We care about your privacy.

We want you to know that when you use our organisation you can trust us with your information. We are determined to do nothing that would infringe your rights or undermine your trust. This Privacy Notice describes the information we collect about you, how it is used and shared, and your rights regarding it.

We are registered with the Information Commissioner’s Office (ICO) as a Data Controller for the personal data that we hold and process. Our registered address is First Floor, 58 Howard Street, Belfast, BT1 6PJ. Our ICO registration number is ZA898501 and our Data Protection Lead (DPL) is James Nesbitt. Our Data Protection Lead can be contacted at hello@mythdigital.co.

Privacy Notice for Myth Digital Ltd

We want you to know that when you use our organisation you can trust us with your information. We are determined to do nothing that would infringe your rights or undermine your trust. This Privacy Notice describes the information we collect about you, how it is used and shared, and your rights regarding it.

Data Controller

Data Collection

All or the vast majority of the information that we hold about you is provided to us by yourself when you seek to use our services, or you are employed by us or work within various capacities. We will tell you why we need the information and how we will use it.

Personal data is any information that can be used to identify an individual, and it can range from the most basic of details such as contact information through to more complex data.

Identification can be by the information alone or in conjunction with any other information. The processing of personal data is governed by both the UK- General Data Protection Regulation (the GDPR) and the Data Protection Act 2018.

However, not all personal data is considered equal. There are two different categories: 'personal data' and 'special categories of personal data'.

We collect and process both personal data and special categories of personal data as defined in the GDPR. This includes:

Personal information, including names, dates of birth, and personal contact details;
National Insurance details;
Financial details such as financial status and bank details;
Records of goods and services relevant to the business;
Records of education, training and employment;
Photographs;
Device IP address;

Sensitive and special data including:

- Information about your health, including any medical condition, health and sickness records; and
- Nationality contained within your passport.

How Do We Collect Information?

We collect data about you in a variety of ways and such as when we undertake a recruitment exercise, throughout the course of your employment, when you request a quote, request a product guide or place an order for our services. We also collect information when you voluntarily complete customer surveys and provide feedback. Website usage information is collected using cookies.

We may also obtain information from third parties such as recruitment agencies and employment referees.

We comply with our obligations under the GDPR:

by collecting and retaining only data necessary to pursue our legitimate business interests;
by ensuring that appropriate technical measures are in place to protect personal data;
by keeping personal data up to date;
by storing and destroying data securely.

We use your information to:

Process information necessary for the provision of employment;
Provide products, services, quotations, and information;
Process or support payments for products and services;
Improve our products and services;
Maintain the safety, security and integrity of our services;
Direct your enquiries to the appropriate customer support staff;
Investigate and address your concerns;
Communicate with you about products, services, promotions, studies, surveys, news, updates and events;
Make statutory returns as required by law;
Complying with health and safety obligations;
Respond to requests for references;

Or as otherwise required or permitted by law.

Automated Decision-making

We do not use automated decision-making in the processing of your personal data.

Our Lawful Basis for processing your information

The General Data Protection Regulation (GDPR) requires all organisations that process personal data to have a Lawful Basis for doing so. The Lawful Bases identified in the GDPR are:

Consent of the data subject
Performance of a contract with the data subject or to take steps to enter into a contract
Compliance with a legal obligation
Compliance with a legal obligation
To protect the vital interests of a data subject or another person
Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
The legitimate interests of ourselves, or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.

Examples of legitimate interests include:

Where the data subject is a client or in the service of the controller;
Transmission within a group of undertakings for internal administrative purposes;
Processing necessary to ensure network and information security, including preventing unauthorised access;
Processing for direct marketing purposes, or to prevent fraud; and
Reporting possible criminal acts or threats to public security.

Our Lawful Basis is for the performance of a legal contract, legitimate Interest and consent.

Legal Contract

We are required to process personal information to enter into and fulfil various obligations for contracted services or relating to employment contracts.

Legitimate Interest

We will rely on the legitimate interest of our company when processing information for the purposes set out above to include the management, administration and operation of our company, for all business development and marketing purposes, to conduct all employment functions and obligations, to comply with all regulatory functions required by professional regulators.

Consent

On occasion we may rely upon your consent particularly in relation to our marketing activity. At all times you retain the right to withdraw your consent. Where we have relied upon your consent and you opt to withdraw it this does not invalidate our lawful basis for processing data historically.

Special category processing

If we are processing special categories of data such as medical records pertaining to our employees or passport details, we are entitled by law to do so where it is necessary for the purposes of employment law and to support individuals with a particular disability or medical condition. We may also obtain your consent to process this type of data.

We may share your personal data with:

Third party providers for employment purposes such as payroll, pension provider etc.
Third party service providers such as our accountants and Digital Ocean etc;
Business Partners;
Our legal advisors in the event of a dispute or other legal matter;
Law enforcement officials, government authorities, or other third parties to meet our legal obligations; and
Any other party where we ask you and you consent to the sharing.

Transfers to third countries and international organisations

We transfer personal data outside of the UK to a third-country within the EEA. We have satisfied ourselves that such transferred data is fully protected and safeguarded as required by the UK- General Data Protection Regulation and the EU-General Data Protection Regulation.

Retention of Data

We retain your personal data while you remain an employee, client, prospective employee or client, unless you ask us to delete it. Our Retention and Disposal Policy (copy available on request) details how long we hold data for and how we dispose of it when it no longer needs to be held. We will delete or anonymise your information at your request unless:

There is an unresolved issue, such as claim or dispute;
We are legally required to; or
There are overriding legitimate business interests, including but not limited to fraud prevention and protecting customers' safety and security.

Your Rights

The General Data Protection Regulation gives you specific rights around your personal data. For example, you have to be informed about the information we hold and what we use it for, you can ask for a copy of the personal information we hold about you, you can ask us to correct any inaccuracies with the personal data we hold, you can ask us to stop sending you direct mail, or emails, or in some circumstances ask us to stop processing your details. Finally, if we do something irregular or improper with your personal data you can seek compensation for any distress you are caused or loss you have incurred. You can find out more information from the ICO’s website https://ico.org.uk/your-data-matters/ and this is the organisation that you can complain to if you are unhappy with how we deal with you.

Accessing and Correcting Your Information

You may request access to, correction of, or a copy of your information by contacting us at hello@mythdigital.co

Marketing Opt-Outs

You may opt out of receiving emails and other messages from our organisation by following the instructions in those messages.

Cookies

Cookies are small text files that are stored on your browser or device by websites, apps, online media, and advertisements.

Myth Digital Ltd will not use cookies to collect personally identifiable information about you. You can use your browser settings to restrict or block cookies set by our website. If you decide you wish to do this simply use the help function in your browser. If you do decide to restrict or block cookies this may impact the functionality of our website. For a more comprehensive guide visit www.aboutcookies.org. If you want to delete cookies on a mobile phone refer to your handset manual.