Mitrefinch is a global provider of Workforce Management solutions for organisations that need to monitor and manage their workforce whilst controlling costs and administering employees; we operate from our main locations around the world with offices in the UK, USA, Canada and Australia.
Our Head Office is based in the UK where we need to comply with the new EU GDPR and Data Protection Act 2018 regulations which provide strict requirements regarding the use and storage of personal data and in many areas wider protection measures than stipulated under US or Canadian privacy laws.
Regardless from which country we operate, Mitrefinch, is committed to processing any personal information about its clients, staff, guests and visitors in ways that comply with its legal and regulatory obligations, and to being clear about what it does with their personal information.
This Policy applies to all personal data collected and maintained by Mitrefinch including client’s, staff, suppliers, guests, and visitor’s information.
Mitrefinch Workforce Management solutions are designed for organisations that need to monitor and manage their workforce whilst controlling costs and administering employees. We use Time and Attendance, Rostering, Payroll, HR and Access Control Solutions.
Mitrefinch do not collect any sensitive or special category data (data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation) for its own purposes but may collect personal information which we receive when:
- You enquire or make use of our services or systems
- As a potential new client who wishes to use or consider our services or systems
- You submit a CV or an application when seeking employment with us
- You engage with our social media accounts, including LinkedIn and Twitter
- Someone is recommended by a friend, a former employer, a former colleague or even a present employer.
- Or you make an enquiry on our website
For our systems we may process the following types of personal information of, or from you:
- Your name, address, email address, telephone number(s) and other contact details
- Your company’s name, your position in the company; the company’s address, company’s email address and telephone number;
- Details of employee names, and ID numbers from our client’s businesses
- Multi-spectral fingerprint scans in the form of templates and mathematical algorithms of our client’s employees;
- Your payment information in the form of bank account details;
- Information obtained through electronic means such as IP address or cookies;
- Information about your use of our information and communications systems.
How do we use the data we collect?
We are a data controller of personal data for our staff; visitors to our website; guests at our offices and personal contacts from our Business and Corporate clients. This information is used for legitimate interests or to fulfil our services as an employer or supplier of Workforce Management solutions.
We are a data processor of data for our clients who sign up to use our services or systems. Any data we use as part of these services and systems is under the data control of the client.
For the processing activities we undertake we collect your personal information for the following purposes:
- For Internal record keeping and administration in our relationship with you;
- For the performance of a contract to provide you with services that you may request from us;
- To fulfil our obligations to our clients, prospective clients and staff;
- To meet our legal and regulatory obligations;
- For financial payments and administration;
- To interact with users on social media platforms including LinkedIn, You Tube and Twitter.
We may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required, or permitted by law.
Where we process your data with your consent, we will do this in accordance with the EU GDPR and UK Data Protection Act 2018 or as permitted under Canadian PIPEDA or US Federal and State Laws.
How do we collect this information?
We collect personal information:
- Directly from clients: e.g. when you make an enquiry or purchase our services
- From staff; through our recruitment process and contract of employment
- From our clients and their employees;
- From publicly available sources: g. networking, social media, internet services such as Linked In, direct referrals, other Corporate bodies
- From our website: http://www.mitrefinch.co.uk
We are committed to keeping your information up to date as far as is reasonably possible. However, if you believe that we have made an error, then please contact us at email@example.com and we will use reasonable endeavours to correct.
Keeping your information safe and secure
Mitrefinch is committed to keeping personal information secure to protect it from being inappropriately or accidentally accessed, used, shared or destroyed, and against it being lost.
Data security is of utmost importance to us and we have achieved certification to ISO 27001, in the UK, externally validating the robustness of our information security systems.
Additionally, Mitrefinch takes reasonable steps to protect your personal information from unauthorised access, use, disclosure or loss, as follows:
- We limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
- We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- We dispose of your data in adherence with industry approved processes and timescales.
- The website has security measures (including on-line and off-line physical, electronic and managerial safeguards) in place to protect against the loss, misuse, and alteration of the information under our control. As with any transmission over the Internet, however, there is always some element of risk involved in sending personal information on-line.
If you have any questions on the security of our website, you can request information from firstname.lastname@example.org
How long do we keep personal information?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Details of retention periods for other aspects of your personal information are available in our Retention Policy which is available email@example.com
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee, worker or contractor of Mitrefinch we will retain and securely destroy your personal information in accordance with our data retention policy or applicable laws and regulations.
Mitrefinch undertake marketing activity but processing only necessary to promote our business to clients and future clients. This is completed for our legitimate interests and will include:
- Email promotions
- Instant messaging where you have consented (under PECR you must have consent for text marketing)
- Promotion and notification of our Events and webinars
Any marketing we undertake is made in a fully complaint manner as governed by data privacy regulations, with the contacts being given the option to opt out from such contact.
