Working with you: Our policy and contract guide
You can sign up without even ordering a service. Coming soon in 2021 we will have our fully fledged platform where you can get lots of really useful knowledge, exclusive discounts and insights into your own business data.
Once you are onboarded into our ecosystem, it means that any service or solution you buy is really simple. Because Mushroombiz clients tend to buy more than one service, onboarding beforehand is super handy for everyone. Please remember the following:
- Being on the platform and onboarding is totally free
- You don’t spend a penny until you order a service or make a purchase through our solutions store
- Onboarding status lasts for 12 months until you have to re-onboard (compliance reasons!)
Ordering Services (The “Call-off” Process)
When you order a service, such as Accounting, you will be given a service order form which details the quoted prices, contract period, notice period and a few more commercial details. This is linked with either a common “Call-off” contract or a bespoke agreement for some very specialist work. Once you have signed this, then fees will be charged on your account.
Purchasing Solutions (Orders via the Solutions Store)
Depending on the product or third party service, you might need to sign a “Call-off” contract if we are directly providing the service (or have specific arrangements), or you will sign some terms and conditions with third parties. We vet any third party suppliers and their respective terms and conditions to ensure you get value for money and a professional service.
We have a number of policies that help us stay accountable to you and the public more broadly, you can find them below in the “Our Policies” section.
Common Call-Off Contracts
Each Mushroom service have specific terms called “Call-off Contracts” to ensure we meet our obligations with you, insurance and any specific regulations.
Not every Call-off Contract is published but we have published our standard call-off terms for our most used services below.
Data & Financial Risks are One and the Same
Mushrooombiz is part of the tlamGroup which helps us provide top quality information security and privacy management to ensure you’re information is processed with the highest levels of integrity, confidentiality and availability.
Our Information Security Policy Statement is here:
We take transparency seriously also. Below you can see what personal data we process.
In addition to the definitions set out in our TUPE provisions.
Affiliate: in relation to a party, any entity that directly or indirectly controls, is controlled by, or is under common control with that party from time to time.
Available Services: the Services, including without limitation any Deliverables, which the Supplier is willing and able to provide to the Client and the Client Affiliates as set out in the Service Order Form
Business Day: a day other than a Saturday, Sunday or public holiday in England, when banks in London are open for business.
Call-off Contract: an agreement for the provision of Services by the Supplier to the Client or Client Affiliate agreed in accordance with Clause 2 (Call-off Contract process), a template of which is provided from time to time. Such may be attached to a Supplier service order which, together, shall also be form part of the Call-off Contract.
Charges: the charges set out in the Service Order Form or as otherwise specified in the Call-off Contract payable by the Client or a Client Affiliate for the supply of the Services by the Supplier.
Control: has the meaning given in section 1124 of the Corporation Tax Act 2010, and the expression change of control shall be construed accordingly.
Client Affiliate: An Affiliate of the Client.
Deliverables: all documents , products and materials developed by the Supplier or its agents, contractors and employees as part of or in relation to the Services in any form, including, without limitation, computer programs, data, reports and specifications (including drafts). For the avoidance of doubt, title in such shall reside with the Supplier unless specified in a relevant Call-off Contract, and shall be Foreground IPR.
Platform Agreement Commencement Date: The date of execution of this platform agreement.
Services: the services, including without limitation any Deliverables, to be provided by the Relevant Supplier pursuant to a Call-off Contract and as set out (and amended from time to time) at https://backoffice.mushroombiz.co.uk/policy-and-contracts/
Definitions for each Call-off:
Charges: the charges set out in the Service Order Form, or as otherwise specified in Part 0.
Client Party Affiliate: An Affiliate of the Client Party.
Client Party Background IPRs: all Intellectual Property Rights in the Client Party Materials.
Client Party Manager: such person as notified by the Client Party to the Supplier from time to time.
Client Party Materials: all materials, equipment and tools, drawings, specifications and data supplied by the Client Party to the Supplier.
Deliverables: all documents, products and materials developed by the Supplier or its agents, contractors and employees as part of or in relation to the Services in any form, including without limitation computer programs, data, reports and specifications (including drafts).
Foreground IPRs: all Intellectual Property Rights in the Deliverables, other than Supplier Background IPRs.
Intellectual Property Rights: patents, utility models, rights to inventions, copyright and neighbouring and related rights, moral rights, trademarks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, rights in designs, rights in computer software, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.
