• 0161 8706668

    info@mtglobal.co.uk

  • 10:05 - 19:00

    Monday - Saturday

  • Head Office (UK)

    75A Crawley Rd Luton Beds

Privacy Policy

PRIVACY POLICY

Effective as of May 23, 2018 (the "Effective Date")

Policy Purpose

We at MT Global Limited are committed to protecting your privacy and this privacy policy sets out the use we make of any your information that we may obtain during the business relationship.

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, during the business relationship. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

A special note about children

We ask that persons under the age of 18 (which we treat as children and minors) refrain from using our Service or submitting any personal information to us. Persons under the age of 18 years are not eligible to use our Service and if we discover that someone under the age of 18 has registered a Profile with us, we will close it.

 

Data Protection.

Introduction the DPA regulates the processing of personal data. Its definition of personal data covers all information relating to identifiable living individuals which is held on computer, in another 'automatically-process able' format or in a manual filing system which is structured so as to facilitate access to information relating to particular individuals. (Information relating to companies and other “legal‟ persons is not caught). Its definition of processing covers any conceivable activity in relation to personal data, including collection, analysis, processing in the ordinary sense of the word, storage, disclosure, international transfer and deletion.

On a day to day basis we have to process personal data in various circumstances and in relation to various categories of individual. This Policy deals specifically with personal data collected in the context of the establishment and management of our customer relationships and the execution of transactions on the instructions of our customers (Customer and/or Transaction Management). It is important to remember that the DPA regulates processing of personal data relating to all individuals, not just relating to customers. Information relating to individual representatives of corporate customers, or to individuals (or individual representatives of corporate entity) elsewhere in a payment chain – for example, an ultimate payee or an individual representative of a payment institutions - is also protected by the DPA.

The UK Information Commissioner (the Commissioner) is responsible for enforcement of the DPA and has published a range of guidance on data protection issues, all of which is available on the Commissioner's

https://ico.org.uk/

Failure to comply with this Policy may constitute a serious disciplinary offence & could result in dismissal.

 

 

Data Protection Officer

the Company Nominated Officer (MLRO) is designated DP officer.

Employees with any questions about our Data Protection Policy or application circumstances you should consult the Data Protection Officer.

 

What we collect

You may give us information about you by filling in forms on our website or by corresponding with us by phone, e-mail or otherwise. This includes (but is not limited to) information you provide when you register with us, transfer money using our office or websites and when you report a problem with us.

The information you give us may include:

  • Name, address, job title and email address
  • Date of birth
  • Phone number
  • Financial and Source of Fund information
  • Payment reason
  • Geographic location
  • Copies of identification
  • Address proof

What we do with the information we gather

The main reason we use this information is to provide you with details about our products and services, but we (or third-party data processors, agents and sub-contractors acting on our behalf) may also use the information:

  • To help us perform our services
  • To communicate with you
  • To assess the risk of performing our services
  • To enable us to enforce our rights under our terms and conditions if necessary
  • To administer our Sites and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
  • To improve our products and services
  • As part of our efforts to keep our Sites safe and secure;
  • For promotional purposes including, without limitation, to share the personal data with businesses in our group and with selected third parties whom we believe have products or services that may be of interest to you
  • To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you
  • From time to time, we may also use your information to contact you for market research purposes

We may combine information we receive from other sources with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).

Where we store your personal data

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted [using SSL technology]. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Security, Accuracy and Data Deletion

We have in place appropriate technical and organizational security measures to protect the personal data that we process for Customer and/or Transaction Management purposes against unauthorized or unlawful processing and accidental loss, destruction or damage.

We identify the security measures that are “appropriate‟ in the context of our business. They must deliver a level of security which is appropriate to the nature of the data and the risks associated with unauthorized or unlawful processing and accidental loss, destruction or damage. We will take reasonable steps to ensure the reliability of our employees who have access to the data.

If any aspect of our processing of personal data for Customer and/or Transaction Management purposes is outsourced to a third-party service provider now or in the future, including the outsourcing of any wider function which includes the processing of personal data, we must:

  1. satisfy ourselves that the service provider will have appropriate technical and organizational security measures in place;
  2. ensure that the arrangement is governed by a written agreement which requires the service provider to process the data only on our instructions and imposes on the service provider obligations equivalent to our obligations; and
  3. while the arrangement is in place, take reasonable steps from time to time to ensure that the service provider is meeting its security obligations in practice.

We will take reasonable steps to ensure that the personal data that we process is accurate and, where relevant. Deleting of personal data will only take place when we no longer have need of it, given the purposes for which they were processed. This does not, for example, prevent us from keeping records containing personal data which may be relevant if there is a future dispute with a customer or another person, but it does require us to delete those records when a dispute is no longer a real possibility unless we have another legitimate purpose for continuing to keep the personal data.

