Skip to Main Content

Privacy Policy

March 12, 2024

Introduction

Mondas and its affiliates is a provider of information and security consulting products and services, operating across the UK, Ireland and Spain and is the Data Controller of the information we process.

We can be contacted via the following: 

By Post
The Hub, Fowler Ave, Farnborough GU14 7JP
Contact number: 01252 494 020

By Email
dataprivacy@mondas.co.uk 

Mondas’ Privacy Policy outlines how we (as well as any subsidiaries, affiliates and applicable 3rd parties) process and protect the personal information that customers and any other third parties may provide us to ensure the Data Protection Act 2018 (DPA), incorporating the General Data Protection Regulation (GDPR), is complied with whilst protecting the ‘rights and freedoms’ of individuals.

1. Sources of Data 

Personal information we process about you may be directly provided to us by yourself in the course of you:  

  • Enquiring after, using or applying for a Mondas product or service  
  • Making a complaint or enquiry to ourselves  
  • Subscribing or unsubscribing to marketing material  
  • Entering or attempting to enter into a business or employment relationship with ourselves  
  • Visiting or using the Mondas website, including cookie consent and preference settings. 

Information may also be provided to us indirectly by:  

  • Next of kin / delegated authorities  
  • Business associates  
  • Your employer in partnership/business with Mondas   
  • ‘Trusted Sources’:
    • Credit / Default Agencies 
    • Financial Institutes 
    • Insurance Companies 
    • Health providers 
    • Third-party service affiliates or suppliers who have sought your consent 

We will always attempt to provide you with our Privacy Notice in regards to information received from other sources than yourself if it is not deemed to be disproportionate or prejudicial. 

2. Purposes of Processing

We collect, use and hold your information for the purposes of: 

  • Assessing applications for and providing Mondas products and services 
  • Conducting business and developing relationships between Mondas and affiliates 
  • Processing payments and transactions including Accounting, Authorisation, Clearing, Chargebacks, Billing, Reconciliation, Collection, Credit Checks and related dispute resolution activities 
  • Creating and managing any accounts or associated authentication criteria (such as ID logins and passwords) you may have with Mondas 
  • Communicating and marketing Mondas products, services, offers, programs and promotions 
  • Compiling business directories, including business contact information 
  • Operating, monitoring and improving our products, services and websites as well as developing new products and services 
  • Processing job applications 
  • Enforcing Mondas “Terms of Use” and Contractual Obligations as may be required by applicable laws and regulations or requested by any judicial process or governmental agency having or claiming jurisdiction over Mondas or its affiliates 
  • Complying with industry standards and Mondas policies 
  • Processing complaints, enquiries and data subject rights requests 
  • For training, communication and awareness 
  • Confirming appointments and meetings 
  • Publishing of customer feedback and reviews 

3. Lawful basis of processing 

The legal basis we use to process your personal data may differ for each processing activity. Dependent upon the purpose for processing, as outlined above, and the business area processing your data Mondas relies upon the following lawful basis of processing:  

  • Article 6 (1) (a) GDPR Consent: Where your permission and consent has been provided to allow processing to be undertaken  
  • Article 6 (1) (b) GDPR Performance of a contract: where you (or your employer)  have or will enter into a contract with Mondas and we need to process your information as part of this contract  
  • Article 6 (1) (c) GDPR Legal Obligation: Where Mondas are bound by further laws and regulations to process your information, affecting areas such as:
    • Privacy and Electronic Communications Regulation
    • Crime and anti-money laundering  
    • Financial Services   
    • Employment  
    • Welfare and health and safety 
  • Article 6 (1) (f) GDPR Legitimate interests: These include:
    • Due diligence  
    • Network and Information Security  
    • Suppression lists and managing communication opt-out requests  
    • Training, communication and awareness   
    • Direct marketing  
    • Monitoring and web analytics  
    • Cloud storage   
    • Track and trace requirements 

Should we process information defined as ‘special category’ Mondas relies upon the following lawful basis for processing: 

  • Article 9 (2) (a) GDPR Explicit Consent:
    Your permission has been granted and documented directly to us
  • Article 9 (2) (b) GDPR For the purposes of employment and social security:
    Such as complying with employment laws
  • Article 9 (2) (f) GDPR Establishing, exercising or defending a legal claim:
    Such as litigation against a business or employee
  • Schedule 1, Part 2, Paragraph 21 DPA 2018 Occupational Pensions:
    Next of kin information of employees signed up to the pension scheme.

We may also process criminal conviction data under: 

  • Schedule 1, Part 3, Paragraph 33 DPA 2018 Legal claims:
    In connection with legal, or potential legal proceedings, obtaining legal advice or establishing, defending and /or exercising legal rights.

4. Sharing Data  

We do not sell, share or disclose personal information we collect about you, except as described in this Privacy Notice or as indicated via the consent process at the time the data is collected. We may share the information we collect, where applicable, with:  

  • Third-Party Service Providers  
  • Affiliates and partners   
  • Formally contracted service providers for:
    • Hosting Data centres 
    • Infrastructure and Applications development and support
    • Cloud Services  
  • Credit agencies  
  • Her Majesty’s Revenue and Customs (HMRC),  
  • Relevant regulatory bodies and authorities 
  • Health providers / Government agencies 

Mondas may also disclose personal information to other employees in the course of providing you with our services. Mondas does not permit these parties to use such information for any other purpose than to perform the services they have been instructed to provide by us. 

