Mitie is committed to complying with its legal obligations under the General Data Protection Regulation 2018 (“GDPR”) and to the Data Protection Act 2018 for the protection of the rights and freedoms of individuals whose personal data Mitie obtains or generates as part of its business operations.
This policy describes how and why we collect, store and use personal data and provides information about individuals’ rights. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
In this policy “we”, “us” and “our” means the Mitie Group company responsible for any personal information collected about you.
What personal data do we collect and process?
In order for us to operate our business we need to collect personal data from those who access our websites or premises, obtain products or services from us, provide products or services to us, are engaged by us or who we otherwise have dealings with in the course of our day to day activities.
We are committed to ensuring that the personal data we collect and use is appropriate for this purpose and does not constitute an invasion of an individual’s privacy. This section sets out further details of the types of personal data we collect in different circumstances and how we use it.
VISITORS TO WWW.MITIE.COM AND OUR OTHER WEBSITES
Visitors to www.mitie.com and our other websites
Your personal data including your name, email address, telephone number and other contact information will be collected if you visit our websites, register to use the website (where registration is required), if you post material on our website, subscribe to one of our services, or request further services. We may also ask you for information when you have reported a problem with a website.
On occasion we may request that you complete surveys to enable us to gain information specifically for research purposes. However, you are not obliged to respond to them.
We may collect details of your visits to our websites including traffic data, location data, weblogs and other communication data as well as details of the resources that you access. We sometimes collect information about your computer including, where available, your IP address, operating system and browser type for the purpose of system administration and to report aggregate information to our advertisers.
The information we hold about you is used in the following ways:
- To ensure that content from our websites is presented in the most effective manner for you and for your computer.
- To provide you with information, products or services that you request from us.
- To carry out our obligations arising from any contracts entered between you and us.
- To allow you to participate in interactive features of our service, when you choose to do so.
- To notify you about changes to our service.
If you have signed up to attend one of our events, access publications or receive our marketing materials we may use your information as set out in the Business Contacts section below. If you do not want us to use your data in this way contact us at email@example.com.
If you have signed up to attend one of our events, access publications or receive our marketing materials, personal data including your name, email address, telephone number and other contact information will be collected at the time you sign up.
We may use the information we collect to provide you with information on events, publications, products or services that we feel may interest you. You will be able to specify your contact preferences when you register to attend an event or receive communications, products or services from us. You can also change your contact preferences at any time using the options which can be found on relevant communications or by contacting us directly at firstname.lastname@example.org.
CUSTOMERS AND RELATED INDIVIDUALS
We collect personal data from our customers and related individuals where necessary to provide our services or where an individual has otherwise consented to its collection.
We may use the personal data collected for the purposes of:
- Providing our products and services to you or the organisation you represent;
- Operating back office and administration services connected with the provision of our products and services;
- Managing our customer relationships including providing you with information on events and access to publications;
- Enabling our transactional finance partners, Genpact International Inc., to use the information for billing, invoicing and payment purposes. The services Genpact provide to us are delivered from their service centre in Kolkata, India.
SUPPLIERS AND THIRD PARTY SERVICE PROVIDERS (INCLUDING INDIVIDUAL CONTRACTORS)
We may collect personal data including your name, email addresses, telephone numbers and other business contact information for the purposes of receiving services or quotations, managing relationships, providing services to our customers and operating our business.
We may use and disclose the information we collect in such manner as necessary to enable us to carry out our business and to receive the services being provided. This includes the use of personal information in connection with billing, invoicing, payment and legal enforcement.
Basic personal data will be used by our transactional finance partners in Genpact International Inc., for billing, invoicing and payment purposes. The services Genpact provide to us are delivered from their service centre in Kolkata, India.
Personal data in relation to Mitie personnel is collected and held on our systems and applications. Further information regarding the collection and use of personal data of Mitie personnel is provided as part of our onboarding process and can be obtained by Mitie personnel at any time by contacting email@example.com.
If you register interest in applying for a vacancy with Mitie or submit an application for a vacancy, we will collect your name and contact details including your address, email address and telephone number. More detailed personal data may also be collected where you are the subject of a vetting process which may include details of your employment and education history, references, professional memberships and qualifications, credit check results, criminal records check results, DVLA details and proof of identity documents.
