This document sets out the obligations of My Invoice Ltd (“the Company”) with regard to data protection and the rights of people with whom it works in respect of their personal data under the Data Protection Act 1998 (“the Act”).
This Policy shall set out procedures which are to be followed when dealing with personal data.The procedures set out herein must be followed by the Company, its employees, contractors, agents, consultants, partners or other parties working on behalf of the Company.
The Company views the correct and lawful handling of personal data as key to its success and dealings with third parties. The Company shall ensure that it handles all personal data correctly and lawfully.
2. The Data Protection Principles
This Policy aims to ensure compliance with the Act. The Act sets out eight principles with which any party handling personal data must comply. All personal data:
2.1 Must be processed fairly and lawfully (and shall not be processed unless certain conditions are met);
2.2 Must be obtained only for specified and lawful purposes and shall not be processed in any manner which is incompatible with those purposes;
2.3 Must be adequate, relevant and not excessive with respect to the purposes for which it is processed;
2.4 Must be accurate and, where appropriate, kept up-to-date;
2.5 Must be kept for no longer than is necessary in light of the purpose(s) for which it is processed;
2.6 Must be processed in accordance with the rights of data subjects under the Act;
2.7 Must be protected against unauthorised or unlawful processing, accidental loss, destruction or damage through appropriate technical and organisational measures; and
2.8 Must not be transferred to a country or territory outside of the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
3. Rights of Data Subjects
Under the Act, data subjects have the following rights:
o The right to be informed that their personal data is being processed;
o The right to access any of their personal data held by the Company within 40 days of making a request;
o The right to prevent the processing of their personal data in limited circumstances; and
o The right to rectify, block, erase or destroy incorrect personal data.
4. Personal Data
Personal data is defined by the Act as data which relates to a living individual who can be identified from that data or from that data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.
The Act also defines “sensitive personal data” as personal data relating to the racial or ethnic origin of the data subject; their political opinions; their religious (or similar) beliefs; trade union membership; their physical or mental health condition; their sexual life; the commission or alleged commission by them of any offence; or any proceedings for any offence committed or alleged to have been committed by them, the disposal of such proceedings or the sentence of any court in such proceedings.
The Company only holds personal data which is directly relevant to its dealings with a given data subject. That data will be held and processed in accordance with the data protection principles and with this Policy. The following data may be collected, held and processed by the Company from time to time:
o Home Telephone No.;
o Mobile Number;
5. Processing Personal Data
Any and all personal data collected by the Company (including that detailed in Section 4 of this Policy) is collected in order to ensure that the Company can facilitate efficient transactions with third parties including, but not limited to, its customers, partners, associates and affiliates and efficiently manage its employees, contractors, agents and consultants. Personal data shall also be used by the Company in meeting any and all relevant obligations imposed by law.
Personal data may be disclosed within the Company. Personal data may be passed from one department to another in accordance with the data protection principles and this Policy. Under no circumstances will personal data be passed to any department or any individual within the Company that does not reasonably require access to that personal data with respect to the purpose(s) for which it was collected and is being processed.
The Company shall ensure that:
o All personal data collected and processed for and on behalf of the Company by any party is collected and processed fairly and lawfully;
o Data subjects are made fully aware of the reasons for the collection of personal data and are given details of the purpose for which the data will be used;
o Personal data is only collected to the extent that is necessary to fulfil the stated purpose(s);
o All personal data is accurate at the time of collection and kept accurate and up-to-date while it is being held and / or processed;
o No personal data is held for any longer than necessary in light of the stated purpose(s);
o All personal data is held in a safe and secure manner, taking all appropriate technical and organisational measures to protect the data;
o All personal data is transferred using secure means, electronically or otherwise;
o No personal data is transferred outside of the UK or EEA (as appropriate) without first ensuring that appropriate safeguards are in place in the destination country or territory; and
o All data subjects can exercise their rights set out above in Section 3 and more fully in the Act.
6. Links to Other Websites
7. Changes of Business Ownership and Control
7.1 My Invoice Ltd may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of My Invoice Ltd. Data provided by Users will, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Policy, be permitted to use the Data for the purposes for which it was originally supplied to us.
7.2 In the event that any Data submitted by Users is to be transferred in such a manner, you will not be contacted in advance and informed of the changes.
8. Controlling Use of Your Data
8.1 Wherever you are required to submit Data, you will be given options to restrict our use of that Data. This may include the following:
8.1.1 use of Data for direct marketing purposes; and
8.1.2 sharing Data with third parties.
9. Your Right to Withhold Information
9.1 You may access certain areas of the Website without providing any Data at all. However, to use all features and functions available on the Website you may be required to submit certain Data.
10. Accessing your own Data
You have the right to ask for a copy of any of your personal Data held by My Invoice Ltd (where such data is held) on payment of a small fee which will not exceed £25.00.
11.1 Data security is of great importance to My invoice Ltd and to protect your Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collected via this Website.
11.2 [Specifically we use the following systems:
11.2.1 Data protection up to 256-bit encryption
12.2 All Cookies used by this Website are used in accordance with current UK and EU Cookie Law.
12.3 Before the Website places any Cookies on your computer, subject to sub-Clause 12.4], you will be presented with pop up message bar requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling Myinvoicefinance.co.uk to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of the Website may not function fully or as intended.
12.4 Certain features of the Website depend upon Cookies to function. UK and EU Cookie Law deems these Cookies to be “strictly necessary”. These Cookies are shown below. Your consent will not be sought to place these Cookies. You may still block these cookies by changing your internet browser’s settings as detailed below.
12.5 You can choose to enable or disable Cookies in your internet browser. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser.
12.6 You can choose to delete Cookies at any time however you may lose any information that enables you to access the Website more quickly and efficiently including, but not limited to, personalisation settings.
12.7 It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.
13. Changes to this Policy
My Invoice Ltd reserves the right to change this Policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website and you are deemed to have accepted the terms of the Policy on your first use of the Website following the alterations.