1. MHR People First Privacy Notice
MHR is committed to protecting your privacy and the security of your personal data and information. This notice explains MHR’s position regarding the processing of your personal data and is provided to help you understand how we collect, process and protect your personal data when you use the People First application.
MHR is a data processor in relation to personal data and information that is collected via this application.
2. Privacy Principles
- MHR will only process personal data and information provided to us on People First as part of a contractual arrangement with our customer (your employer).
- MHR will only keep personal information in accordance with your employer’s retention schedule or the contract that we have with them.
- No personal information will be shared by MHR with third parties other than those specified by your employer except where it is required by law.
- The personal information collected by MHR on behalf of our customers will only be used for the purposes set out in the contract.
As your employer uses MHR services, this Privacy Notice provides information about the way that that MHR supports compliance with Data Protection legislation. Please refer to your employer’s Privacy Notice for information relating to the purposes for the collection and processing of your personal data and the exercise of your rights in relation to it.
3. How MHR collects personal information
As a registered user MHR stores personal data provided to the People First system by you and/or your employer in order to deliver the services that have been requested or purchased and to meet contractual requirements.
MHR may also record information about which areas of the site have been visited and information such as, for example search queries entered. This is for the purposes of improving the availability, security and prominence of the information most relevant to each registered user, and through trend analysis identify benefits for the user community.
4. How MHR processes personal information
Your personal data and information will only be processed by MHR and by authorised partners and sub processors for the purpose of providing the services we offer to your employer as part of the contract.
MHR may disclose personal data and information if it is required to do so by law, court order or for the prevention of fraud or crime or if we believe it is necessary to defend the rights, or property of MHR or the personal safety of our staff.
5. Disclosure to Third Parties
5.1 Disclosure to Third Parties
MHR will supply your information to third parties as directed by your employer. These third parties will be organisations such as HMRC and other government departments, benefits providers, pension scheme providers etc. More information about this sharing of information will be provided by your employer.
MHR may facilitate the provision of our services through partnerships with other organisations and to do this we may need to share your personal data / information with them. These partners will be authorised by your employer as part of the contractual agreement.
5.2 Sub-Processors
Sub-processors are third parties who provide elements of our service. We have contracts in place with our sub-processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period your employer instructs. Current sub-processors include:
- Cronofy for calendar services
- Google for mapping services
- Pusher to support the check-in chat tools
- Send Grid to provide a SMTP service for emails from within People First
- Microsoft Azure who provide the platform on which the application sits
- Microsoft Clarity who provide our analytic tools that help us to develop the application
- Maze for user surveys in respect of product feedback.
5.3 Third Party Websites
The People First application may contain links to other third-party websites. These third-party websites are not owned or controlled by MHR, and we accept no responsibility for their content, their privacy policies or how they treat information obtained from their users.
6. Cookies
Whilst you are using this website, we may use cookies and collect other information (such as IP addresses) regarding your browsing activity. This information is used to assist us in evaluating, developing and improving the People First application.
Additionally, whilst navigating the People First application your data may be collected by third parties using cookies. These will include organisations such as Microsoft for analytics and development purposes; their privacy policy can be found here and T&C’s here.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites/applications work, or work more efficiently to improve the user experience, as well as to provide information to the owners of the site.
If you do not wish to receive these cookies you can disable them in your browser, but in doing so it may affect the functionality of the People First application. Most web browsers allow some control of cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
7. International Transfers
Personal data processed within the People First application for registered users will remain in the territory where your company operates. For UK customers, personal data will remain within the EEA except for the data processed by Send Grid & Maze which is processed in the USA. Where data is processed in a country other than one where there is an adequacy agreement in place we have made sure that appropriate safeguards are in place.
8. Information Security
MHR International UK Limited provides People First’s technical and organisations controls in line with its approval to the ISO27001 international standard and code of practice for Information Security. This approval is independently accessed by LRQA and has been held since 2005. MHR also conduct regular vulnerability assessments and independent penetration testing to ensure high levels of assurance of your information.
9. How long we keep your personal data for:
MHR will retain your personal data or information in accordance with your employer’s retention schedule or contractual arrangements. We may for analytical purposes anonymise the data and utilise this anonymised data for research and development purposes.
10. Your Rights
You should contact your employer about your rights in relation to your personal data or information.
11. Changes to this Privacy Policy
This privacy policy was last updated in December 2023. MHR may change this privacy policy to update new or different privacy practices in relation to your personal data. MHR will tell your employer and place a notice online when we make material changes to this privacy policy.
Please e-mail any questions, concerns or comments you have about this policy to:
MHR International UK Ltd
Mere Way
Ruddington
Nottingham
NG11 6JS
Telephone 0115 945 6000
Email: dpo@mhr.co.uk