This amended policy comes into effect from 25thMay 2018.
MASH Virtual Ltd understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who visits this website, (“Our Site”) and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
Information About Us
MASH Virtual Ltd., also referred to as MV is a company registered in England, under Company Registration Number 10471819 with its principle place of business located at 133 Whitechapel High Street, London E1 7QA. You can contact our Data Protection Officer by email at firstname.lastname@example.org.
Definitions and Interpretation
In this Policy the following terms shall have the following meanings:
‘user(s)’, we are referring to anyone who visits our digital platform and/or subscribes to services or other information services we offer.
digital platform or DP’ is the platform through which MV provides its services and information. The MV’s DP, includes but not limited to; Websites, Mobile apps, MV’s Social Media platform, SaaS developed by MV, Games.
‘browser’, it includes various Internet browsers including, but not limited to Internet Explorer, Google Chrome, Firefox and Safari.
‘operating system’, it includes Operating Systems for Desktop and Laptop computers including but not limited to Windows, MacOS and Operating System for Mobile, Handheld and Streaming devices including but not limited to Android and iOS.
‘cookie’, means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site. Details of the Cookies used by Our Site are set out in Part 14 below;
What Does This Policy Cover?
MV is committed to safeguard the privacy of the users of services provided by MV via its digital platform(s), including but not limited to websites, mobile apps, games, saas, customised development or other platforms, collectively referred to as ‘digital platform(s)’.
We suggest that registration on our digital platforms is done by individuals who are aged 13 years or above. However, if a child below the age of 13 registers on our digital platform, we recommend that it is done with the permission of their parent or guardian. It is the responsibility of the parent or guardians to monitor their child’s use of our digital platform.
This policy is applicable where MV acts the data controller with respect to the personal information collected via our digital platform and where MV sets out how it handles your personal information.
We place a great importance on the security of all information associated with our users, customers, clients and contractors. We have security measures in place to protect against the loss, misuse and alteration of your PI under our control. Your PI is anonymised or destroyed securely when no longer required by us. We retain the information you provide to us including but not limited to your contact to enable us to verify various transactions and customer details and to retain adequate records for legal, statutory and accounting purposes. This information is held on secure servers in controlled facilities. Our digital platforms use a process called Secure Sockets Layer (SSL) technology. SSL locks all critical information passed from you to us in an encrypted envelope, making it extremely difficult for this information to be intercepted. The transfer of information across any media may involve a certain degree of risk, and the internet is no exception. As a result, while we take reasonable steps to protect users' PI, we cannot ensure or warrant the security of any information transmitted to us or from our digital platforms. You should be careful and responsible whenever you are online.
What is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
It is your responsibility to protect your username, passwords and other secure information you may need to access your PI on our digital platform and you are solely responsible for keeping your passwords and/or account information secure and should take all reasonable steps to do so. Please do not share them with anyone and keep changing them frequently. You undertake to treat your password and other confidential information in relation to the use on the digital platform confidential and we disclaim any liability arising from your failure to safeguard your confidential information. If you feel your PI has been compromised, you must immediately get in touch with us at ‘email@example.com’.
We may host your data on secure servers that could be owned by MV, provide by third party hosting service providers that are managed by us or managed by the third-party service provider. The PI that we store and transmit is protected by security and access controls, including usernames, passwords authentication, two-factor authentication. We also use data encryption where necessary. Our server locations may vary from time to time, but we will maintain the standard security protocols for management, storage and transmission of PI.
What Are My Rights?
Under the GDPR, you have the following rights, which [we] OR [I] will always work to uphold:
The right to access the personal data we hold about you.
The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have.
The right to restrict (i.e. prevent) the processing of your personal data.
The right to object to us using your personal data for a particular purpose or purposes.
The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
Rights relating to automated decision-making and profiling.
Further information about your rights can be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
What Data Do We Collect?
