By using Morgan Reach, our websites (including our mobile site), our mobile app, our social media pages, our dedicated telephone lines, our support functions and any other service, you are acknowledging that we are processing your personal information and, where necessary consenting to such practices, as outlined in this statement.
Personal information which we collect
We collect personal information about you (and others if their personal information is provided by you) when you:
(a) use our services;
(b) register or alter details for Morgan Reach accounts;
(c) request further information or a call-back;
(d) sign up for our newsletter and other marketing emails (in line with Marketing below);
(e) post material to our website and / or social media page;
(g) complete customer feedback or surveys;
(h) raise a complaint or dispute with us;
(i) speak to one of representatives;
(k) participate in competitions or promotions;
(l) and / or use our website and customer applications in any other way.
The personal information collected in the above manner may include the following about you (and others if their personal information is provided by you):
(a) full name;
(b) postal address;
(c) email address;
(d) telephone number;
(e) payment details;
(g) machine identifiers (such as IP addresses);
(h) dispute resolution information;
(i) disability and health information;
(j) supplementary information (dietary and other preferences and special requirements);
(k) image data;
(l) voice recordings; and
(m) identification information (such as passports, drivers’ licences or national identity cards).
Personal information provided by third parties
We may receive information about you from other sources (such as the Mail Preference Service), which we will add to the information we already hold about you in order to help us provide our products and services in accordance with your requirements and to ensure that the quality of data we have on your account(s) is maintained properly. We may also obtain information about you from social media providers such as Twitter and Facebook or from third party websites where you have left commentary or feedback about us (for example on Google).
How we use your information
We will collect personal information:
1) in order to take the necessary steps in preparation of, or to fulfil our obligations under, a contract:
a) Payments – provide communications about products and services being provided to you (and others if their personal information is provided by you);
b) Website service communication – provide notifications of any changes to our website or to our services that may affect you (and others if their personal information is provided by you);
2) with your consent:
a) Marketing communications – create a profile about you for marketing purposes to tailor our communications to you. We may use automated processes to do this;
b) Promotional offers – inform you about promotional offers and other products or services that may be of interest (in line with Marketing communications above);
c) Maintain records indicating your consent to status – to ensure we accurately reflect your wishes when communicating to you;.
3) in our legitimate interest* to protect against fraud:
a) Website improvement and fraud prevention – improve our websites and services, prevent or detect fraud or abuses of our websites and services, and enable third parties to carry out technical, logistical or other functions on our behalf;
b) Security – carry out security checks when allowing you access to our services and to block fraudulent or suspected fraudulent activity.
5) in order to meet our legal obligations:
a) Taxation – ensure we meet our tax and other regulatory obligations;
b) Registration – ensure local jurisdiction regulations are complied with (where registration is necessary in such jurisdictions).
* any reliance on legitimate interest shall not prejudice your interest or fundamental rights and freedoms.
We may periodically send promotional material to you about new products, special offers or other information which we think you may find interesting based on the profile we have created about you to the email addresses and phone numbers which you have provided.
If these are similar to products and services previously supplied by us to you, we will assume, under our legitimate interests to promote similar goods and services, that you are willing to receive this information unless you tell us otherwise. Please note that we do not want to send you information that you do not want to receive and you can opt out at any time (please see ‘The right to ask us to stop contacting you with direct marketing’ below for further information).
We will always ask your permission before sending you email marketing information (unless you have already received similar services or products from us as mentioned above). We do this by asking for your positive confirmation (e.g. by providing a tick or inserting your contact details in the relevant boxes) indicating that you wish to receive marketing and you can opt out at any time (please see ‘The right to ask us to stop contacting you with direct marketing’ below for further information). This ensures you only receive information that you have given us permission to send and are willing to receive.
We may use your information to create a profile about you in order to tailor, by automated means, our communication and marketing to you. You can object to such profiling, please see ‘The right to object to automated decision making / profiling’ below).