Mondas may share information about you, if required legally, to prevent harm or financial / reputation loss, for investigation of suspected or actual fraudulent or illegal activities. 

In the event of a sale or transfer of our business or assets (wholly or partly) Mondas reserve the right to transfer your information to the acquirer. You can exercise your rights and gain clarification concerning the protection and processing of your information by the acquirer by contacting them directly. 

5. International Data Transfers 

Mondas does not transfer information outside of the EEA. However, should a transfer occur to countries or organisations outside of the EEA, agreements will be put in place to ensure your personal information is provided with the same adequacy of data protection adopted in the UK, by following legislation and ICO guidelines and requirements, such as using Binding Corporate Rules, Adequacy Rulings and Model Clauses. 

6. Security

We maintain administrative, technical and physical safeguards designed to protect against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use. 

Access to personal data is restricted only to those who have a legitimate business need and data processed by third parties is only done so under strict instruction from Mondas, as per the terms of their contract. We contractually require service providers and processors to safeguard the privacy and security of personal information they process on our behalf in line with data protection obligations and authorise them to use or disclose the information only as necessary to perform services on our behalf and under our instruction or to comply with legal obligations and requirements. 

7. Retention 

Information is retained in line with its purpose of processing and only for as long as necessary in line with business requirements, legitimate interests and statutory or legal obligations.

8. Rights

You can exercise certain rights in regards to your data. However, the applicability of these rights is dependent upon our purpose and lawful basis of processing.

You can exercise your rights either verbally or in writing. However, should you make a request verbally we recommend that you follow this up in writing to provide a clear correspondence trail. 

We have an obligation to respond within one month of receiving your request. Should we deem the request to be complex the response time can be extended by up to two months and you will be informed of the extended response date, alongside an explanation, within the original one-month time frame. 

If required, identification will be requested within the one-month time frame and only limited to what is necessary for confirmation, such as a copy of your driving licence, passport or utility bill. Once ID has been confirmed we will then process your request. 

Should we refuse to comply with a request we will inform you of this within the one-month time frame and provide an explanation outlining our justification, our internal complaints procedure and your right to complain to a supervisory authority and to enforce your rights through a judicial remedy. 

8.1 Your Right of Access 

You have the right to request and receive copies of the personal information we hold that directly relates to you. This right is applicable at all times; however, due to exemptions within the legislation, you may not always receive all the information we process. If this is applicable an explanation will be provided to you within our response. 

If you are requesting information on behalf of someone else we require you to provide proof that you are entitled to act on behalf of the data subject and will require written confirmation of this authority. If we are not satisfied you have the right to act as a delegated authority we reserve the right to refuse the request.

8.2 Your Right to Rectification 

You have the right to request that inaccurate information is rectified and incomplete information completed. Please provide an overview of the information you wish to be rectified/completed. We may need to take certain steps to verify the accuracy of the new information before the change can be applied. 

8.3 Your Right to Erasure 

You have the right to request your personal information be deleted by us; however, this only applies in certain circumstances. To exercise this right, please provide us with an overview of the information you would like deleted and the reason for this.

If data cannot be physically deleted steps will be taken to ensure that the information is put ‘beyond use’ – for example anonymising or pseudonymisation. 

8.4 Your Right to Restrict Processing 

You have the right to request we restrict the processing of your personal information, however, this only applies in certain circumstances. To exercise this right please provide us with an overview of the information you would like restricted and your reasoning for this request. Processing of your personal data will not resume without you being notified that the restriction is to be lifted. 

8.5 Your Right to Object 

You have the right to object to us processing your data whereby we are processing your information for our legitimate interests. To exercise this right, please provide us with an overview of the information you are objecting to and your reasoning for this. 

You also have an absolute right to object to us using your data for direct marketing. You can exercise this right by: 

  • emailing – dataprivacy@mondas.co.uk 
  • Clicking the unsubscribe link within emails 

8.6 Your Right to Data Portability 

You have the right to request us to transfer the information you have provided to us to another organisation or you directly. This right only applies if we are processing information based on your consent or in regards to a contract and the processing is automated. 

8.7 Your Right to Automated Decision Making and Profiling 

If automated decision making and profiling have been used you have a right to obtain human intervention and challenge a decision made as a result of this process. 

8.7.1 Profiling

Mondas may use direct or anonymised information to engage in data analysis, data matching and profiling activities for a variety of purposes, including, but not limited to:  

  • Website Activity (cookie history)
  • Business conduct  
  • Investigation and identification of fraud, money laundering and other potential unauthorised activities,  
  • Financial Viability analysis/reports  
  • Business partner/client portfolio position, performance, risk positions  
  • Anti-money laundering  
  • Tax reporting  
  • Credit defaulting / exposure 

If we obtain your information by consent you have the right to withdraw your consent at any time. 

9. Lodging a complaint 

If you are unsatisfied with how Mondas have handled your data or dealt with your request/complaint you have a right to raise this with the relevant Supervisory Authority and to seek to enforce your rights through a judicial remedy. 

UK 

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF 

Tel: 0303 123 1113 

Website: https://ico.org.uk/concerns/ 

The ICO currently recommends you contact them within 3 months of your last contact with us and advises you contact them once the companies complaints process has been exhausted.

10. Version Control 

This Notice is a live document and can be updated at any time therefore it is recommended you regularly review to ensure you remain informed. 

September 2021