This Privacy Policy explains how Mustard IT Limited (‘we’, ‘us’, ‘our’ or ‘Mustard IT’) uses and protects your personal data, as well as your rights in respect of it, how to exercise them and how to contact us.

 

It is important that you understand and are comfortable with all privacy terms before using our websites, apps and/or becoming involved with Mustard IT and we encourage you to take time to read them.

Changes to this Privacy Policy

Privacy laws and practice are constantly developing and we aim to meet high standards.  Our policies and procedures are, therefore, under continual review. We may, from time to time, update our security and privacy policies.  If we want to make any significant changes to the way in which we will use your personal data we will contact you directly and, if required, seek your consent.

We will ensure our websites have our most up to date privacy policy and suggest that you visit our privacy pages periodically to review our latest version.

 

 

Information about other people

If you provide information to us about any other people (such as a colleague), you must ensure they understand how we will use and protect their information and you should direct them to our website privacy policy page.

You should only provide information about other people and give consent on their behalf if you are authorised to do so.

 

Links

Please note, our websites, apps and our other services may contain links to other websites or services (such as those of partners or clients) that are not controlled by us or our service providers.  These links are provided for your convenience.

We are only responsible for our own privacy practices and security of our systems, websites and apps.  We recommend that you check the privacy and security policies of each and every website that you visit.

 

About us

Mustard IT Limited is a technology supplier established in the United Kingdom and provides a range if technology services.

Examples of some of our services are shown below:

IT Custodian – Provides Service Desk, Backup & Disaster Recovery, Managed Cyber Security, Quarterly on-site reviews, Monthly on-site reviews, Compliance and Data Recovery.learn more
Cybersecuritylearn more
Digital Transformation / IT Consultancylearn more
Managed Service Desklearn more
Managed BCDRlearn more

 

How we know you

Mustard IT operates in many capacities, for example:

  • as an employer
  • as a website operator
  • as a provider of services to businesses
  • as a reseller
  • as a customer of other organisations that provide services to us

We may know you in a number of ways.  In this Privacy Policy, all of the ways we know you are grouped together and referred to as ‘Our Relationship’.

If you have any questions or concerns about how we are handling your personal data you can direct them to our Privacy Officer at privacy@mustardit.co.uk or you can make a complaint to the Information Commissioner’s Office (www.ico.org.uk).

 

Who is responsible for protecting your personal data?

In some cases, depending on Our Relationship with you, we have a specific Privacy Notice that sets out details of how personal data is used in the context of that relationship.  If so, it will be the privacy notice you have been reading and which provided a link to this Privacy Policy.  We call this the ‘Relevant Privacy Notice’.

If we don’t provide you with a specific Privacy Notice, this Privacy Policy sets out the details of how personal data is used and each time we refer to the ‘Relevant Privacy Notice’ it means this Privacy Policy

Unless we say otherwise in the Relevant Privacy Notice – Mustard IT is the ‘data controller’ in respect of all personal data we obtain about you whether that is on one of our websites or apps or as a result of Our Relationship with you.  This means that we are responsible for ensuring that we obtain and look after your personal data in full compliance with data protection and all other related privacy laws.

Where we receive your personal data but have no relationship with you

In a small number of situations, we may obtain information about you from someone else and we may not have contact information for you to enable us to provide you with a specific privacy notice. However, we recognise the importance of making privacy notice information available to you and you should be able to find the information you need either in this Privacy Policy or can contact us at privacy@mustardit.co.uk.

 

The personal data we collect

The information we obtain about you and its sources will depend on the nature of Our Relationship.  Specific detail will be in the Relevant Privacy Notice but to give you a general idea we will typically obtain some or all of the following information where we believe it is relevant:

  • identity information such as name, job title, employer, username, social media handles, date of birth, gender, nationality, ethnicity
  • contact details including addresses, email address, mobile phone number, social media details
  • employer details
  • diversity and inclusion information
  • devices that you have used to interact with us
  • payment details such as bank account or other payment card information, details of payments
  • purchase history
  • services and opportunities you have expressed an interest in, including which of our websites and apps you have used and, maybe, which pages or features you have looked at or used
  • associated people for example, details of any colleagues or family members
  • supporting information that is relevant to Our Relationship such as dietary requirements where you or someone else you are providing details for are attending an event or meeting where refreshments are being provided
  • experience and accreditations including qualifications and training
  • feedback and survey responses
  • preferences including your direct marketing preferences and consents
  • communications such as records of your interactions with us including telephone conversations, emails and other correspondence

Some of this information will be obtained before any decisions about whether to enter into an arrangement with you or someone else is made and is needed to enable decisions to be made.

Where we obtain information from

We obtain information from a wide variety of sources depending on the nature of Our Relationship or proposed relationship.

Specific detail will be in the Relevant Privacy Notice but to give you a general idea, we may obtain information:

  • directly from you or from someone you work with or someone who is providing references to support Our Relationship)
  • from other information we already hold as a result of Our Relationship
  • from any device you use to communicate with us such as when accessing our websites or apps, from telephone conversations, emails and written and verbal communications including blogs, vlogs and social media interactions
  • from records of services provided to you or your organisation. Some of this information may be obtained from the service providers we use
  • from Mustard IT clients
  • from third party data providers such as data cleansing service providers
  • from  MUSTARD IT VENDORS
  • from agents, representatives and family members

We may supplement the information that you provide with other information that we obtain from our dealings with you (such as other clients or organisations you have worked for, newsletters you have subscribed to, events you have attended, your roles and achievements or which we receive from other organisations, such as  MUSTARD IT VENDORS

Public source data

We obtain some information through searches of various public resources such as identity checking services, social media platforms like LinkedIn, X, Instagram and Facebook and also carry out browser-based searches.

