Privacy Statement

The Manufacturers’ Information Hub (UK) (The MIH) is a company limited by guarantee which offers services to the manufacturing and construction industries. We are a member owned organisation. The sole member and therefore owner of the MIH is The Manufacturers’ Information Hub (Europe) AISBL.

Where we get your data from:

If you choose to complete a form to subscribe to our mailing list we will keep a record of your name and the contact details you supply to us. We hold this data to allow us to send to you, with your consent, new material by email.

If you contact us by completing the enquiry form on The MIH website, we will keep a record of your name and the contact details which you supply to us, and the nature of your enquiry, on our business contacts database. We hold this data to allow us to contact you and deal with your enquiry.

We are in the business of using digitisation to aid the construction products industry. Therefore we have a presence on social media platforms such as LinkedIn. When you supply us with your contact details we may use them to search for your online public presence on such platforms. Similarly, if your employer is a client we may search for your online presence on such platforms where this is a necessary part of our commercial work for that client.

If you contact us by telephone, we will keep a record of your name and the contact details which you supply to us, on our business contacts database. We hold this data to allow us to contact you.

We may also obtain data from your visit to our website (see below).

Using our website:

When you visit our website we may obtain data indirectly about your visit by means of the tool Google Analytics. The data supplied by this tool will show us in anonymised form, such things as number of visitors over time, how long visitors remained on a page, etc. We use this data to improve the way our website works, and to monitor the take up of materials we publish on it. Because the data is supplied to us in anonymised form, we cannot know details about what any named individual visitor did during their visit to our website.

We use a Customer Relationship Manager service called HubSpot to manage our mailing list and track visits to our website. If email subscribers visit our website and agree to cookies, the information about how they use the website is made available to us and shared with HubSpot. Subscribers should satisfy themselves that HubSpot’s privacy policy is acceptable to them. HubSpot’s Privacy Policy can be found here.

What we use your data for:

We hold your contact details to allow us to deal with your enquiry or to carry out our contractual obligations to you should you (or the institution you are an agent for) become a member or partner of TheMIH.

We also hold contact details for our suppliers, to allow us to process our commercial transactions with them.

The legal basis for holding this information is GDPR 6 (1) F: “processing is necessary for the legitimate interests pursued by the controller”. This includes, the pursuit of normal commercial business practices, such as contacting our clients and contacting our suppliers.

The MIH also keeps contact details and bank details as part of its financial records, to meet its legal obligation to file annual accounts with Companies House, and to meet its legal obligation to submit Corporation Tax assessments to HMRC. The legal basis for holding this information is: GDPR 6 (1) C: “processing is necessary for compliance with legal obligation”.

If you choose to subscribe to our mailing list, the subscription form requires your consent for us to send this material to you. The legal basis for holding your contact details as a subscriber to our mailing list, is GDPR 6 (1) a “consent of data subjects”.

How long do we keep your data?

HMRC documents state that a limited company must keep records for 6 years from the end of the last financial year they relate to (https://www.gov.uk/running-a-limited-company/company-and-accounting-records). The MIH will not consider the disposal of financial records (which may include personal contact data and/or bank details) until after this 6-year period expires.

Non-financial data (such as contact details) are deleted if for period of 2 years they are not used (unless we need them to meet our legal obligations). Our contacts database is reviewed annually, and the contact details which meet this disposal criteria are then deleted.

Who will we share your data with?

When you contact us your contact data will be entered into our contacts database so that we have your details to hand. Individual contact details (but not the database) are shared on an ad-hoc basis with our subcontractors as necessary to carry out our work.

We sometimes employ other professionals to provide part of our services. For example we may employ an IT professional to manage our contacts database. Where we employ others to assist on a project for a client we will always ask the client for consent to do so, before passing any contact details necessary to a third party.

Similarly, if we want to suggest a client makes use of a third-party supplier regarding a service that we do not provide in house, we will not pass contact details for the client to the third party without first obtaining our client’s consent to do so.

To protect commercial information we have Non-Disclosure Agreements with clients, where this is necessary.

The MIH does not routinely pass on contact or other personal data to third parties.

Who else has access to your data?

We store some contact data in our financial records and project files, and these may be shared with our business advisors for the purposes of meeting our legal obligations (filing accounts and taxation) and for normal commercial purposes (e.g. seeking legal advice on contractual matters).

Protecting your data:

Our IT advisors are Cyber Essentials and Cyber Essentials Plus certified. Cyber Essentials is the nationally recognised UK Government scheme developed by the NCSC that helps businesses protect themselves from fraud and Cyber Attacks. The MIH is a new organisation working towards Cyber Essentials certification and is committed to following best practice in cyber security.

All personal data we hold is stored electronically, on platforms with encryption and password protection.

Cloud Storage: We may keep our client archives locally on encrypted discs. We also have a back-up copy (in encrypted form) held on cloud storage with the servers located in Europe. The cloud storage service provider would not hold the decryption keys and therefore cannot access this data.

Our mailing list and your consent:

We have a mailing list whereby individuals may sign up to voluntarily receive emails. Anyone wishing to receive communications must first provide express consent to receive this material (because this amounts to marketing).

This consent can be withdrawn at any time by emailing us at info@themih.org. You may also unsubscribe to our emails at any time by using the “unsubscribe” link which appears on every marketing email which we send out.

We use a Customer Relationship Manager service called HubSpot to send out emails to our subscribers. Therefore email subscriber contact details will be shared with HubSpot. Subscribers should satisfy themselves that HubSpot’s privacy policy is acceptable to them. HubSpot’s Privacy Policy can be found here.

Your right to complain:

The lead supervisory authority for The MIH is the Information Commissioner’s Office (ICO). An individual has a right to complain to the Information Commissioner’s Office if they think there is a problem with the way The MIH is handling their personal data.

Your data rights under GDPR:

Further, the EU General Data Protection Regulation (GDPR) provides the following rights in respect of data we hold:

1. Right to be informed
2. Right of access
3. Right to rectification
4. Right to erasure
5. Right to restrict processing
6. Right to data portability (where processing is based on consent or for the performance of a contract)
7. Right to object
8. Right not to be subject to automated decision making including profiling

Automated decision making and profiling:

Personal data supplied to us is NOT used for automated decision making, or personal profiling. However, as mentioned above, we do obtain some anonymised visitor data about how our website visitors use our website.

If you have any questions about your data you can contact us using any of the methods provided on our contact page or in our emails.