Why we need your data.
My Benefits World (MBW) shall comply with the provisions of the General Data Protection Regulation (GDPR) and any subsequent amendment or replacement thereof when handling Personal Data. GDPR means Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, any national legislation passed to implement the Regulation, and any legislation amending or replacing the Regulation from time to time, whether in the UK or the EU.
My Benefits World shall maintain records of all processing operations under its responsibility that contain at least the minimum information required by the data protection legislation (GDPR), and shall make such information available to any supervisory or regulatory authority on request.
Employer Web Enquiries
MBW Provider shall:
- Only use the data you supply for the purposes of your enquiry. We will contact you using the details you provide.
- We will hold your enquiry data for a period of six months for the purposes of following up on your enquiry (unless you explicitly ask us to delete it before then by emailing us at firstname.lastname@example.org). If you choose not to proceed with our services, after six months from the date of your initial enquiry we will erase your data from our records.
- We will not pass your data on to any third party without your express written permission.
- We may record and monitor phone calls made for training and business purposes.
- Your data will not leave the EU.
MBW Provider shall:
- Unless required to do otherwise by applicable law, process personal data only in accordance with the written instructions of the employer
- Not process personal data for any purpose other than expressly authorised by the employer;
- Implement and maintain technical and organisational measures and procedures to ensure an appropriate level of security for such personal data, including protecting such personal data against the risks of accidental, unlawful” or unauthorised destruction, loss, alteration, disclosure, dissemination or access
- Take such steps as are reasonably required to assist the Employer in ensuring compliance with its obligations under the data protection legislation relating to this Agreement.
- Take reasonable steps to ensure the reliability of all its personnel who have access to such personal data, and ensure that any such personnel are committed to binding obligations of confidentiality when processing such personal data.
- Inform employees:
a) who their personal data is being sent to
b) why their personal data is being processed (the reason for it being processed).
c) explicitly confirm which data is being sent. Only data necessary for the operation of an employee benefit will be provided.
d) how long their personal data will be kept and the justification for keeping it.
e) act on a request to be forgotten or have their personal data deleted.
- When an employee has left the employment of the employer, MBW will remove any data for which is there is no reasonable business, payroll or tax requirement to hold.
- Employee Dependent (spouse, partner, children) data will be removed within 30 days of an employee leaving employment or ceasing to use a product.
- MBW confirms that all data belonging to the employer and employees will be held on a central system in the EU. The data will not be used for any other reason than the pre-agreed purpose.
- MBW will ensure that any data or reports sent to the Employer will be sent in a secure format with the appropriate encryption and/or password protection. The Encryption system we use is called Rpost, a white paper and legal opinion on the system can be found here
- Where MBW uses third parties to provide a service, MBW confirms that it has entered into a written agreement with the third-party processor which imposes the same obligations on the third party in respect to the processing of personal data as imposed on MBW. MBW shall ensure that the third party provides sufficient guarantees that it will implement and maintain appropriate technical and organisational measures to ensure that its processing of personal data meets the requirements of the Data Protection Legislation.
You have the right to access your information, ask us to correct any mistakes, delete and restrict the use of your information. You also have the right to object to us using the information you have provided, and/or to withdraw permission you have given us to use your information
You have the following rights
- Right of access: the right to make a written request for details of your personal information and a copy of that personal information
- Right to rectification: the right to have inaccurate information about you corrected or removed
- Right to be forgotten: the right to have certain personal information about you erased
- Right to restriction of processing: the right to request that your personal information is only used for restricted purposes
- Right to object: the right to object to processing of your personal information
- Right to data portability: the right to ask for the personal information you have made available to us to be transferred to you or a third party
- Right to withdraw consent: the right to withdraw any consent you have previously given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of MBW use of your personal information prior to the withdrawal of your consent. We will let you know if this removes or reduces the ability to access any of the products or services we provide. This does not absolve you or remove any payment responsibilities or contractual terms you have agreed to.
- If you make a request, we will ask you to confirm your identit and (if required) provide information that helps us to better understand your request.
- In order to exercise your rights please contact email@example.com
My Benefits World is registered with the ICO as a Data Controller under registration number ZA213169. You can access My Benefits World register entry at www.ico.gov.uk.
If you have any queries regarding data protection or you would like copies of the data we hold Data Protection Officer, 10 Stadium Court, Stadium Road, Wirral, CH62 3RP firstname.lastname@example.org
Data Protection Contacts
Information Commissioner’s Office, Wycliffe House , Water Lane , Wilmslow , Cheshire, SK9 5AF, Phone: 0303 123 1113 (local rate) or 01625 545 745 (national rate).