We take our data processing responsibilities seriously and are committed to protecting and respecting your privacy in compliance with the General Data Protection Regulation (GDPR).
This privacy statement describes why and how we collect and use personal data and provides information about your rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.
Who is responsible for your personal data?
We need to process personal data in order to carry out our duties as insolvency practitioners.
Where an insolvency practitioner of MLG Associates is not appointed as office holder in an insolvency process, the data controller is either the company/individual on whose instructions MLG Associates is acting or it is MLG Associates.
Where an insolvency practitioner of MLG Associates is appointed as office holder in an insolvency process and the data processing is carried out as part of our statutory duties, we are the data controllers.
If you have any questions regarding our data processing, we can be contacted at MLG Associates, Unit 4, Sunfield Business Park, New Mill Rd, Finchampstead, Wokingham, Berkshire, RG40 4QT. Tel: 0118 973 7776. Email: firstname.lastname@example.org.
What is our lawful basis for processing your personal data?
Most processing is carried out to comply with our legal obligations under statute and other regulatory obligations related to an insolvency process. We also believe our processing is for the legitimate interests of all stakeholders in the insolvency process, as they are entitled to be kept informed and may wish to engage in the insolvency process.
Where MLG Associates has engaged with a client to perform a service, we will be required to process data to provide that service in accordance with the contractual terms.
What personal data might we hold?
We may hold an individual’s contact details, financial information and location. In rare cases, we may hold some special category data, e.g. trade union membership or information about an individual’s health, which will be necessary to administer an insolvency process in line with our legal obligations.
We collect the following types of information about you when you use our website:
- Information provided by you, such as your name and email address when you fill in the ‘Contact us’ form or when you register to use our client portal during an insolvency process.
- Information collected automatically, such as information which is transmitted from your computer when you browse the Internet and use the website. This information includes information from cookies, your IP address and browser type as these can be used to provide useful features for users. Click here to read our Cookies policy.
This privacy statement applies only to information collected by this website. This website contains links to other sites that are not owned or controlled by us. We are not responsible for the privacy practices of such other sites and we encourage you to read the privacy statements of those sites before providing any personal information.
How do we obtain your personal data?
Personal data is provided either by the company/individual (or persons acting on their behalf) on whose instructions we are acting, or in relation to which our insolvency practitioner has been appointed. We also access information from the Registrar of Companies and other similar public-access data providers.
How do we use your personal data?
During an insolvency process we may process your personal data in any or all of the following ways:
- To deliver services and meet legal responsibilities
- To verify identity where this is required
- For communication by post, email or telephone
- To understand needs and how they may be met
- To maintain records
- To process financial transactions
- To prevent and detect crime, fraud or corruption
- To defend or take legal actions related to the above
Sharing your data
We may use third parties located in other countries to help us run our business. As a result, personal data may be transferred outside the UK. This includes countries outside the EU and countries that do not have laws that provide specific protection for personal data. We have taken steps to ensure that all personal data is provided with adequate protection and that all transfers of personal data outside the UK are done lawfully. Where we transfer personal data outside of the EU to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU.
Personal data held by us may be transferred to:
Third party organisations that provide applications/functionality, data processing or IT services to us
We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.
Law enforcement or other government and regulatory agencies, or other third parties as required by, and in accordance with, applicable law or regulation
Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, or to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.
How long we retain your personal data?
We retain personal data for as long as is necessary to achieve the purposes listed above and for any other permissible related purpose. For example, we retain most records until the time limit for claims arising from the activities has expired or otherwise to comply with statutory or regulatory requirements regarding the retention of such records.
Your rights as a data subject
As a data subject you have the following rights regarding your data:
Right to be informed - This privacy notice meets our requirement to inform you of our processing of your data.
Right of access - You have a right of access to personal data held by us as a data controller. This right may be exercised by contacting us at MLG Associates, Unit 4, Sunfield Business Park, New Mill Rd, Finchampstead, Wokingham, Berkshire, RG40 4QT. Tel: 0118 973 7776. Email: email@example.com. We will aim to respond to any requests for information promptly, and in any event within one month.
Right of rectification - To amend or update personal data submitted to us, you may email us at firstname.lastname@example.org or, where appropriate, contact us via the relevant website registration page or by amending the personal details held on relevant applications with which you registered.
Rights that do not apply in these particular circumstances
Not all of the rights under the GDPR are available as one of the reasons we are holding your data is on the basis of it being a legal obligation and therefore the right to erasure, data portability, restriction of processing and to object do not apply.
Right to withdraw consent
The data received was not based upon obtaining consent and therefore the right to withdraw consent does not apply.
Changes to our privacy statement
We keep this privacy statement under regular review and will place any updates on our website. Paper copies of the privacy statement may also be obtained by writing to us at MLG Associates, Unit 4, Sunfield Business Park, New Mill Rd, Finchampstead, Wokingham, Berkshire, RG40 4QT. This privacy statement was last updated on 5th March 2019.
Should you have concerns about how your personal data is being processed, please contact us at MLG Associates, Unit 4, Sunfield Business Park, New Mill Rd, Finchampstead, Wokingham, Berkshire, RG40 4QT. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) which is the UK data protection regulator. For further information on your rights and how to complain to the ICO, please refer to the ICO website.