Information we collect will be used by us to process and progress your application and to complete our onboarding processes should you go on to be employed or engaged by us.
Personal data including your name, email address, telephone number and other business contact information may be collected directly from you, any organisation you represent, marketing or PR agencies or from databases and platforms which you have signed up to.
We may use the personal data we collect for the purposes of circulating press releases, statements or market commentary or inviting you to attend events or to meet or speak with Mitie personnel.
YOUR RIGHTS AS A DATA SUBJECT
As a data subject you have certain rights which you may exercise if we are in possession of, or are processing, your personal data. Specifically:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – you have a right, in certain circumstances, to ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply you have a right to restrict the processing of your personal data.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
To exercise these rights please contact us using the contact details set out in the Contact Information section below. In the event that Mitie refuses your request under rights of access, we will provide you with the reason why. You have the right to complain as outlined in the Complaints section below.
ON WHAT BASIS DO WE PROCESS PERSONAL DATA?
We will only process personal data where we have a lawful basis on which to do so. The lawful basis on which data is processed will depend on the nature of the information collected and the purposes for which it is used by us but will be one or more of following:
- Consent: you have provided your consent for us to process their personal data for a specific purpose.
- Contract: the processing is necessary for a contract you have with us or because you have asked us to take specific steps before entering into a contract.
- Legal obligation: the processing is necessary for us to comply with our legal obligations.
- Vital interests: the processing is necessary to protect someone’s life.
- Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party.
FOR HOW LONG DO WE HOLD PERSONAL DATA?
Mitie will only retain personal information for the period necessary to fulfil the purposes for which it is collected and processed, or for such shorter or longer period as may be prescribed by applicable law or Mitie’s internal policies and procedures. Further information on our retention policy can be requested by contacting us via the information provided in the Contact Information section below.
TRANSFERRING AND STORING YOUR DATA
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”), including the United States of America. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, amongst other things, the fulfilment of orders, the processing of payment details or the provision of support services. By submitting your personal data to us, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice. For all transfers of data outside of the EEA we will ensure that we have in place a secure contractual mechanism for such transfers such as the Standard Contractual Clauses as approved by the European Commission.
INFORMATION PROVIDED VIA OUR WEBSITES
All information provided via www.mitie.com is stored on WP Engine’s secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share passwords with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
DISCLOSURE OF YOUR INFORMATION
We may disclose your personal information to any member of our group, which means Mitie Group plc, it subsidiaries and subsidiary undertakings from time to time (as defined in the Companies Act 2006).
We may also disclose your personal information to third parties in certain circumstances including:
We may provide personal data to clients, third party suppliers, service providers, professional advisors and other business partners to enable us to provide or receive products or services.
In connection with the administration and operation of our business we may provide personal data to third parties who provide support services including IT, finance and accounting and HR services and research, marketing, business development and consultancy services.
In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.
We may disclose or share your personal data if we are under a duty to do so in order to comply with any legal obligation or where necessary to enforce any legal right or contractual agreement, or to protect the rights, property, or safety of Mitie, our employees, customers, or others. This includes exchanging information with other companies, organisations and bodies for the purposes of fraud protection and credit risk reduction.
LINKS TO OTHER WEBSITES
Our websites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
CHANGES TO OUR PRIVACY NOTICE
This Privacy Notice was last updated in January 2020. Any changes we may make to our Privacy Notice in the future will be posted on this page and we suggest that you check back frequently to see any updates or changes.
Our Data Protection Officer is responsible for the management of personal data within Mitie and for ensuring that compliance with data protection legislation and good practice can be demonstrated. Questions, comments and requests regarding this Privacy Notice or our collection or use of personal data should be addressed to:
The Data Protection Officer
Mitie Group plc
Level 12, The Shard
32 London Bridge Street
London SE1 9SG
We may use the information we collect to provide you with information on events, publications, products or services that we feel may interest you. You may specify your contact preferences when you register to attend an event or receive communications, products or services from us. You can also change your contact preferences at any time using the options which can be found on relevant communications or by contacting us directly at firstname.lastname@example.org.
If you wish to make a complaint about how your personal data is being processed by us (or the third parties referred to in this Privacy Notice), or how your complaint has been handled, you have a right to lodge a complaint with our Data Protection Officer using the contact details above or by contacting:
The Information Commissioners Office
Cheshire SK9 5AF