The legal bit. Our policies and procedures.
Mark One Consultants Limited recognises that the disciplines of quality, health and safety and environmental management are an integral part of its management function. The Organization views these as a primary responsibility and to be the key to good business in adopting appropriate Quality standards.
The Organization Quality policy calls for continuous improvement in its Quality management activities and business will be conducted according to the following principals:
- Comply with all applicable statutory laws and regulations
- As an organization we have made a commitment to understand our current and future customers’ needs; meet their requirements and strive to exceed their expectations.
- Follow a concept of continuous improvement and make best use of its management resources in all Quality matters.
- Communicate its Quality objectives and its performance against these objectives throughout the Organization and to interested parties.
- Take due care to ensure that activities are safe for employees, associates and subcontractors and others who come into contact with our work.
- Work closely with our customers and suppliers to establish the highest Quality standards.
- We have committed to achieving continual improvement across all aspects of our quality management system; it is one of our main annual objectives.
- Adopt a forward-looking view on future business decisions which may have Quality impacts.
- An organization and the relationship it has with its external providers are interdependent and a mutually beneficial relationship enhances the ability of both to create value.
- As an organization we have committed to only make decisions relating to our QMS following an analysis of relevant data and information.
- Train our staff in the needs and responsibilities of Quality management.
Reviewed: April 2020
It is the policy of Mark One Consultants to maintain an information management system designed to meet the requirements of ISO 27001:2017 in pursuit of its primary objectives, the purpose and the context of the organisation.
It is the policy of M1C to:
- Make the details of our policy known to all other interested parties including external where appropriate and determine the need for communication and by what methods relevant to the business management system.
- Comply with all legal requirements, codes of practice and all other requirements applicable to our activities; therefore, as a company, we are committed to satisfy applicable requirements related to information security and the continual improvement of the ISMS.
- provide all the resources of equipment, trained and competent staff and any other requirements to enable these objectives to be met;
- ensure that all employees are made aware of their individual obligations in respect of this information security policy;
- Maintain a management system that will achieve these objectives and seek continual improvement in the effectiveness and performance of our management system based on “risk”.
This information security policy provides a framework for setting, monitoring, reviewing and achieving our objectives, programmes and targets. To ensure the company maintains its awareness for continuous improvement, the business management system is regularly reviewed by “Top Management” to ensure it remains appropriate and suitable to our business. The Business Management System is subject to both internal and external annual audits.
Scope of the Policy The scope of this policy relates to use of the database and computer systems operated by the company in pursuit of the company’s business of providing IT and software services to the private and public sector. It also relates where appropriate to external risk sources including functions which are outsourced.
Reviewed: 14th January 2019
Mark One Consultants Limited maintains GDPR Documents which are stored on their server and can be supplied to clients upon request. The below documentation is an outline of Mark One Consultants GDPR policy statement and further information can be obtained by using this policy with the ‘GDPR Data Breach Management Document IT’, ‘M1C Company Documents’, ‘Mark One Office Layout’ and ‘TEAMS GDPR Data Breach Management Document’.
The purpose of this policy is to outline Mark One Consultants commitment to maintaining and securing personal and confidential information of its staff, customer and suppliers. Mark One Consultants is considered as a data controller as Mark One Consultants have access to personal and private information through software and support systems; however Mark One Consultants do not process this data. Mark One Consultants may store client’s data on servers as a failsafe, hosting service or backup service. Mark One Consultants however ensure that all data held, obtained and communicated to its staffs is;
GDPR is a requirement for Mark One Consultants as they trade within the EU. Personal data of staff and customers fall under this.
Individuals have the same rights under the GDPR law and these rights form the foundation of the Mark One Consultants GDPR Policy. Mark One Consultants will ensure:
- Right to be informed. Where possible Mark One Consultants will inform involved parties of what data is being collected and shared with third parties. This can also be done on request and will be done in plain clear language.
- The right of access. Individuals can submit access requests to Mark One Consultants in which Mark One Consultants will provide a copy of all personal data held concerning the individual. Mark One Consultants will do this within one month of the request.
- The right to rectification. If any individual discovers any information the Mark One Consultants holds to be inaccurate or incomplete they can request that it be updated. Mark One Consultants will do this within one month of the request.
