PRIVACY NOTICE

M and H Media Ltd takes copyright and data protection very seriously. All of the business related content on these pages we create ourselves and unless stated otherwise is ©M and H Media Ltd. All Rights Reserved.

We do use third party images from time to time, and when we do so, we always ask for permission.

Who We Are:

M and H Media Ltd is UK business specialising in delivering events and publications to the museums and heritage sector. This privacy statement outlines why we collect personal data, how we use it, keep it safe and the rights of those whose data we hold.

Why we collect data:
We collect, store and process personal data of clients, potential clients, employees and our suppliers for the purposes of fulfilling our contractual and legal obligations and responsibilities.

How we use personal data:
We use personal data to fulfil our contractual obligations with clients, employees and our suppliers. Personal data of individuals who we provide services for, or on behalf of our clients is used to maintain our relationship and to deliver our events, publications and services.

We will only send you newsletters if you have actively consented to us doing so (e.g. you have registered to attend one of our events or opted to join our mailing list). Individuals signed up to our mailing list can withdraw their consent at any point by unsubscribing from the email or by contacting us at [email protected]

What personal data do we collect?
• Exhibitors, guests and visitors and suppliers on our events: we collect personal data (name, contact details, job title, organisation) for the purposes of fulfilling our services.
• Employees: we collect personal data (name, date of birth, contact details etc). Additional data collected (e.g. financial, pensions etc) is collected for the purposes of processing payroll and our pension obligations.
• We also collect emails and names from people subscribing to our mailing list.
We use standard WordPress statistics which record visitor numbers and their country of origin.

Our legal process for processing personal data
Under the Data Protection Act 1998 and subsequent successor legislation, including but not restricted to the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, organisations are required to have a legal basis for processing personal data. The legal basis we use for processing data are:
• Legitimate interests for the purposes of fulfilling our business activities and the provision of our services.
• Contractual basis for the purposes of fulfilling our obligations to M and H Media Ltd employees, our suppliers and clients.
• Legal obligations for purposes of fulfilling our statutory obligations, including our pension provisions to our employees.
• On the basis of consent when people opt into our mailing list.

How Long Do We Keep Data?

We store and retain personal data for various periods of time in line with our legal obligations, financial regulations and internal requirements.

How We Keep Data Secure

Access
We have robust processes, procedures, contracts and agreements in place to ensure secure collection, storage and processing of personal data. Only authorised employees and third party data processors (e.g. those who process data on our behalf) have access to personal data we hold.

Security
Personal data is stored securely on our network, on encrypted devices (iPads, laptops, smart phones etc) and within third party systems (e.g. bulk email distribution platform) whose tools we use to process data.

International transfer of data
Prior to engaging or using third party systems to process data, we ensure that sufficient safeguards, contracts/agreements are in place to protect personal data and that all parties comply with the requirements of the Data Protection Act 1998 and subsequent successor legislation, including but not restricted to the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. For example, where data may be transferred outside of the European Economic Area (EEA) to the United States (e.g. if a third party uses multiple servers to back up data), we will ensure that the third party is registered under the EU-US Privacy Shield, such as DropBox which ensures adequate protection of data.

Who We Share Data With:

In line with our legal obligations we share personal data about employees with HMRC, pensions providers and payroll services. We will also share data with appropriate authorities (e.g. police, law enforcement agencies and other parties) where we have a legal obligation. For example, for the detection and prevention of fraud, or where data is required in relation to a criminal offence.
We do not sell or share data with any other third parties other than those listed above and where we use a third party to securely process our data on our behalf.

Your Rights:

Under the Data Protection Act 1998 and subsequent successor legislation, including but not restricted to the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, you have the following rights:
• The right to request access to the data we hold about you. This is known as a Subject Access Request
• The right to have incorrect data rectified or incomplete data completed
• The right to have data erased (also known as the right to be forgotten)
You can make a request at any point by email [email protected]. We will respond to a request within one month of receipt. However, where a request is received to erase data, we may not be able to delete all data (for example where data is linked to financial transactions that must be kept for a set period of time under financial regulations).

Complaints:

If you would like to find out more about how we process data, or if you would like to make a complaint, please contact us at [email protected]

You also have the right to complain to the Information Commissioner’s Office if you feel that your data had been processed in a way that is not compliant with this policy or in line with the Data Protection Act 1998 and subsequent successor legislation, including but not restricted to the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. You can contact the ICO by visiting their website or by calling 0303 123 1113.