Mandatory Policies: the Client Party’s business policies as amended by notification to the Supplier from time to time. Including, without limitation, Modern Slavery and Human Trafficking Policy, Corporate and Social Responsibility Policy, Anti-Bribery and Anti-Corruption Policy, Ethics Policy.
Services: the services as set out in Part 0, including without limitation any Deliverables, to be provided by the Supplier pursuant to this Call-off Contract.
Supplier Background IPRs: all Intellectual Property Rights that are owned by or licensed to the Supplier and which are or have been developed independently of this Call-off Contract in each case either subsisting in the Deliverables or otherwise necessary or desirable to enable a Client Party to receive and use the Services.
Supplier Manager: such person as notified by the Supplier to the Client Party from time to time.
TUPE: The Transfer of Undertakings (Protection of Employment) Regulations 2006 (SI 2006/46) (as amended).
Clause, schedule and paragraph headings shall not affect the interpretation of this platform agreement or any Call-off Contract.
A person includes a natural person, corporate or unincorporated body (whether or not having separate legal personality).
The Schedules form part of this platform agreement and shall have effect as if set out in full in the body of this platform agreement. Any reference to this platform agreement includes the Schedules.
A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established.
A reference to a holding company or a subsidiary means a holding company or a subsidiary (as the case may be) as defined in section 1159 of the Companies Act 2006 and a company shall be treated, for the purposes only of the membership requirement contained in sections 1159(1)(b) and (c), as a member of another company even if its shares in that other company are registered in the name of:
another person (or its nominee) by way of security or in connection with the taking of security; or its nominee.
For the purposes of determining whether a limited liability partnership is a subsidiary of a company or another limited liability partnership, section 1159 of the Companies Act 2006 shall be construed so that: (a) references in sections 1159(1)(a) and (c) to voting rights are to the members’ rights to vote on all or substantially all matters which are decided by a vote of the members of the limited liability partnership; and (b) the reference in section 1159(1)(b) to the right to appoint or remove a majority of its board of directors is to the right to appoint or remove members holding a majority of the voting rights.
Unless the context otherwise requires, words in the singular shall include the plural and, in the plural, shall include the singular.
Unless the context otherwise requires, a reference to one gender shall include a reference to the other genders.
A reference to a statute or statutory provision is a reference to it as amended, extended or re-enacted from time to time.
A reference to a statute or statutory provision shall include all subordinate legislation made from time to time.
A reference to writing or written includes email.
Any obligation on a party not to do something includes an obligation not to allow that thing to be done.
A reference to this platform agreement or to any other agreement or document is a reference to this platform agreement or such other agreement or document, in each case as varied from time to time.
References to clauses and Schedules are to the clauses and Schedules of this platform agreement and references to paragraphs are to paragraphs of the relevant Schedule.
Any words following the terms including, include, in particular, for example or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms.
Anti-Bribery and Anti-Corruption Policy
1.1 It is our policy to conduct all of our business in an honest and ethical manner. We take a zero-tolerance approach to bribery and corruption and are committed to acting professionally, fairly and with integrity in all our business dealings and relationships wherever we operate and implementing and enforcing effective systems to counter bribery.
1.2 We will uphold all laws relevant to countering bribery and corruption. However, we remain bound by the laws of the UK, including the Bribery Act 2010, in respect of our conduct both at home and abroad.
1.4 Bribery and corruption are punishable for individuals by up to ten years’ imprisonment and if we are found to have taken part in corruption we could face an unlimited fine, be excluded from tendering for public contracts and face damage to our reputation. We therefore take our legal responsibilities very seriously.
1.5 In this policy, third party means any individual or organisation you come into contact with during the course of your work for us, and includes actual and potential clients, customers, suppliers, distributors, business contacts, agents, advisers, and government and public bodies, including their advisors, representatives and officials, politicians and political parties.
Who is covered by this policy?
1.6 This policy applies to all individuals working at all levels and grades, including senior managers, officers, directors, employees (whether permanent, fixed-term or temporary), consultants, contractors, trainees, seconded staff, homeworkers, casual workers and agency staff, volunteers, interns, agents, sponsors, or any other person associated with us, or any of our subsidiaries or their employees, wherever located (collectively referred to as workers in this policy).
What is bribery?
Offering a bribe
You offer a potential client tickets to a major sporting event, but only if they agree to do business with us.
