MCG may process personal data belonging to anyone who has expressed an interest in or made contact. These may include (but are not restricted to) the following interested parties (often referred to as ‘you’) – employees, contractors, consultants, directors, beneficiary owners, recruitment candidates, clients, and suppliers.
The data which MCG process depends upon the nature of the relationship with the interested party concerned but is likely to include (but is not restricted to) the following:
Personal and Contact Details:
1. Title, Name, Address, Telephone and Electronic contact details (examples are: Email address, Skype, Facebook, Whatsapp, Twitter, Linked-in)
2. Date of Birth and Gender
3. Passport details plus Nationality and citizenship
4. Next of Kin (NOK) details
5. Financial information (such as bank, tax and insurance details)
6. Medical data including psychometric test results
7. Criminal record checks (for example, CRB)
8. CV with employment, experience, education and qualifications records – with appropriate verifications, including details of references and referees plus information provided by them.
9. Marketing engagements and surveys.Records of communications with interested parties
The overarching purpose for processing personal data is to facilitate, manage and, whenever possible, enhance the services provided by MCG to our interested parties. More specifically the reasons vary, again dependent upon the nature of your relationship with us, but include (not restricted to) the following:
1. To enable us to fulfil contractual requirements
2. To ensure that recruitment process is efficient and provides appropriately qualified staff in terms of aptitude and attitude
3. To ensure that you are properly insured, paid correctly, and that your NOK can be informed in the event of an incident.
4. To meet requirements of public interest and management standardsCompliance with legal and regulatory obligations
5. To manage marketing information effectivelyTo facilitate swift responses to the above
Under GDPR there are 6 lawful reasons for processing data:
3. Legal Obligation
4. To protect vital interests
5. To meet public interests
6. Legitimate interests
The data, which MCG process is deemed to be the minimum necessary and is justified by one or more of the aforementioned legal criteria. We have three categories:
1. Information which you give us when completing registration forms and the recruitment process or requested through our due diligence procedure
2. Information we collect about you from our websites, email and telephone contacts plus our due diligence procedures.
3. We may collect information from third parties – in particular, we may use third party organisations to conduct background checks and verifications. Additionally we may use the web and social media sources, all of which are publicly available and strictly open source.
The vast majority of personal data that is processed by MCG is stored electronically, predominantly in cloud-based systems, which are protected through encryption (both when static and in transit). Access is carefully managed and restricted appropriately. Any data that is held on servers or on hard drives is subject to restricted access and most of it is encrypted. Any hard copies of processed data are held in secure cabinets with restricted access. It must be noted that information received over the internet or from personal emails may not always be secure; MCG is not liable for corrupted information received from such sources.
For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
For as long as we provide goods and/or services to you and then for as long as someone could bring a claim against us
Retention periods in line with legal and regulatory requirements and guidance.
Selected third parties with whom we work – for example, clients or potential clients, insurers, solicitors, travel agents and sub-contractors.
Any MCG entity or third party that you consent to giving your information to for marketing purposes (such consent will be sought prior to our sharing this data)
Any other third parties where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
A “cookie” is a bite-sized piece of data that is stored on your computer’s hard drive. They are used by nearly all websites and do not harm your system. How to reject cookies: If you do not want to receive cookies that are not strictly necessary to perform basic features of our site, you may choose to opt-out by changing your browser settings. Most web browsers will accept cookies but if you would rather we did not collect data in this way you can choose to accept all or some, or reject cookies in your browser’s privacy settings. However, rejecting all cookies means that you may not be able to take full advantage of all our website’s features. Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences. For more information, generally on cookies, including how to disable them, please refer to www.aboutcookies.org .You will also find details on how to delete cookies from your computer.
All interested parties have the following rights under GDPR and MCG fully respects them:
1. To be informed about the processing of your personal information
2. To have your personal information corrected if it is inaccurate and to have incomplete information completed
3. To object to processing of your personal information
4. To restrict processing of your personal information
5. To have your personal information erased (‘right to be forgotten’)
6. To request access to your personal information and to obtain information about how we process it
7. The right to move, copy or transfer your personal information (‘data portability’)
8. In relation to automated decision making, which has a legal effect or otherwise significantly affect you.
9. To complain to our Supervising Authority, the UK’s independent authority on information rights the Information Commissioner’s Office (ICO) https://ico.org.uk/
Please note that there may be occasions where you object to, or ask us to restrict, or stop, processing of your personal information, or erase it, but we shall be unable to comply with such requests for legal reasons.