 

Automated Decision-Taking

Whilst we do not use so-called “automated decision-taking” techniques for Customer and/or Transaction Management processes. Employees should not use such techniques except with the approval of the Data Protection Officer given on the basis of an assessment of the requirements of the DPA. The DPA's restrictions on the use of “automated decision-taking” cover systems which make decisions which significantly affect individuals solely on the basis of the automated processing of their personal data, without any human intervention

 

Registration

We maintain a registration with the Commissioner's office which covers our processing of personal data for Customer and/or Transaction Management (and other) purposes.

How long is your personal information retained?

We will only retain your information for as long as is necessary for providing our service to you, usually no more than 5 years after the end of the business relationship.

 

Rights of Individuals

Under the GDPR, individuals have:

  1. The right to access –this means that individuals have the right to request access to their personal data and to ask how their data is used by the company after it has been gathered. We will provide a copy of the personal data, free of charge and in electronic format if requested.
  2. The right to be forgotten – if consumers are no longer customers, or if they withdraw their consent from a company to use their personal data, then they have the right to have their data deleted. We will not use their data in further processing.
  3. The right to data portability – Individuals have a right to transfer their data from one service provider to another. And it must happen in a commonly used and machine-readable format.
  4. The right to be informed – this covers any gathering of data by companies, and individuals must be informed before data is gathered. Consumers have to opt in for their data to be gathered, and consent must be freely given rather than implied.
  5. The right to have information corrected – this ensures that individuals can have their data updated if it is out of date or incomplete or incorrect. We will update the information as informed.
  6. The right to restrict processing – Individuals can request that their data is not used for processing. Their record can remain in place, but not be used. We will not use their data for further processing, if requested.
  7. The right to object – this includes the right of individuals to stop the processing of their data for direct marketing. There are no exemptions to this rule, and any processing must stop as soon as the request is received. In addition, this right must be made clear to individuals at the very start of any communication.
  8. The right to be notified – If there has been a data breach which compromises an individual’s personal data, we will inform the individual within 72 hours of first having become aware of the breach.

You can always exercise your right at any time by contacting us at mahboob@mtglobal.co.uk

Security safeguard

The GDPR mandates company to take technical and organizational measures to achieve a level of security appropriate to the imminent risk. This has become more urgent in wake of increasing cybersecurity threat to organisations. We advocate tokenisation, encryption of data, constant assurance of confidentiality, integrity, availability, and resilience of processing system and services to comply with GDPR.

Our Privacy policy is embedded in the company’s design throughout its lifecycle.

Prompt notification in case of accident or breach.

The GDPR introduces mandatory security breach notification and requires administrative and technical safeguards for personal data to reduce identified risks and to prevent data breaches. The data subject is required to be notified without undue delay if the breach portends high risk to his rights and freedoms. Notification can be dispensed with if the data breach is unlikely to result in any risk to the data subject.

We will inform the supervisory authority of data breach incident within 72 (Seventy-two) hours of discovery. In addition, the company has an incidence response plan and trained its employee on how to respond.

 

Cross-border data transfer

  • The “flow of personal data from countries outside the EU and International organisations are necessary for the expansion of international trade and cooperation.” Being a money remittance company, our operations involve transfer of personal data of employees and clients across jurisdictions to manage our global workforce and ease operations as our processing is outsourced too but we have Binding corporate rules - our internal codes of conduct. We export personal data from the territory of the EU to other companies within our group located in third countries.

We also, follow following Steps for processing EU personal data to comply with GDPR:

  • We will ensure consent is freely given and data subjects must “opt-in” rather than “opt-out” of data collection schemes. We will utilise personal data strictly for the purpose of collection and keep it only as long as needed.
  • We will ensure security of personal data at rest and in transit with strong encryption. Tokenisation can be adopted to ensure safeguard.
  • We have developed a data security breach response scheme and comprehensive incidence response plan. We trained our employees on how to identify a breach in real-time and spot potential threat. The notification and report should be prompt.
  • We will review and regularly update our privacy policy, and other documentation and communications. Information provided in our privacy policy will always be easy to understand.
  • We will conduct privacy and data security audit. Carefully evaluate the existing data subjects’ data and processing activities and detect potential inconsistency with the GDPR.
  • We will regularly run compliance test before implementing a new technology. 
  • We will ensure Cross-border data transfer policy complies with the GDPR by our binding corporate rules.

How to contact us

If you have any questions about our Privacy Policy or your information, please contact us in writing to;

MT GLOBAL LIMITED

75A CRAWLEY ROAD LUTON LU1 1HX UK

NAME: MAHBOOB RASOOL         

EMAIL: MAHBOOB@MTGLOBAL.CO.UK

PHONE: 01582734444

 

MT Global Ltd is authorised and regulated by the Financial Conduct Authority under Registration Number 565567.

Registered as a Limited Company in England and Wales Company No: 05623359.