MPI

Maximum Performance Through Your People+44(0)1332 638617

Welcome to our website.


If you continue to browse and use this website you are agreeing to comply with and be bound by the following terms and conditions of use, which together with our privacy policy govern Maximum Performance International LTD's relationship with you in relation to this website.

The term 'Maximum Performance International LTD' or 'us' or 'we' refers to the owner of the website whose registered office is The Point, Granite Way, Mountsorrel, Leicestershire LE127TZ. Our company registration number is OC341158. The term 'you' refers to the user or viewer of our website.

The use of this website is subject to the following terms of use:

The content of the pages of this website is for your general information and use only. It is subject to change without notice.

Neither we nor any third parties provide any warranty or guarantee as to the accuracy, timeliness, performance, completeness or suitability of the information and materials found or offered on this website for any particular purpose. You acknowledge that such information and materials may contain inaccuracies or errors and we expressly exclude liability for any such inaccuracies or errors to the fullest extent permitted by law.

Your use of any information or materials on this website is entirely at your own risk, for which we shall not be liable. It shall be your own responsibility to ensure that any products, services or information available through this website meet your specific requirements.

This website contains material which is owned by or licensed to us. This material includes, but is not limited to, the design, layout, look, appearance and graphics. Reproduction is prohibited other than in accordance with the copyright notice, which forms part of these terms and conditions.

All trademarks reproduced in this website, which are not the property of, or licensed to the operator, are acknowledged on the website.

Unauthorised use of this website may give rise to a claim for damages and/or be a criminal offence.

From time to time this website may also include links to other websites. These links are provided for your convenience to provide further information. They do not signify that we endorse the website(s). We have no responsibility for the content of the linked website(s).

You may not create a link to this website from another website or document without Maximum Performance International LTD's prior written consent.

Your use of this website and any dispute arising out of such use of the website is subject to the laws of England, Scotland and Wales.


Website disclaimer


The information contained in this website is for general information purposes only. The information is provided by Maximum Performance International LTD and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.

In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.

Through this website you are able to link to other websites which are not under the control of Maximum Performance International LTD. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.

Every effort is made to keep the website up and running smoothly. However, Maximum Performance International LTD takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.


Privacy policy


This privacy policy sets out how [business name] uses and protects any information that you give Maximum Performance International LTD when you use this website.

Maximum Performance International LTD is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.

Maximum Performance International LTD may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from [date].


What we collect


We may collect the following information:

  • name and job title
  • contact information including email address
  • demographic information such as postcode, preferences and interests
  • other information relevant to customer surveys and/or offers
  • What we do with the information we gather


We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

  • Internal record keeping.
  • We may use the information to improve our products and services.
  • We may periodically send promotional email about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
  • From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.


Security


We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.


How we use cookies


A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.


Links to other websites


Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.


Controlling your personal information


You may choose to restrict the collection or use of your personal information in the following ways:

Whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes

If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at mike@mpi-LTD.com

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.

You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please write to The Point, Granite Way, Mountsorrel, Leicestershire LE127TZ.

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.


Non-discrimination Policy


Maximum Performance International is committed to the principle of equal opportunity in its business, education and employment. Maximum Performance International does not discriminate against individuals on the basis of race, colour, sex, sexual orientation, gender identity, religion, disability, age, genetic information, veteran status, ancestry, or national or ethnic origin in the administration of its business policies, employment policies, and activities.

The Directors are designated as the company’s Equal Opportunity Officer. Inquiries concerning the policies, compliance with applicable laws, statutes, and regulations, and complaints may be directed to the Directors.

Data Protection Policy

Introduction

Purpose of Policy

The purpose of the Policy is to set out MPI LTD’s commitment to adhering to the Data Protection Act 2018.

This Policy applies to all MPI LTD employees and agents.

Owner

The Policy is owned by Jennie Waller - Director who should be consulted before any changes or amendments are made.

Policy Management

 

The Policy will be reviewed by the Policy Owner on an at least annual basis, and in response to regulatory, legal or other policy changes.

Regulatory Requirements

The regulatory requirements of this policy are set out in the DATA PROTECTION ACT 2018. MPI LTD has obligations to protect the personal information it processes about its customers, clients and employees. The Information Commissioner’s Office (ICO) is the supervisory body for DATA PROTECTION ACT 2018. Breaches of DATA PROTECTION ACT 2018 can result in regulatory censure, including significant fines.

