Data Protection

Version 11/09/2020

Introduction

McLEAR needs to collect and use certain types of information about people with whom it deals in order to conduct its operations. These include current, past and prospective employees, suppliers, developers, business partners, customers and others with whom we have dealings. For example, we may occasionally be required to collect and use certain types of personal information to comply with government requirements and/or other legal obligations as well as other statutory and/or administrative functions.

Regardless of how we collect, record and/or use personal data, we are required to ensure that certain data protection standards are adhered to in all of our data processing operations. To that end, we have created a Data Protection Team which is coordinated by the Data Protection Officer (DPO). The DPO is responsible for informing and advising the Company and its staff on its data protection obligations, the privacy laws (DPA/GDPR 2018) and for monitoring compliance with those obligations and with the Company’s policies.

The DPO is also responsible for:

  • The maintaining and annual review of this policy internally and with WDCS.
  • Ensuring that McLEAR have systems and controls in place to ensure on-going compliance and to evidence such compliance.
  • Monitoring changes to McLEAR’s commercial activities and systems, in order to ensure that any data protection compliance implications are identified and addressed.
  • Monitoring the relevant regulators’ websites and publications to identify and take appropriate actions to comply with any changes which may affect McLEAR’s compliance arrangements.
  • Ensuring, amongst other things, all customer-facing documentation; marketing materials; employment contracts; terms and conditions; and Third Party contracts, to ensure compliance with Applicable Privacy Law.
  • Reviewing the necessary standards of staff awareness of their responsibilities and those of McLEAR, under Applicable Privacy Law.
  • Monitoring the effectiveness of staff training and the level of staff awareness of their responsibilities by preparing and carrying out a programme of periodic compliance monitoring, audits and relevant functions throughout McLEAR.
  • Promptly dealing with requests from Individuals.
  • Ensuring full co-operation with data protection authorities and other competent regulators.
  • The Data Protection Officer report on matters related to this Policy.

Data Protection Statement

We take the issue of data protection very seriously and consider the lawful and correct treatment of personal information by McLEAR as very important to the successful operation of the company and in maintaining the confidence of those with whom we deal.

To this end we fully endorse and strive to adhere to the Data Protection Principles enumerated in the Data Protection Act 1998 (the “DPA”) as well as the European General Data Protection Regulation (GDPR).

This means that the data we hold is:

  • used fairly and lawfully
  • used for limited, specifically stated purposes
  • used in a way that is adequate, relevant and not excessive
  • accurate
  • kept for no longer than is absolutely necessary
  • handled according to people’s data protection rights
  • kept safe and secure
  • not transferred outside the European Economic Area without adequate protection

The DPA can be viewed at; http://www.legislation.gov.uk/ukpga/1998/29/contents

Status of the Policy

This policy does not form part of the formal contract of employment of our staff but it is a condition of employment that employees will abide by the rules and policies made by McLEAR. Any failures to follow the policy can therefore result in disciplinary proceedings which may result in dismissal for gross misconduct and in some circumstances, amount to a criminal offence by the individual.

The McLEAR Data Protection Team

McLEAR has a Data Protection Team comprising representatives from Legal, Compliance, Human Resources and IT Departments. The McLEAR Data Protection Team is responsible for writing, co-ordinating and implementing the McLEAR Data Protection policies and procedures which includes:

  • implementing a Data Protection Impact Assessment (DPIA) process
  • reviewing our contractual arrangements with sub-processors, to make sure that they also protect personal data through robust technical and organizational measures
  • delivering GDPR-focused training to key teams and personnel, so that they are aware of the law’s requirements and can design our products and business plans with privacy in mind

The McLEAR Data Protection Team is supported by and report to the Executive Management Board of McLEAR Ltd.

Responsibilities of Staff

To help uphold this Data Protection Policy, McLEAR personnel will abide by the IT and Communication Systems Policy (Schedule 26 of the McLEAR Handbook) which covers:

  • Equipment security and passwords
  • Systems and data security
  • Use of E-mail
  • Using the internet
  • Personal use of our systems
  • Use of Social Media

Breach of this policy may result in disciplinary action up to and including dismissal, at the discretion of the CEO. Any member of staff suspected of committing a breach of this policy will be required to co-operate with our investigation, which may involve handing over relevant passwords and login details.

Data Security

We follow the GDPR 2018 at all times when asking for or handling your information including:

  • Personal data shall be processed fairly and lawfully.
  • Data is processed only for the purpose(s) for which it was collected.
  • Data is adequate, relevant and not excessive.

This means that we will only collect the minimum data we have a legitimate interest in, to allow us to perform the service you have asked for and consented to. We will then only keep that data for as long as our legitimate interest persist. In addition to this, we will provide you with the mechanism to request information on which data we hold about you and to ask us to remove it. We will also provide you with the details of our governing bodies so as you may raise a complaint, should you feel we have not fulfilled our duty of care regarding your details.

We will ensure that appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Rights to Access Information

All requests for access to Personal Data (Subject Access Requests) processed by McLEAR should be directed to the Data Protection Officer, McLEAR Ltd, Steel House, 13-17 Princes Road, Richmond, Surrey, TW10 6DQ, United Kingdom or via dpo@mclear.com

Data Retention

Any electronic data we hold about you will be stored securely behind appropriate security measures for no longer than is necessary to fulfil the purposes for which it was obtained. However, we will maintain certain elements of your Order Information for as long as the HMRC rules require, which are currently 6 years from the end of the financial year of the transaction.

Disposal Schedule

Data Type: Financial
Retention Period: 6 years + 1
Reason: HMRC

Data Type: Customer (Personal)
Retention Period: Retained while subject remains a customer plus 2 years or until deletion requested
Reason: Support and Marketing

Data Type: Customer (Transactional)
Retention Period: Up to 5 years
Reason: Regulatory requirements

Data Type: Non-customer
Retention Period: 2 years unless deletion requested
Reason: Marketing

Data Deletion

When the scheduled time for data deletion arrives, that data will be anonymised or securely removed from our systems and be overseen by our Head of IT.

Destruction of Paper Records

Documents that contain confidential information such as parties’ names and addresses, or which could be used by third parties to commit fraud shall be disposed of as confidential waste, requiring cross-cut shredding and incinerating.

Oh dear...

If you’ve lost your ring or it has been stolen, please open the app on your mobile device and click to pause transactions immediately. This can be reversed if you find your ring.

If you do not have access to the app and are sure your ring is gone for good, please email us to cancel your ring. Please note, this action is non-reversible and will completely disable your ring forever.

Visit Support Centre

Stay up to date

Drop your email address in the box below and hit join. We’ll email you from time to time with the latest news and updates on our rings.

There will be no spamming – we promise

  • This field is for validation purposes and should be left unchanged.

Sign up below to join the waitlist

We will use the data you supply to contact you with more information about the ring, the release date and how to purchase when available in your country. You will need to confirm your email address and can unsubscribe at any time.