Privacy Notice
- Introduction
Millennium is committed to protecting the privacy of personal information and keeping such information secure.
This Privacy Notice provides information about what happens to any personal information that is given to us, or any that we may collect from or about individuals.
It covers any personal information which is collected, handled and processed by Millennium Business Technology Limited (Millennium Consulting).
This notice therefore applies across all the services we operate and provide including any financial services, products or other forms of apps or bespoke services that we develop or offer. For the purposes of this notice, we group these together under the heading of our “services”.
Our details are:
Company Legal Name |
Millennium Business Technology Limited |
Company Reg. No. |
03042752 |
Address |
75 High Street Hythe, Kent, CT21 5JQ, UK |
Main Contact |
Jeremy Lucas, Chief Operating Officer |
|
assist@millenniumconsulting.com |
Telephone |
01303 262826 |
ICO Reg. No. |
Z7369376 |
Date |
11th April 2025 |
We are a Data Controller and Processor of personal information. We acknowledge and agree that any personal data that we handle will be processed in accordance with all applicable data protection legislation, including both the UK and EU General Data Protection Regulations (GDPR) and the updated Data Protection Act 2018.
In handling your information:
- We will ensure your data is protected and your privacy is kept
- We will only collect and process your data when necessary
- We will not sell or in any other way distribute or make public your personal information
- We will respect your rights as the owner of your personal information
Should you have any queries about this Privacy Notice please contact the Chief Operating Officer by writing to the above address or by going to the Contact Us section of our website.
Please see: www.millenniumconsulting.com
- What kinds of information do we collect and how?
Millennium may collect and use the following kinds of personal information:
- Personal details and contact information, including that collected and processed in respect of staff or consultants working for or on behalf of the company such as:
- Name, address, telephone and email details
- CV/work history
- Other work related information such as education and training qualifications and certificates, references etc.
- Personal information such as passport details and if applicable work permits or visas
- Date of birth
- National Insurance number
- Outcome of criminal record checks for certain roles
- Financial information including but not limited to payroll and tax details
In addition, we may also collect:
- Information about your use of and activity on the Millennium website (including cookies)
- Information that you provide for completing a web form
- Any other information that you send to the company
This information may be provided directly to us by filling in forms or by corresponding with us by post, phone or email. It may also be provided via our website. As you interact with our website and other services we will collect technical, profile and usage data about your equipment, browsing actions and patterns of behaviour.
- How do we use the information?
The above information is used in our capacity as a management consultancy business providing consultancy services to a range of business clients across a number of sectors.
This type of personal information may be used in a number of ways.
For example, with regards to staff and external consultants we may use this information to assist us to:
- Match your skills and competencies to the types of services we are contracted to provide for our clients
- Keep you informed about opportunities for engagements as they arise
- Confirm your eligibility and competency to work, including the right to work in the UK
- Undertake relevant security and criminal record checks as required by our clients and prospective employers and as permitted by law
- Deal with any medical and health and safety issues relating to certain positions
- Put in place contractual arrangements and documentation once a role has been agreed
- Facilitate payment to you once an engagement has been agreed and work has been undertaken
- Assist with internal record keeping, reporting and accounting
- How do we hold the information?
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents or contractors who have a business need to know. They will only process your personal data on our instruction and they are subject to a duty of confidentiality.
All the personal information we hold about you will be stored on our database in the UK, in line with our Information Security Policy. We will never provide access to our database to any non-trusted third party.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Under the requirements of Data Protection legislation and GDPR we would inform our users and the ICO within 72 hours if any breach of security occurs that might compromise your data.
- When do we share or disclose your information?
It may be necessary in certain circumstances for Millennium to share your data with others. If we do share this data, we will do so in a secure manner keeping it safe and in accordance with the law. We will only share personal data if there is a justifiable reason for doing so.
Millennium may disclose your information to the extent that we are required to do so by law, in connection with any legal proceedings or prospective legal proceedings and in order to establish, exercise or defend its legal rights.
Your personal information may be shared or sent to Millennium clients. Such clients will usually be located inside the European Economic Area (EEA) but may on occasion be outside of the EEA. Personal data shall not be transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection or the appropriate safeguards are in place for your rights and freedoms. Before such a transfer takes place outside of the EEA, we will provide you with further information concerning this.
We will never sell your personal data. We will also never share your personal information with other parties for their own marketing purposes.
Trusted third parties that we may share your data with include HM Revenue and Customs (HMRC), pension scheme providers, legal advisors and other companies for the purpose of undertaking pre-engagement checks for the role or for paying you.
- What is the legal basis for processing the information?
We will collect and process your personal information for purposes covered under the lawful basis of legitimate organisational interest. In such cases we will always keep your rights at the forefront of what we do.
We will rely on your consent to process the information which is collected. We require an individual to give clear consent for us to process their personal data for a specific purpose.
We may process your information for a number of given purposes, based on the following legal justifications:
- Legitimate interests – this will apply when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
- Contractual obligations – this will apply when the processing is necessary for a contractual reason
- Legal obligations – when the processing is necessary for us to comply with applicable legislation
Examples include:
- Information and documentation to establish your right to work is processed by us as we are legally obliged to do so.
- Information in relation to criminal record checks, which are relevant for some roles, will be processed on the basis that it is necessary for us to comply with the law. We will liaise with you where such checks are required.