 


Data Protection Policy

Definitions

‘Personal data’ means any information relating to a living individual, through which they can be identified, whether directly or indirectly. One item of information can constitute personal data, for example an account number, name, email address or IP address.

‘Special Categories of personal data’ is the DATA PROTECTION ACT 2018 term for data that was termed ‘sensitive’ under the Data Protection Act. This includes biometric data and the following types of data:

  • Racial or ethnic origin
  • Political opinions
  • Religious beliefs or other beliefs of a similar nature
  • Trade Union membership
  • Physical or mental health or condition
  • Sexual life

 

Criminal conviction information is not defined as Special Categories of personal data, however, this information does require additional protection.

The Principles

The DATA PROTECTION ACT 2018 is underpinned by legally enforceable principles of good data practice, which apply regardless of whether data is stored electronically, on paper or other material. MPI LTD’s policy is to comply with all these principles whenever personal data is handled. A breach of this Policy may result in disciplinary action.

Personal data shall be:

a)       processed lawfully, fairly and in a transparent manner in relation to individuals;

b)       collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for statistical purposes shall not be considered to be incompatible with the initial purposes;

 

What you must / must not do

You may not access customer data for your own purposes, or for friends and family. This is a serious disciplinary offence and a criminal offence for which the Information Commissioner may prosecute you directly.

Before you use personal data of a customer or employee, you must be certain that the activity you are about to do has been disclosed in our Privacy Statement and fair processing notices. Be familiar with the disclosures that relate to your product/function.

If you wish to use data for a new purpose, you must check with MPI LTD in the first instance, who will assess whether the purpose is already covered by our fair processing notices and privacy statement. 

Before sending Direct Marketing by email, phone, SMS or post, you must always run any list of marketing contacts past the relevant Stop/Unsubscribe List to remove those who have opted out. Refer to C.M.

 

Personal data shall be:

c)       adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

d)      accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

What you must / must not do

You must take care when entering data to ensure it is accurate. You should never guess or estimate the information to be input to speed data entry.

You must take care when entering information in free-text areas; those to whom it refers, such as customers, may see this information at a later date. Information should only be entered which is appropriate and factual.

You must amend errors when a customer or employee lets us know some of their information is incorrect.

 

Personal data shall be:

e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the DATA PROTECTION ACT 2018 in order to safeguard the rights and freedoms of individuals;

What you must / must not do

MPI LTD has set retention periods to comply with this requirement.

MPI LTD must ensure that data is erased before disposal of old equipment.

 

Personal data shall be:

f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

What you must / must not do

You must ensure you are dealing with the individual before disclosing personal data.

You must ensure a third party has authority to act on the individual’s behalf before disclosing personal data.

You must ensure that you do not leave customer’s details open on the screen when you are not at your desk.

Written notes or print-outs of customer details must not be left on desks at end of day.

 

Legal Basis for Processing Personal Data

As data controller and a data processor for clients, MPI LTD will process personal data during the course of business; this could be for customers or employees or applicants.

Personal data is defined as any information relating to a living individual who can be directly or indirectly identified from the data we process or other information which is in, or likely to be in our possession. 

Whenever MPI LTD processes personal data, we must ensure we meet at least one of the following legal bases:

  • Consent: the individual has given clear consent for us to process their personal data for a specific purpose.
  • Contract: the processing is necessary for a contract we have with the individual, or because they have asked for something to be done so they can enter into a contract.
  • Legal obligation: the processing is necessary for us to comply with a law.
  • Vital interests: the processing is necessary to protect someone’s life.
  • Public task: the processing is necessary to perform a task in the public interest or for official functions.
  • Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless the individual’s rights override our legitimate interests.

Where MPI LTD processes Special Categories of personal data greater care needs to be taken given that information about these matters could be used in a discriminatory way, due to its private nature.

Further conditions are imposed on MPI LTD when processing Special Categories of personal data and at least one of the following conditions must be met:

  • The individual the Special Categories of personal data relates to has given explicit consent to the processing;
  • The processing is necessary so that MPI LTD can meet obligations or exercise rights under employment law.
  • The processing is necessary to protect the vital interests of:

-          the individual (in a case where the individual’s consent cannot be given or reasonably obtained), or

-          another person (in a case where the individual’s consent has been unreasonably withheld).