- The right to erasure. Individuals can request that Mark One Consultants erase their data in certain circumstances, such as when the data is no longer necessary, the data was unlawfully processed or it no longer meets the lawful ground for which it was collected. This includes instances where the individual withdraws consent.
- The right to restrict processing. Individuals can request that a Mark One Consultants limits the way it uses personal data. It’s an alternative to requesting the erasure of data, and might be used when an individual contests the accuracy of their personal data or when they no longer need the information but Mark One Consultants requires it to establish, exercise or defend a legal claim.
- The right to data portability. Individuals are permitted to obtain and reuse their personal data for their own purposes across different services. This right only applies to personal data that an individual has provided to data controllers by way of a contract or consent.
- The right to object. Individuals can object to the processing of personal data that is collected on the grounds of legitimate interests or the performance of a task in the interest/exercise of official authority. Mark One Consultants must stop processing information unless they can demonstrate compelling legitimate grounds for the processing that overrides the interests, rights and freedoms of the individual or if the processing is for the establishment or exercise of defence of legal claims.
- Rights related to automated decision making including profiling. The GDPR includes provisions for decisions made with no human involvement, such as profiling, which uses personal data to make calculated assumptions about individuals. There are strict rules about this kind of processing, and individuals are permitted to challenge and request a review of the processing if they believe the rules aren’t being followed.
Version 1 - Created: 01/07/2019 - Reviewed: July 2019
This website and it's owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website comply's to all UK national laws and requirements for user privacy.
Contact and Communication
Users contacting this website and/or it's owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed in the Data Protection Act 1998. Every effort has been made to ensure a safe and secure form to email submission process but advise users using such form to email processes that they do so at their own risk. This website and it's owners use any information submitted to provide you with further information about the products / services they offer or to assist you in answering any questions or queries you may have submitted. This includes using your details to subscribe you to any email newsletter program the website operates but only if this was made clear to you and your express permission was granted when submitting any form to email process. Or whereby you the consumer have previously purchased from or enquired about purchasing from the company a product or service that the email newsletter relates to. This is by no means an entire list of your user rights in regard to receiving email marketing material. Your details are not passed on to any third parties.
Although this website only looks to include quality, safe and relevant external links users should always adopt a policy of caution before clicking any external web links mentioned throughout this website. The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and it's owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Adverts and sponsored links
Social media platforms
Communication, engagement and actions taken through external social media platforms that this website and it's owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively. Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website nor it's owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email. This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
Shortened links in social media
This website and it's owners may share web links to relevant web pages through their social media platform accounts. By default some social media platforms shorten lengthy url's web addresses. Users are advised to take caution and good judgement before clicking any shortened url's published on social media platforms by this website and it's owners. Despite the best efforts to ensure only genuine url's are published many social media platforms are prone to spam and hacking and therefore this website and it's owners cannot be held liable for any damages or implications caused by visiting any shortened links.
This website, on occasions, operates an email newsletter program, used to inform its users about products and services supplied by this website. Users can subscribe through an online automated process should they wish to do so but do so at their own discretion. Some subscriptions may be manually processed through prior written agreement with the user. Subscriptions are taken in compliance with UK Spam Laws detailed in the Privacy and Electronic Communications Regulations 2003. All personal details relating to subscriptions are held securely and in accordance with the Data Protection Act 1998. No personal details are passed on to third parties nor shared with companies / people outside of the company that operates this website. Under the Data Protection Act 1998 you may request a copy of personal information held about you by this website's email newsletter program. A small fee will be payable. If you would like a copy of the information held on you please write to the business address at the bottom of this policy. Email marketing campaigns published by this website or it's owners may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity [this is by no far a comprehensive list]. This information is used to refine future email campaigns and supply the user with more relevant content based around their activity. In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003 subscribers are given the opportunity to un-subscribe at any time through an automated system. This process is detailed at the footer of each email campaign. If an automated un-subscription system is unavailable clear instructions on how to un-subscribe will by detailed instead.
- Data Protection Act 1998
- Privacy and Electronic Communications Regulations 2003
- Privacy and Electronic Communications Regulations 2003 - The Guide