Last updated February 7, 2022
M3TER HOLDINGS LIMITED
This document describes how We process, store, and retain Personal Data in connection with the marketing, sales, and provision of Our services.
Please read this Privacy Notice carefully as it contains important information on who We are and how and why We collect, store, use and share your Personal Data. It also explains your rights in relation to your Personal Data and how to contact Us or supervisory authorities in the event you have a complaint.
When We use Personal Data, We are regulated by the Information Commissioner under the Retained Regulation EU 2016/679 (“UK GDPR”) and the UK Data Protection Act 2018 (together, “Data Protection Legislation”). We are accountable as Controller of your Personal Data for the purposes of Data Protection legislation.
|We, m3ter, Us, Our||M3TER Limited, a company incorporated and registered in England and Wales with company number 12952487, whose registered office is at 63 Bermondsey Street, London, United Kingdom SE1 3XF.|
|Personal Data||Any information relating to an identified or identifiable natural person.|
|Special Category Personal Data||Personal Data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, Genetic and biometric data, Data concerning health, sex life or sexual orientation.|
During the course of Our professional and commercial dealings with you, We will collect, store and use the following types of Personal Data from you:
We collect Personal Data directly from you, via email communication, via transmission over Our APIs, via your usage of Our website and Our services, in face-to-face meetings, over the telephone, in writing and sometimes indirectly via third parties such as Our existing and prospective clients, suppliers, business partners, prospective partners, web site visitors, and other collaborators.
Under Data Protection Legislation, We can only use Personal Data if We have a legal basis for doing so. Our legal bases for collecting your Personal Data are for the performance of our contract with you or to take steps before entering into a contract with you, and for the legitimate interest of m3ter or another third party.
Personal Data is required to enable Us to enter into a contract with you and to provide goods or services to you; to enable Us to invoice you for those goods or services; to enable you to provide services or goods to Us; to enable Us to pay your invoices to Us; to enable Us to tell you about Our products and services; to enable Us to enter into a commercial collaboration with you; to enable Us to deliver customer support, to enable Us to develop Our products and services and to engage in business development.
We will always treat Personal Data with the utmost respect and never sell it to other organisations for marketing purposes.
We share Personal Data with Our retained external third party service providers including: Xero, Google, AWS, Atlassian, Goodfit.io, Microsoft, and Salesforce.
We only allow Our retained external third parties to handle Personal Data if We are satisfied they take all appropriate technical and organizational measures to protect all Personal Data, and only on Our written instructions.
We may very occasionally disclose and exchange information with regulatory bodies to comply with our legal and regulatory obligations.
We use technical and organisational security measures designed to protect personal information processed by Us against unauthorized access, disclosure, alteration, and destruction (e.g. access controls, two factor authentication, password protection and encryption in transit and at rest).
Where Personal Data is stored with any of the third party providers referred to above, access is only provided after administrator set-up and authorisation. Our third party providers have added additional layers of security to limit access to Personal Data stored in their cloud based solutions and to permit safe and lawful data transfers, which We have assessed and reviewed. These include strict access restriction, encryption, two factor authentication and password protection, to prevent Personal Data from being accidentally lost or used or accessed unlawfully.
Where personal data is transferred outside the UK or the European Economic Area, it will only be to a territory which is subject to a current finding by the Information Commissioner’s Office in the UK and the European Commission that the territory provides adequate protection for the privacy rights of individuals OR with the adoption of a valid cross border transfer mechanism in the form of the European Commission’s Standard Contractual Clauses for the transfer of Personal Data to third countries (Commission Implementing Decision June 04 2021).
We will only retain your Personal Data for as long as is necessary for the purpose for which We collected it, including for the purposes of discharging our legal, accounting, reporting and regulatory obligations. This will commonly be for a period of up to two years following the termination of our contractual relationship but may be for up to 7 years following contractual termination in the case of some categories of Personal Data. When it is no longer necessary to retain Personal Data, We will delete it.
All data subjects have the following rights, which can be exercised free of charge:
|Access||The right to be provided with a copy of Personal Data held on a data subject.|
|Rectification||The right to require Us to correct any mistakes in a data subject’s Personal Data.|
|To be forgotten||The right to require Us to delete Personal Data – in certain situations.|
|Restriction of processing||The right to require Us to restrict processing of certain Personal Data—in certain circumstances, e.g. if the accuracy of the data is contested.|
|Data portability||The right to receive the Personal Data provided to Us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party – in certain situations.|
|To object||The right to object at any time to Personal Data being processed for direct marketing (including profiling); – in certain other situations to Our continued processing of Personal Data, e.g. processing carried out for the purpose of Our legitimate interests.|
|Not to be subject to automated individual decision-making||The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning a data subject.|
|To withdraw consent||The right to withdraw consent as a legal basis for processing, at any time.|
For further information on each of those rights, including the circumstances in which they apply, please contact Us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under Data Protection Legislation.
To exercise any of those rights, please contact Us – see below: ‘How to contact Us’.
We hope that We can resolve any query or concern raised about our use of Personal Data.
Data Protection Legislation also gives the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/make-a-complaint/ or telephone: +44 303 123 1113.
We may change this Privacy Notice from time to time, when We do We will inform data subjects by the most appropriate means.
We can be contacted by post or email. Our mailing address is at the top of this Privacy Notice.
Our email address is: email@example.com
For all data subject rights, please contact: firstname.lastname@example.org