The EU General Data Protection Regulation (GDPR) which forms part of the Data Protection Act 2018, which is enforceable from 25 May 2018, provides new rights to individuals and requires organisations to provide information about their processing in a clear and transparent way.
We published version 2 of our Privacy Statement on 24th May 2018 to take into account new requirements and to explain how we collect, store and use personal data. When we refer to “we”, “us” or “our” in this Statement we mean Mesma Limited.
Mesma Limited is a company specialising in quality assurance for schools, further education, and training. We provide consultancy advice and guidance to organisations as well as online quality assurance software. Our company registration number is 07641449.
This Privacy Statement applies to personal data collected and processed by Mesma Limited; whose registered address is 27/28 Frederick Street, Sunderland, Tyne and Wear, SR1 1LZ
We endeavour to comply with the Data Protection Act 2018, the EU General Data Protection Regulation (GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (amended) and other relevant legislation.
How to contact us
If you have any questions or require any further information regarding this Privacy Statement or would like to contact us about any other matter, please use the following contact information:
Tel: 0845 6588370
Ways we collect personal data
We collect personal data in the following ways:
When you provide your contact details to us when requesting information about our products or services, either via the telephone,email, our online enquiry forms or face-to-face. When you or your company registers you as a user of Mesma Software either on a trial or as licensed user. When you download Mesma resources from our website. When you register as a subscriber to our updates or newsletters. When you register to attend one of our events or webinars. Via openly available public sources (e.g. LinkedIn, Ofsted, UK Register of Learning Providers or company websites).
The types of personal data we collect
The personal data we routinely collect includes:
Full name, Email Address, Postal address, Job title, Company name, Business telephone numbers including mobile numbers which are being used for business purposes.
We do not collect any special categories of personal data, as defined under the GDPR. Our products and services are not aimed at children.
The legal basis on which we rely are:
Contract / agreement
This will usually be when you have signed a contract or agreed for us to process your information on the grounds that we will provide you with a service.
Our legitimate interests are to communicate with individuals to keep them informed, to grow our business e.g. telemarketing, B2B, email marketing.
Any legitimate interests pursued by us, are as follows:
Promoting our products
Product upgrades and updates to new or existing customers
The legitimate interests specified above are related to the products and services you currently use, products and services provided by Mesma that you don't currently use or products and services that would be of interest to your company, the sector you operate in or the job role you hold.
Further information on legitimate interest can be found here.
Changing your mind
You can change your mind and prevent us from sending these at any point by clicking on the unsubscribe link on any email you receive from us. Alternatively, you can unsubscribe by emailing firstname.lastname@example.org
We use third-party providers to help us deliver our service
We take care to only collect only the necessary information to provide access to the service, for example, Name, email address and telephone number. We do not sell client data to any third parties unless otherwise agreed through a contractual agreement.
Visitors to our website
When someone visits www.mesma.co.uk we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way, which does not identify anyone. We do not make and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be upfront about this. We will make it clear when we collect personal information and will explain what we intend to do with it. For more information http://www.google.com/intl/en/policies/privacy/
We may gather information about your general internet use by using the cookie.Where used, these cookies are downloaded to your computer and stored on the computer’s hard drive. Such information will not identify you personally. It is statistical data. This statistical data does not identify any personal details whatsoever
You can adjust the settings on your computer to decline any cookies if you wish.This can easily be done by activating the reject cookies setting on your computer.
We use Mailchimp, to deliver our e-newsletter and some of our email campaigns. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter. For more information, please see http://mailchimp.com/legal/privacy/
We use WordPress.com, to publish our website. These sites are hosted at WordPress.com, which is run by Automattic Inc. We use a standard WordPress service to collect anonymous information about users' activity on the site, for example, the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. For more information, please see https://automattic.com/privacy/
When someone emails us we host our emails on a third party service; Microsoft 365. Any email sent to us, including any attachments, may be monitored and used by us for reasons of security.Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law. For more information https://privacy.microsoft.com/en-gb/privacystatement
Microsoft Azure is a cloud-based hosting solution which we use to host our Mesma Software. https://privacy.microsoft.com/en-us/PrivacyStatement.Client data may be processed by us as a result of our client’s use of the services when our client or their end-users input or upload information into the relevant service (platform/portal/environment). We will use this information to contact you in order to perform the services or in relation to the products and services provided to you; this may include system upgrades and new associated products.
