Privacy Policy
Privacy Policy
Introduction
- Fusion Management Support Limited (“FMSL”) provides a range of consultancy and management services to the automotive aftermarket.
- FMSL takes its responsibility to manage and protect your data very seriously.
- This policy document explains how we control, process, handle and protect your data that is submitted by you directly via our web-site (fusion-ms.co.uk) or via other media as detailed later in this document.
- By submitting an enquiry on our web-site or providing us with data through another medium, you agree to be bound by this policy.
- Any questions relating to this policy should be sent by email to data@fusion-ms.co.uk or by post using the address at the top of this page, marked for the attention of the Data Manager.
- FMSL is registered with Information Commissioner’s Office under registration number Z2881015.
- This document was last updated on the 23rd May 2018.
Prevailing Legal Requirements
This policy has been written to satisfy the requirements of the following legal instruments, and any subsequent iterations thereafter;
- The Data Protection Act, 1998 (“DPA”)
- The Data Protection Bill, 2017 (“DPB”)
- The General Data Protection Regulation, 2018 (Regulation (EU) 2106/679) (“GDPR”)
- The Privacy and Electronic Communications (EC Directive) Regulations, 2003 (“PECR”)
What Personal Data do we hold?
The data we typically gather and process includes, but ultimately may not be restricted to, your name, job title, email address, IP address, business telephone and business mobile numbers. We hold such data for use in business-to-business (“B2B”) relationships only.
We will typically update or verify that information in one of several ways,
- By asking you to complete an online information capture form;
- By telephone;
- By email;
- Face-to-face if visiting your business premises.
What is the Nature of that Personal Data?
With regard to all data we hold;
- it has been given to us exclusively under a B2B relationship in the first instance;
- it has been freely given to us;
- it has been given to allow us to execute commercial or contractual obligations on behalf of mutual clients;
- it has been and will typically continue to be in regular use until there ceases to be a commercial relationship;
- each engagement with an individual is done so on the basis that he/she is a representative of the company they work for;
- we have neither asked for nor retained any data to be used for personal reasons.
Who has access to your Personal Data?
- Relevant staff within FMSL have access to your information, and they have all been educated in the manner in which data is to be processed legally;
- We will not sell your information to third parties;
- We will not share your information with third parties for marketing purposes;
- We will not share your information with third parties unless they are a participant in a mutual commercial or contractual relationship;
- We work with a limited number of service providers from time-to-time, and we may pass your information to our third party service providers, agents and other organisations for the purpose of providing services to you, or in relation to a mutual commercial or contractual relationship. However, when we use third party service providers, we disclose only that information which is necessary to fulfil such commercial or contractual obligations.
How is that Personal Data used?
- On a day-to-day basis, such information, which may have been provided by you, your employer or by a third party business where your employer and FMSL have a mutual commercial or contractual relationship, is used for maintaining business data records that are used in managing those mutual B2B relationships we have, and to ensure relevant and prompt communications are enabled between the interested parties in such a commercial or contractual relationship;
- If you elect to opt-out of receiving communications under these circumstances, then we may need to advise your employer or our mutual client if the inability to communicate with you impacts on a commercial or contractual relationship.
- We will also communicate directly with you from time-to-time with information on products and services that are relevant and complementary to our mutual commercial interests, as also detailed later in this document. We will never communicate with you directly in respect of products or services that are not related to our mutual business interests;
- Every time we communicate with you in this manner, you will individually be given the option to opt-out of further marketing communications.
How we Process your Personal Data
- Personal data is held on our contact relationship management system, QuickBase (QB), in order to manage all the data content in respect of fulfilling client requirements and information held on associated businesses.
- Personal data, particularly email addresses etc., will be held on separate devices by members of FMSL staff, or contractors to FMSL, all of whom have been educated in the manner in which data is to be processed legally.
Legal Bases for Data Processing
Under the scope of the GDPR, FMSL considers itself be a ‘Data Processor’ when dealing with external individuals and organisations[1]. We rely on several legal bases in respect of processing your personal data.
- CONSENT:
- Why we use this: We have adopted a ‘soft option’ approach to Consent on the basis that the data we hold and process came into our possession knowingly for the purpose of managing ongoing services and/or commercial or contractual relationships;
- How we process the data: In direct communication with you or relevant third parties, and stored on either QuickBase or our secure server, in order to fulfil any commercial or contractual obligations;
- Retention period: We will hold and process your data until you either withdraw consent or it can be established your consent no longer exists.
- CONTRACT:
- Why we use this: To fulfil any obligations under commercial or contractual relationships;
- How we process the data: In direct communication with you or relevant third parties, and stored on either QB or our secure server, in order to fulfil any commercial or contractual obligations;
- Retention period: We will hold and process your data until either until the commercial or contractual relationship between us ends, or it can be established your consent no longer exists.
