1. Introduction

Millennium is committed to protecting the privacy of personal information and keeping such information secure.

This Privacy Notice provides information about what happens to any personal information that is given to us, or any that we may collect from or about individuals.

It covers any personal information which is collected, handled and processed by Millennium Business Technology Limited (Millennium Consulting).

This notice therefore applies across all the services we operate and provide including any financial services, products or other forms of apps or bespoke services that we develop or offer. For the purposes of this notice we group these together under the heading of our “services”.

Our details are:

Millennium Business Technology Limited – company registration no. 03042752

Our registered office address is: Millennium House, 75 High Street, Hythe, CT21 5JQ

We are a Data Controller and Processor of personal information. We acknowledge and agree that any personal data that we handle will be processed in accordance with all applicable data protection legislation, including both the UK and EU General Data Protection Regulations (GDPR) and the updated Data Protection Act 2018.

In handling your information:

• We will ensure your data is protected and your privacy is kept
• We will only collect and process your data when necessary
• We will not sell or in any other way distribute or make public your personal information
• We will respect your rights as the owner of your personal information

Should you have any queries about this Privacy Notice please contact the Chief Operating Officer by writing to the above address or by going to the Contact Us section of our website.

Please see: www.millenniumconsulting.com

 

2. What kinds of information do we collect and how?

Millennium may collect and use the following kinds of personal information:

• Personal details and contact information, including that collected and processed in respect of staff or consultants working for or on behalf of the company such as:
  • Name, address, telephone and email details
  • CV/work history
  • Other work related information such as education and training qualifications and certificates, references etc.
  • Personal information such as passport details and if applicable work permits or visas
  • Date of birth
  • National Insurance number
  • Outcome of criminal record checks for certain roles
  • Financial information including but not limited to payroll and tax details
• Information about your use of and activity on the Millennium website (including cookies)
• Information that you provide for completing a web form
• Any other information that you send to the company

 

3. How do we use the information?

This information will have been provided, or will be provided, by you or a third party who we work with.  In the case of references, these may be from your previous employer.

Medical information may be supplied by a third party such as your GP, Consultant or other qualified medical practitioner.  The outcome of criminal record checks and security clearance checks, where relevant, will be supplied by the Disclosure and Barring Service (DBS) or other approved external company.

The above information is used in our capacity as a management consultancy business providing consultancy services to a range of business clients across a number of sectors.

This type of information may be used in a number of ways to:

• Match your skills and competencies to the types of services we are contracted to provide for our clients
• Keep you informed about opportunities for engagements as they arise
• Confirm your eligibility and competency to work, including the right to work in the UK
• Undertake relevant security and criminal record checks as required by our clients and prospective employers and as permitted by law
• Deal with any medical and health and safety issues relating to certain positions
• Put in place contractual arrangements and documentation once a role has been agreed
• Facilitate payment to you once an engagement has been agreed and work has been undertaken
• Assist with internal record keeping, reporting and accounting

 

4. How do we hold the information?

All the personal information we hold about you will be stored on our database in the UK, in line with our Information Security Policy. We will never provide access to our database to any non-trusted third party.

We will take all reasonable technical and organisational precautions to prevent the loss, misuse, or alteration of your personal information.

Under the requirements of Data Protection legislation and GDPR we would inform our users and the ICO within 72 hours if any breach of security occurs that might compromise your data.

 

5. When do we share or disclose your information?

It may be necessary in certain circumstances for Millennium to share your data with others. If we do share this data we will do so in a secure manner keeping it safe and in accordance with the law. We will only share personal data if there is a justifiable reason for doing so.

Millennium may disclose your information to the extent that we are required to do so by law, in connection with any legal proceedings or prospective legal proceedings and in order to establish, exercise or defend its legal rights.

Your personal information may be shared or sent to Millennium clients. Such clients will usually be located inside the European Economic Area (EEA) but may on occasion be outside of the EEA.  Personal data shall not be transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection or the appropriate safeguards are in place for your rights and freedoms.  Before such a transfer takes place outside of the EEA, we will provide you with further information concerning this.