We collect the following information:
Personal Information (PI) that includes but not limited to; Name, Mobile number, Phone number, Email ID, Mailing address, Billing address, Date of birth, Employment details, National identification document details (including but not limited to Passport, Drivers licence, Birth certificate, Tax Identification Number, Country specific national identification number), Username, Profile pictures and Pictures you upload, Gender, Interests & hobbies, Educational details, Payment processing information required to purchase our services.
Usage Information (UI) that includes Cookies, IP address, time zones, User location (Geo location), Device type (including but not limited to Desktop, Laptop, Mobile, Tablets, Steaming), Browser (including but not limited to Internet Explorer, Safari, Chrome, Firefox), Operating system (including but not limited to Windows, MacOS, Android, iOS), Device ID, Digital platform navigation (including but not limited to Paths, Page views, Duration & Frequency, Referral link, Usage pattern), Services you use and the manner in which you use (including but not limited to content accessed, time spent, search, posts, follows, share, upload or tag), Digital platforms you visit immediately before and after you visit our digital platform, Metadata, logs files, error logs, which advertisements you saw or showed interest in, which pop up or push notifications you might have seen or responded, Subscriptions, Purchases, Renewal, Survey responses, Ratings, Comments & Reviews, Information search and Comparison patterns, Web analytics data, Enquiry information.
Third Party Information (TP) that includes PI and other information that we collect from third parties including but not limited to; Financial transactions, Social media, Login, Demographic data, Fraud detection information, Partner programmes (including but not limited to advertising, usage, purchases, subscriptions)
We also collect information when you:
visit our digital platform.
register on the digital platform.
use, buy or subscribe to services.
subscribe to updates, notifications, newsletters.
participate in events (including but not limited to conference, exhibition, presentations, focus groups sessions, interactive sessions, workshops, seminars, road shows), competition, surveys.
provide ratings, reviews, provide feedback and send communication.
are part of primary or secondary research and surveys that we conduct.
provided information to our Service Provider(s) (PI) with whom you may have shared data.
give consent in any way on our digital platform.
interact with us over social media platforms.
interact our representatives over phone, by email or face to face.
apply for job (full time, part time or contractual) with us.
use our digital platform using cookies, web beacons, and log information.
How Do You Use My Personal Data?
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data will be used by us or third parties to whom we disclose and share the information for some or all of the following purposes:
to create and maintain your profile you have created with us.
to track your activities on our digital platform(s)
to provide targeted and focussed services and information.
to fulfil our contractual obligations as part of the services we offer.
to verify your identity when you register on our digital platform and to verify any financial transaction in relations to any purchases or payments you make.
to respond to enquiries, comments, feedback, support requests, general and specific facilitation, dispute resolution
to provide personalised general communications, advertisements you see, and marketing communications linked to your consent.
to update you with news, information, changes in services, new features, new services, focussed and interest linked information by way of notifications, newsletters or other methods as we deem appropriate.
to run Data analytics and Technical analytics, Statistical analytics, that will form part of our research activities, improvement activities, reporting activities, future development activities.
for the purpose of risk management, fraud management and malpractices.
for training, service improvement, administrative management, performance management.
for services improvement and developing / introducing new services.
for recruitment and related purposes.
for providing consent linked marketing and sales information, customised services and advertising
for purposes as required by the law and responding to requests from the appropriate government, statutory authorities, court of law, law enforcement agencies and conducting investigations.
to publish your profile information as per your consent and registration acceptance.
comply with legal requirements (including but not limited to arbitration, mediation, litigation, investigation, administrative proceedings, government request, court orders).
protect the interest, safety and rights of our digital platform(s).
provide services to you.
provide special offers and customised communication and marketing information.
operate our digital platform legally.
perform the services on our behalf.
fulfil the contractual requirements that we have with our SP(s).
provide services to us and to fulfil their obligations under an agreement we have with such SP(s).
In addition to the above, we may use or disclose your PI:
Where you have given your consent to use or disclose
Where we reasonably believe that the use of discloser is necessary to mitigate, prevent or reduce the risk or threat to health and safety of an individual or public at large
Where we reasonably believe that unlawful or non-compliant activity has been or is being or may be engaged in and the use or disclosure of your PI is a necessary part of our investigation or in reporting the matter to the relevant authorities or the ICANN (Internet Corporation for Assigned Names and Numbers).