Pre October 2019 - We use ZOHO, to support our customer relationship management system. We have to hold the details of any prospective and current clients and people who have requested information about the service we provide. https://www.zoho.com/privacy.html
Since October 2019 - We use Hubspot, to support our customer relationship management system. We have to hold the details of any prospective and current clients and people who have requested information about the service we provide. https://legal.hubspot.com/privacy-policy
We use Intercom to communicate with our Mesma Software users. We gather the information directly from our clients Mesma platforms. This communication is likely to include system updates or products and services that would be of interest to your company. https://www.intercom.com/help/en/articles/1385437-how-intercom-complies-with-gdpr
We use XERO to help us process our invoices and payments. However, we only use the necessary name, email address and telephone number of individuals used to process payments. https://www.xero.com/uk/about/legal/privacy/
We use Eventbrite to promote, sell and manage our courses and events. We collect minimal contact information to ensure we can communicate the details of our courses and events. https://www.eventbrite.com/support/articles/en_US/Troubleshooting/eventbrite-privacy-policy?lg=en_US
We use GoTo products to delivery online meetings and webinars. We collect minimal contact information to ensure we can communicate the details of our events.
We use Zoom products to delivery online meetings and webinars. We collect minimal contact information to ensure we can communicate the details of our events.
People applying for job applications, current and future Mesma employees and associates
When individuals apply to work at Mesma Limited, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Criminal Records Bureau we will not do so without informing them beforehand unless the disclosure is required by law.
Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
Once a person has taken up employment with Mesma Limited, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with Mesma Limited has ended, we will retain the file for 12 months or longer if stipulated under legislation.
Your legal rights
You have a number of rights under data protection law, which have been strengthened under the General Data Protection Regulation (GDPR). For further information about any of these rights, please visit the Information Commissioners Office website.
Access: You have the right to access the personal data we may hold about you and the purposes for which we are using it. We may ask for proof of your identity. On receipt of such a request, we will endeavour to respond to you as soon as possible, at most within one calendar month.
Rectification: You have the right to request that we amend any personal data which is incorrect or requires updating.
Erasure: You have the right to request that we delete any personal information pertaining to you. We will assess any deletion request on a case by case basis and will endeavour to respond to you as soon as possible, at most within one calendar month. If you have authored any content on the DPN and would like this to be deleted, please let us know.
Right to restrict processing – you have the right to ask us to restrict processing of your data. We will look at any request and inform you of our decision within 28 days of receiving the request.
Right to object – you have the right to object to our processing of your personal data based on (i) legitimate interests, or for the performance of a task in the public interests/exercise of official authority (including profiling); (ii) direct marketing (including profiling); and (iii) for purposes of scientific/historical research and statistics.
If you would like to exercise any of these rights, if you are concerned about the manner in which we have collected and used your personal data, please contact us using the contact details below and we will do our best to help.
If you are concerned about the manner in which we have collected and used your personal data, please contact us using the contact details above – we will do our best to help. If you are unhappy with the way in which we have handled your personal data you have the right to contact the Information Commissioner’s Office.
Disclosing your Information
In the event that we sell any or all of our business to the buyer.Where we are legally required by law to disclose your personal information. To further fraud protection and reduce the risk of fraud.
How long we store your personal data for
We will keep your information in connection with the services for which it was collected for an appropriate period of time. Data stored on Mesma software will be retained as per terms and conditions of the contract. In terms of personal data we use for marketing, we will keep this data for as long as we are able to market to you and if you withdraw your consent or opt-out of marketing communications, we will keep your contact details only to ensure that we do not contact you again for marketing purposes.
External Links on Websites
Please remember that if you use a link to go from our websites to another website, or you request a service from a third party, this Privacy Statement will no longer apply once you have left this website. Your browsing and interaction on any other website is subject to that website’s own rules and policies.