We will never sell your personal data. We will also never share your personal information with other parties for their own marketing purposes.

Trusted third parties that we may share your data with include HM Revenue and Customs (HMRC), pension scheme providers, legal advisors and other companies for the purpose of undertaking pre-engagement checks for the role or for paying you.

 

6. What is the legal basis for processing the information?

We will collect and process your personal information for purposes covered under the lawful basis of legitimate organisational interest. In such cases we will always keep your rights at the forefront of what we do.

We will rely on your consent to process the information which is collected.

Information and documentation to establish your right to work is processed by us as we are legally obliged to do so.

In respect of medical information, the basis for us processing this will depend on the circumstances but will usually be for one of the following reasons: it is necessary to protect health and safety or to prevent discrimination on the grounds of disability or where consent has been obtained, if required.

Information in relation to criminal record checks, which are relevant for some roles, will be processed on the basis that it is necessary for us to comply with the law. We will liaise with you where such checks are required.

Once a position or engagement has been agreed, we will process your personal data, including financial information, for the purpose of you entering into a contract to fulfil your role and to enable us to pay you, depending on the specific contractual arrangements and circumstances.

For the purposes of paying you, where relevant, we are legally obliged to provide information to HMRC.

Once a position or engagement has been confirmed, we may process your data on the basis of our legitimate interests, i.e. for administrative and operational purposes.

 

7. What are your rights under Data Protection/GDPR?

Under the principles of Data Protection and GDPR you will have a series of enhanced rights as an individual. These will include:

• The right to request access to your personal information and to obtain information about how we process it
• The right to be informed about the processing of your personal information
• The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
• The right to object to the processing of your personal information
• The right to restrict the processing of your personal information
• The right to have your personal information erased – “the right to be forgotten”
• The right to move, copy or transfer your personal information – “data portability”

In addition you will have rights in relation to automated decision making.

You may request details of personal information which we hold about you by applying in writing to the Chief Operating Officer. We will supply this information within 30 days. If any data is incorrect we will correct it as soon as we receive appropriate notice or evidence from you in writing.

We will take all reasonable steps to ensure that your personal information is current and accurate. If inaccurate or incomplete data is identified we will take steps to correct the data or remove securely and confidentially.

You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: www.ico.org.uk

Please contact the Chief Operating Officer for more details on the above rights.

 

8. For how long is your personal information retained?

Your data will be retained for no longer than is necessary in accordance with relevant data protection legislation.

We will hold your personal information based on the following criteria:

• For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
• For as long as we have a working relationship with you or for as long as someone could bring a claim against us
• In line with legal and regulatory requirements or guidance

Any data no longer required will be deleted or destroyed securely and confidentially.

 

9. How and when can you withdraw your consent?

If you have provided us with your consent to process your data you have the right to withdraw this consent at any time. Consent can be withdrawn by contacting the Chief Operating Officer.

 

10. Contact Us

You can contact us at any point to:

• Request access to information that Millennium has about you
• Correct any information that Millennium has about you
• Request the deletion of information that Millennium has about you

Please address any questions, comments, requests or concerns regarding our data processing practices to the Chief Operating Officer here at Millennium.

If you have a serious concern you have the right to raise these with the Information Commissioner’s Office.

 

11. Changes to this Privacy Notice

We may change this Privacy Notice from time to time in order to reflect changes in data protection legislation. Please check the latest version of this Privacy Notice on our website.

 

December 2023 

Note re GDPR

Any mention of GDPR in this Privacy Notice should be read in the following context.

GDPR is still applicable in relation to any business conducted within the EU or where we hold data on EU citizens. This is because of the extra-territorial scope of the regulations.

In addition, since Brexit, we are now also covered by a UK form of GDPR, which continues to cover most of the same core principles and provisions of the EU GDPR.

The position for the UK is summarised in the Data Protection Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations – DPPEC – which is based on a new UK GDPR, backed up by a revised and updated Data Protection Act of 2018.