This privacy notice tells you what to expect when Myki through its website, application or otherwise collects personal information.
Myki has unilaterally chosen to adhere to the guidelines of data protection set forth by the European Union in the General Data Protection Regulation - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, we have adapted the following notice mirroring guidelines from the UK Information Commissioners Office (ICO) and other industry best practices.
In scope, sources of personal information include:
When someone visits the Myki website, we use third-party services, such as Google Analytics, to collect standard internet log information and details of visitor behavior patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is processed anonymously, if we collect personally identifiable information through our website, we will do so explicitly and with proper consent.
A cookie is a small piece of data that is sent to your browser or device by our website, mobile applications, and advertisements that you access or use. This data is stored on your browser or device and helps us remember things about you. We recognize cookies as containing personally identifiable information and handle them accordingly.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
We use third-party providers, such as MailChimp, to deliver our newsletters. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our services. For more information, please see associated privacy notice.
All our newsletters offer clear and simple to use opt-out notices.
We use a third-party service, ghost.org, to publish our blog, and some of our microsites. These sites are hosted on Myki servers. We use a standard Ghost service to collect anonymous information about users' activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it.
We collect information volunteered by our members or those who have opted to hear from us using an online reporting tool hosted by Google Form Surveys. Google is a data processor for Myki and only processes personal information in line with our instructions.
Myki’s world class security team keep a vigilant eye on our systems, but we also employ third-party services to help maintain the security and performance of our offerings to ensure our users privacy and our clients security.
We use a third-party provider, Hootsuite to manage our social media interactions. If you send us a private or direct message via social media the message will be stored by Hootsuite for three months. It will not be shared with any other organizations.
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
We have to hold the details of the people who have requested the service in order to provide it. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might use information about people who have installed the Myki app to carry out a survey to find out if they are happy with the level of service they received. When people do subscribe to our services, they can cancel their subscription at any time and are given an easy way of doing so.
When individuals apply to work at Myki, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from criminal records, we will not do so without informing them beforehand unless the disclosure is required by law.
Personal information about unsuccessful candidates will be held for no longer than 12 months after the recruitment exercise has been completed, it will then be deleted as per our data destruction policy. We retain anonymized statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
Once a person has taken up employment with Myki, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment has ended, we will retain the file in accordance with the requirements of our data retention policy and then delete it.
We use a third-party service to manage all our help desk services to track and respond to any requests through the site or our application. We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects regarding to the collection and use of personal information. However, we are happy to provide any additional information or explanation needed.
Myki tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ through our helpdesk portal, if we do hold information about you we will:
In most circumstances, we will not disclose personal data without consent. However, when we investigate a complaint, for example, we will need to share personal information with the organization concerned and with other relevant bodies.
You can also get further information on:
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Data Controller – The person who (either alone or with others) decides what personal information (insert name of org) will hold and how it will be held or used.
Data Protection Officer – The person(s) responsible for ensuring that Myki follows its data protection policy and complies with relevant local laws concerning data protection.
Individual/Service User/Data Subject – The person whose personal information is being held or processed by Myki for example: a client, an employee, or supporter.
Explicit consent – is a freely given, specific and informed agreement by an Individual/Service User in the processing of personal information about her/him. Explicit consent is needed for processing sensitive data.
Notification – Notifying the relevant authorities about the data processing activities of Myki, as certain activities may be exempt from notification.
Processing – means collecting, amending, handling, storing or disclosing personal information.
Personal Information – Information about living individuals that enables them to be identified – e.g. name and address. It does not apply to information about organizations, companies and agencies but applies to named persons, such as individual volunteers or employees within Myki.
Sensitive data – refers to data about: