Momentum Instore Limited (referred to in this document as “we” or the “Company”) is committed to protecting the privacy and security of your personal information.
This privacy policy includes privacy notices and describes how we collect, use and store personal information about you, when you visit our website “https://www.momentuminstore.com”, in accordance with applicable data protection laws and the EU General Data Protection Regulation (EU 2016/679) (GDPR).
This privacy policy does not form part of any contract to provide or procure services.
The Company is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you.
It is important that you read this policy, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.
The Company’s contact details are:
(Registered in England under Company Number 2875057
The Data Privacy Manager’s role is to inform & advise on data protection and GDPR, monitor compliance within the organisation, cooperate & liaise with the ICO and be the point of contact for data subjects.
If you have any questions or queries regarding this policy please direct these to our Data Privacy Manager at GDPR@momentuminstore.com.
This Privacy Policy is effective as of 23/05/18 and is in accordance with the new EU ‘General Data Protection Regulations’ (GDPR). It will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.
We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Service after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.
If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website.
While browsing our website we don’t capture any personally identifiable information that can be used to contact or identify you unless you:
All form data is securely stored on a dedicated page provided by our website developer, Optiva. From there your data can be accessed and downloaded by our sales & marketing team and stored in our CRM software, which may then be used for marketing purposes. In completing either of the forms you will have been asked to ‘consent’ to your data being used for this purpose. Personally identifiable information may include, but is not limited to your name, company & email address.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
| Data Type | Description | Website |
|---|---|---|
| Identity Data | Includes first name, last name, username or similar identifier, title, gender & social media links. |  |
| Contact Data | Includes company billing address, delivery/store/branch address(s), email address and telephone numbers. | |
| Financial Data | Includes company bank account details and spend. |  |
| Transaction Data | Includes details about payments to and from you or your organisation or business and other details of products and services you or your organisation or business have purchased from us (clients), or we have purchased from you (suppliers). | |
| Technical Data | Includes your login data (time, date, number of logins etc.) you use to access our systems. | |
| Profile Data | Includes your system username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses. | |
| Usage Data | Includes information about how you use our website, products and services (clients) and how we use your products and services (suppliers). | |
| Marketing and Communications Data | Includes your preferences in receiving marketing from us and your communication preferences. | |
| Purpose / Activity | Type of data | Lawful basis for processing, including basis of legitimate interest |
|---|---|---|
| CRM System/Database: To keep you informed of our services for business-to business marketing in relation to prospects where we aren’t currently engaged in a contract with you or your company and for existing clients who may be interested in additional services | (a) Identity (b) Contact (c) Marketing and Communications Data | Necessary for our legitimate interests (to promote our products/services and grow our business) Where you are a sole trader, it is necessary to perform our contract with you Note that where we are required by applicable data protection laws to obtain your consent to contact you for marketing, we will also obtain such consent from you in the manner required by data such protection laws. |
Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your web browser from a web server and stored on your computers device’s hard drive.
Our website uses only ‘Strictly necessary cookies’ and ‘Google analytics’ “cookies” for statistical purposes. On visiting our website for the first time a popup will appear asking you to accept our ‘cookie policy’. No personal identifiable information is associated with this cookie data which includes data such as number of unique visitors, time of visit, pages visited, device type used, referral source, country of origin. For further details see Google’s privacy policy and our own cookie policy on our website.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
In order for the Company to carry out the points listed above (under “How we use your personal data”), some of your information will be shared internally on a need to know basis. This includes with members of serval different departments including:
We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
We also share your data with third parties that process data on our behalf, in connection with outsourced system provision. For example, your personal data may be shared with:
Optiva – Our website developer and hosting provider.
Governmental and regulatory bodies such as HMRC & the Information Commissioners Office.
Other organisations and businesses who provide services to us such as backup and server hosting providers, IT software and maintenance providers and suppliers of other back office functions.
Other entities in our group as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise or possible sale or restructuring of the business (but will only do so under strict conditions of confidentiality and as permitted by GDPR)
We require all third parties to respect the security of your data and to treat it in accordance with the law.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We will not transfer your data to countries outside the European Economic Area without your further explicit consent.
We treat the security of your data with the utmost importance. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed in an unauthorized way. The ability to access data is restricted to employees, agents, contractors and other third parties who have a business need to know. Some of the key measures in place to ensure this include:
Where we engage third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
As a data subject, under certain circumstances, you have a number of rights under data protection laws in relation to your personal data:
DATA SUBJECT ACCESS REQUESTS
All data subject access requests from individuals to view their data being held by Momentum Instore should be addressed to GDPR@momentuminstore.com. The Company will firstly ask you to complete a Subject Data Access Request form for the purposes of properly verifying the identity of the individual making the request, ensuring it is lawful for us to provide the individual with the requested information and to understand specifically what data is being requested. The Company will then supply the electronic information requested within 1 month from the date of request for standard information requests. More complex information requests may take up to 3 months.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the Data Protection Officer in writing at GDPR@momentuminstore.com.
RIGHT TO BE FORGOTTON
The Company recognises an individual’s “Right to be forgotten”, and such requests should be sent to GDPR@momentuminstore.com.
RIGHT TO COMPLAIN
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
NO FEE USUALLY REQUIRED
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
RIGHT TO WITHDRAW CONSENT
In the circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Data Protection Officer at GDPR@momentuminstore.com. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
GDPR – General Data Protection Regulation is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). … GDPR is effective across the EU on May 25, 2018.
Data Controller – a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.
Data Subjects – means an individual who is the subject of personal data. In other words, the data subject is the individual whom particular personal data is about. The Act does not count as a data subject an individual who has died or who cannot be identified or distinguished from others.
Lawful bases for data processing – The lawful bases we use for processing data, as set out in Article 6 of the GDPR are:
ICO – Information Commissioner’s Office (https://ico.org.uk). The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
Prospect (Sales Lead) – Potential customer or client qualified on the basis or their buying authority, financial capacity, and willingness to buy. The personal data of multiple data subjects may be held by us relating to a single customer or client.
Client – Customer or client for whom we are contractually engaged to provide and deliver a service(s) or have done work for in the past and are likely to do work for in the future. Multiple data subjects may be held by us relating to a single active customer or client.
Supplier (Vendor) – A person or company that provides goods &/or services to Momentum Instore. The personal data of multiple data subjects may be held by us relating to a single supplier.
Insite – Our Client reporting and Estate management portal, hosted and developed by or 3rd party partner, Emphasys.
ERP – Our Enterprise resource planning tool delivering integrated core business processes.
CRM – Our Customer relationship management tool used to store and analyse prospect and client data subjects and relationships.
AD – Active Directory (“AD”) is a Microsoft technology that allows networks administrators to manage users, computers and other devices on a network. It is a primary feature of Windows Server, an operating system that runs both local and Internet-based servers.
Momentum Instore Ltd – Contractor Privacy Policy
Momentum Instore Ltd – Worker Privacy Policy
Momentum Instore Ltd – Job Applicant Privacy Policy
Momentum Instore Ltd – Employee Privacy Policy
Momentum Instore Ltd – Prospects, Clients & Suppliers Privacy Policy
Fancy being part of our in-store team – travelling nationwide, working on campaigns for some of the world’s biggest brands – or working for our fabulous office- or warehouse-based teams? Check out all our current vacancies.