We are the UKs leading Marketing Services provider. For over 30 years we’ve provided best-in-class Marketing Services and POS Fulfilment solutions to the world’s biggest brands, including Nestle, Diageo, Heineken, Morrison’s, and Coca-Cola.
Our 5 UK Fulfilment Centres spanning over 600,000 sq. ft. help our client’s marketing teams manage and deliver their marketing activity.
In practice, that means we deliver boxes and pallets on behalf our clients, usually to business addresses. In the main, the goods we deliver are “not for resale” but there are exceptions.
Acting on behalf of our clients means we act as a “processor” of your data. We use data provided by our clients, e.g a name and address, to deliver goods for them. Delivering goods means we work with a range of parcel carriers so we share your delivery details with them too.
Explaining the legal basis for processing your data
mda must have a valid lawful basis in order to process personal data. The first principle of data protection law requires that mda processes all personal data lawfully, fairly and in a transparent manner.
We have listed and evaluated our processing and made a record of the lawful basis for processing.
In most situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
In specific situations, we can collect and process your data with your consent. For example, if we process a credit card transaction.
When do we collect your data?
When our client supplies your name, address and contacts information so we can deliver goods. This may be in an email to our client services team, via a secure website or sent electronically, direct from our client’s system.
When you contact us by any means with queries, complaints etc.
In limited instances, we do collect data for payments where applicable. In the main, mda is a b2b company but we do collect a small number of payments from consumers on behalf of our clients.
What sort of data do we collect?
The bulk of our processing activity is concerned with name, address data and contact data that has been passed to us by our clients for the purpose of delivering goods. That means we may store your phone number and email address to help manage the order.
How we protect your data
mda has implemented a series of technical and organisational security measures to keep your data safe.
Our data centres are kept under lock and key and have up to date cyber security systems to help keep intruders at bay.
mda team members have had information security training which is kept on record. New starters naturally received the same training.
We are have achieved ISO27001 certification across all our sites.
Our use of cloud computing suppliers is subject to checks that adequate safeguards have been put in place to protect your data. We reserve the right to carefully select suppliers that may result in data being transferred outside the EEA where they have appropriate technical and organisational measures in place to comply with GDPR requirements. This may knclude Privacy Shield, Data Processing Amendments and EU Model Contract Clauses.
How long do we keep your data?
Fulfilment data is processed in mda systems for the purpose of delivering items to an individual(s).
Unless there is an overriding need to keep an individual’s personal information (see exemptions below) name, address, phone number and email address shall be anonymised 12 months after an order was received by mda.
If the fulfillment data relates to delivery of items that may be subject to safety recalls e.g food, drink or heath items, personal data shall be retained in the interest of the individual.
Who do we share your data with?
Delivering goods means we work with a range of parcel carriers. We create labels to attach to parcels and pallets and created delivery manifest files to help the carrier process your delivery. This data is is shared for the purpose of delivering goods and is not used for marketing purposes or large scale analysis.
Where do we store your data?
Our data centres are in the UK. In addition, we use “cloud computing” providers such as Google and Microsoft for services such as email.
What are your rights over your personal data?
You have the right to request:
- Access to the personal data we hold about you, free of charge in most cases.
- The correction of your personal data when incorrect, out of date or incomplete.
- That we stop any consent-based processing of your personal data after you withdraw that consent.
- The right to erasure, to object and to restrict processing.
You have the right to request a copy of any information about you that mda holds at any time, and also to have that information corrected if it is inaccurate.
To ask for your information, please contact:
Head of IT
Client Support Centre
If we choose not to action your request we will explain to you the reasons for our refusal.
Your right to withdraw consent:
If you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest:
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
Proof of identity:
We require proof of your identity before we can disclose personal data. This is needed so we can ensure we are disclosing your personal data to the correct person. Proof of your identity should include a copy of two documents such as your birth certificate, passport, driving licence, official letter addressed to you at your address e.g. bank statement, recent utilities bill or council tax bill.
Cookies are small text files which are stored on the browser or hard drive of your computer or mobile device when you visit a webpage or application.
We use Google Analytics which involves us sending information to Google so we can create aggregated reports. This allows us to monitor which browsers are used, what time of day people use the system and so on. We do not collect personally identifiable data through this process.