This privacy policy sets out how MDS Ltd uses and protects any information that you give MDS Ltd when you engage with us. It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this policy.
This Privacy Policy applies to the personal data of our Website Users, Candidates, Employees, Trainees, Alumni, Members and Directors, and other people whom we may contact in order to find out more about our Candidates or whom they indicate is an emergency contact or referee.
MDS Ltd may occasionally change this policy by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 25 May 2018.
To summarise the policy here are key bullet points. Further details and information is contained below.
We refer to ‘Candidates’ as those who apply for the MDS scheme by completing the online application form or those who submit an application for a role within the MDS team.
We refer to ‘Employee’ or ‘Staff’ as those who are employed by MDS other than trainees.
We refer to ‘Trainees’ as those who are successful at interview and become employed by MDS on the graduate scheme. ‘Members’ own Trainees’ are employees of members who attend the MDS training programme.
We refer to ‘Alumni’ as our former trainees.
We refer to ‘Members’ as organisations who have a contract with MDS to provide secondments and access our training services.
We refer to ‘Directors’ as members of our Board who represent Member companies.
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
Consent
In specific situations, we can collect and process your data with your consent.
For example, when you tick a box to receive email newsletters. When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service.
Contractual obligations
In certain circumstances, we need your personal data to comply with our contractual obligations.
Legal compliance
If the law requires us to, we may need to collect and process your data.
Legitimate interest
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
We may collect the following information:
| Categories of data | Lawful basis for processing and purpose of processing |
|---|---|
|
Legitimate interest For the purpose of recruitment. |
| Categories of data | Lawful basis for processing and purpose of processing |
|---|---|
|
Contract In order to pay your salary and expenses. |
|
Legitimate interests For personnel files. |
|
Legal obligation To ensure that you are legally allowed to work and drive in the UK. To ensure that you pay tax and are opted into a pension scheme. |
| Categories of data | Lawful basis for processing and purpose of processing |
|---|---|
|
Consent To be displayed in the office for recruitment purposes and to display within the MDS profile books which is shared with Member companies. To be used for promotional materials which may be shared with associated PR company and website designers. |
|
Contract In order to pay your salary and expenses. |
|
Legitimate interests For personnel files and in order to monitor the value of secondments and training. |
|
Legal obligation To ensure that you are legally allowed to work and drive in the UK. To ensure that you pay tax and are opted into a pension scheme. |
| Categories of data | Lawful basis for processing and purpose of processing |
|---|---|
|
Consent To receive newsletters, respond to enquiries and research requests, to receive information about events and services. (as long as you have agreed to this at the point of providing your information and for as long as you do not opt-out.) To aid us with marketing, promotional events and in order to identify potential new members. Also used for statistical purposes. |
|
Legitimate interests To improve our services and record data for statistical purposes. |
| Categories of data | Lawful basis for processing and purpose of processing |
|---|---|
|
Contract Obligation to share with trainees in order to place trainees within the organisation. |
| Categories of data | Lawful basis for processing and purpose of processing |
|---|---|
|
Legal obligation Required by the FCA to be included on the annual return. |
| Categories of data | Lawful basis for processing and purpose of processing |
|---|---|
|
Legitimate interests To ensure that our website functions properly and in order to improve user experience. |
The main reason for using your personal details is to help trainees to secure suitable secondments and permanent employment and to provide members with suitable candidates for their vacancies. Where appropriate and in accordance with local laws and requirements, we may also use your personal data for things like marketing and diversity monitoring.
If appropriate, we will seek your consent to undertake some of these activities. We may also seek your consent to collect, hold, and use and disclose your personal information for any other purpose not listed here.
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
We keep your data on areas of “MDS Office 365” which can only be accessed by MDS office staff and the IT provider who have password access to the specific information. Office 365 if a cloud based storage and software service provided by Microsoft, who have their own policy regarding data, if you wish to view this click here.
We do our upmost to keep this system secure and we do not share passwords. Printed or written documents containing personal information are only stored in locked cupboards which only MDS staff have access to.
If we have consent to do so, we may display your photo in the MDS office, on our website or on social media.
Candidates’ applications submitted on our website will be stored there for a limited period of time. Our website has an SSL certificate, which encrypts connections and protects sensitive data appropriately.
Initially data is shared within the organisation.
We may also release personal information to regulatory or law enforcement agencies, if they require us to do so. We will also disclose your information where we are permitted and requested to do so by law.
We may share your personal data with various parties, in various ways and for various reasons as explained under the headings below.
We will not share your information with any third party.
If you become an employee, we will share your information with our outsourced payroll service, health insurance, pension and IT support providers.
Primarily we will share your CV or profile with Members to secure your secondments and permanent roles. We may also share anonymised versions of your profile with potential new members, candidates or training providers.
We may share your information with training providers and other third parties in order to provide you with the best learning opportunities whilst on the graduate scheme.
In addition, we will share your information with our outsourced payroll service, pension and IT support providers.
We may also share contact information with prospective trainees who are invited to the assessment day so they can find out more about the scheme.
We will share your CV and covering letter with a member if you apply for a permanent position that we are advertising on their behalf.
We will share your name and email address with Mail Chimp in order to keep in contact with you if you opt in to receive information about our events and information about our services. Click here to view their privacy policy.
We will share your contact details with Trainees and Alumni primarily to ensure that we provide you with suitable candidates for any secondments or jobs you are looking to fill. We may also share your details with other Members in order to allow for collaboration and sharing of good practice amongst the membership, but we will seek your permission before doing so.
