This policy pertains to this website by Midland Control Systems a company headquartered in Hednesford, Staffordshire, UK. This includes www.midlandcontrolsystems.co.uk, www.mcsgate.co.uk additional Midland Control Systems websites, and digital assets produced and or managed websites (together, the “Site”).
Midland Control Systems is responsible for the processing of personal data and is a data controller for the purposes of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation (‘GDPR’)).
General Data Protection (GDPR)
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. It becomes enforceable on 25 May 2018.
According to the European Commission, “personal data is any information relating to an individual, whether it relates to his or her private, professional or public life.
A lawful basis for data processing
Data will not be processed unless there is at least one lawful basis to do so. Mainly this will be when the data subject has given consent to the processing of personal data for one or more specific purposes.
Consent will be assumed if the data subject has made their personal details available through a recognised business community and has volunteered to join one of Midland Control Systems networking groups. For example they may have agreed to join Midland Control Systems LinkedIn Network, have ‘friended’ on Facebook or other Social Media platforms or has provided a business card at a face to face meeting. In these circumstances the data subject is taken to represent their company and has joined Midland Control Systems network in order to receive information from Midland Control Systems. In addition it will be assumed that the details given are the data subject’s business contact details
Midland Control Systems offers a services that provide, maintain and install automated gates as well as other commercial services. Activities for which consent has been assumed includes but is not limited to;
- Receiving community based notifications such as up-dates and newsletters relevant to our services
- Email marketing
- Order processing
- Support queries
- Service requests
Processing may also be necessary under certain other conditions such as but not limited to:
- for the performance of a contract
- for compliance with a legal obligation
- to protect the vital interests of the data subject or of another natural person
Records of Processing Activities
Records of processing activities will be maintained that include purposes of the processing, categories involved and envisaged time limits
Data protection by design and by default (Article 25) requires data protection to be designed into the development of business processes for products and services. Privacy settings will therefore be set at a high level by default, and technical and procedural measures will be taken by the controller to make sure that the processing, throughout the whole processing lifecycle, complies with the regulation.
GDPR makes special provision for special categories of personal data (Article 9). Midland Control Systems does not process any of these categories.
The web hosts and social media providers that we use also all conform to GDPR standards.
In all circumstances where we collect personal data from you, we will only collect the minimum amount of data required for us to perform the defined processing purpose/s.
Right of access: citizens have the right to access their personal data and information about how this personal data is being processed. These include information on the data subject, details about the processing of data, such as the purposes of the processing, with whom the data is shared, and how Midland Control Systems acquired the data.
Right to erasure: Article 17 provides that the data subject has the right to request erasure of personal data related to them on any one of a number of grounds.