Hero graphic

Pri­va­cy

MIT­MARK Secu­ri­ty Ltd Pri­va­cy Policy

MIT­MARK Secu­ri­ty is a secu­ri­ty con­sul­tan­cy com­pa­ny based in the UK. MIT­MARK Secu­ri­ty is a con­troller”, mean­ing it is respon­si­ble for decid­ing how it holds and uses per­son­al infor­ma­tion of its clients and any oth­er rel­e­vant third parties.

This Pri­va­cy Pol­i­cy sets out how MIT­MARK Secu­ri­ty process­es per­son­al data in accor­dance with the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR) and oth­er applic­a­ble data pro­tec­tion laws.

1. Intro­duc­tion

MIT­MARK Secu­ri­ty is whol­ly com­mit­ted to pro­tect­ing the pri­va­cy and secu­ri­ty of all per­son­al data we col­lect, process, and hold about indi­vid­u­als. This pol­i­cy explains how we use per­son­al data, who we share it with, how we keep it secure, and the rights indi­vid­u­als have in rela­tion to their per­son­al
data.

2. Who we are

MIT­MARK Secu­ri­ty is a secu­ri­ty con­sul­tan­cy com­pa­ny reg­is­tered in the UK. We oper­ate as a data con­troller for the per­son­al data we col­lect and process. Our reg­is­tered office is at 13 Manette Street, Lon­don, Eng­land, W1D 4AP, and we can be con­tact­ed via support@​mitmark-​security.​com or +44 (0)20 7184 9754.

We will aim to address all pri­va­cy relat­ed inquiries with­in 3 busi­ness days.

3. What per­son­al data we collect

We may col­lect and process a range of per­son­al data. The nature and type of data we col­lect will vary depend­ing on the spe­cif­ic context/​scope of a giv­en project. In gen­er­al terms we may col­lect the fol­low­ing per­son­al data:

  • Name, address, date of birth, con­tact details, and oth­er iden­ti­fy­ing infor­ma­tion pro­vid­ed to us as part of our services;
  • Infor­ma­tion about an individual’s per­son­al and pro­fes­sion­al life, includ­ing finan­cial, employ­ment and edu­ca­tion­al information;
  • CCTV footage and audio record­ings, where appro­pri­ate and law­ful to do so;
  • Infor­ma­tion obtained from pub­lic sources or from third-par­ty sources, such as social media plat­forms, where appro­pri­ate and law­ful to do so;
  • Tech­ni­cal data, includ­ing IP address­es, brows­er type and ver­sion, plug-ins, oper­at­ing sys­tem and any oth­er tech­nol­o­gy on devices used to access our website.

We may also col­lect and process spe­cial cat­e­gories of per­son­al data, which require a high­er lev­el of pro­tec­tion. This includes, but is not lim­it­ed to:

  • Health data — infor­ma­tion relat­ed to an individual’s phys­i­cal and men­tal health;
  • Bio­met­ric data — data for the pur­pose of unique­ly iden­ti­fy­ing a per­son, such as their fin­ger­prints and facial recognition;
  • Data con­cern­ing racial or eth­nic ori­gin, polit­i­cal opin­ions, reli­gious or philo­soph­i­cal beliefs, or trade union mem­ber­ship — this is only col­lect­ed when strict­ly nec­es­sary, and with a person’s explic­it con­sent.
     

4. How we col­lect your data

We use a wide range of meth­ods to col­lect data. These include:

  • Direct inter­ac­tions, i.e.: infor­ma­tion pro­vid­ed to us regard­ing iden­ti­ty and con­tact data pro­vid­ed by fill­ing in forms or via cor­re­spon­dence (i.e.: email);
  • Auto­mat­ed tech­nolo­gies — as you inter­act with our web­site, we may auto­mat­i­cal­ly col­lect tech­ni­cal and usage data.

5. How we use per­son­al data

We may use per­son­al data for the fol­low­ing purposes:

  • To per­form any con­tract we have entered into with a client;
  • Where it is nec­es­sary for our legit­i­mate inter­ests (or those of a third par­ty), and where your inter­ests and fun­da­men­tal data pro­tec­tion rights do not over­ride those interests;
  • Where we need to com­ply with a legal/​regulatory obligation. 

Specif­i­cal­ly, we use your data for:

  • Pro­vid­ing and man­ag­ing our services;
  • Mar­ket­ing and com­mu­ni­ca­tion (sub­ject to your expressed preferences);
  • Improv­ing our web­site and services

6. Shar­ing per­son­al data

We may share your per­son­al data with the fol­low­ing third parties:

  • Third-par­ty ser­vice providers who pro­vide us with IT, tech­ni­cal infra­struc­ture and oth­er sup­port services;
  • Reg­u­la­to­ry bod­ies and law enforce­ment agen­cies, where required by law or reg­u­la­to­ry obligations.

7. How long we keep per­son­al data

We will only retain per­son­al data for as long as nec­es­sary to ful­fil the pur­pos­es for which it was col­lect­ed, includ­ing for the pur­pos­es of sat­is­fy­ing any legal, reg­u­la­to­ry, account­ing, or report­ing require­ments. The length of time for which we retain per­son­al data will vary depend­ing on the nature of the infor­ma­tion and the pur­pos­es for which it was collected.