Individual Rights

Individuals (customers, clients, employees, third parties etc.) have Rights under DATA PROTECTION ACT 2018.

MPI LTD has one month from receipt of a Rights request from an employee in which to comply. If a request is particularly complex, a further two months to process the request are permitted, with relevant communication to the individual.  In the case of requests from a Client MPI LTD has 5 days to provide information to them.

 

Right to be informed

This relates to our obligation to provide ‘fair processing information’ and emphasises the need for transparency over how we use personal data.

We do this through providing disclosures before we start processing personal data. In some cases, we rely on our intermediaries to provide disclosures.

We also publish our Privacy Statement on our websites.

What you must / must not do

If a customer requests information about how we process their personal data, either direct them to the website or offer to send them a copy of the Privacy Statement.

 

Right of access

Individuals have the right to access their personal information held by MPI LTD however, some exemptions apply. This is a data subject access request (DSAR). 

What you must / must not do

If you receive a DSAR in writing (letter, email), from a customer or any third party, you must pass it immediately to Jenni Waller – Director.

 

Right to rectification

Individuals have the right to have personal data corrected or rectified if it is inaccurate or incomplete.

What you must / must not do

You must amend errors when a customer or employee lets us know some of their information is incorrect.

You must correct information when you become aware that it is inaccurate.

 

Right to erasure

The right to erasure is also known as the right to be forgotten. Individuals can request the deletion of personal data where there is no compelling reason to continue processing (including storing the data).

The right to erasure does not provide an absolute right to be forgotten.

What you must / must not do

You must be able to explain to a customer or employee why we need to retain their personal data, for example if the account is open and has a balance.

Be familiar with our retention policy and explain when we will erase their personal data when our retention period has elapsed.

Be familiar with your local procedures for handling these requests.

 

Right to restrict processing

Individuals have a right to block or suppress processing of their personal data.

When processing is restricted, we are:

  • permitted to store the personal data,
  • but not process it further.

We can retain just enough information about the individual to ensure that the restriction is respected in the future.

  • Where an individual objects to our processing for the purpose of legitimate interests, we consider that our legitimate grounds do override those of the individual and therefore we will not restrict processing in this circumstance.

We set out in our Privacy Statements and Fair Processing Notices the purposes for our processing personal data. We have assessed and validated our processing activities that are undertaken on the basis of legitimate interests as detailed in the Privacy Statement.

  • We would need to restrict processing if we were processing unlawfully and the individual does not want their data erased but requests restriction instead. However, we only process data in line with the purposes and legal bases included in our Privacy Statements and Fair Processing Notices. We do not process data unlawfully and therefore we will not restrict processing in this circumstance.

 

  • If we no longer need the personal data but the individual requires the data for making or defending a legal claim, we would restrict processing to prevent erasure. We will no longer need the data when the end of the retention period has expired.

 

  • Where an individual contests the accuracy of the personal data, we would restrict the processing until we have verified the accuracy of the personal data, for example if we have incorrectly traced a customer, or an innocent party has been the victim of impersonation fraud.

What you must / must not do

Be familiar with your local procedures for handling these requests.

 

Right to object

Individuals have a right to object to processing of their personal data when it is processed for:

  • Processing based on legitimate interests (including profiling);
  • Direct marketing; and
  • Processing for the purpose of research and statistics.

Where an individual objects to our processing for the purpose of legitimate interests. We specify in our Privacy Statements and Fair Processing Notices the purposes for our processing personal data. We have assessed and validated our processing activities that are undertaken on the basis of legitimate interests as detailed in the Privacy Statement. We have considered that we can demonstrate that our legitimate grounds for the processing override the interests, rights and freedoms of the individual. Therefore, we will not stop processing in this circumstance.

Direct marketing - We only provide information on products or services when the individual has given their consent to marketing.  We will stop direct marketing activity immediately when requested.

What you must / must not do

Be familiar with your local procedures for handling these requests.

Accountability and Governance

MPI LTD as a data controller and a data processor for client data is responsible for compliance with data protection laws.

The new accountability principle requires that we demonstrate our compliance with the DATA PROTECTION ACT 2018 principles. For this purpose, we have measures to evidence our governance of data protection. These include this Data Protection Policy and its related policy framework, together with the following:

Documentation

There is a requirement to maintain records of processing activities. We have documented and maintain the following documentation:

  • Data mapping describing the flow of personal data internally and where it is shared externally;
  • Data Information Register captures the processing activities, their purpose, description of the types of personal data, who it is shared with.

