HOW WE USE YOUR INFORMATION
This privacy notice provides information about the ways in which MBSL Limited (“MBSL”) collects, stores, shares or keeps personal information provided by our clients, contacts, website visitors and office visitors.
USING OUR WEBSITE
CALLING TO OUR OFFICE
MBSL does not collect Calling Landline Identification (CIL) or any other information on the origins of a call. We do not record or retain phone conversations.
VISITING OUR OFFICE
Visitors to MBSLs office at 13 Classon House are required to sign in and out of the Visitors / Contractors Sign-In Sheet. This information is used for security and health and safety purposes and is disposed of in accordance with our Data Retention Policy.
Any emails sent to us at firstname.lastname@example.org are recorded and forwarded to the relevant member of staff. The sender’s email address will remain visible to all staff tasked with dealing with the email. Emails may also be sent to members of staff directly and these may be shared internally if required to do so for the purpose of the email for a client engagement. Please be aware that it is the sender’s responsibility to ensure that the content of their emails is within the bounds of the law. Unsolicited material of a criminal nature will be reported to the relevant authorities and blocked.
PROCESSING CLIENT INFORMATION
At MBSL we take your privacy seriously and will only use your information to provide the Services you have requested from us as detailed in your Letter of Engagement. We will only use this information subject to your instructions, data protection legislation, statutory legislation and our duty of confidentiality. Due to the nature of engagements, MBSL processes personal and other data on behalf of clients on a contractual basis. Where MBSL processes personal data on behalf of a client, MBSL is the Data Processor and the client is the Data Controller. MBSL acknowledge our responsibilities as a Data Processor and a Data Controller where relevant, under Irish Data Protection legislation.
As a Data Processor, MBSL acknowledges that we process personal data on behalf of the Data Controller, and should:
Carry out the processing only subject to our instructions from the Data Controller and provide appropriate security measures for the data.
Comply with Data Protection legislation on all aspects of processing personal data and protecting the rights of data subjects.
Ensure that personal data is only used for the purpose it was provided for to MBSL.
As a Data Controller, our clients acknowledge that they are responsible under Irish Data Protection legislation for the personal data that is provided to MBSL and should:
Comply with data protection legislation on all aspects of processing personal data and protecting the rights of data subjects.
Apply technical and organisational security measures and take reasonable steps to ensure compliance with those measures.
Take responsibility for any Data Subject Access Requests made in relation to personal data supplied to MBSL.
Notify data subjects in relation to international transfers, especially outside the EU. In this regard MBSL currently uses Brightpay payroll software and payslips are emailed through Brightpay cloud services that see the emails momentarily passing through servers located in the UK.
As part of the services offered to clients through our engagement, information which our clients give to us may be transferred to countries outside the European Union (“EU”). For example, some of our third-party providers may be located outside of the EU. Where this is the case we will take the necessary steps to ensure the appropriate security measures are taken, so that privacy rights continue to be protected as outlined in this policy. If our clients use our services while outside the EU, information may be transferred outside the EU to provide those services. The client may request MBSL not to use services outside of the EU at any point in the engagement. This may result in a review of the terms of the engagement.
SECURITY PRECAUTIONS IN PLACE ABOUT DATA COLLECTED
When you give us personal information, we take steps to make sure that it’s treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected with the following software 128 Bit encryption on SSL. When you are on a secure page, a lock icon will appear at the bottom of your web browser (such as Microsoft Internet Explorer).
Non-sensitive details (your email address etc.) are sent normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
COMMUNICATION WITH CONTACTS
MBSL retains contacts in Office365 and Zoho. These systems contain personal data such as the name, address, email address, phone number and associated company . This information is utilised to communicate with contacts, including sending them details of financial news, products and services on a legitimate interest basis. Contacts have the option of opting out of this communication option and / or being removed from our systems at any time and this is highlighted on news, products and services emails. We do not share contacts information with third parties without the consent of the contact. You may also opt out by emailing your request to: email@example.com or our Data Protection Officer (firstname.lastname@example.org)
DATA RETENTION – HOW LONG DO WE KEEP YOUR PERSONAL DATA
We will not retain your Personal Data longer than is necessary to fulfil the purposes for which it was collected. However, we may be required by applicable laws and/or regulations to hold your personal data longer than this period.
YOUR DATA PROTECTION RIGHTS
You have rights which allow you to address concerns or queries regarding the processing of your personal data, including the rights of access, rectification, erasure, restriction of your personal data, as well as the right to transfer your data, the right to object to some processing and automated decision making, including profiling. Your right may be exercised freely and at no cost.
ENFORCING YOUR DATA PROTECTION RIGHTS
You may contact MBSL’s Data Protection Officer (“DPO”) about all issues related to this Privacy Statement, your personal data and to exercise your rights under Data Protection law.
CONTACT DETAILS OF OUR DPO ARE AS FOLLOWS:-
Name: Karl Houghton, Data Protection Officer, MBSL Limited, 13 Classon House, Dundrum Business Park, Dundrum, Dublin 14 W9Y3
If you feel that your personal data has been processed in a way that does not meet the Data Protection legislation, you have a specific right to lodge a complaint with the relevant supervisory authority. The supervisory authority will in due course inform you of the progress and outcome of your complaint. The supervisory authority in Ireland is the Data Protection Commissioner - www.dataprotection.ie .
CHANGES TO OUR PRIVACY STATEMENT
This is a live document, under regular review. This policy was last updated on 09 May 2018.