This would be an offence as you are making the offer to gain a commercial and contractual advantage. We may also be found to have committed an offence because the offer has been made to obtain business for us. It may also be an offence for the potential client to accept your offer.
Receiving a bribe
A supplier gives your nephew a job, but makes it clear that in return they expect you to use your influence in our organisation to ensure we continue to do business with them.
It is an offence for a supplier to make such an offer. It would be an offence for you to accept the offer as you would be doing so to gain a personal advantage.
Gifts and hospitality
(a) it is not made with the intention of influencing a third party to obtain or retain business or a business advantage, or to reward the provision or retention of business or a business advantage, or in explicit or implicit exchange for favours or benefits;
1.10 We appreciate that the practice of giving business gifts varies between countries and regions and what may be normal and acceptable in one region may not be in another. The test to be applied is whether in all the circumstances the gift or hospitality is reasonable and justifiable. The intention behind the gift should always be considered.
What is not acceptable?
Facilitation payments and kickbacks
1.12 If you are asked to make a payment on our behalf, you should always be mindful of what the payment is for and whether the amount requested is proportionate to the goods or services provided. You should always ask for a receipt which details the reason for the payment. If you have any suspicions, concerns or queries regarding a payment, you should raise these with the Operations Manager.
1.13 Kickbacks are typically payments made in return for a business favour or advantage. All workers must avoid any activity that might lead to, or suggest, that a facilitation payment or kickback will be made or accepted by us.
Potential risk scenarios: “red flags”
1.14 The following is a list of possible red flags that may arise during the course of you working for us and which may raise concerns under various anti-bribery and anti-corruption laws. The list is not intended to be exhaustive and is for illustrative purposes only.
If you encounter any of these red flags while working for us, you must report them promptly using the procedure set out in the whistleblowing policy:
(b) you learn that a third party has a reputation for paying bribes, or requiring that bribes are paid to them, or has a reputation for having a “special relationship” with foreign government officials;
1.16 The prevention, detection and reporting of bribery and other forms of corruption are the responsibility of all those working for us or under our control. All workers are required to avoid any activity that might lead to, or suggest, a breach of this policy.
1.17 You must notify your manager as soon as possible if you believe or suspect that a conflict with this policy has occurred, or may occur in the future. For example, if a client or potential client offers you something to gain a business advantage with us, or indicates to you that a gift or payment is required to secure their business.
1.18 Any employee who breaches this policy will face disciplinary action, which could result in dismissal for gross misconduct. We reserve our right to terminate our contractual relationship with other workers if they breach this policy.
1.21 You must ensure all expenses claims relating to hospitality, gifts or expenses incurred to third parties are submitted in accordance with our expenses policy and specifically record the reason for the expenditure.
1.22 All accounts, invoices, memoranda and other documents and records relating to dealings with third parties, such as clients, suppliers and business contacts, should be prepared and maintained with strict accuracy and completeness. No accounts must be kept “off-book” to facilitate or conceal improper payments.
How to raise a concern
What to do if you are a victim of bribery or corruption
1.24 It is important that you tell the Operations Manager as soon as possible if you are offered a bribe by a third party, are asked to make one, suspect that this may happen in the future, or believe that you are a victim of another form of unlawful activity.
1.25 Workers who refuse to accept or offer a bribe, or those who raise concerns or report another’s wrongdoing, are sometimes worried about possible repercussions. We aim to encourage openness and will support anyone who raises genuine concerns in good faith under this policy, even if they turn out to be mistaken.
1.26 We are committed to ensuring no one suffers any detrimental treatment as a result of refusing to take part in bribery or corruption, or because of reporting in good faith their suspicion that an actual or potential bribery or other corruption offence has taken place, or may take place in the future. Detrimental treatment includes dismissal, disciplinary action, threats or other unfavourable treatment connected with raising a concern. If you believe that you have suffered any such treatment, you should inform the compliance manager immediately. If the matter is not remedied, and you are an employee, you should raise it formally using our Grievance Procedure.
Training and communication
1.28 Our zero-tolerance approach to bribery and corruption must be communicated to all suppliers, contractors and business partners at the outset of our business relationship with them and as appropriate thereafter.
Anti-Money Laundering and Counter-Terrorist Financing Policy
This policy is applicable to multiple parties to varying degrees and as a consequence the following definitions should be used to interpret the applicability of the policy:
- The Client: any company in a direct contractual relationship with Mushroom Management Ltd (“Mushroombiz”, “the Company”)
- The End Client: the end user of products whose use of the product is a consequence of their relationship with the Client.
