1. Information we may collect from you
We may directly collect personal data from you through one or more of the following:
- By you registering for one of our events
- By you emailing or calling us with an enquiry
- By you entering your details through our website
- When your business card has been given to or exchanged with one of our staff
We may indirectly collect personal data about you in one or more of the following ways:
- Data is given to us by our partners, but only with your knowledge and, if legally required, where you have consented to this;
- If you provide your data to Media Subscription Services;
- If you are one of our followers on LinkedIn
2. What personal data do we collect?
The type and quantity of information we collect and how we use it depends on why you are providing it. We will mainly collect:
- Your name
- Your contact details
- Where you work and/or other professional details (e.g. your publications)
- Any other information you wish to provide
- Any information which we require to enter and / or to fulfil a contract at your request.
3. How will we use your data?
We may use your data:
- To provide you with the services or information that you have requested from us
- To comply with applicable laws and regulations
- To manage and administer our legitimate activities as a provider of public relations, reputation management and corporate communications services
- To deal with your requests or enquiries
- To provide you with information about us, our services and our clients
- To keep a record of any communication from you or agreements with you that we hold
- To get in touch with you on behalf of our clients – click here to see a list of our clients
- To inform you about upcoming and relevant events including our annual party
- We may share journalist details (name, publication and remit) with our clients to ensure journalists receive relevant invitations, information and news
- Other purposes that you may contact us about from time to time
4. How we keep your data safe and who has access to your information
5. Release of Your Information for Legal Purposes and Subject Access Requests
It may become necessary for Midas PR to release your information in response to a request from a UK, EU or other international government agency or a private litigant. You agree that we may disclose your information to a third party where we believe, in good faith, that it is necessary to do so for the purposes of a civil action, criminal investigation, or other legal matter. In the event that we receive a subpoena affecting your privacy, we may elect to notify you to give you an opportunity to file a motion to quash the subpoena, or we may attempt to quash it ourselves, but we are not obligated to do either. You release us from any damages that may arise from or relate to the release of your information to a request from UK law enforcement agencies or private litigants. Under the EU GDPR (2018) legislation, you are now entitled to make a Subject Access Request for Midas PR to release a copy of all the personal information that we hold about you for no charge. You must submit proof of ID before we can comply with your request, and after identification is provided and verified, we will comply with your request within one month. We do not process individual data or sensitive data. Further, we do not keep records of data processing because we do not process data, and as a small business with less than 250 employees, we are not required to keep records of data processing.
6. Your Right to Erasure
You have the right to request that your data is erased by Midas PR at any time and without undue delay. Please email email@example.com and state ‘Request to erase data’ in your title or write to our Master Connector at our postal address. In either case, state all of your details and we will contact you to confirm that all of your data has been deleted. However individuals cannot use the Right to Erasure to avoid any financial liabilities should they be incurred.
7. Disclosure of information
We may disclose your personal information to third parties in the following situations:
- to companies and/or organisations that act as our service providers, who handle that data on our behalf and in accordance with our instructions under contract (called “data processors“). These include IT suppliers, data hosting providers, payment processors or agencies we use to conduct fraud checks;
- if we are under a duty to disclose or share your personal data to comply with any legal obligation (e.g. where we have a duty to provide data to the police or courts) or other statutory regulations we have to comply with;
- to enforce or comply with any agreements you have made with Midas PR, for example, where we have to pass personal data to a party who is contracted to provide a service to you or to our lawyers or other professionals;
- to protect the rights, property, or safety of Midas PR, or others. This includes exchanging information with other organisations for the purposes of protecting ourselves against fraud or safeguarding ourselves (or others) from criminal activity;
- if we are ever subject to a corporate merger or acquisition, although we will ensure your data is only ever used for the same purpose(s) for which it was originally collected.
We will only ever share your personal data with third parties to use for their own purposes in other circumstances with your prior knowledge and, if in connection with marketing, where we have your specific, informed, freely given and unambiguous consent. Any third party data controllers external to us with whom we deal, as described above, will handle your personal data in accordance with their own chosen procedures and you should check the relevant privacy policies of these companies or organisations to understand how they may use your personal data. Since these controller organisations are acting outside of our control, we have no responsibility for their data processing practices.
8. Keeping your information up to date
If we get in touch with you for any of the reasons above, we will give you the opportunity to correct and update your information. You can also contact us on firstname.lastname@example.org at any time to let us know when your information needs correcting or updating. Where a public source makes it clear that personal details we hold about you are out of date (e.g. a public announcement, press release or LinkedIn notification tells us that you have moved job), then we may use this information to update our records.
9. How long do we keep your information for?
The period for which we keep your personal data usually depends on the purpose(s) for which your information was collected. We will not keep your personal data for longer than necessary for that/those purpose(s) or unless we need to keep data for a longer period to comply with any legal requirements. Midas PR has a data retention policy that sets out the different periods we retain personal data for in accordance with our duties under applicable data protection law. The criteria we use for determining our data retention periods are based on:
- various legislative requirements (for example, duties to hold transaction details for tax/accounting purposes or certain HR records to comply with employment legislation);
- the purpose for which we collected that personal data and where we have identified a continued legitimate need to hold that personal data to serve such purpose; and
Personal data that we no longer need to hold is securely disposed of and/or anonymised so you can no longer be identified from it.
