A key GDPR stipulation is that we must assign a lawful basis for our processing activities. M Assessment Services has identified a 'legitimate interest' for when processing information from accommodation providers.
In order to deliver the services that we do, we need to collect personal data. Depending on which of our services you use, we may need to collect:
Your data will either be provided to us by:
We implement a set of strict information security policies and procedures to protect your data both in transit and at rest. These include:
As part of our day to day operations we may need to pass your personal data to our third party suppliers. This is only done to support the contract that we have with you. Your data will not be used for any other purpose without your express consent.
Your data will not be used by our third party suppliers for marketing purposes.
Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.
If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or DPA 18 with regard to your personal data.
If you do exercise your right to raise a subject access request we have put processes in place that will tell you:
If M Assessment Services discovers that there has been a breach of personal data that poses a risk to an individual’s rights and freedoms, we will report it to the Information Commissioner within the guidelines as set out within the GDPR. The organisation will record all data breaches regardless of their effect.
If the breach is likely to result in a high risk to the rights and freedoms of individuals, it will tell affected individuals that there has been a breach and provide them with information about its likely consequences and the mitigation measures it has taken.
Some of the processing that the M Assessment Services carries out may result in risks to privacy. Where processing would result in a high risk to an individual's rights and freedoms, we will carry out a data protection impact assessment to determine the necessity and proportionality of processing and where appropriate, we will refer this information to the Information Commissioner as per the guidelines in the GDPR. This will include considering the purposes for which the activity is carried out, the risks for individuals and the measures that can be put in place to mitigate those risks.