Where we reasonably believe that it is necessary to share your PI to operators of registration database ‘whois’ services and the users of such services if required for the legitimate interests pursued by the controller or by a third party.
To escrow service providers and / or backup storage providers to ensure business continuity.
To ensure data accuracy and to prevent unlawful use of our services, we may use third-party verification service providers to check the PI you have provided. To assess our business operations, we may also provide access to your PI to our auditors.
How Long Will You Keep My Personal Data?
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods and the following factors will be used to determine how long it is kept:
We retain your PI for as long as is necessary to provide services to you and others, to fulfil our obligation under purchase of services that you may have done, to comply with all legal obligations, to comply with all reporting, statutory and regulatory requirements, to fulfil our other contractual obligations with our associates and third parties.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. However, the table below will provide how long we hold some of your information collected by us:
|User type||Duration we retain the data|
|Users of services (paid or free use), Clients and Customers||Duration of contract / subscription + 6 years.|
|Registered users who are not clients or customers and have not purchased any service(s) ever or have not used any service(s) provided by MV including free services.||1 year from the date the user deactivates his/her account.|
|Visitors||1 year from the date of last visit.|
|Employees, Service providers, Associates, Resellers, Advertisers, Third party providers||Duration of the contract + 6 years.|
In cases where PI, UI and TP is used by us in an anonymous manner for the purpose of research & analysis and preparation of reports we may use the information indefinitely without further notice to you.
In case it is not possible to specify in advance the duration for which we will hold your PI, UI and TP, MV will retain all such data for a period not exceeding 6 years from the date of ending of any contract / subscription.
For avoidance of doubt, your ratings, reviews, comments, feedback and other information provided on our digital platform will be retained for a period of 6 years from the date you withdraw yourself from our digital platform and request for deleting your PI.
Notwithstanding any of the above, we may retain your PI, UI and TP where it is necessary to retain your data for legal compliance purposes, statutory compliance purposes, investigation purposes or to honour a direction by a court of law.
How and Where Do you Store or Transfer My Personal Data?
We may store or transfer some or all of your personal data in countries that are not part of the European Economic Area (the “EEA” consists of all EU member states, plus Norway, Iceland, and Liechtenstein). These are known as “third countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. This means that we will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR as follows.
Do You Share My Personal Data?
To be able to fulfil our obligations to our users when interacting on our digital platform and providing them high quality services, we will be required to transfer your PI internationally. Such international sharing could mean sharing information:
to our offices (including the office of our subsidiary companies, associate companies, holding companies, group companies).
to our hosting providers
to our suppliers, contractors and all other listed under clause 3.2
to the world at large when you consent to make your PI public through our digital platform as we cannot prevent the use (or misuse) of such PI by others.
If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law.
Change of purpose: We will seek your consent prior to using your PI in a manner for which we have not sought consent from you in advance. You will have the right to refuse such consent in which case we may not be able to provide certain information, details, offers or services that may be linked to the consent from you.
How Can I Access My Personal Data?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal our addresses. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within one month and, in any case, not more than six weeks of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
In general, we use the following types of cookie:
Strictly Necessary Cookies: These are cookies that are required for the operation of our Digital Platform
Analytical / Performance Cookies: These allow us to recognise and count the number of visitors and see how visitors move around our Digital Platform when they are using it. This helps us to improve the way our Digital Platform works, for example, by ensuring that users can find what they are looking for easily.
Functionality Cookies: These are used to improve the functional performance of the Digital Platform and make it easier for you to use.
Targeting Cookies: These cookies record your visit to our Digital Platform and your browsing habits, such as the pages you have visited and the links you have followed. They are used to deliver advertising which is more relevant to your interests and also may be used to limit the number of times that you see an advertisement. They may be placed by us or by advertising networks with our permission. Please note, these cookies do not contain any of your personal information.
Cookies used by our SP(s)
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.