We will share your contact details with Trainees so that they may contact you with queries or for support. We will share your address, year of birth, title and other directorships with the Financial Conduct Authority as part of the annual return.
We keep emails for up to 6 years unless otherwise stated below.
Unsuccessful applicants’ information will be stored for a period of up to 1 year. The same will apply for those who withdraw from the scheme before starting.
Current personal data of trainees and employees will be stored for 6 years after they leave the scheme. Data regarding financial and payroll information will be kept for 6 years in line with legal and regulatory obligations.
We will keep your name, group number, contact details and post-MDS roles indefinitely unless you ask us not to. This is to be used for the purpose of keeping in touch in regards to MDS events and opportunities.
You can opt out of our communications at any time and you can request that your name be deleted from our records.
We will still record your group number employment dates and secondments for statistical purposes.
If you apply for a job with a Member via us and submit your CV and covering letter, we will keep these for a period of up to 6 months.
We keep Member company key contact details on file for as long as the business is a Member of MDS Ltd and for 6 years after the business has left the Membership. Member employees can tell us at any time that they wish to be removed from our contact lists by
emailing info@wordpress-764986-2591869.cloudwaysapps.com.
When we are made aware that a key contact at a Member company has left the business, we will delete their contact details from our system within one month.
Once a Member has left the MDS membership, we will keep contact details on file for 6 years in case of audit queries.
When contact details of an employee within a potential Member company are passed on to us, we keep these for 1 year. If no meaningful contact is received within this time, we will remove the details from our system. When we refer to “meaningful contact”, we mean, for example, communication between us (either verbal or written), where you ask for more information about or are actively engaging with our services. We will also consider it meaningful contact if you communicate with us about potential roles, either by verbal or written communication or click through from any of our marketing communications. Your receipt, opening or reading of an email or other digital message from us will not count as meaningful contact – this will only occur in cases where you click-through or reply directly.
We keep director details indefinitely as they are on the FCA annual return.
In order to provide Candidates, Employees and Trainees with suitable employment opportunities safely and securely and to provide for every eventuality for them, we require the details of referees and emergency contacts. We only ask for very basic contact details, so that we can get in touch with you either for a reference or because you’ve been listed as an emergency contact for one of our Candidates or employees.
Referee contact details are included as part of the application process. Documents linked to an employee or trainee’s application are destroyed 6 years after an employee leaves the company. For unsuccessful applicants, application forms, and therefore referee details, are deleted within 1 year of applying.
Emergency contact details will be deleted with the employee’s employment details within 6 years of them leaving the business.
They are stored on the MDS Office 365 system in a secure manor. Referee details will also be stored with the application form on the website, which has an SSL certificate in order to protect sensitive data.
They are not shared or sold to any third parties.
Even if we already hold your personal data, you still have various rights in relation to it. We will seek to deal with your request within 30 days, and in any event in accordance with the requirements of any applicable laws. Please note that we may keep a record of your communications to help us re§solve any issues which you raise. If we choose not to action your request we will explain to you the reasons for our refusal.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent by emailing us at the address found below.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
Accuracy of your data
If you believe that any information we are holding on you is incorrect or incomplete, please write to us as soon as possible. We will promptly correct any information found to be incorrect. If we are made aware that your details are no longer correct we will delete this information.
Subject Access Request
You may request details of personal information which we hold about you under the Data Protection Act 1998. No fee is required. If you would like a copy of the information held on you please get in touch.
Direct marketing
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
If you would like to exercise any of the above rights or ask for further information, please email info@wordpress-764986-2591869.cloudwaysapps.com.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. These include measures to deal with any suspected data breach.
In the event of a security breach, the Information Commissioner’s Office (ICO) will be notified within 72 hours of becoming aware of the breach. You will also be notified as soon as possible, in order to protect yourself from the breach. We will provide you with the likely consequences of the breach and what measures are taken or proposed to be taken to deal with the personal data breach and including, where appropriate, the measures taken to mitigate any possible adverse effects.
If you suspect any misuse or loss of or unauthorised access to your personal information please let us know immediately. Details of how to contact us can be found on the bottom of this document and on our website.
A cookie is a small file that is stored on your computer’s hard drive. They are used by nearly all websites and do not harm your system, the cookie helps analyse web traffic or lets you know when you visit a particular site. Each cookie expires automatically after a certain period of time.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Essential Cookies
Certain cookies are necessary in order for the site to operate correctly. For example, we use cookies to authenticate you. When you log on to the portal section of our website, authentication cookies are set which let us know who you are during a browsing session.
We use cookies to identify when you have logged on. And we use cookies within the website in order to separate human visitors from robots.
We collect information about your general geographic information.
Performance Cookies
Using Google Analytics which gathers information allowing us to understand interactions with our websites and ultimately refine that experience to better serve you.
These cookies are used to distinguish users and to throttle request rates.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
By using our services or applying to work for MDS Ltd you consent to the collection and use of your personal information in the ways specified above in our privacy policy.
You have a legal right to a copy of all personal information about you held by us.
You also have a right to correct any errors in that information.
It is your responsibility to ensure that your Personal Data is accurate.
Please feel free to contact us if you have any queries surrounding this policy.
Email: info@wordpress-764986-2591869.cloudwaysapps.com
Write to us: MDS Ltd, Unit 14 Papyrus Business Parc, Werrington, Peterborough, PE4 5BH.