COLLECTION OF YOUR PERSONAL INFORMATION
Mill House collects data including email address, name, address, telephone number. This is to enable us to work as a trusted advisor to our clients and contacts in the industry. We hold this limited data under the GDPR lawful basis of “legitimate interest”. We are committed to ensuring that this is transparent, fair, necessary and limited. In order to fulfil these important requirements, we carry out ongoing legitimate interest assessment.
Our uses of personal data include:
inviting people to thought leadership events or industry events;
updating individuals in the industry on relevant legal or regulatory changes;
informing individuals about a project that they might be interested; and
updates on Mill House services, locations or other progress.
As an organisation we have an obligation to work with our clients, contacts, and the wider industry to share our ideas and thought leadership and help to raise standards. To enable us to do this we contact our clients and contacts when we feel there is information that is in their interest.
We will never share personal information with externally controlled parties. Processors are vetted to ensure that they comply with GDPR and data protection requirements. We may transfer personal data outside of the European Economic Area (EEA) to one of our numerous live project offices around the world. Client information is not shared outside this group.
Mill House does not use or disclose personal information such as race, religion or political affiliations, without your explicit consent.
RIGHT TO CORRECT OR ACCESS
Individuals included in our database have the right to correct or access their information at any time. To do so, clients/individuals should contact their main Mill House contact or firstname.lastname@example.org
RIGHT TO ERASURE
Individuals have the right to object to their information being used for the purposes listed above and can request that they are removed from our database at any time unless there is a legal reason for us to keep information on record.
We will keep written records of all of our processing activities relating to client data as required under the GDPR regulations.
All personal data will be kept securely in accordance with our information security policy. We will retain personal data for the purposes listed above until we decide the services we provide are no longer relevant to the individual or in rare cases indefinitely where necessary for business efficacy.
THE RIGHT TO LODGE A COMPLAINT
Individuals can contact Aurelie Garrigues at email@example.com in the event that:
they are concerned or suspect that personal data processing without a lawful basis is taking place
a data breach has occurred
personal information has been accessed without the proper authorisation
personal information has not kept or deleted securely
personal information has been removed from our premises without appropriate security measures being in place
a breach of this policy has occurred
there has been a breach of any of the data protection principles set out in paragraph “Criminal records data”