top of page
Maltings Document Storage Solutions

(029) 20 79 34 34 

Data Privacy Policy

1. Introduction

MDSS is committed to protecting the privacy and security of the personal data we process. This Data Privacy Policy outlines how we collect, use, store, and protect personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws.

2. Scope

This policy applies to all personal data processed by MDSS, including data relating to employees, customers, suppliers, and other stakeholders. It covers all MDSS operations, systems, and processes.

3. Data Collection and Processing

Lawful Basis for Processing:MDSS only collects and processes personal data where there is a lawful basis to do so. This includes processing data with consent, to fulfil a contract, to comply with legal obligations, to protect vital interests, or for legitimate business purposes.

Types of Data Collected: We may collect several types of personal data, including but not limited to names, contact information, financial details, and other information necessary for business operations and legal compliance.

Data Minimisation: We ensure that personal data collected is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

4. Use of Personal Data

Purpose of Processing: Personal data is processed by MDSS for specific, explicit, and legitimate purposes. These may include managing employee records, processing transactions, providing products and services, marketing communications, and compliance with legal obligations.

Direct Marketing: MDSS may use personal data for direct marketing purposes. Individuals have the right to opt out of receiving marketing communications at any time.

5. Data Storage and Retention

Data Security: MDSS takes appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or damage. This includes using encryption, access controls, and regular security assessments.
Data Retention: Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal, regulatory, or contractual obligations. Once personal data is no longer required, it is securely deleted or anonymised.

6. Data Sharing and Disclosure

Third-Party Processors: MDSS may share personal data with third-party service providers who process data on our behalf. These providers are required to comply with our data protection standards and are prohibited from using personal data for their own purposes.
Legal Obligations: We may disclose personal data to regulatory authorities, law enforcement agencies, or other third parties when required by law or to protect the rights, property, or safety of MDSS, its employees, or others.

7. Individual Rights

Individuals whose personal data is processed by MDSS have the following rights under the UK GDPR:

Right to Access: Individuals have the right to request access to their personal data and obtain information about how it is processed.
Right to Rectification: Individuals can request the correction of inaccurate or incomplete personal data.
Right to Erasure: Individuals have the right to request the deletion of their personal data in certain circumstances. Right to Restrict Processing:Individuals can request that the processing of their personal data be restricted in specific situations.

Right to Data Portability: Individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
Right to Object: Individuals can object to the processing of their personal data for direct marketing purposes or when the processing is based on legitimate interests.
Right to Withdraw Consent:Where processing is based on consent, individuals have the right to withdraw their consent at any time.

8. Data Breaches

Reporting Breaches: MDSS has procedures in place to detect, report, and investigate data breaches. If a breach occurs that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority and affected individuals in accordance with legal requirements.

9. Responsibilities and Governance

Data Protection Officer (DPO):MDSS has appointed a Data Protection Officer responsible for overseeing data protection strategy, compliance, and addressing data protection queries or concerns.
Employee Responsibilities:All MDSS employees are required to adhere to this Data Privacy Policy and are provided with regular training on data protection and privacy issues.

Policy Review: This policy will be reviewed annually or as necessary to ensure compliance with legal requirements and best practices.

10. Contact Information

If you have any questions, concerns, or requests regarding this Data Privacy Policy or the handling of your personal data, please contact our Data Protection Officer at:

Data Protection Officer

Mr Christopher James
MDSS, Wentloog Corporate Park, Wentloog, Cardiff, CF3 2ER Chris.James@themaltingsdss.co.uk
02920 793 434

Created by: Ian Francis on Monday, 19/08/2024 Approved by: Chris James on Friday, 11/10/2024 Published by: Ian Francis on Friday, 11/10/2024 Next Review Date: Sunday, 31/08/2025

bottom of page