Data Protection Privacy Policy

Madlins LLP are required to process relevant personal data regarding members of staff, applicants, clients and suppliers as part of its operations and shall take all reasonable steps to do so in accordance with the Data Protection Act 2018 and the General Data Protection regulation EU 2016 (GDPR).

The Type of Personal Information We Collect and Why We Have It

Madlins LLP acknowledge that processing of personal data may only be carried where there is a lawful basis to do so. Most of the personal information we process is provided to us directly by you (for example name and contact details) following an enquiry with regard to the Practice and in order to provide you with the services you have requested from us and to comply with our obligations under contract, where there is a legal obligation to process personal data, or where it is necessary for our legitimate interests or those of a third party. 

However, there may be circumstances where we need to rely on your clear consent for a specific purpose, or for a vital interest to protect someone’s life, or it is necessary for us to perform a task in the public interest.  In the case of consent, individuals will be given details of the processing activity and of their right to withdraw consent at any time.

We may share this information with third parties (for example, service providers, professional advisors, cloud storage services etc.) where required by law, where it is necessary to administer a working relationship with you or where we have another legitimate interest doing so. We will require third parties to respect the security of your personal data and to comply with the relevant legislation.

How We Store Your Personal Information

Your information is securely stored. Madlins LLP are committed to protecting the privacy and security of your personal data. We will ensure that we will only obtain and hold personal data in accordance with the key principles of the GDPR and data protection legislation.

Personal data will be:

  1. Processed in a lawful, fair and transparent manner
  2. Collected for a specified, explicit and legitimate purpose
  3. Adequate, relevant and limited to what is necessary
  4. Accurate and, where necessary, kept up to date
  5. Kept in a form which permits identification of data subjects for no longer than is necessary
  6. Processed in a manner that ensures appropriate security of the personal data


Madlins LLP will take the appropriate technical and organisational steps to ensure the security of personal data, both hard copy and electronic.

All Staff are required to respect the personal data and privacy of others and must ensure appropriate protection and security measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to all personal data and to follow the Practice’s rules regarding data security.

Staff who process personal data as part of their role, are aware of their particular  responsibilities regarding confidential information and the need to ensure that it is kept secure and only accessible by people who have a need and a right to view it. We will not transfer your personal information outside of the European Economic Area (EEA).

Madlins LLP will ensure that any notifiable breaches of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data is reported to the Information Commissioner’s Office. Any serious breach will be reported without undue delay and with 72 hours after we become aware of it.

Madlins LLP may retain data for differing periods of time for different purposes in accordance with statutory obligations, legal processes and our quality management system procedures in accordance with the GDPR.

After the appropriate retention period, data held in accordance with this policy will be deleted securely in accordance with best practice at the time.

Your Data Protection Rights

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information. If you wish to exercise your right of access to your data held by the Practice, individuals should make a Subject Access Request in writing to at our Woking Office. Madlins LLP will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event, within 30 days of the original date of request (unless an extension is required in accordance with legislation). The information will be imparted to you as soon as is reasonably possible after it has come to the Practice’s attention and in compliance with the relevant Act. If a Subject Access Request is manifestly unfounded or excessive, the Practice is not obliged to comply with it. Alternatively, we can agree to respond, but will charge a fee, based on our administrative cost of responding to the request.

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. Madlins LLP will review personal data regularly and endeavour to ensure that it is accurate, relevant and up to date. You should let the Practice know as soon as possible if your personal data changes.

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.

 Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

 

How to Contact Us or Make a Complaint

We have appointed Mr. Tony Willson as the person who is responsible for reviewing and auditing our data protection systems and is the person to whom you should address any queries regarding your rights or compliance under the GDPR.

Mr. Tony Willson, Madlins LLP, Nova Scotia House, 70 Goldsworth Road, Woking GU21 6LQ.  Tel:  01483 751600.  Email: T.Willson@madlins.co.uk

If you have any concerns about how we have used  your personal data you may contact the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Tel: 0303 123 1113.  Website: https://ico.org.uk

Madlins LLP are Tier 2 registered with the ICO, reference number: ZA473231

    

                              

Signed for and on behalf of Madlins LLP
Mr. A. Willson
Partner