- LEGITIMATE INTERESTS:
- Why we use this: Because of the existing commercial or contractual relationship that exists between us, we may contact you from time-to-time for marketing purposes in respect of products or services complementary to our mutual commercial interests;
- How we process the data: In direct communication with you or relevant third parties, and stored on either QuickBase or our secure server, in order to fulfil any commercial or contractual obligations;
- Retention period: We will hold and process your data whilst either the commercial or contractual interest remains between us, or until you withdraw your consent.
- LEGAL:
- Why we use this: In order to satisfy requests of any Government agencies;
- How we process the data: Data will be passed to Government agencies when a legal request is made;
- Retention period: We will hold your data for as long as is required by law.
- CRIMINAL OFFENCE DATA:
- Why we use this: In order to satisfy requests of law enforcement agencies;
- How we process the data: Data will be passed to law enforcement agencies when a legal request is made;
- Retention period: We will hold your data for as long as is required by law.
If we believe the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful bases that become relevant.
Data Processing Systems
We use a series of proprietary online systems for capturing and processing Personal Data.
- QUICKBASE
- What is it: This is a proprietary Platform as a Service (“aPaaS”), i.e. cloud-based, data platform that Fusion subscribes to in order to manage all the data content relevant to its business;
- How is data protected: We have reviewed QB’s Security and Compliance policy (see below) and are satisfied that together with that and the contract that exists between us and QB, that your information is protected in line with the requirements that are placed upon FMSL. GDPR is addressed in this policy;
- FORMSTACK
- What is it: This is a proprietary Platform as a Service (“aPaaS”), i.e. cloud-based, data platform that Fusion subscribes to in order to collect data and information relevant to its activity where we have a mutual commercial or contractual relationship;
- How is data protected: We have reviewed Formstack’s Security policy and its Privacy policy (see below) and are satisfied that together with that and the contract that exists between us and Formstack, that your information is protected in line with the requirements that are placed upon FMSL. GDPR is addressed via a further link below;
- MAILCHIMP
- What is it: This is an Email Marketing Service provider that Fusion subscribes to in order to communicate to its contacts, either in respect of a mutual commercial or contractual relationship, or to issue marketing communications;
- How is data protected: We have reviewed MailChimp’s Privacy policy (see below) and are satisfied that together with that and the contract that exists between us and MailChimp, that your information is protected in line with the requirements that are placed upon FMSL, including GDPR;
Marketing Opt-Out
- Under the GDPR we adopted the ‘soft option’ opt-out approach for anyone on our marketing mailing list by virtue of the active relationship we have with you. Any email marketing messages we send are done so through our EMS provider, i.e. MailChimp.
- Email marketing messages we send may contain tracking links or similar server technologies in order to view subscriber activity within email marketing campaigns. Where used, such marketing messages may record a range of data such as times, dates, IP addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity of each subscriber during that email campaign.
- Any email marketing messages we send are in accordance with the GDPR and the PECR.
- We provide you with an easy method to withdraw your consent (unsubscribe) in each and every message we send you through this medium.
- Our EMS provider will hold the following information about you;
- Name
- Email address
- IP address
- Subscription time & date
- Record of Opt-Out communication
Internet Cookies
Our web-site does not use cookies.
Links to other websites
- Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website, and we cannot be held responsible for the privacy policies and practices of other sites even if you access them using links from our website.
- Also, if you accessed our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check any policies of any such third party websites.
Personal Data provided by a Third Party
- From time-to-time we will receive personal data from third parties that extends beyond the normal data we process, e.g. personal addresses, vehicle registration numbers, personal telephone numbers etc. This is always provided as part of commercial or contractual relationship we have a client and which typically requires us to review a set of documents wherein the personal data is contained;
- Such data will be redacted in as far as is possible;
- Only FMSL staff or contractors who have been educated in the manner in which data is to be processed legally will have access to that data;
- Such data is always held in a ‘quarantine’ folder on any device, and once the review process is complete it will be permanently deleted from such devices;
- A master copy of the data will be held in a ‘quarantine’ folder on our secure server, marked with a deletion date, and be so deleted at the designated time.
Your Rights under GDPR
- Under the GDPR your rights are as follows.
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- the right not to be subject to automated decision-making including profiling.
FMSL fully acknowledges those rights, and respects them fully.
- You have the right to ask for a copy of the information FMSL holds about you. This is referred to as a Subject Access Request (SAR). In order to initiate a SAR, please email us on data@fusion-ms.co.uk.
- You also have the right to complain to the Information Commissioner’s Office (ico.org.uk) if you feel we have handled your data inappropriately.
Ends.