mrl

Donate

1. Policy Statement

MRL® Public Sector Consultants Ltd (“MRL”) is committed to protecting the privacy and security of personal data. As part of our ongoing responsibility to comply with applicable data protection laws, we ensure that all personal data is handled in accordance with the UK GDPR, the Data Protection Act 2018, and any other applicable legislation.

This policy outlines our approach to data protection, our responsibilities as a data controller, and the measures in place to protect personal data in line with our legal obligations.

2. Scope

This policy applies to:

  • All employees, contractors, directors, and consultants of MRL.
  • Any personal data handled by MRL, whether collected directly from individuals or obtained via third-party sources.
  • All business operations, including client projects, internal processes, marketing, and communications.

3. Definitions

  • Personal Data: Any information relating to an identified or identifiable individual, such as name, contact details, or identification numbers.
  • Sensitive Personal Data (Special Categories of Data): Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health information, and other sensitive categories.
  • Processing: Any operation performed on personal data, such as collection, storage, use, alteration, or deletion.
  • Data Subject: The individual whose personal data is being processed.

4. Legal Basis for Processing

MRL processes personal data under the following legal grounds, as outlined in the UK GDPR:

  1. Consent: Obtained from the data subject for specific processing activities.
  2. Contractual necessity: To fulfill a contract with the data subject or to take steps at their request before entering into a contract.
  3. Legal obligation: Where processing is required to comply with a legal obligation.
  4. Legitimate interests: When processing is necessary for legitimate business interests, provided these interests are not overridden by the rights of the data subject.
  5. Vital interests: In situations where processing is necessary to protect the vital interests of the data subject.

5. Data Protection Principles

MRL will ensure that personal data is:

  • Processed lawfully, fairly, and transparently.
  • Collected for specified, legitimate purposes and not further processed in a way incompatible with those purposes.
  • Adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
  • Accurate and kept up to date.
  • Retained only for as long as necessary to fulfill its intended purposes.
  • Processed in a secure manner, protecting against unauthorised access, alteration, and destruction.

6. Responsibilities

Data Protection Officer (DPO) (if applicable):

  • Ensure compliance with data protection regulations and act as the main point of contact for data protection matters.
  • Provide advice and guidance on data protection issues and monitor the effectiveness of data protection practices.

Employees and Contractors:

  • Ensure that personal data is handled securely and in line with this policy.
  • Report any data protection concerns or incidents to the DPO or relevant management.
  • Complete any required data protection training.

Managers:

  • Ensure their teams are aware of and comply with this policy.
  • Promote awareness of data protection principles and best practices.

7. Data Subject Rights

MRL ensures that data subjects can exercise their rights under the UK GDPR, including:

  1. Right to Access: Data subjects can request access to their personal data.
  2. Right to Rectification: Data subjects can request the correction of inaccurate or incomplete data.
  3. Right to Erasure (Right to be Forgotten): Data subjects can request the deletion of their personal data in certain circumstances.
  4. Right to Restriction of Processing: Data subjects can request that their data be restricted from further processing.
  5. Right to Data Portability: Data subjects can request their personal data in a structured, commonly used format.
  6. Right to Object: Data subjects can object to processing based on legitimate interests or for direct marketing purposes.
  7. Right to Withdraw Consent: Data subjects can withdraw consent where processing is based on consent.

To exercise any of these rights, please contact the Data Protection Officer at: [Insert Contact Information].

8. Data Security

MRL will implement appropriate technical and organisational measures to ensure the security of personal data, including:

  • Encryption of sensitive personal data.
  • Access controls to restrict data access to authorised personnel only.
  • Regular security audits and risk assessments.
  • Data breach detection and incident response procedures to mitigate risks in the event of a data breach.

In the event of a data breach, we will notify the relevant supervisory authority and data subjects when necessary in accordance with the UK GDPR.

9. Data Retention

MRL will retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including compliance with legal, accounting, or reporting requirements. Once the data is no longer required, it will be securely deleted or anonymised.

10. Data Transfers

MRL will not transfer personal data outside the UK or the European Economic Area (EEA) unless the transfer is compliant with data protection regulations. Appropriate safeguards (e.g., Standard Contractual Clauses) will be implemented for international transfers.

11. Training and Awareness

MRL will provide regular data protection training to employees to raise awareness about their responsibilities under this policy, ensure compliance with data protection principles, and educate them on handling personal data securely.

12. Monitoring and Review

This policy will be reviewed annually, or in response to any changes in legislation or company practices, to ensure it remains up to date and compliant with applicable data protection laws. The effectiveness of our data protection practices will be regularly monitored.