MD Associates
02890 028 409
01244 445 210
hr@mdassociates.co.uk
Talk To Us
Talk To Us

Privacy Policy

Introduction
Margaret Douglas Associates Limited (trading as MD Associates Ltd) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller
Margaret Douglas Associates Limited
Registered in England and Wales
Contact: hr@mdassociates.co.uk

Data Protection Officer: John Smith

Information We Collect
We may collect and process the following categories of personal data:

• Identity Data: name, title, job title, company name
• Contact Data: email address, telephone number, postal address
• Professional Data: employment history, qualifications, professional expertise
• Financial Data: bank account details, payment information
• Technical Data: IP address, browser type, device information, website usage data
• Communications Data: records of correspondence and communications with us
• Identity Verification Data: information required for anti-money laundering compliance

How We Use Your Information
We use your personal data for the following purposes:

• To provide consulting services and execute client contracts
• To communicate with you about our services, projects, and engagements
• To process payments and manage billing
• To comply with legal and regulatory obligations including anti-money laundering requirements
• To maintain our business relationship and provide customer support
• To improve our services and website functionality
• To send relevant business communications (where you have consented)

Legal Basis for Processing
We process your personal data under the following legal bases:

• Contractual Necessity: to perform our obligations under service agreements
• Legitimate Interests: to operate our business, provide services, and maintain client relationships
• Legal Obligation: to comply with applicable laws including anti-money laundering and financial regulations
• Consent: where you have specifically agreed to processing for marketing purposes

Data Sharing and Disclosure
We do not sell your personal data. We may share your information with:

• Related entities: INHR (Northern Ireland) and AHG Management Services Ltd (Deeside, North Wales) for administrative support, document management, compliance, and IT services
• Service providers who assist in delivering our services (e.g., IT support, typing, printing, professional advisors)
• Clients, where necessary to provide agreed services
• Professional bodies and regulators where required
• Law enforcement or regulatory authorities where legally required
• Banks and payment processors for payment processing
• Identity verification services for anti-money laundering compliance

All third parties are required to maintain appropriate security standards, preserve confidentiality and legal privilege, and use your data only for specified purposes. We have contractual arrangements in place to ensure protection of your information.

International Transfers
Where we transfer personal data outside the European Economic Area, we ensure appropriate safeguards are in place, including Standard Contractual Clauses as required by UK GDPR.

Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:

• Secure IT systems and encrypted communications
• Access controls and authentication procedures
• Regular security assessments and updates
• Staff training on data protection and confidentiality responsibilities
• Confidentiality agreements with all personnel and third-party processors
• Secure banking protocols including fraud prevention measures

Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

• Client data: for the duration of the business relationship plus 7 years for legal, tax, and regulatory purposes
• Financial records: 7 years from end of engagement
• Identity verification records: 5 years from end of engagement (AML compliance)
• Marketing data: until consent is withdrawn or the data is no longer relevant
• Website analytics: typically 26 months

Your Rights
Under UK GDPR, you have the following rights:

• Right of Access: request copies of your personal data
• Right to Rectification: request correction of inaccurate data
• Right to Erasure: request deletion of your data (subject to legal retention requirements)
• Right to Restrict Processing: request limitation of how we use your data
• Right to Data Portability: receive your data in a structured, machine-readable format
• Right to Object: object to processing based on legitimate interests or for marketing
• Right to Withdraw Consent: where processing is based on your consent

To exercise these rights, please contact our Data Protection Officer, John Smith, at john@mdassociates.co.uk. We will respond within one month.

Cookies and Website Analytics
Our website uses cookies to improve user experience and analyse site usage. You can manage cookie preferences through your browser settings. For detailed information, please see our separate Cookie Policy.

Changes to This Policy
We may update this Privacy Policy periodically. The latest version will always be available on our website with the revision date clearly displayed.

Complaints
If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113 | Website: www.ico.org.uk