We may make unsolicited approaches and calling to new potential contacts or business clients, using prospect information held within our records or using information drawn from publicly available sources.
Any changes to our marketing activities will be updated in this Policy.
Readers and Biometrics
Mitrefinch does not collect or control Customer employee data. For Customers who use Mitrefinch terminals with a biometric or finger scanning device, the collection of Customer employee finger scan data is undertaken and controlled by the Customer. This data is used by the Customer for employee verification in connection with its employee timekeeping purposes. Such data consists solely of templates created from mathematical algorithms, not fingerprints.
Mitrefinch does not perform or control the collection of such data. Rather, Mitrefinch Customers collect such employee data through its use of the finger scanning devices and related software, and either store the data at the Customer controlled site or on secure space (in accordance with applicable law) made available by Mitrefinch in a cloud environment for that purpose.
If you would like more technical details of the systems and biometric data use in our systems please contact us at firstname.lastname@example.org
Third party access
Access to your personal information is only allowed when required by law or is required as part our fulfilling our service obligations. We do not, and will never, sell or share your personal information with other third parties.
Should we need to transfer personal information to third parties located outside of USA or Canada, we will ensure that information is protected to a level which meets the requirements of the EU GDPR and UK Data Protection Act 2018 or as permitted under Canadian PIPEDA or US Federal and State Laws.
We are a subsidiary company of Mitrefinch Limited, with the Head Office located in the UK, and are a cloud-based service provider and data processor. The storing and processing of personal information will be mainly in USA or Canada, as above, although access to this data may be granted to Mitrefinch Limited in the UK. They in turn may allow access to our other subsidiary Companies and teams which are based in Australia. Each of these subsidiary countries can request access to this data from the UK, where necessary, and where access is granted each will individually comply with data privacy legislation in their respective countries.
Please note that your data may be exported to, and stored and processed in, countries outside of the country in which you reside. We use adequate physical, administrative, and technical processes, procedures and measures to protect your personal information from unauthorized use, disclosure, and/or access.
In principle we use third parties to:
- Administer our staff records;
- For screening and security checks;
- For IT support and security;
- Host and administer of our website;
- To help us promote our business or advertise forthcoming events or webinars;
- To achieve and renew our certified awards.
To receive information on the recipients of your data, please contact us at email@example.com
- Help identify your computer; this helps us Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future.
- We may also use trusted third-party services that track this information on our behalf.
- Understand and save user’s preferences for future visits.
For our complete Cookies policy please visit:
Google AdSense Advertising
Mitrefinch also use Google AdSense Advertising on our website.
We have implemented the following:
- Remarketing with Google AdSense
- Google Display Network Impression Reporting
- Demographics and Interests Reporting
We along with third-party vendors, such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions, and other ad service functions as they relate to our website.
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising initiative opt out page or permanently using the Google Analytics opt Out Browser add on.
Links to other websites
Our website may contain links to other websites of interest. However, you should note that we do not have any control over these other websites. Once you have used any of these links to leave our site, therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites and such sites are not governed by this privacy statement.
Controlling your personal information
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Under certain circumstances, you have rights under UK Data Protection Act 2018 (DPA) and the EU General Data Protection Regulation 2016/679 (GDPR) in relation to your personal information. You may have the right to:
- Have access to individual’s specific information about our policies and practices relating to the management of personal information;
- Access information held about you. Your right of access can be exercised in accordance with data protection law in your respective country; If you would like details or a copy of the information held on you please write to firstname.lastname@example.org
- Object to us processing or ask us to restrict our processing of your personal information for any of the purposes listed in this policy, at any time.
- Ask us to update and correct any out-of-date or incorrect personal information that we hold about you free of charge;
- Ask us to erase your personal information (in certain circumstances). We will do our best to respond to such requests, but these are subject to certain limitations;
- Request a transfer of your personal information (in certain circumstances).
If you wish to exercise any of the above rights or to review, verify, correct or question anything detailed in this policy or anything about your personal information, please contact our Data Protection Officer at email@example.com
California Online Privacy Protection Act
According to CalOPPA we agree to the following:
- Users can visit our site anonymously
Users are able to change their personal information
- By emailing firstname.lastname@example.org
We honour do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
It’s also important to note that we do not allow third party behavioural tracking.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
To be in accordance with CANSPAM we agree to the following:
- If at any time you would like to unsubscribe from receiving future emails, you can email us at email@example.com
- We will promptly remove you from ALL correspondence.
- We do not specifically market to children under 13.
Data from Children
Mitrefinch as a provider of services to business, corporate clients and organisations does not seek to collect individually identifiable information about or from children under 16 years of age.
If Mitrefinch learns that a child under the age of 16 has submitted personally identifiable information we will take all reasonable measures to delete such information from our databases and to not use such information for any purpose. COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) puts parents in control.
The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
How to contact us