Data for which Memset is the Data Controller
Purpose and consent for collection
Memset collects, stores, processes or transmits this data in order to provide Services to Customers, and its personnel may include Data Subjects. This may include marketing of the Services, the processing of orders for Customers and customer support activities, or for the purposes of conducting corporate activities such as interacting with suppliers, job applicants or other interested parties. (Collectively, the ‘Scope’.)
By providing personal information to Memset® in any of the ways described in this policy, by instructing or authorising another party to provide such information or by entering into a contact with Memset that requires such processing, the Subject is agreeing that they are authorised to provide the information and that they accept this privacy policy and that Memset is authorised to process it.
Memset will collect a range of information about the Subject, either via activity via our website or emails, ticketing systems, telephone, in person or at trade shows. This information includes:
- Name
- Organisation
- Job title
- Address of employment
- Phone number
- Email address
- IP address
- Username
- Credit/debit card details
We will not collect sensitive categories of Subject data without their explicit consent.
Memset does not undertake any automated decision making relating to any Service activities except for third party fraud checking services that may automatically decline a credit or debit card transaction.
Memset will not collect data relating to minors as defined under UK law. Minors as defined by UK law are not permitted to use Memset Services or interact with us as a corporate entity.
Memset may from time to time contact the Customer via email regarding service related matters such as billing, account management and maintenance.
Data retention
We will keep your personal information for as long as you are a customer of Memset.
After you stop being a customer, we may keep your data for up to 10 years for the following reasons:
- To respond to any questions or complaints.
- To comply with the legal requirements.
Data transfers and the use of Data Sub Processors
Memset will not share Subject data with a third party not directly associated with the provision of services without their explicit consent. Memset will also not transfer Subject data to a third party country outside of the UK or EEA that is not compliant with the applicable data protection laws via adequacy agreement, Binding Corporate Rules or other legally appropriate means as defined by the Information Commissioners Office without their explicit consent.
Memset makes use of a number of third party organisations for the purposes of delivery of Services to the Customer.
Whilst the following list is not intended to be exhaustive, Memset typically only transfers the personal data relating to our customers, where required for the activities set out below, to the following third parties or Data Processors:
- Salesforce.com, Inc – Customer Relationship Management and marketing activities
- Everest Ltd – Colocation data centre hosting
- Mimecast Ltd – Email resilience and security
- Microsoft Ltd – Email and internal document management
- Sagepay – Accounting
- dotMailer Inc. – Provision of bulk emailing services
Memset will update this list from time to time as our systems and operations evolve and inform you accordingly.
By interacting with Memset as defined in this policy, the Subject provides their consent for this transfer and use of our Data Processors and their Data Sub-Processors, and for transfer to any other appropriate third party Data Processor for the purposes of delivery of the Services and customer relationship management activities. No data transfer will be undertaken that is outside of the strict scope of the Purposes states in this policy, or that will materially degrade the security of the Subject’s data or the Data Subject’s rights and in any event the security provisions will be compliant with the applicable Data Protection Laws. Such Data Processors and Sub Processors will be contractually bound to process only in accordance with our instructions and to maintain technical and organisational controls in compliance with our security policy and the requirements of the GDPR.
Commitment to confidentiality and security of processing
Memset will use appropriate technical and organisational security measures within our sphere of responsibility to ensure an appropriate level of confidentiality, integrity and, where Memset is the Data Controller, availability of Subject data and to ensure its availability in the event of a business continuity incident. Memset will undertake security and data protection assessments of any third parties we elect to use prior to transfer of any Customer Data and regularly thereafter.
Whilst Memset maintains configured encrypted endpoints for Control Panel and API HTTPS communication and appropriate internal security controls, the Subject retains sole responsibility for their data when outside of Memset systems.
Get in touch
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time, or discuss any other data protection matters with us, by contacting us at dataprotection@memset.com or write to iomart Managed Services Limited t/a Memset, 6 Atlantic Quay, 55 Robertson Street, Glasgow G2 8JD, for the attention of the Data Protection Officer.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Under Data Protection Laws, Data Subjects can make certain choices in relation to how their personal data is processed. These include whether your personal data are disclosed to third parties, and preferences regarding the frequency, subject matter, and/or format of communications.
Data Subjects, Controllers or any other concerned parties wishing to discuss matters relating to data protection, such as a Subject Access Request or concern over accuracy of collected data, please email dataprotection@memset.com or write to iomart Managed Services Limited t/a Memset, 6 Atlantic Quay, 55 Robertson Street, Glasgow G2 8JD, for the attention of the Data Protection Officer. The email address is monitored within working hours and you should receive a reply within two working days.
Should there be a concern regarding a possible security incident or data breach, please email security@memset.com.