- Once a position or engagement has been agreed, we will process your personal data, including financial information, for the purpose of you entering into a contract to fulfil your role and to enable us to pay you, depending on the specific contractual arrangements and circumstances.
- For the purposes of paying you, where relevant, we are legally obliged to provide information to HMRC.
- Once a position or engagement has been confirmed, we may process your data on the basis of our legitimate interests, i.e. for administrative and operational purposes.
- In respect of medical information, the basis for us processing will depend on the circumstances but will usually be either because it is necessary to protect health and safety or to prevent discrimination on the grounds of disability.
The following table shows some of the purposes for which we may hold and use personal data received from employees, consultants, customers, job applicants and website visitors, together with examples of the relevant legal basis applicable for each purpose:
Purpose |
Personal Data Category |
Legal Justification |
Accounts Payable |
Contact Details Financial Data Identifiers & Legal Documents |
Contractual Obligations |
Accounts Receivable |
Contact Details Financial Data Identifiers & Legal Documents |
Contractual Obligations |
Consent Management |
Technical Identifiers Contact Details |
Legal Obligations |
Customer Relationship Management (CRM) |
Contact Details |
Legitimate Interest |
Customer Support |
Communications Data Contact Details Technical Identifiers |
Legitimate Interest |
Financial Reporting |
Contact Details Financial Data |
Legitimate Interest Legal Obligations |
HR & Payroll |
Contact Details Financial Data Identifiers & Legal Documents |
Contractual Obligations Legal Obligations |
Internal Communications |
Communications Data Contact Details |
Legitimate Interest |
Information Security |
Contact Details Technical Identifiers |
Contractual Obligations |
Lead Generation |
Contact Details |
Consent |
Legal Archiving |
Contact Details Identifiers & Legal Documents |
Legal Obligations |
Marketing |
Contact Details |
Legitimate Interest |
Product Development |
Contact Details Technical Identifiers |
Legitimate Interest |
Product Surveys/Questionnaires |
Contact Details Technical Identifiers Views & Opinions |
Consent |
Project Management |
Contact Details Work Related Data |
Legitimate Interest |
Scheduling of Services |
Contact Details |
Legitimate Interest |
Staff/Consultant Recruitment & Onboarding |
Contact Details Identifiers & Legal Documents |
Consent Contractual Obligations Legitimate interests |
Website Tracking |
Technical Identifiers |
Consent |
- What are your rights under Data Protection/GDPR?
Under the principles of Data Protection and GDPR you will have a series of enhanced rights as an individual. These will include:
- The right to request access to your personal information and to obtain information about how we process it
- The right to be informed about the processing of your personal information
- The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
- The right to object to the processing of your personal information
- The right to restrict the processing of your personal information
- The right to have your personal information erased – “the right to be forgotten”
- The right to move, copy or transfer your personal information – “data portability”
In addition, you will have rights in relation to automated decision making.
You may request details of personal information which we hold about you by applying in writing to the Chief Operating Officer. This is commonly known as a “data subject access request”. We will supply this information within 30 days. If any data is incorrect we will correct it as soon as we receive appropriate notice or evidence from you in writing.
We will take all reasonable steps to ensure that your personal information is current and accurate. If inaccurate or incomplete data is identified we will take steps to correct the data or remove securely and confidentially.
You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: www.ico.org.uk
Please contact the Chief Operating Officer for more details on the above rights.
- For how long is your personal information retained?
Your data will be retained for no longer than is necessary in accordance with relevant data protection legislation. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
We will hold your personal information based on the following criteria:
- For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
- For as long as we have a working relationship with you or for as long as someone could bring a claim against us
- In line with legal and regulatory requirements or guidance
We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation with respect to our relationship with you.
Any data no longer required will be deleted or destroyed securely and confidentially.
- How and when can you withdraw your consent?
If you have provided us with your consent to process your data you have the right to withdraw this consent at any time. Consent can be withdrawn by contacting the Chief Operating Officer.
- Contact Us
You can contact us at any point to:
- Request access to information that Millennium has about you
- Correct any information that Millennium has about you
- Request the deletion of information that Millennium has about you
Please address any questions, comments, requests or concerns regarding our data processing practices to the Chief Operating Officer here at Millennium.
If you have a serious concern you have the right to raise these with the Information Commissioner’s Office.
The ICO’s address:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113 ICO
website: https://www.ico.org.uk
- Changes to this Privacy Notice
We may change this Privacy Notice from time to time in order to reflect changes in data protection legislation.
Please check the latest version of this Privacy Notice on our website.
April 2025
Note re GDPR
Any mention of GDPR in this Privacy Notice should be read in the following context.
GDPR is still applicable in relation to any business conducted within the EU or where we hold data on EU citizens. This is because of the extra-territorial scope of the regulations.
In addition, since Brexit we are now also covered by a UK form of GDPR which continues to cover most of the same core principles and provisions of the EU GDPR.
The position for the UK is summarised in the Data Protection Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations – DPPEC – which is based on the new UK GDPR, backed up by a revised and updated Data Protection Act of 2018.
The UK GDPR is the United Kingdom General Data Protection Regulation, which became effective on the 1st January 2021. The law covers the key principles along with rights and obligations when processing personal data in the United Kingdom and sits alongside the Data Protection Act 2018. It applies to any organization who offers goods and services to individuals in the UK and/or monitors behaviour of any individuals in the UK.