Privacy Policy
Munro Consulting Ltd is committed to respecting and protecting your privacy.
This policy explains the basis on which we process any personal data we collect from Data Subjects, or that is provided to us by other sources. This includes the reasons we may collect personal data, when we collect it, the conditions under which we share it with others, how we protect it as well as your rights and choices in relation to your personal data.
This policy sets out the rules on data protection and legal conditions that must be satisfied when we collect, process, or transfer personal data.
Data users are obliged to comply with this policy when processing personal data on our behalf.
This policy does not form part of any employee's contract of employment and may be amended at any time.
Any questions regarding this policy and our privacy practices should be sent by email to [email protected]. Alternatively, you can telephone 020 3745 7468
Who we are
Munro Consulting is an independent provider of general IT Consultancy and implementation services. In this policy ‘Munro Consulting Ltd’, ‘we’, ‘us’ or ‘our’ means:
Munro Consulting , a company limited by guarantee (no. 10617797). Registered address is 71-75 Shelton Street, Covent Garden, London, WC1H 9JQ.
How we collect personal data from you?
We collect personal data about
Personal data you give us directly
Personal data you give us indirectly
Your personal data may be shared with us by third parties, which might include:
When you visit this website
Like many organisations, we automatically collect the following information:
Social Media
When you interact with us on social media platforms such as Facebook and Twitter we may obtain personal data about you (for example, when you send us a message or tag us in a public post). The personal data we receive will depend on the privacy preferences you have set on those types of platforms.
What type of personal data is collected from you?
The personal data we collect, store and use might include:
Data protection laws recognise certain categories of personal data as sensitive and therefore requiring greater protection, for example information about your health, ethnicity and religion.
We do not usually collect sensitive data about you unless there is a clear and valid reason for doing so and data protection laws allow us to do so.
Where appropriate, we will make why we are collecting this type of personal data and what it will be used for clear.
How and why is your personal data used?
We may use your personal data for a number of different purposes, which may include:
How long is your personal data kept for?
We keep your personal data for no longer than is necessary for the purposes it was collected for, The length of time we retain your personal data for is determined by operational and legal considerations. For example, we are legally required to hold some types of personal data to fulfil our statutory and regulatory obligations (e.g. health/safety and tax/accounting purposes).
We review our retention periods on a regular basis.
Who has access to your personal data?
We will share your personal data within our group of companies where it is in our legitimate interests to so so for internal administrative and business development purposes (for example to ensure consistent delivery of services).
We do not sell or rent your personal data to third parties.
We do not share your personal data with third parties for marketing purposes.
However, we may disclose your personal data to third parties in order to achieve the other purposes set out in this policy. These third parties may include:
Lawful Processing
Data protection law requires us to rely on one or more lawful grounds to process your personal data. We consider the following grounds to be relevant:
Specific Consent
Where you have provided specific consent to us using your personal data in a certain way, such as to send you newsletters or email, text and/or telephone marketing.
Performance of a contract
Where we are entering into a contract with you or performing our obligations under it.
Legal obligation
Where necessary so that we can comply with a legal or regulatory obligation to which we are subject.
Vital interests
Where it is necessary to protect life or health (for example in the case of medical emergency suffered by an individual at one of our events) which requires us to share your personal data with the emergency services.
Legitimate interests
Where it is reasonably necessary to achieve our or others’ legitimate interests (as long as what the personal data is used for is fair and does not duly impact your rights).
We consider our legitimate interests to be running Munro Consulting as a profitable organisation in pursuit of our aims and ideals, and those of our clients. For example to:
When we legitimately process your personal data in this way, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal data where our interests are overridden by the impact on you, for example, where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
When we use sensitive personal data, we require an additional legal basis to do so under data protection laws, so will either do so on the basis of your explicit consent or another route available to us at law (for example, if we need to process it for employment, social security or social protection purposes, your vital interests, or, in some cases, if it is in the public interest for us to do so).
Your choices
You have a choice about whether or not you wish to receive marketing information from us. Every marketing message we send out includes a link to opt out or includes information about how you can request we no longer include you in future messages.
We’re committed to putting you in control of your data so you’re free to ask us to remove you from our mailing lists at any time by contacting us by email: [email protected], or telephone: 020 3745 7468.
We will will retain your details on a suppression list to help ensure that we do not continue to contact you.
Your Rights
Under UK data protection law, you have certain rights over the personal data that we hold about you. These include:
You have a right to request access to the personal data that we hold about you. You also have the right to request a copy of the personal data we hold about you, and we will provide you with this unless legal exceptions apply.
If you want to access your personal data, please send a description of the information you want to see and proof of your identity by post to the address provided below.
You have the right to have inaccurate or incomplete personal data we hold about you corrected. The accuracy of your information is important to us so we’re working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change email address, or if you believe any of the other information we hold is inaccurate or out of date, please contact us via email [email protected]. Alternatively, you can telephone 020 3745 7468.
You have a right to ask us to restrict the processing of some or all of your personal data if there is a disagreement about its accuracy or we’re not lawfully allowed to use it.
You may ask us to delete some or all of your personal data and in certain cases, and subject to certain exceptions; we will do so as far as we are required to. In many cases, we will anonymise that information, rather than delete it.
If we are processing your personal information (1) based on your consent, or in order to enter into or carry out a contract with you, and (2) the processing is being done by automated means, you may ask us to provide it to you or another service provider in a machine-readable format.
You have the right to object to processing where we using your personal information (1) based on legitimate interests, (2) for direct marketing or (3) for statistical/research purposes.
If you want to exercise any of the above rights, please email us at email, phone or postal address. We may be required to ask for further information and/or evidence of identity. We will endeavour to respond fully to all requests within one month of receipt of your request, however if we are unable to do so we will contact you with reasons for the delay.
Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. For more details we recommend you consult the guidance published by the UK’s Information Commissioner’s Office, https://ico.org.uk/
Keeping your information safe
We consider the confidentiality, integrity and availability of any personal data we process and take steps to ensure that appropriate technical and organisational controls are in place to protect it. These include measures to reduce the risk of theft or loss of the devices on which personal data is held, internal policies, staff training, firewalls, backups, the use of passwords and ensuring that our systems are patched against vulnerabilities and malware.
All traffic to our website is encrypted and protected with the following software 128 Bit encryption on SSL. When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer.
We provide secure transfer methods on request for ensuring the encrypted transmission of sensitive personal data.
Personal data transmitted normally over the Internet can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal data, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
Links to other websites
Our website may contain links to other websites run by other organisations. This policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other websites even if you access them using links from our website.
In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the privacy policy of that third party site.
Transferring your information outside of Europe
Your personal data may be used, stored and/or accessed by staff operating in countries the European Economic Area (“EEA”) who work for us, third party partners or suppliers. By way of example, this may happen if any of our servers are from time to time located in a country outside of the EEA. You should be aware that these countries may not have similar data protection laws to the UK.
If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. These measures may include
Further details on the steps we take to protect your personal information, in these cases is available on request by contacting us by email, phone or post.
Changes to this policy
Any changes we may make to this policy in the future will be posted on this website. If we make any significant changes we’ll make this clear on our website and may notify you by other means, for example by posting on social media.
Review of this Policy
We keep this policy under regular review. This policy was last updated in February 2021.