Maximillion observes all aspects of the General Data Protection Regulations (GDPR) and on request will provide information to Customers in a transparent and honest manner about how their data is used, processed and secured by Maximillion. Hard copy data and data held on computer systems are both covered by the GDPR.
As required by the GDPR, Maximillion respects the rights of all Customers to have their data kept confidential. Maximillion will only process Customers data when there is a genuine administrative basis to do so, eg sending contracts, invoices and processing payments.
The data held will be stored securely, details will be kept to a minimum, Maximillion will take all possible measures to ensure that the details held are accurate and information will be retained for no longer than the details are relevant.
Data held by Maximillion on its Customers will only be accessed by a Director, Manager or authorised third party and the information will be kept confidential.
A Customer has the right to ask for access to the data held by Maximillion. Customers have the right to challenge the accuracy of such data and to have incorrect data amended or deleted from Company systems or records. A response to a request to access personal data will be provided by Maximillion within 30 days of the request being made in writing, or within 90 days if the request is particularly complex.
Under the GDPR, Customers have the right to be “forgotten” and for their data to be deleted. This can apply in circumstances when:
- the data is no longer necessary for the purpose for which it was collected;
- consent to processing the data has been withdrawn where Maximillion has previously relied on the Customer’s expressed or implied consent to process the data;
- the data collected is in breach of the GDPR;
- the data needs to be deleted to comply with a legal obligation;
- a customer objects to the processing of the data and that Maximillion has no compelling reasons for refusing to delete the Customers data.
Maximillion’s Manging Director is the Data Controller and is responsible for how Customer’s personal data is collected, how Maximillion uses the data and how it maintains the security of Customer’s data. Requests to access data should be referred to the Data Controller in writing.