Privacy Policy

William Martin Compliance Limited registered in England and Wales with Company Registration Number 05277497 and having its registered office address at C/O Marlowe Plc, 20 Grosvenor Place, London, England, SW1X 7HN (“we”, “us”, “William Martin Compliance”) is committed to protecting and respecting your privacy. This Privacy Policy (“Policy”) relates to all services provided by William Martin Compliance including meridianuk.net (“Meridian”, “Meridian Website”) and our mobile applications (“services”) and sets out the basis on which the personal data collected from you, or that you provide to us will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For much of the personal information we collect and process through the services, we act as a data processor on behalf of our clients. In such cases, if you want to exercise any data protection rights that may be available to you under applicable law or have questions or concerns about how your Personal Information is handled by William Martin Compliance as a processor on behalf of our individual clients, you should contact the relevant the data controller that is using our services and refer to their separate privacy policies. If you are using our services but are not aware of who the data controller is, please contact our Support Team by emailing meridian@wmcompliance.co.uk and we will provide you all relevant contact details. The personal data we hold may span across multiple data controllers if you use our Services on behalf of more than one company.

How we collect information

To provide and improve our services, we collect information about visitors to our sites and applications, users of our services, the devices they use, and sometimes their locations.

We collect certain information directly from you, such as when you fill out forms with a name or email address. It is important that your personal data we hold is accurate and up to date, please inform us if your personal data changes. We collect other information, usually about devices, browsers, or locations, automatically (without you typing it into a form).

You have choices about whether you visit our sites, install our apps, or provide information to us. However, if you do not provide us with certain information, you may not be able to use our service.

Information we collect from you

You provide us with information about yourself when you:

  • Register or log in to your account
  • Edit your user profile
  • Contact our support team, consultants or management teams
  • Respond to questionnaires or surveys

Examples of the information you provide are: name, email address, job title and phone number.

Information we collect automatically

We automatically collect information from you and your devices when you use our services, even when you visit our sites or apps without logging in.

The information we automatically collect includes:

  • Device and usage information: We collect information about how you use our services and the computers or other devices, such as mobile phones or tablets, you use to access our services. Some examples include:
    • IP address
    • Precise geolocation information that you allow our apps to access (usually from your mobile device). If you do not want us to see your device location, you can turn off location sharing on your device, change your device privacy settings, or decline to share location on your browser.
    • Unique device identifiers and device attributes, like operating system and browser type
    • Usage data, such as: web log data, referring and exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used our services, the frequency of your use of our services, error logs, and other similar information
  • Cookies: We may use cookies, which are text files containing small amounts of information that are downloaded on your device (“Cookies”)
  • Analytics: We use Google Analytics to collect information about the usage of our services. They use Cookies to gather usage data and help us learn how people use our services, such as the pages they visit, for how long and in some cases the website or page that linked you to one of our websites.

You can choose to decline cookies through your browser settings. However, if you decline cookies, you may not be able to use some parts of our services.

Information we collect from other sources

We may collect information about you from others, such as:

  • Our clients: Our clients (the data controllers) may give us your information. For example, to register you as a user to access our services, they will give us your details which may include; your name, job title, email address and telephone number.

Information we collect and process on behalf of our clients

When our clients use our services, we process and store certain information on their behalf as a data processor. For example, in Meridian when a client (or the clients authorised users) upload documents to the system or log incident data, we act primarily as a data processor and process information on the clients’ behalf and in accordance with their instructions. In those instances, the client as the data controller is responsible for all aspects of the processing of the information. If you have any questions or concerns about how information is processed in these cases, including how to exercise your rights as a data subject, we recommend contacting the relevant the data controller that is using our services, and refer to their separate privacy policies. If you are using our services but are not aware of who the data controller is, please contact our Support Team by emailing meridian@wmcompliance.co.uk and we will provide you all relevant contact details. The personal data we hold and process about you on behalf of our clients may span across multiple data controllers if you use our Services on behalf of more than one company.

