About this Policy
Here at Madgex, we are committed to protecting the privacy and security of your personal information. This policy explains what we collect, how and why we collect it, how we use it and how it is protected.
This policy was last updated on May 24th 2018. We may change the policy from time to time so please revisit this page to ensure you’re still happy.
Who we are
We’re Madgex, the market-leading career technology and solutions provider and we’re formed of Madgex Ltd operating from the UK and Toronto and Madgex Inc operating from the USA.
How do we collect information from you?
The information you provide voluntarily
What information are we collecting?
You’ll see when you complete one of the forms on our website that we’re asking for your credentials for access to cloud-based third-party storage platforms, specifically Dropbox, OneDrive and/or Google Drive on your behalf.
How do we use that information?
We use the information you provide to enable you to easily access cloud-based third-party storage platforms, specifically Dropbox, OneDrive and/or Google Drive, in order to then allow you to select file(s) which may then be uploaded to our platform at your request.
If you have expressly agreed to our use of your personal information, the lawful basis of our processing of your information will be consent, unless one of the above also applies.
If you have any questions about the lawful basis on which we are processing your personal data, please contact us.
Will we ever share your information?
Sharing with third parties
We may need to disclose your personal information to third parties (provided that they are bound by appropriate obligations to safeguard your information) as follows:
- To our employees, officers, insurers, professional advisors, agents, suppliers or subcontractors to the extent that it is reasonably necessary to do so for the above permitted purposes;
- If we are required to do so by law or in any legal proceedings;
- If we need to for fraud prevention or to protect the rights, property or safety of us, our customers or others.
- To third parties wishing to purchase our business or assets.
We will not share your personal information with third parties for the purposes of further marketing. We’re good like that.
Where are we storing your data?
Our main hosting data centres are located in the EEA, currently in London (UK) and [other hosting regions].
Transfers to third countries and safeguards
We are an international business with a global customer base. We may need to transfer personal information between any of the countries we operate in and to our suppliers and subcontractors in other countries. We do not transfer any data to third counties or international organisations unless they are deemed by applicable law to have adequate privacy protection or recognized legal mechanisms are in place to ensure adequate protection of your information (e.g. EU Model Contract Clauses or EU-US Privacy Shield or Swiss-US Privacy Shield frameworks).
How do we protect your information?
We take Data Security very seriously, in fact, we pride ourselves on it.
We restrict access to personal information to our employees, contractors and agents on a need-to-know basis and ensure that they are subject to contractual confidentiality obligations and may be disciplined or terminated if they fail to meet those obligations.
We will only ever work with trusted third parties having first completed due diligence to ensure they also enforce an adequate level of data security to protect your information.
We have multiple layers of security in place to protect the security of our clients and their clients’ information. Details of these measures may be provided upon request.
How long do we hold your information for?
We will endeavor not to keep your personal information for longer than necessary. We will delete your data on request, according to the Erasure section below. Subject to this, your information is retained and deleted as follows:
- We will delete information provided by you through one of our web forms after 5 years by default.
- We will delete information gathered through lead generation research after 5 years by default.
- We may need to retain certain information for reasonable business purposes (e.g. accounts information, unsubscribe records, information needed to prevent identity theft, legal disputes and misconduct) even if deletion has been requested. Normally this information will be deleted after 5 years by default unless we have a legitimate reason to retain it for longer.
- We may also need to retain information by law or in relation to pending or prospective legal proceedings, in which case we will normally retain it for the length of our contract plus 7 years thereafter.
What are your rights?
We regard the principles of GDPR as the gold standard in Data Protection and therefore will extend the rights outlined below to all our global contacts, regardless of whether you’re within the territorial scope of GDPR.
You have several rights as a data subject as summarised below:
You have the right to obtain confirmation as to whether your personal information is being processed by us and, if it is, to access your information and details of how we process it, as long as this does not adversely affect the rights and freedoms of others.
We will rectify any errors in the personal information we hold on request.
In addition to any Madgex functionality that enables you to delete information, you may ask us to erase your personal information from our systems in the following situations:
- The information is no longer necessary in relation to the purpose for which it was collected;
- You withdraw your consent on which the processing is based and where there is no other legal ground for the processing;
- You object to the processing and there are no overriding legitimate grounds for the processing;
- The information has been unlawfully processed;
- The information has to be erased for compliance with a legal obligation to which we are subject.
- Right to restrict processing: You have the right to restrict our processing on specified grounds.
Where you have asked us to rectify, erase or restrict processing of your information, we shall communicate the same to each recipient to whom your information has been disclosed, unless this proves impossible or involves disproportionate effort, in which case we shall let you know.
You have the right in specific circumstances where processing is based on consent to receive your information in a structured, commonly used and machine-readable format and have the right to transmit the information to another controller without hindrance, provided that our processing is carried out by automated means.
Right to object:
In certain circumstances you have the right to object to our processing of your information, including in relation to profiling, direct marketing or scientific or historical research purposes.
Automated individual decision making:
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you unless this is necessary for our contract, is authorised under applicable law or is based on your explicit consent.
How can I exercise my rights?
If you would like to exercise any of these rights, please email, call or write to us using the contact details below.
We will require additional information from you so that we can correctly verify your identity.
For more information about the circumstances in which these data subject rights apply, see the guidance provided by your local regulatory authority, for example in the UK;
Complaining to the regulator
We hope we can help you to resolve any query or concern you have over the use of your information, however the General Data Protection Regulation also gives you the right to make a complaint with your local supervisory authority where any alleged infringement of data protection law has occurred.
The supervisory authority within the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone at 0303 123 1113 or other channels as updated at https://ico.org.uk/global/contact-us/.
What happens if a data breach occurs?
Whilst we endeavour to keep your personal information safe, we have an internal investigation procedure in case of data protection security breaches.
In the event of data theft, we may suspend access to our servers, emails and online systems and take other urgent steps to prevent further unauthorized access to information.
If we believe that our data has been compromised, we will report the issue to the Information Commissioner's Office (ICO).
We will notify you without delay if we believe a data breach is likely to result in a significant risk to your rights and freedoms. Any notification will describe in clear and plain language the nature of the personal data breach and contain all required information.
The types of cookies we use on the site are:
These are important to make the website function properly and aren’t involved in tracking. These allow us to ensure our web servers can scale and serve you with the content in an efficient manner.
Some people find the idea of a website storing information on their computer or mobile device intrusive. If preferred, it is possible to block some or all cookies or even to delete cookies but, as we’ve explained above, cookies help you to get the most out of our website. Blocking or removing cookies may have a negative effect on the user experience of the site.
If you do wish to disable cookies, you can find information on how to do this with your browser here.
Madgex as data processor
Changes to this Policy
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates.
We may also notify you in other ways from time to time about the processing of your personal information.
Please contact us if you have any questions regarding this privacy notice or the information we hold about you.
You can send us an email at firstname.lastname@example.org, or visit our Contact page for your relevant local mailing address and contact phone numbers.
Our Data Protection Officer services are provided by Advent-IM, Unit 5, Coombswood Court, Steelpark Rd, West Midlands, UK B62 8BF.