Privacy Policy

GDPR General Data Protection Regulation

Full Privacy Policy

Montgomery Jones Limited is committed to protecting the rights and freedoms of data subjects and safely and securely processing their data in accordance with all of our legal obligations.

Our core beliefs regarding user privacy and data protection are:

• User privacy and data protection are human rights
• We have a duty of care to protect personal data
• Data is a liability, it should only be collected and processed when absolutely necessary
• We loathe spam as much as you do!
• We will never sell, rent or otherwise distribute or make public your personal information

We hold personal data about our employees, clients, suppliers and other individuals for a variety of business purposes.  This policy sets out how we seek to protect personal data and ensure that our staff understand the rules governing their use of the personal data to which they have access in the course of their work. In particular, this policy requires staff to ensure that the Data Protection Officer (DPO) be consulted before any significant new data processing activity is initiated to ensure that relevant compliance steps are addressed.

Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:

UK Data Protection Act 1988 (DPA)
EU Data Protection Directive 1995 (DPD)
EU General Data Protection Regulation 2018 (GDPR)

This site’s compliance with the above legislation, all of which are stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are unsure about whether this site is compliant with your own country of residences’ specific data protection and user privacy legislation you should contact our data protection officer (DPO) for clarification.

Definitions

Business purposes: The purposes for which personal data may be used by us:

• Personnel, administrative, financial, regulatory, payroll and business development purposes.

Business purposes include the following:

• Compliance with our legal, regulatory and corporate governance obligations and good practice
• Gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests
• Ensuring business policies are adhered to (such as policies covering email and internet use)
• Operational reasons, such as recording transactions, training and quality control
• Investigating complaints
• Checking references, ensuring safe working practices, monitoring and managing staff access to systems and facilities and staff absences, administration and assessments
• Monitoring staff conduct, disciplinary matters
• Marketing our business
• Improving services

Personal data: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data we gather may include:

• individuals’ phone number, email address, educational background, financial and pay details, details of certificates and diplomas, education and skills, marital status, nationality, job title, and CV

Scope For ‘Montgomery Jones Limited’
This policy applies to all staff, who must be familiar with this policy and comply with its terms.

This policy supplements our other policies relating to internet and email use. We may supplement or amend this policy by additional policies and guidelines from time to time. Any new or modified policy will be circulated to staff before being adopted.

As our data protection officer (DPO), Joan Melville has overall responsibility for the day-to-day implementation of this policy. You should contact the DPO for further information about this policy if necessary.

The principles

Montgomery Jones shall comply with the principles of data protection (the Principles) enumerated in the EU General Data Protection Regulation. We will make every effort possible in everything we do to comply with these principles. The Principles are:

• Lawful, fair and transparent - Data collection must be fair, for a legal purpose and we must be open and transparent as to how the data will be used.
• Limited for its purpose - Data can only be collected for a specific purpose.
• Data minimisation - Any data collected must be necessary and not excessive for its purpose.
• Accurate - The data we hold must be accurate and kept up to date.
• Retention - We cannot store data longer than necessary.
• Integrity and confidentiality - The data we hold must be kept safe and secure.
• Accountability and transparency - We must ensure accountability and transparency in all our use of personal data. We must show how we comply with each Principle. You are responsible for keeping a written record of how all the data processing activities you are responsible for comply with each of the Principles. This must be kept up to date and must be approved by the DPO.

Data audits

Regular data audits to manage and mitigate risks will inform the data register. This contains information on what data is held, where it is stored, how it is used, who is responsible and any further regulations or retention timescales that may be relevant.

Failure to comply

We take compliance with this policy very seriously. Failure to comply puts both you and the organisation at risk.

The importance of this policy means that failure to comply with any requirement may lead to disciplinary action under our procedures which may result in dismissal.

If you have any questions or concerns about anything in this policy, do not hesitate to contact our Data Protection Officer (DPO).

Information We Collect

In running and maintaining the MontgomeryJones.co.uk website we may collect and process the following data about you:

1. Information about your use of our site including details of your visits such as pages viewed and the resources that you access. Such information includes traffic data, location data and other communication data.
2. Information provided voluntarily by you. For example, when you register for information.
3. Information that you provide when you communicate with us by any means.

Use of Cookies

Cookies provide information regarding the computer used by a visitor. We may use cookies where appropriate to gather information about your computer in order to assist us in improving our website.

We may gather information about your general internet use by using the cookie. Where used, these cookies are downloaded to your computer and stored on the computer’s hard drive. Such information will not identify you personally. It is statistical data. This statistical data does not identify any personal details whatsoever

You can adjust the settings on your computer to decline any cookies if you wish. This can easily be done by activating the reject cookies setting on your computer.

Use of Your Information

Should you choose to contact us using the Contact Form on our Contact us page or an email link, none of the data that you supply will be stored by this website or passed to / be processed by any of the third-party data processors. 

Data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL). Our webhost provides enhanced SSL protection with an external firewall that helps protect against any outside attacks with all secure web hosting packages.

We use the information that we collect from you to provide our services to you. In addition to this we may use the information for one or more of the following purposes:

1. To provide information to you that you request from us relating to our services.
2. To provide information to you relating to other products that may be of interest to you. Such additional information will only be provided where you have consented to receive such information.
3. To inform you of any changes to our website, services and products.

If you have previously purchased services from us we may provide to you details of similar services that you may be interested in.

Storing Your Personal Information

There is currently no occasion where personal data will be stored on this website.

Disclosing Your Information

We will not disclose your personal information to any other party other than in accordance with this Privacy Policy and:

1. In the event that we sell any or all of our business to the buyer.
2. Where we are legally required by law to disclose your personal information.
3. To further fraud protection and reduce the risk of fraud.

Third Party Links

On occasion we include links to third parties on this website. Where we provide a link, it does not mean that we endorse or approve that site’s policy towards visitor privacy. You should review their privacy policy before sending them any personal data.

Access to Information

In accordance with the Data Protection Act 1998 you have the right to access any information that we hold relating to you.

Third Party data Processors

We do not use third parties to process personal data on our behalf. All personal information is processed by our Data Protection Officer and complies with the legislation set out in this policy.

Data Breaches

We will report any unlawful data breach of this website’s database or the Montgomery Jones database to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

Data Controller

The data controller of this website is: Montgomery Jones a UK Private limited Company with company number: SC530233.

Whose registered office is: 49 Loanhead Road, Paisley, PA3 3QN

Data Protection Officer (DPO)

Joan Melville
Telephone: 07855 961774
Email: admin@montgomeryjones.co.uk

Changes To Our Privacy Policy

This privacy policy may change from time to time in line with legislation or industry developments. We will not explicitly inform our clients or website users of these changes. Instead, we recommend that you check this page occasionally for any policy changes. Specific policy changes and updates are mentioned in the change log below.

Change log

31 May 2018 Privacy policy instigated