Privacy Policy

1. Overview

MFM-IT Limited (MFM-IT) are committed to protecting and respecting your privacy.

This Data Processing Policy (the ‘Policy’) sets out the basis on which any data we collect from or on behalf of you, or that you provide to us, will be processed by us.

We ask that you read this Policy carefully as it contains important information about how we will use your personal data. For the purpose of the Data Protection Act 1998 (the “Act”), the data controller is MFM-IT Limited, Floor 7, Cobalt Square, 83 Hagley Road, Birmingham, B16 8QG (Company No. 7927411).

2. Objectives

The Data Processing Policy has been created to:

  • Define the types of personal data we collect, where and why
  • How we use this data and how it may be disclosed
  • Security in place to protect your data
  • Document your rights in respect of your data
  • Meet the requirements of:

    – The Data Protection Act 1998

    – General Data Protection Regulation

    – Client Confidentiality, Security and Information Control

    – ISO27001:2013

  • Assist in safeguarding the Company’s information assets.

3. Policy scope

This policy is applicable to all areas of the Company this includes:
  • Staff working for or on behalf of MFM-IT
  • Any access to information systems provided by or on behalf of MFM-IT
  • Any site used or owned by MFM-IT

Adherence should be included in all contracts for outsourced or shared services.

4. Responsibilities

How we use your information

This section provides you with details about:

  • what personal data we may process;
  • in the case of personal data that we did not obtain directly from you, where we obtained that data from, and what types of data we have collected;
  • the purposes for which we may process your personal data; and
  • the legal grounds on which we process your data.


In general, we use the information we collect from you to:

  • Provide IT support services
  • Keep you informed with information relevant to the services we provide
  • Provide information services to third parties such as Grenke and GoCardless in the event that you choose a leasing or direct debit facility

Accounts data

  • Business email, business address, accounts contact name, financial information (account holder name, account number, sort code)
  • Processed for the purposes of conducting business, providing payment information either directly or via our 3rd party direct debit system
  • Shared with 3rd parties – Information will be shared with our Direct Debit provider for the purposes of payment for goods and services for the business
  • Information stored by MFM-IT is kept within a secure server system and access is limited to only the required data processors

Contact data where no business relationship currently exists

We may collect your details from third party sources such as CreditSafe and Companies House. This information may include your name, email address or telephone number.

This information would be processed for the purposes of contacting you to ask whether you would like us to provide you with our services. Our use of this data in this circumstance is limited to making contact with you to determine whether you are interested in receiving our company’s services.

The legal basis for this processing is our legitimate interest as a business to maintain a customer base.

Customer data

By the nature of the service we provide, certain elements of personal data are required to ensure the level of service is provided.

The information we keep to provide our services are as follows:

IT Helpdesk Support

For the purposes of providing IT support we have a requirement to maintain the information such as: User Account information, User Contact Details (email address, telephone number), Device names, IP Addresses.

This information may be shared with 3rd party support providers once consent has been gathered from the individual or business.

This information will be stored for the term of the contract.

Email Anti-Spam system

The anti-spam system can process both inbound and outbound email address information. Within this, user email addresses are stored along with IP addresses and device names

Email information can be kept for 30 days and there is no requirement to share this information with 3rd parties.

The basis for storing this information is to provide end users the facility to manage emails within the Anti-Spam system.

This information will be stored for the period the service is subscribed to.

Managed service provider systems

These systems are utilised for ongoing management and maintenance of our customers IT systems and include anti-virus management portals, remote management system, and Office 365 administration system.

Information collected via this system may include device IP addresses, Device names and Network Logon Usernames (passwords are not collected).

The basis for storing this information is to provide remote access for support and asset management of IT infrastructure.

This information will be stored for the term of the service contract.

MFM-IT Limited Registered in England No. 7927411, VAT Reg No. 129452311 | Registered Office: MFM-IT Limited, Floor 7, Cobalt Square, 83 Hagley Road, Birmingham, B16 8QG | Tel: 01384 880000 | Web: http://mfm-it.co.uk | Email: sales@mfm-it.co.uk