10. Lawful basis for processing
We process your personal data for the above purposes relying on one or more of the following lawful grounds:
- where we agree to provide any product and/or service to you, in order to take any pre-contract steps at your request and/or to perform our contractual obligations to you;
- where we need to use your personal data for our legitimate interests of being able to provide public relations, reputation management and corporate communications services and manage our business in that regard. We will always seek to pursue these legitimate interests in a way that does not unduly infringe on your legal rights and freedoms and, in particular, your right of privacy;
- where you have freely provided your specific, informed and unambiguous consent to us using your personal data for particular purposes;
- where we need to protect your vital interests or those of someone else (such as in a medical emergency); and/or
- where we need to collect, process or hold your personal data to comply with a legal obligation.
If we process sensitive personal data (or “special category data”) about you such as data relating to health, ethnic origin, religious/philosophical or political beliefs, trade union membership or sex life, we will only do this with your explicit consent; or, to protect your vital interests or those of someone else; and/or, where you have clearly publicised such data; and/or, where we need to use such data in connection with a legal claim.
11. Your data rights
Under data protection law, you have a legal right to request information about the personal data that we hold about you, what we use that personal data for and who it may be disclosed to, as well as certain other information (called a “subject access request“). Usually we will have one month to respond to such a subject access request, although in the case of complex requests, we may require a further two months to respond. We may also charge for administrative time in dealing with any manifestly unreasonable or excessive requests for access. We may also ask for further information to locate the specific information you seek before we can respond in full and may apply certain legal exemptions to some of the information we disclose when responding to a subject access request. You also have the following rights, which are exercisable by making a request to us in writing:
- that we correct personal data that we hold about you which is inaccurate or incomplete;
- to object to any automated processing (if applicable) that we carry out in relation to your personal data, for example if we conduct any automated credit scoring;
- to object to our continued use of your personal data for direct marketing;
- that we erase your personal data without undue delay and/or to object to and/or to restrict the use of your personal data by us for any purpose unless we have a legitimate reason for continuing to hold or process that data; or
- that we transfer your personal data to another party where the personal data has been collected with your consent or is being used to perform contract with you and we are processing that data by automated means (i.e. on computer).
All of these requests may be forwarded on to a third party data processor who is involved in the processing of your personal data on our behalf.
What are cookies?
We may use information obtained from cookies or similar technology. Cookies are text files containing small amounts of information which we download onto your computer or device when you visit our website. Therefore, when we refer to “you” in this section we mean your computer. We can recognize these cookies on subsequent visits and they allow us to remember you. Cookies come in many forms. We set out below the principal types and categories of cookies that are used. This section refers to all types and categories of cookies and not just those we use on our website. First and third-party cookies – whether a cookie is first-party or third-party refers to the domain placing the cookie. First-party cookies are those set by a website that is being visited by the user, the website displayed in the URL window (e.g. www.midas-pr.com). Third-Party cookies are cookies that are set by a domain other than that of the website being visited by the user. If a user visits a website and another entity sets a cookie through that website this would be a third-party cookie. Persistent cookies – these cookies remain on a user’s device for the period of time specified in the cookie. They are activated each time that the user visits the website that created that particular cookie. Session cookie – these cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.
- Strictly necessary cookies – These cookies enable services you have specifically asked for.
- These cookies are essential in order to enable you to navigate around the website and use its features, such as accessing secure areas of the website. Without these cookies certain services you have asked for cannot be provided.
- Performance cookies – These cookies collect information on the pages visited.
- These cookies collect information about how users use a website, for instance which pages users go to most often, and if they get error messages from web pages. These cookies do not collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. They are only used to improve how the website functions.
- Functionality cookies – These cookies remember choices you make to improve your experience.
- These cookies allow the website to remember choices you make and provide enhanced, more personal features. They may also be used to help provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymized and they cannot track your browsing activity to other websites.
- Targeting cookies or advertising cookies – these cookies collect information about your browsing habits in order to make advertising relevant to you and your interests.
- These cookies are used to deliver advertisements more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of an advertising campaign. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organization such as advertisers. Quite often, targeting or advertising cookies will be linked to site functionality provided by the other organization.
If you want to delete any cookies that may already be on your computer or device, please refer to the instructions for your file management software to locate the file or directory that stores cookies. If you want to stop cookies being stored on your computer in the future, please refer to your browser manufacturer’s instructions by clicking “Help” in your browser menu. Further information on cookies is available at www.allaboutcookies.org. By deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our website.
Third Party Websites
13. Contact or Complaints
If you would like to exercise any of the above rights or if you have any concerns about how we use your personal data, please contact us via telephone on +66 (0)2 318 3323 or by e-mail at: email@example.com. You can also contact us by post at: 2034/71 Ital-Thai Tower, 15th Floor< New Phetchaburi Rd, Bang Kapi, Huai Khwang, Bangkok 10310 When you make any request, you may be required to provide us with appropriate evidence so that we can verify your identity before we can respond.