William Martin Compliance Limited registered in England and Wales with Company Registration Number 05277497 and having its registered office address at C/O Marlowe Plc, 20 Grosvenor Place, London, England, SW1X 7HN (“we”, “us”, “William Martin Compliance”) is committed to protecting and respecting your privacy. This Privacy Policy (“Policy”) relates to all services provided by William Martin Compliance including meridianuk.net (“Meridian”, “Meridian Website”) and our mobile applications (“services”) and sets out the basis on which the personal data collected from you, or that you provide to us will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For much of the personal information we collect and process through the services, we act as a data processor on behalf of our clients. In such cases, if you want to exercise any data protection rights that may be available to you under applicable law or have questions or concerns about how your Personal Information is handled by William Martin Compliance as a processor on behalf of our individual clients, you should contact the relevant the data controller that is using our services and refer to their separate privacy policies. If you are using our services but are not aware of who the data controller is, please contact our Support Team by emailing meridian@wmcompliance.co.uk and we will provide you all relevant contact details. The personal data we hold may span across multiple data controllers if you use our Services on behalf of more than one company.
To provide and improve our services, we collect information about visitors to our sites and applications, users of our services, the devices they use, and sometimes their locations.
We collect certain information directly from you, such as when you fill out forms with a name or email address. It is important that your personal data we hold is accurate and up to date, please inform us if your personal data changes. We collect other information, usually about devices, browsers, or locations, automatically (without you typing it into a form).
You have choices about whether you visit our sites, install our apps, or provide information to us. However, if you do not provide us with certain information, you may not be able to use our service.
You provide us with information about yourself when you:
Examples of the information you provide are: name, email address, job title and phone number.
We automatically collect information from you and your devices when you use our services, even when you visit our sites or apps without logging in.
The information we automatically collect includes:
You can choose to decline cookies through your browser settings. However, if you decline cookies, you may not be able to use some parts of our services.
We may collect information about you from others, such as:
When our clients use our services, we process and store certain information on their behalf as a data processor. For example, in Meridian when a client (or the clients authorised users) upload documents to the system or log incident data, we act primarily as a data processor and process information on the clients’ behalf and in accordance with their instructions. In those instances, the client as the data controller is responsible for all aspects of the processing of the information. If you have any questions or concerns about how information is processed in these cases, including how to exercise your rights as a data subject, we recommend contacting the relevant the data controller that is using our services, and refer to their separate privacy policies. If you are using our services but are not aware of who the data controller is, please contact our Support Team by emailing meridian@wmcompliance.co.uk and we will provide you all relevant contact details. The personal data we hold and process about you on behalf of our clients may span across multiple data controllers if you use our Services on behalf of more than one company.
Where you are using our services on behalf of our client, we rely on legitimate interests in performing our contract with our client as the lawful basis on which we collect and use your personal data. We use the information held about you in the following ways:
We may combine the information we collect (“aggregate”) or remove pieces of information (“de-identify”) to limit or prevent identification of any particular user or device to help with goals like research and service development. This Privacy Policy does not apply to our use of such aggregated or de-identified information.
If William Martin Compliance acts as a controller, our lawful basis for collecting and using your information will depend on the information concerned and the specific context in which we collect or use it.
We collect or use information from you or others only where we have your consent to do so, where we need the information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights. In some cases, we may have a legal obligation to collect or retain personal information or may need the personal information to protect your vital interests or those of another person. For example, when we:
The data that we collect from you and process as a result of your use of the Services is stored at a location in the United Kingdom. It is processed by staff operating inside the European Economic Area (“EEA”) who work for us. Such staff may be engaged in, among other things, the provision of support services.
We do not rent, sell, or share your information with third parties except as described in this Privacy Policy, however we may transfer your data to a third party if instructed by the data controller.
We share information as follows:
We keep your personal information for as long as we are contractually obliged, this will often be defined by the data controller. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws. Where there are technical limitations that prevent deletion or anonymisation, we safeguard personal data and limit active use of it.
To keep your information safe, we use physical, electronic, and managerial tools. We apply these tools based on the sensitivity of the information we collect, use, and store, and the current state of technology. To assist us with protecting and securing your information, William Martin Compliance is ISO/IEC 27001:2013 compliant. Although we take steps to prevent unauthorised access to or use of personal information, the Internet is not 100% secure. For this reason, we are not able to guarantee that information we collect or store will always be protected from unauthorised access, or that it will only be used as described in this Privacy Policy. We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
William Martin Compliance reserves the right to modify this Privacy Policy at any time, so please review it frequently. If we make any changes to this Policy, we will change the “Last Updated” date below. If we decide to change our Privacy Policy in regard to how we utilise any personally identifiable information, we will post a notice or link to those changes on our website. If we make other material changes to this Privacy Policy or if we change our email practices, we will notify you here, by email, or by means of a notice on our website. If you use our Services after we post these changes, this indicates your acceptance of them.
For questions, comments or requests regarding our use of your information please contact us at meridian@wmcompliance.co.uk or William Martin Compliance, 85 Gresham Street, London, EC2V 7NQ
This Privacy Policy was last updated 03/08/2020