- Dependent Duties: Duties which Mushroombiz is obliged to carry out in regards to each Client
- Independent Duties: Duties which Mushroombiz is obliged to carry out regardless of the involvement of Clients.
- GENERAL PROVISIONS
- This policy has been prepared by Mushroom Management Ltd to set out the company’s policy for complying with the UK AML/CTF regime (principally, The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (‘the Regulations’), and the Proceeds of Crime Act 2002). Mushroombiz is committed to upholding its AML/CTF obligations under UK legislation.
- The Money Laundering Reporting Officer (MLRO) is Tina Surman.
- Mushroombiz must regularly review this policy (and in any case at least annually) to ensure it remains up-to-date and adequate. A written record must be kept of when the policy was last reviewed and any changes that were made.
This policy must be communicated and read by all staff. A written record must be maintained to confirm all staff have read and understood this policy. If any changes are made following the review set out in 1.3, these changes must also be communicated to staff and a written record maintained to confirm they have read and understood the changes.
Mushroombiz’s Independent Duties
- RISK ASSESSMENT FOR ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING PURPOSES
- A formal and documented risk assessment will be undertaken that will focus on the risk arising from factors including our clients, the countries in which we operate, the services we provide and how we deliver our services.
- The risk assessment will be renewed on a risk-sensitive basis and in any case at least annually.
- From the most recent risk assessment, the key areas of risk at present are:
- Conducting Business with clients that we have not met face to face;
- Identifying and managing high risk business relationships;
- Risks associated with our services – particularly Payroll processing and privacy.
- APPOINTMENT OF MONEY LAUNDERING REPORTING OFFICER (MLRO)
- The MLRO of Mushroombiz is Tina Surman.
- Should the identity of the MLRO change, Mushroombiz must inform the supervisory authority (CIMA) of the identity of the new MLRO within 14 days of the appointment.
- The MLRO is responsible for monitoring the adequacy of the Company’s AML/CTF systems and controls and to mitigate and manage the risk of Money Laundering and Terrorist Financing.
- The MLRO is responsible for ensuring all relevant employees receive AML/CTF training (as set out in Section 9).
- Where an internal SAR is made to the MLRO, the MLRO must consider it in the light of any relevant information which is available to them and determine whether it gives rise to knowledge or suspicion or reasonable grounds for knowledge or suspicion that a person is engaged in money laundering or terrorist financing. If so, the MLRO must ensure that a SAR is made to the National Crime Agency.
- SUSPICIOUS ACTIVITY REPORTING
- All staff must report knowledge or suspicion, or reasonable grounds for knowledge or suspicion, that another person is engaged in Money Laundering or Terrorist Financing (‘suspicious activity’). This is a personal obligation for every member of staff and failure to report is a criminal offence punishable by imprisonment.
- Staff must report suspicious activity immediately in writing and by email directly to the MLRO. The MLRO will then make a suspicious activity report (SAR) to the National Crime Agency where required.
- The justification as to why a SAR was or was not submitted by the MLRO to the National Crime Agency will be recorded in a confidential and separate place from the client file.
- All staff must ensure the person on whom the SAR was made is not made aware of the SAR. It is a criminal offence punishable by imprisonment to disclose to a person that a SAR has been made on them.
- Mushroom Management Ltd must:
- ensure all relevant employees are aware of the law relating to Money Laundering and Terrorist Financing and the requirements of data protection, which are relevant to the implementation of the Regulations; and
- regularly give all relevant employees training in how to recognise and deal with transactions and other activities or situations which may be related to Money Laundering and Terrorist Financing.
- Employees who are required to be provided with training under 9.1. are:
- employees whose work is relevant to Mushroombiz complying with the Regulations; or
- employees whose work is capable of contributing to the identification and mitigation of the risk of Money Laundering and Terrorist Financing, or preventing or detecting Money Laundering and Terrorist Financing.
- The training provided must in particular focus on the key areas of risk identified in the Company’s assessment and set out in 2.3.
- A written record of the training provided under 9.1 must be maintained and include the training content, the date of attendance, and employee confirmation that they attended and understood the training.
- All relevant employees must receive the training provided under 9.1 upon joining Mushroombiz.
