used to assess your suitability for employment or contract opportunities. You don’t have to provide what we ask for but it might affect your application if you don’t.
If we make a conditional offer of employment or offer of engagement, we will ask you for information so that we can carry out pre-employment/engagement checks. You must successfully complete pre-employment/engagement checks to progress to a final offer. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.
You will therefore be required to provide:
Photographic evidence of your identity
Proof of address
Proof of qualifications
A completed criminal records declaration declaring any unspent convictions.
A completed application for a Basic Criminal Record check via the Disclosure and Barring Service, or proof of current security clearances.
Contact details of referees
For opportunities involving a corp to corp relationship, we will also ask for details of your limited company; this does not constitute personal data.
Upon acceptance of a position:
Bank details – to process salary payments
Emergency contact details – so we know who to contact in case you have an emergency at work
People whose data we receive from candidates and staff, such as referees and emergency contacts: We use referees’ personal data to align our candidates with suitable opportunities. If we can verify their details and qualifications, we can make sure that they are well matched with prospective project work or specific clients. We use the personal details of a candidate’s or staff member's emergency contacts in the case of an accident or emergency affecting that candidate or member of staff.
Use of data processors
Data processors are third parties who provide elements of our solutions delivery practice on our behalf. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct. We use a number of online digital platforms to assist us with proficient data processing and the efficient running of our business; should the reader require further information this can be provided upon request.
How long is the information retained for?
We will only retain your personal data for as long as necessary to fulfil the purposes for which it has been collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Details of retention periods for different aspects of your personal data are available by contacting us.
By law we must keep basic information about all our commercial relationships (including Contact, Identity, Financial and Transaction Data) for six years post relationship for tax or other financial reporting purposes.
In some circumstances you can ask us to delete your data (Right to Erasure) see below for further information.
Your rights
Under the Data Protection Act 1998, you have rights as an individual which you can exercise in relation to the information we hold about you.
Right to object: If we are using your data because we deem it necessary for legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.
Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities (for example, for profiling your suitability for certain positions), you may withdraw your consent at any time.
Data Subject Access Requests (DSAR): Just so it's clear, you have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or delete such information. At this point we may comply with your request or, additionally do one of the following:
- we may ask you to verify your identity, or ask for more information about your request; and
- where we are legally permitted to do so, we may decline your request, but we will explain why if we do so.
Right to erasure: In certain situations (for example, where we have processed your data unlawfully), you have the right to request us to "erase" your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will delete your data but will generally assume that you would prefer us to keep a note of your name on our register of individuals who would prefer not to be contacted. That way, we will minimise the chances of you being contacted in the future where your data is collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.
Right of data portability: If you wish, you have the right to transfer your data from us to another data controller. We will help with this - either by directly transferring your data for you, or by providing you with a copy in a commonly used machine-readable format.
Right to lodge a complaint with a supervisory authority: You also have the right to lodge a complaint with your local supervisory authority – The Information Commissioner’s Office.
You can read more about these rights here:
https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/.
How do we safeguard your personal data?
We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures. These include measures to deal with any suspected data breach. If you suspect any misuse or loss of or unauthorised access to your personal information please let us know immediately.
Complaints or queries
M4 Digital Group tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information, is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects collection and use of personal information. However, we are happy to provide any additional information or explanation needed.
Any requests for this should be sent to info@m4digitalgroup.com
If you want to make a complaint about the way we have processed your personal information, you can contact us to discuss your concerns. If appropriate concerns can also be raised to the Information Commissioner’s Office (ICO) in their capacity as the statutory body which oversees data protection law – www.ico.org.uk.
Access to personal information
M4 Digital Group tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about you we will:
give you a description of it
tell you why we are holding it
tell you who it could be disclosed to
should you ask, let you have a copy of the information in an intelligible form.
To make a request for any personal information we may hold you need to put the request in writing
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If we do hold information about you, you can ask us to correct any mistakes.
Disclosure of personal information
In most circumstances we will not disclose personal data without consent.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 30 May 2018.
How to contact us
If you want to request information about our privacy policy you can email us or write to:
M4 Digital Group Limited
Temple Court
13a Cathedral Road
Cardiff
CF11 9HA