Mo-Sys Privacy Policy
Mo-Sys Holding Ltd Privacy Notice
We are Mo-Sys Holding Ltd, a company registered in England and Wales with a company number 11842783, we are a Data Controller and will be responsible for your personal data. This privacy notice has been designed to inform data subjects of Mo-Sys Holding ltd. and all It’s subsidiaries how we collect and process your personal data, why this data is collected and inform you of your privacy rights.
You can contact us in any of the following ways:
By phoning us on +44 208 858 3205;
By emailing us on dpo@mo-sys.com; or
By writing to us at Mo-Sys Holding, Thames Bank House, Tunnel Avenue, London, SE10 0PA, UK.
We may update this privacy notice from time to time, this version was last updated on 28th October 2024.
1. Key Definitions
Data Controller is the organisation or person responsible for deciding how personal information is collected, stored, and used.
Data Processor is an organisation or person that the Data Controller may appoint to carry out certain tasks on their behalf involving personal information.
Personal Information is information that can be used to identify any living individual, this does not include information that has been made anonymous.
Special Information requires extra protection under data protection law. This category of personal information is classed as sensitive and includes information relating to health, racial and ethnic origin, political opinions, religious and similar beliefs, trade union membership, sexual orientation. Genetic and biometric information would also be included.
ICO Information Commissioners Office is the supervisory authority for data protection in the UK.
2. Details of Personal Information we collect, Use and Why
We collect the following information to Provide Services and goods, including delivery:
- Identity Information: Name, job description
- Contact Details: Address, email and telephone number
- Payment Information
We collect the following information for the operation of registered customer accounts and guarantees:
- Identity Information: Name, job description
- Contact Details: Address, email and telephone number
- Purchase History
We collect the following information for service updates or marketing purposes:
- Identity Information: Name, job description
- Contact Details: Address, email and telephone number
- Marketing Preferences
- Location Data
- Purchase or viewing history
- IP addresses
- Website user journey information
We collect the following information for customer satisfaction surveys:
- Identity Information: Name, job description
- Contact Details: Address, email and telephone number
- Marketing Preferences
- Purchase history
We do not collect or store any special information about you.
3. Lawful bases
UK data protection law stipulates that we must have a “lawful bases” for collecting and using your personal information. You can find out more information about lawful bases here on the ICO website.
Our lawful bases for collecting or using personal information to Provide services and goods are:
- Contract: We have to collect and use this information so we can enter into and carry out a contract with you, including the delivery of goods and services.
- Legitimate Interest: We have determined that collecting and using this information benefits you or our organisation and the benefit outweighs any potential risk. For this purpose, our legitimate interest is to enable us to provide the best service possible by simplifying any future orders, internal accounting processes and customer support.
Our lawful bases for collecting or using personal information for the operation of registered customer accounts and guarantees:
- Contract: We have to collect and use this information so we can enter into and carry out a contract with you, including the delivery of goods and services.
- Consent: After providing you with all the relevant information, we have been given your permission.
- Legitimate Interest: We have determined that collecting and using this information benefits you or our organisation and the benefit outweighs any potential risk. For this purpose, our legitimate interest is to enable us to provide the best service possible by simplifying any future orders, internal accounting processes and customer support.
Our lawful bases for collecting or using personal information for service updates or marketing purposes:
- Consent: After providing you with all the relevant information, we have been given your permission. You have the right to withdraw your consent at any time.
- Legitimate Interest: We have determined that collecting and using this information benefits you or our organisation and the benefit outweighs any potential risk. For this purpose, our legitimate interest is that we believe a product or service we offer would be of relevant interest to you and your industry.
Our lawful bases for collecting or using personal information for customer satisfaction surveys:
- Consent: After providing you with all the relevant information, we have been given your permission. You have the right to withdraw your consent at any time.
Legitimate Interest: We have determined that collecting and using this information benefits you or our organisation and the benefit outweighs any potential risk. For this purpose, our legitimate interest is to determine whether any changes can be made to improve your experience as a customer.
4. Where we get this personal information from
Directly from you: We collect your identity information, contact information, payment information directly from you when you complete our customer registration form, purchase goods or services from us or contact us by email, phone, website contact form, in writing or otherwise. This includes information that you provide to us when subscribing to our mailing list.
Third parties or publicly available sources: We may receive some of your personal information from third parties such as market research organisations and providers of marketing lists. We may also collect your information from publicly available sources such as Linked In.
5. How long we keep personal information
We will only store your information for as long as necessary to fulfil the purpose for which the information was collected. We will retain personal information in accordance with our data retention policy and schedule.
Retention schedule:
Record | Retention Period |
Invoices and Purchase Orders | 7 years post sale |
Return merchandise authorisation | 5 years post completion |
Customers registered accounts | 6 years post last activity |
Email records | Archive 1 year | Remove 6 years |
Mailing lists to current customers | End of customer relationship |
Mailing list to potential customers | 1 year post campaign |
A full copy of the Mo-Sys Holding Data Retention policy can be requested using the contact details listed at the beginning of this notice.
6. Who we share personal information with
We may need to share your personal information with other organisations or people. These organisations include:
- Other companies within the Mo-Sys Holding group who may act as joint Data Controllers or as Data Processors, these companies will only receive information as required to fulfil an order or provide a service
- IT and System Administrators, in order to process data for the purpose of creating and distributing documentation related to a purchase or agreement or distribute marketing materials
- Professional or legal advisors
- Relevant regulatory authorities such as HMRC
- Organisations we’re legally obliged to share personal information with
7. Sharing information outside of the UK
Only where necessary, we may transfer personal information outside of the UK. When doing so, we will ensure compliance with UK GDPR and make sure all appropriate agreements and safeguards are in place to protect your personal data. For further information on data transfers outside of the UK, please contact us using the contact information listed at the beginning of this notice.
8. Your data protection rights
Under UK data protection law, you have certain rights in relation to your personal information which are set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO website
- Your right of access: You have the right to request copies of your personal information that we hold, also known as a Subject Access Request (SAR). You can also request details about where personal data has come from and who it is shared with.
- Your right to rectification: You have the right to ask us to correct or delete personal information you believe to be inaccurate or incomplete.
- Your right to erasure: You have the right to ask us to delete your personal information.
- Your right to restriction of processing: You have the right to ask us to limit how we use your personal information.
- Your right to object to processing: You have the right to object to the processing of your personal data.
- Your right to data portability: You have the right to request a transfer of the personal information you have provided to us to another organisation or to you.
- Your right to withdraw consent: When we use consent as our lawful basis, you have the right to withdraw consent at any time.
To exercise any of the above data protection rights, please make a request by contacting us using the contact details listed at the beginning of this notice. If you choose to make a request, we must respond to you without undue delay and in any event within one month.
9. How to complain
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the beginning of this notice.
If you remain unhappy with our response and how we have used your data, you can also complain to the ICO.
ICO address: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website: https://ico.org.uk/make-a-complaint