- The MLRO is responsible for deciding when additional training is required or when training should be refreshed to satisfy the requirements under 9.1, and when doing so must take into account at least any changes in the nature of Mushroombiz, regulatory changes and whether any internal or external SARs have been made.
- RECORD KEEPING
- Mushroombiz must keep:
- a copy of any documents and information obtained to satisfy our CDD (including ongoing monitoring and EDD) obligations set out in this policy;
- sufficient supporting records (consisting of the original documents or copies) in respect of a transaction (including an occasional transaction that does not form part of a business relationship) which is the subject of CDD (including ongoing monitoring and EDD) to enable the transaction to be reconstructed;
- suspicious activity records as set out in Section 8; and
- training records as set out in Section 9.
- Mushroombiz must keep the records set out in 10.1 for a period of 5 years. This will begin on the date on which the business relationship comes to an end or for an occasional transaction that is not part of a business relationship, the date on which the transaction is complete.
MushroomBIz’s Duties in relation to clients
- CLIENT DUE DILIGENCE (CDD) – CLIENT IDENTIFICATION
- CDD must be carried out when a business relationship is established. To satisfy this, the CDD forms contained in CIMA’s Members’ Handbook will be used to:
- identify the client and verify their identity;
- obtain information on the purpose and intended nature of the business relationship;
- check for the existence of any beneficial owners, and, if present, identify them and take reasonable measures to verify their identity.
- The nature and extent of evidence and information obtained to satisfy 3.1 must reflect the level of risk the business relationship poses. Therefore, a client risk assessment must be performed on every client to assess the level of Money Laundering and Terrorist Financing risk they pose. To satisfy this, the CDD forms contained in CIMA’s Members’ Handbook will be used.
- The requirements set out in 3.1 must be satisfied before a business relationship is established with the client. The only exception is where verification of the client (and, if applicable, any beneficial owner) is performed during the establishment of a business relationship because it is necessary not to interrupt the normal conduct of business and there is little risk of Money Laundering and Terrorist Financing.
- The Terms of Engagement must outline the services to be provided with sufficient detail to make clear to the client and Mushroombiz the intended nature and purpose of the business relationship and the services to be provided. The Terms of Engagement must also provide the client with the data protection information as required under regulation 41 of the Regulations.
- A business relationship must not be established, unless Mushroombiz has satisfied the requirements set out in 3.1 (as informed by the client risk assessment set out in 3.2). Mushroombiz must also consider making a suspicious activity report (SAR) to the MLRO (if applicable) or directly to the National Crime Agency (for example, if the client has been deliberately difficult or evasive).
- Should the client request additional or different services, it may be necessary to perform all or part of the requirements set out in this section as necessary in relation to the additional or different services.
- CLIENT DUE DILIGENCE (CDD) – REGULAR MONITORING OF CLIENTS
- Regular monitoring measures must be applicable and include:
- the scrutiny of transactions/activity undertaken throughout the course of the relationship (including, where necessary, the source of funds) to ensure that the transactions/activity are consistent with our knowledge of the client, the client’s business and risk profile; and
- undertaking reviews of existing client records and keeping the documents or information obtained on the client up-to-date.
- The degree and nature of the regular monitoring measures in 4.1 must reflect the level of risk the business relationship poses (as identified in the client risk assessment set out in 3.2).
- As part of the regular monitoring measures in 4.1, Mushroombiz shall assess on a the level of risk the business relationship poses (as identified in the client risk assessment set out in 3.2) and whether that level has changed.
- The business relationship shall be terminated if Mushroombiz has been unable to satisfy the requirements set out in 4.1 (as informed by the client risk assessment set out in 3.2). A suspicious activity report (SAR) to the MLRO (if applicable) or directly to the National Crime Agency may be required.
- ENHANCED DUE DILIGENCE MEASURES (EDD)
- Enhanced due diligence measures are applicable where a business relationship has been assessed as high risk and purports to manage and mitigate that risk. EDD measures must be applied in addition to the requirements set out in 3.1 and 4.1. High risk situations include:
- a high risk of Money Laundering or Terrorist Financing as it is a high risk situation identified in our risk assessment and set out in 2.3 or in the information made available by our Supervisory Authority (CIMA);
- the client is established in a high-risk third country;
- the client is a politically exposed person, or a family member or known close associate of a politically exposed person (collectively referred to as ‘a PEP’);
- the client has provided false or stolen identification documentation or other information and we propose to continue to deal with that client;
- a transaction is (i) complex and unusually large, or there is an unusual pattern of transactions, and (ii) the transaction or transactions have no apparent economic or legal purpose;
- any other case which by its nature can present a higher risk of money laundering or terrorist financing, including a business relationship identified as high risk when we perform the client risk assessment set out in 3.2.