What you must / must not do

MPI LTD must ensure that data maps and your information data registers are kept up to date. These documents must accurately reflect where personal data is stored, shared and processed, including where processing activity is undertaken by third party processors.

 

Contracts with sub processors

We have contracts with all appointed agents/ sub processors who process personal data to ensure they conduct processing activities only on our written instructions.

We do not transfer personal data internationally without adequate protections being in place. We ensure model contractual clauses or Privacy Shield (USA only) are in place to ensure adequate protections for data transfers outside the EEA.

What you must / must not do

MPI LTD must ensure contracts are in place with third party processors where they undertake processing activity on our instructions.

 

Employee training

All employees receive training on Data Protection as well as their own responsibilities.

What you must / must not do

Ensure you know what processing activities you undertake and the legal basis for these activities.

 

Data Protection Impact Assessments

Data protection impact assessments must be conducted when using new technologies and the processing activity is likely to result in a high risk to the rights of the individuals, for example profiling or large scale processing of Special Categories of personal data.

Jenni Waller - Director will facilitate or carry out data protection impact assessments.

If the data protection impact assessment identifies that high risk processing cannot be properly mitigated, we must consult the Information Commissioner’s Office.

What you must / must not do

Contact Jenni Waller - Director if you are unsure whether a data protection impact assessment is needed for a new initiative, project or supplier.

 

Data Protection by Design and by Default

Under the DATA PROTECTION ACT 2018, we have a general obligation to implement technical and organisational measures to show we have considered and integrated data protection into our processing activities. This is termed Data Protection by Design and by Default. We achieve this through conducting Data Protection Impact Assessments where required.

 

Security

The following policies/control’s set out MPI LTD’s approach to the technical and organisational measures in place to ensure appropriate security for personal data. These should be read in conjunction with this Policy: Information Security Policy. Refer to MPI LTD’s 27001 portal.

What you must / must not do

Comply with the above policies.

You must ensure that you do not leave customer’s details open on the screen when you are not at your desk.

Written notes or print-outs of customer details must not be left on desks at end of day.

 

Personal data breaches

Personal data does not necessarily have to be lost for a breach to have occurred. Personal data breaches can be categorised as:

  • Confidentiality – where there is an unauthorised or accidental disclosure of, or access to, personal data
  • Availability – where there is an accidental or unauthorised loss of access to, or destruction of, personal data
  • Integrity – where there is an unauthorised or accidental alteration of personal data.

We record all incidents in line with the Incident Management Policy, with relevant investigation and internal reporting procedures.

We must notify the ICO of a personal data breach within 72 hours of becoming aware of the breach or in the case of client data the client within 24 hours. Third party processors are required to inform us promptly if a data breach occurs when they are processing data on our behalf.

In some circumstances, we must notify the impacted individual, where it is likely to result in a high risk to their rights and freedoms. There are exemptions to the requirement to notify the ICO, therefore each situation will be assessed on a case by case basis.

Emma Barton will assist in the assessment of data breaches and will coordinate the notification to the Client or the ICO and impacted individuals if required.

What you must / must not do

Report potential breaches and concerns to Jenni Waller – Director or Carolyn Mee.

 

Record Keeping Requirements

Retention Schedule

MPI LTD has defined its record retention requirements, these are set out in the Information Registers

The Information Commissioners Office (ICO)

The Role of the ICO

The ICO is the UK’s independent authority set up to uphold the information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

The ICO is responsible for:

  • Promoting good practice in handling personal data and giving advice and guidance on data protection;
  • Keeping a register of data controllers with details of organisations that process personal data;
  • Handling enquiries, concerns and complaints about privacy, data protection and freedom of information;
  • Taking action to improve behaviours of those that process personal data; and
  • Taking enforcement action and bringing prosecutions for offences committed under the Data Protection legislation.

If the ICO were to initiate an investigation with MPI LTD, we would provide the Information Asset Register and data mapping for the relevant function immediately on request.

List of Acronyms

Data Controller

A person who (either alone or jointly or in common with other persons) determines the purposes for which the manner in which any personal data are, or are to be, processed

Data Subject

An individual who is the subject of personal data

Data Processor

In relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller

DSAR

Data Subject Access Request

DATA PROTECTION ACT 2018

Data Protection Act 2018

ICO

Information Commissioner’s Office