8. Data security

We have imple­ment­ed appro­pri­ate tech­ni­cal and organ­i­sa­tion­al mea­sures to ensure the secu­ri­ty of per­son­al data we hold. This envi­ron­ment includes mea­sures to pre­vent unau­tho­rised access, use, alter­ation, dis­clo­sure, or destruc­tion of data.

Access to data is restrict­ed based on the prin­ci­ple of least priv­i­lege. This means access to your per­son­al data is restrict­ed to only those employ­ees, con­trac­tors and oth­er third par­ties that have a legit­i­mate busi­ness need to know. Any­one who is grant­ed access to your data will only process it for a legit­i­mate busi­ness pur­pose and will be sub­ject to a duty of confidentiality.

9. Data Relat­ing to Minors

We will only col­lect data relat­ing to minors in very spe­cif­ic cir­cum­stances, how­ev­er we are com­mit­ted to pro­tect­ing the pri­va­cy of minors, and imple­ment the fol­low­ing procedures:

  • Parental con­sent — we do not know­ing­ly col­lect or process per­son­al data from chil­dren under the age of 16 with­out obtain­ing ver­i­fi­able parental or guardian con­sent. Where con­sent is required, we ensure that it is clear­ly informed and freely given.
  • Min­imised data col­lec­tion — we lim­it the col­lec­tion of per­son­al data from minors to only what is strict­ly nec­es­sary for the pro­vi­sion of our services.
  • Spe­cial safe­guards — addi­tion­al mea­sures are imple­ment­ed as nec­es­sary in order to safe­guard the data of minors, includ­ing restric­tions on access and encryp­tion to ensure all data is stored securely.

10. Indi­vid­ual rights

Indi­vid­u­als have the fol­low­ing rights in rela­tion to their per­son­al data:

  • Right to access – indi­vid­u­als have the right to request access to their per­son­al data and to receive a copy of the per­son­al data we hold about them;
  • Right to rec­ti­fi­ca­tion – indi­vid­u­als have the right to request that we cor­rect any inac­cu­rate or incom­plete per­son­al data we hold about them;
  • Right to era­sure – indi­vid­u­als have the right to request that we delete their per­son­al data in cer­tain circumstances;
  • Right to restrict pro­cess­ing – indi­vid­u­als have the right to request that we restrict the pro­cess­ing of their per­son­al data in cer­tain circumstances;
  • Right to data porta­bil­i­ty – indi­vid­u­als have the right to receive the per­son­al data they have pro­vid­ed to us in a struc­tured, com­mon­ly used, and machine-read­able for­mat, and to trans­mit that data to anoth­er data controller;
  • Right to object – indi­vid­u­als have the right to object to the pro­cess­ing of your per­son­al data under cer­tain circumstances;
  • Right to data porta­bil­i­ty — indi­vid­u­als have the right to request that our com­pa­ny trans­fer the data we have col­lect­ed to anoth­er organ­i­sa­tion, or direct­ly to you, under cer­tain circumstances.
  • Right to with­draw­al of con­sent — in the event that the legal basis of our pro­cess­ing is con­sent, indi­vid­u­als have the right to with­draw their consent.

11. Cook­ies

By using our web­site we will auto­mat­i­cal­ly col­lect any data pro­vid­ed to us by your brows­er via our web­site’s cookies.


Cook­ies are text files placed on your com­put­er to col­lect stan­dard Inter­net log infor­ma­tion and vis­i­tor behav­iour infor­ma­tion. This data includes inter­net pro­to­col (IP) address, your brows­er type and ver­sion, your time zone set­ting and loca­tion, brows­er plug-in types and ver­sions, oper­at­ing sys­tem and plat­form and oth­er tech­nol­o­gy on the devices you use to access this web­site. Our web­site uses the fol­low­ing cookie:


CRAFT_CSRF_TOKEN — with CSRF pro­tec­tion enabled, all of our site’s vis­i­tors will get a CRAFT_CSRF_TOKEN” cook­ie set on their brows­er, and all POST requests must be accom­pa­nied by a POST para­me­ter with a match­ing name and val­ue (the CSRF token). If they aren’t, Craft will reject the request with a 400 error.
 

11. Changes to this policy

This pol­i­cy may be updat­ed from time to time. Any new changes will be post­ed to this page.

12. How to con­tact the appro­pri­ate authority

Should you wish to report a com­plaint or if you feel that our com­pa­ny has not addressed your con­cern in a sat­is­fac­to­ry man­ner, you may con­tact the Infor­ma­tion Com­mis­sion­er’s Office.

Phone Num­ber: 0303 123 1113

Web­site: https://​ico​.org​.uk/​m​a​k​e​-​a​-​c​o​m​p​l​aint/

While we ful­ly respect your right to make any com­plaint you feel is nec­es­sary, we would request that you con­tact us first in order to resolve any issues.