- The CDD forms contained in CIMA’s Members’ Handbook will be used to assist with identifying whether any of the high risk situations set out in 5.1 apply.
- The EDD measures Mushroombiz must apply for the high risk situations set out in 5.1 depend on the nature of the high risk, and may include:
- seeking additional independent, reliable sources to verify information provided or made available to the relevant person;
- taking additional measures to understand better the background, ownership and financial situation of the client, and other parties to the transaction/activity;
- taking further steps to be satisfied that the transaction/activity is consistent with the purpose and intended nature of the business relationship;
- increasing the monitoring of the business relationship, including greater scrutiny of transactions/activity.
- With regards to the high risk situation as per clause 5.1.c, the level of risk the PEP client poses and the extent of EDD measures to be applied have to assessed. When making this assessment, information made available by the Supervisory Authority (CIMA) and HM Treasury approved guidance must be considered. However, EDD measures must include:
- obtaining approval from senior management for establishing or continuing the business relationship with that client;
- taking adequate measures to establish the source of wealth and source of funds which are involved in the proposed business relationship or transactions with that client; and
- where the business relationship is entered into, conduct enhanced ongoing monitoring of the business relationship with that person.
- With regards to the high risk situation as per clause 5.1.e, the EDD measures must at least include:
- the examination of the background and purpose of the transaction; and
- the degree and nature of monitoring of the business relationship in which the transaction is made to determine whether that transaction or that relationship appear to be suspicious.
- Mushroombiz may rely on another regulated person under the Regulations to satisfy the requirements set out under 3.1, but Mushroombiz remains liable for any failure to satisfy these requirements.
- In the event Mushroombiz relies on another regulated person, it must:
- immediately obtain from the regulated person in question the information required to satisfy the requirements under 3.1; and
- enter into a written arrangement that (i) enables us to obtain from the regulated person immediately on request copies of any identification and verification data and any other relevant documentation related to the requirements under 3.1, and (ii) require the regulated person to retain copies of the data and documents referred to in (i) for the period of time required under the Regulations.
Mushroombiz Duties in relation to end-clients
11.1 Mushroombiz is not obligated to carry out any of the above duties directly in regard to End Clients.
11.2 Provided that Mushroombiz fulfills its duties, as set out above, its limited duty in relation to End Clients will have been fulfilled.
Information Security Policy Statement
The Policy of the Company is on a continuing basis to exercise due care and due diligence to protect Information Systems from unauthorised access, use, disclosure, destruction, modification disruption or distribution.
This will ensure that our reputation with our clients is maintained through confidentiality, integrity and availability.
Management will ensure business, legal, regulatory requirements and contractual security obligations are taken into account.
Risk Assessments against agreed criteria is continually undertaken.
The Management Team bears the responsibility for establishing and maintaining the system and undertakes to ensure its integrity is maintained through instruction and training of its personnel and that each employee has a proper understanding of what is required of them.
Equally every employee has a personal responsibility to maintain this itnegrity.
Further the Management will ensure any subcontractor employed for a particular function that will meet the requirements specified and accept responsibility for their actions.
The Organisation has a Policy of Continuous Improvement and Objective setting in line with the ISO27001:2013 Standard.
The Information Security Management System will be monitored regularly under the Top Management’s ultimate responsibility with regular reporting of the status and effectiveness at all levels.
PII Data Processing
|PII Data||Basis 1*||Basis 2*||PII Processing Status||Retention Period||Article 14 Notice?|
|Email Address||Legitimate Interest||Consent||Controller||12 months||Variability Applies|
|Name||Legitimate Interest||Consent||Controller||12 months||Variability Applies|
|Job Role**||Legitimate Interest||Consent||Controller||12 months||Variability Applies|
|Employer/Organisation**||Legitimate Interest||Consent||Controller||12 months||Variability Applies|
Notes on our PII Data Processing Matrix:
*There may be more than 2 bases of processing your PII
**We deem these fields to be PII data when these are read with a contact object within our systems. If we pseudonymise this contract object, these fields would no longer be classed as PII Data.