top of page

1.             POLICY STATEMENT

1.1           Everyone has rights with regard to the way in which their personal data in handled. During the course of our activities, Mediator Locator may collect, store and use information about our staff, clients and customers.

1.2           All persons must comply with this policy whenever they are involved in processing personal data.

2.              About this policy

2.1           We may be required to handle information about current, past and prospective clients, customers, current and former staff and other third parties, such as those with whom we communicate.  This personal data, which may be held electronically or in structured paper files, is subject to legal safeguards set out in the Data Protection Act 1998 and the General Data Protection Regulation (collectively, the Data Protection Legislation).

2.2           This policy and any other documents referred to in it sets out the basis on which we will process any personal data we collect from individuals, or that is provided to us by individuals, clients, customers or other sources.

2.3           This policy sets out rules on data protection and the legal conditions that must be satisfied whenever we obtain, handle, process, transfer and store personal data as a Controller. 

2.4           Any questions about the operation of this policy or any concerns that the policy has not been followed should be referred to us at

3.              Definitions of data protection terms

3.1           Data subject means, for the purpose of this policy, all living individuals about whom we hold personal data.  All data subjects have legal rights in relation to their personal information.

3.2           Personal data means data relating to a living individual who can be identified from that data (or from that data and other information in our possession).  Personal data can be factual (for example, a name, address or date of birth) or it can be an opinion about that person, their actions and behaviour.

3.3           Controller is the organisation which determines the purposes for which, and the manner in which, any personal data is processed.  A Controller is responsible for establishing practices and policies in line with the Data Protection Legislation.  

3.4           Processor is any organisation that processes personal data on behalf of and on the instructions of a Controller.  For example, we are a Processor where we handle personal data on behalf of a client or a customer.

3.5           Processing is any activity that involves use of the data.  It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it.  Processing also includes transferring personal data to third parties.

3.6           Special categories of personal data means information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic information, biometric information for uniquely identifying a person, information concerning health, and information concerning a person's sex life or sexual orientation.  Information concerning criminal convictions is placed in a similar category.  These special categories are considered particularly sensitive and we will therefore only process this information where absolutely necessary in accordance with additional safeguards.

4.              Data protection principles

4.1           Whenever we process personal data as a Controller we must comply with the data protection principles.  These state that personal data must be:

(a)        processed lawfully, fairly and in a transparent way;

(b)        collected only for valid purposes that have been explained to the data subject and not used in a way that is incompatible to those purposes;

(c)         relevant and limited only to those purposes;

(d)        accurate and kept up to date;

(e)        kept only for as long as necessary for the purposes the data subject has been told about; and

(f)          kept securely.

5.              Lawful, fair and transparent processing

5.1           The Data Protection Legislation is not intended to prevent the processing of personal data, but to ensure that it is done fairly and without adversely affecting the rights of the data subject.

5.2           When processing personal data as a Controller, we will ensure that:

(a)        Personal data is processed on the basis of one of the legal grounds set out in the Data Protection Legislation.  These include, among other things, the data subject's consent to the processing, or that the processing is necessary for the performance of a contract with the data subject, for the compliance with a legal obligation to which the Controller is subject, or for the legitimate interest of the Controller or the party to whom the data is disclosed.  

(b)        Whenever special categories of personal data are being processed, additional conditions must be met.

(c)         If we collect personal data directly from data subjects, we will provide them with the transparency information required under the Data Protection Legislation.  This includes explaining the purposes for which we intend to process their personal data, the types of third parties with whom we may share the data and the existence of rights for data subjects.

6.              Processing for limited purposes

6.1           In the course of our business, we may collect and process personal data for a variety of purposes, including customer administration, marketing, recruitment of staff and staff administration, and compliance with our legal obligations.

6.2           Personal data may include information we receive directly from a data subject (for example, by completing forms or by corresponding with us by mail, phone, email or otherwise) and information we receive from other sources (including, for example, business partners, sub-contractors etc. and others).

6.3           We will only process personal data for the specific purposes set out in this policy or for any other purpose permitted by the Data Protection Legislation.  

7.              Adequate, relevant and non-excessive processing

We will only collect personal data to the extent that it is required for the specific purpose notified to the data subject.

8.              Accurate data

We will ensure that the personal data we hold is accurate and kept up to date.  We will check the accuracy of any personal data at the point of collection and at regular intervals afterwards.  We will take all reasonable steps to destroy or amend inaccurate or out-of-date data.

9.              Timely processing

We will not keep personal data longer than is necessary for the purpose or purposes for which they were collected.  We will take all reasonable steps to destroy, or erase from our systems, all data which is no longer required.

10.           Data security

10.1         We will take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.

10.2         We will put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction.  

10.3         We will maintain data security by protecting the confidentiality, integrity and availability of the personal data, defined as follows:

(a)        Confidentiality means that only people who are authorised to use the data can access it.

(b)        Integrity means that personal data should be accurate and suitable for the purpose for which it is processed.

(c)         Availability means that authorised users should be able to access the data if they need it for authorised purposes.  

11.           Changes to this policy

We reserve the right to change this policy at any time.  Where appropriate, we may notify data subjects of those changes.


GDPR – What we collect

We may collect the following information:

  • name and date of birth

  • contact information including address, email address, telephone numbers

  • email correspondence

  • information that is necessary to enable us to discharge our contractual obligations

  • information that is necessary to enable us to provide comprehensive and accurate professional services to our client

GDPR – What we do with the information we gather

We need this information to conduct our activities, and in particular for the following reasons:

  • Internal record keeping of essential contact details

  • To meet our contractual obligations

  • To perform occasional statistical analysis

  • We will periodically send emails which we think you may find interesting using the email address which you have provided.

  • We may contact you by email, phone, or mail.

GDPR – What we will never do

  • We do not share any information with any other individuals or companies or other organisations for any reason.

  • We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.

bottom of page