How long we will keep your personal information
We retain your information for a range of purposes which determine the period of time for which we need to keep such information. For example (list is not exclusive):
|For the purposes of marketing||3 years from the point of last contact with you, this may include use of our websites, services or responses to communications with you|
|For compliance with legal obligations arising from contracts entered into with you, for example tax regulations||For compliance with legal obligations arising from contracts entered into with you, for example tax regulations|
We will remove your data from our systems at the end of the applicable data retention periods, unless we are required by current or future law to retain your personal information for a longer peiod.
Our approach to information security
To protect your information, Morgan Reach has policies and procedures in place to make sure that only authorised personnel can access the information, that information is handled and stored in a secure and sensible manner and all systems that can access the information have proportionate and reasonable security measures in place. To achieve this, employees, contractors, sub-contractors and third party suppliers have contracts, with defined roles and responsibilities.
While we take commercially reasonable measures to ensure the safety and security of your data, due to the inherent risks with the Internet and electronic devices, we are unable to warranty the absolute security of your data when using our services.
Transfers of your information out of the EEA
We may from time to time need to transfer your personal information to entities outside the European Economic Area (EEA). Any transfer of your data will be subject to adequate levels of protection that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach.
In order to process any of the requests listed below, we may need to verify your identity for your security. In such cases your response will be necessary for you to exercise this right.
The right to access information we hold about you
At any point you can contact us to request details concerning the information we hold about you, why we have that information, who has access to the information and where we got the information. In most cases you may be entitled to copies of the information we hold concerning you. Once we have received your request we will respond within 30 days.
The right to correct and update the information we hold about you
If the data we hold about you is out of date, incomplete or incorrect, you can inform us and we will ensure that it is updated.
The right to have your information erased
If you feel that we should no longer be using your data or that we are illegally using your data, you can request that we erase the data we hold. When we receive your request, we will confirm whether the data has been deleted or tell you the reason why it cannot be deleted.
The right to object to processing of your data
You have the right to request that Morgan Reach stops processing your data. Upon receiving the request, we will contact you to tell you if we are able to comply or if we have legitimate grounds to continue. If data is no longer processed, we may continue to hold your data to comply with your other rights.
The right to ask us to stop contacting you with direct marketing
You have the right to request that we stop contacting you with direct marketing. On promotional emails we provide an ‘unsubscribe’ link at the bottom of the email which will unsubscribe you from that service. You can also unsubscribe by updating your profile via our unsubscribe link. If you wish to opt out with respect to more than one email address, you must complete a separate request for each email address.
Please note it is not possible to ‘opt-out’ of receiving communication from us which relates to service we provide to you or customer satisfaction surveys sent as part of engagements (which are not considered marketing for these purposes). This ensures that we can always contact you as a result of circumstances that may affect your stay with us and in order for us to improve our services going forward.
The right to data portability
You have the right to request that we transfer your data to another controller. Once we have received your request, we will comply where it is feasible to do so.
The right to object to automated decision making / profiling
You have the right to request that we stop profiling you in relation to our direct marketing practice. You can inform us and we will deal with your request accordingly.
The right to complain
You can make a complaint to us by contacting us via firstname.lastname@example.org or to the data protection supervisory authority – in the UK, this is the Information Commissioner’s Office, at https://ico.org.uk/.
Cookies and tracking
In order to improve the overall experience of visiting our website, we use a server-based log to collect anonymous information about our website visitors. This data is only used to generate statistical charts and will not be used in any other way.
Cookies are small text files that are stored on your computer when you visit a website. They are mainly used as a way of improving the website functionalities or to provide more advanced statistical data.
Our website uses Google Analytics which relies on cookies to generate more advanced visitor charts and data mining reports. Similarly to our server-based logs, Google Analytics collects anonymous information that will not be used to identify our website visitors.
If you have any queries about this policy, need further information or wish to lodge a complaint you can use the details below to contact us.
Data Protection Officer
136 Hagley Road,
We may change this policy from time to time. You should check this policy occasionally to ensure that you are aware of the most recent version that will apply each time you access the website.