Privacy Policy

This section sets out how we obtain or collect information about you from third parties.

Information received from third parties

We can often receive information about you from third parties. The third parties from which we receive information about you can include referrals and other organisations that we have a professional affiliation with.

It is also possible that third parties with whom we have had no prior contact may provide us with information about you.

Information we obtain from third parties will generally be your name and contact details but will include any additional information about you which they provide to us.

Legal basis for processing: necessary to perform a contract or to take steps at your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).

Reason why necessary to perform a contract: where a third party has passed on information about you to us (such as your name and email address) in order for us to provide services to you, we will process your information in order to take steps at your request to enter into a contract with you and perform a contract with you (as the case may be).

Legal basis for processing: consent (Article 6(1)(a) of the General Data Protection Regulation).

Consent: where you have asked that a third party to share information about you with us and the purpose of sharing that information is not related to the performance of a contract or services by us to you, we will process your information on the basis of your consent, which you give by asking the third party in question to pass on your information to us.

Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interests: where a third party has shared information about you with us and you have not consented to the sharing of that information, we will have a legitimate interest in processing that information in certain circumstances.

For example, we would have a legitimate interest in processing your information to perform our obligations under a sub-contract with the third party, where the third party has the main contract with you. Our legitimate interest is the performance of our obligations under our sub-contract.

Similarly, third parties may pass on information about you to us if you have infringed or potentially infringed any of our legal rights. In this case, we will have a legitimate interest in processing that information to investigate and pursue any such potential infringement.

In certain circumstances (for example, to verify the information we hold about you or obtain missing information we require to provide you with a service) we will obtain information about you from certain publicly accessible sources, both EU and non-EU, such as Companies House, online customer databases, business directories, media publications, social media, and websites (including your own website if you have one.

In certain circumstances will also obtain information about you from private sources, both EU and non-EU, such as marketing data services.

We will continue to send you marketing communications in relation to similar goods and services if you do not opt out from receiving them.

You can opt-out from receiving marketing communications at any time by emailing info@mapped.co.uk

Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interests: Sharing relevant, timely and industry-specific information on related business services.

If we receive information about you from a third party in error and/or we do not have a legal basis for processing that information, we will delete your information.

This section sets out how long we retain your information. We have set out specific retention periods where possible. Where that has not been possible, we have set out the criteria we use to determine the retention period.

Server log information: we retain information on our server logs for 3 months.

Order information: when you place an order for goods and services, we retain that information for seven years following the end of the financial year in which you placed your order, in accordance with our legal obligation to keep records for tax purposes.

Correspondence and enquiries: when you make an enquiry or correspond with us for any reason, whether by email or via our contact form or by phone, we will retain your information for as long as it takes to respond to and resolve your enquiry, and for 36 further month(s), after which point we will archive your information.

Criteria for determining retention periods

• the purpose(s) and use of your information both now and in the future (such as whether it is necessary to continue to store that information in order to continue to perform our obligations under a contract with you or to contact you in the future);

• whether we have any legal obligation to continue to process your information (such as any record-keeping obligations imposed by relevant law or regulation);

• whether we have any legal basis to continue to process your information (such as your consent);

• how valuable your information is (both now and in the future);

• any relevant agreed industry practices on how long information should be retained;

• the levels of risk, cost and liability involved with us continuing to hold the information;

• how hard it is to ensure that the information can be kept up to date and accurate; and

• any relevant surrounding circumstances (such as the nature and status of our relationship with you).

We take appropriate technical and organisational measures to secure your information and to protect it against unauthorised or unlawful use and accidental loss or destruction, including:

• only sharing and providing access to your information to the minimum extent necessary, subject to confidentiality restrictions where appropriate, and on an anonymised basis wherever possible;

• using secure servers to store your information;

• verifying the identity of any individual who requests access to information prior to granting them access to information;

• using Secure Sockets Layer (SSL) software to encrypt any payment transactions you make on or via our website;

• only transferring your information via closed system or encrypted data transfers;

Transmission of information over the internet is not entirely secure, and if you submit any information to us over the internet (whether by email, via our website or any other means), you do so entirely at your own risk.

We cannot be responsible for any costs, expenses, loss of profits, harm to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to transmit information to us by such means.

Your information may be transferred and stored outside the European Economic Area (EEA) in the circumstances set out earlier in this policy.

We will also transfer your information outside the EEA or to an international organisation in order to comply with legal obligations to which we are subject (compliance with a court order, for example). Where we are required to do so, we will ensure appropriate safeguards and protections are in place.

<< Page 2 | Page 4 >>