Use of your information

Where you are using our services on behalf of our client, we rely on legitimate interests in performing our contract with our client as the lawful basis on which we collect and use your personal data. We use the information held about you in the following ways:

  • To provide you with the services you request
  • To provide our client with the services they require
  • To record details about what happens with electronic documents, such as who uploaded/downloaded them and when these events occur
  • To create and review data about our users and how they use our services
  • To test changes in our services and develop new features and products
  • To fix problems you may have with our services, including answering support questions and resolving disputes
  • To manage the Meridian Website including support systems and security
  • To prevent, investigate and respond to: fraud, unauthorised access to or use of our services, breaches of terms and policies, or other wrongful behaviour
  • To meet legal retention periods

Other uses

We may combine the information we collect (“aggregate”) or remove pieces of information (“de-identify”) to limit or prevent identification of any particular user or device to help with goals like research and service development. This Privacy Policy does not apply to our use of such aggregated or de-identified information.

Lawful basis for processing your information

If William Martin Compliance acts as a controller, our lawful basis for collecting and using your information will depend on the information concerned and the specific context in which we collect or use it.

We collect or use information from you or others only where we have your consent to do so, where we need the information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights. In some cases, we may have a legal obligation to collect or retain personal information or may need the personal information to protect your vital interests or those of another person. For example, when we:

  • Use information to create and manage an account, we need it in order to provide relevant services.
  • Gather usage data and analyse it to improve our services, we do so based on our legitimate interest in safeguarding and improving our services.

Information storage and sharing

The data that we collect from you and process as a result of your use of the Services is stored at a location in the United Kingdom. It is processed by staff operating inside the European Economic Area (“EEA”) who work for us. Such staff may be engaged in, among other things, the provision of support services.

We do not rent, sell, or share your information with third parties except as described in this Privacy Policy, however we may transfer your data to a third party if instructed by the data controller.

We share information as follows:

  • Where agreed system links are in place. Where our client has agreed a link with a third-party system, Meridian will share data, which may contain personal information, with the third-party system as defined by the agreement.
  • Safety, security, and compliance with the law. We may share your information to follow applicable law, or to respond to legal process. We also may share your information when there are threats to the physical safety of any person, violations of this Privacy Policy or other agreements, or to protect the legal rights of third parties, including our employees, users, or the public.
  • Consent. We may share your information in other ways if you have asked us to do so or have given consent. For example, with your consent, we may post user testimonials that may identify you by name.

Retention of information

We keep your personal information for as long as we are contractually obliged, this will often be defined by the data controller. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws. Where there are technical limitations that prevent deletion or anonymisation, we safeguard personal data and limit active use of it.

How we protect your information

To keep your information safe, we use physical, electronic, and managerial tools. We apply these tools based on the sensitivity of the information we collect, use, and store, and the current state of technology. To assist us with protecting and securing your information, William Martin Compliance is ISO/IEC 27001:2013 compliant. Although we take steps to prevent unauthorised access to or use of personal information, the Internet is not 100% secure. For this reason, we are not able to guarantee that information we collect or store will always be protected from unauthorised access, or that it will only be used as described in this Privacy Policy. We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Updates to this policy

William Martin Compliance reserves the right to modify this Privacy Policy at any time, so please review it frequently. If we make any changes to this Policy, we will change the “Last Updated” date below. If we decide to change our Privacy Policy in regard to how we utilise any personally identifiable information, we will post a notice or link to those changes on our website. If we make other material changes to this Privacy Policy or if we change our email practices, we will notify you here, by email, or by means of a notice on our website. If you use our Services after we post these changes, this indicates your acceptance of them.

How to contact us

For questions, comments or requests regarding our use of your information please contact us at meridian@wmcompliance.co.uk or William Martin Compliance, 85 Gresham Street, London, EC2V 7NQ

This Privacy Policy was last updated 03/08/2020