We may use third party service providers to do this on our behalf.

 

We may monitor / record telephone calls for security, training to provide an accurate record of any calls we may have with you.

We may record interviews and other meetings held by video conference and may use CCTV around our premises for security (including preventing and detecting crime) and safety purposes and to monitor compliance with law.

 

Apps, IP addresses, cookies and tracking tools

Apps.  Our apps (where we make them available) don’t usually involve us obtaining obvious user personal data that enables us to know who you are but, in order to enable the app to function and to help with analytics, the app functionality may mean we get some information that privacy laws designate as personal data.  This includes details of the app that has been downloaded and may include the country of residence of the user, the brand of the device used, the type and model of the device that the app has been downloaded to, user gender, interests (such as arts and entertainment, sport) and when the user firsts opens the app.  Analytics also automatically generates a unique identifier for each downloaded copy of the app to compute user metrics.  This is known as an ‘app instance identifier’.

If you download a Mustard IT app that involves us processing more clearly identifiable personal data or includes tracking for in-app purchases, making bookings, scheduling or extending services we will ensure you are provided with a Relevant Privacy Notice to ensure you have appropriate privacy information.

Please note, the app store you use to download the app may also obtain and process personal data about you and your choice / use of apps.  We are only responsible for our own privacy practices and the security of our own systems. 

We recommend that you check the privacy and security policies and procedures of each app store you use to download apps.

 

IP addresses.  In order to understand how users use our websites, apps and our services and the things they are interested in, we may collect your Internet Protocol addresses (also known as IP addresses).  Your IP address is a unique address that computer devices (such as PCs, tablets and smartphones) use to identify themselves and in order to communicate with other devices in the network. 

Cookies.  In common with many other website operators, we may use standard technology called ‘cookies’ on our websites. Cookies are small pieces of information that are stored by your browser on your computer’s hard drive and they are used to record how you navigate our Site on each visit.

Our cookies are used to enable us to develop our websites and to enable you to properly navigate it.  We use cookies to collect personal data to enable us to reflect our users’ interests and by noting who has seen which pages, properties and advertisements (including ‘click throughs’ from emails), how frequently particular pages are visited and to enable us to determine the most popular areas of our websites. We may use cookies to enrich your experience of using our websites, apps and other services by allowing us to tailor what you see to what we have learned about your preferences during your visits to our websites.  Sometimes we may use services of third parties and they may use cookies on our behalf in order to provide their services.

The cookies we use can be found in the Cookie Policy on Mustard IT websites (it’s in the bottom left-hand corner with a symbol that looks like this.You can change the cookies you accept in the cookie tool.

 

Preventing use of cookies.  Most browsers automatically accept cookies, but you can usually change your browser to prevent cookies being stored.  With experience, you can usually choose to switch off all cookies or to allow only certain ‘trusted’ sites to place cookies.

For further information on cookies and Flash cookies and how to switch them off see the Information Commissioner’s website at www.ico.gov.uk or visit www.allaboutcookies.org or www.aboutcookies.org

Please note, if you do turn cookies off, this will limit the service that we are able to provide to you and may affect your user experience. 

 

Google Ad Manager.  Our websites use Google Ad Manager, a service provided by Google through which it uses advertising cookies to serve adverts.  These cookies enable Mustard IT or MUSTARD IT VENDORS to serve you with adverts based on your previous visits to our website or other websites that you have visited.

Preventing use of these advertising cookies.  You can choose not to be shown personalised advertising when visiting our Site by visiting Ads Settings or you can choose to stop Google using cookies for personalised advertising by visiting www.aboutads.info
You can find Google’s explanation of how it will use your information here.

 

Tracking technology.  Occasionally, we may use digital tracking (usually in a cookie) on our websites or in emails or other messages we send to you.  We use these to ensure you receive appropriate information and do not receive multiple communications about the same thing.

Preventing use of tracking technologies.  If you stop cookies, this will normally stop any tracking from the website.  Where we plan to use tracking technology, we will ask for your consent. 
Please note, If you don’t allow us to use tracking technology, you may receive communications that are of less interest to you or multiple communications about the same thing.  

 

Automated decisions using personal data

We don’t normally take any solely automated decisions.  However, some parts of our KYC processes and vetting processes are automated to ensure minimum criteria are met.

Purposes for which we process personal data and the legal basis for doing so

The legal basis for collecting and processing personal data depends on the type of information, the purpose for which we use it and the nature of Our Relationship.  There are a large number of legal bases for our use of personal data such as to enable us to comply with our legal responsibilities (for example a contract we have with you or which the law imposes on us) or that the processing is in our legitimate interests (for example to maintain the quality of our services or training) or for establishing and dealing with any legal claims.  Apart from direct marketing, social inclusion or dealing with certain medical needs, we rarely rely on consent.

A comprehensive explanation is set out in the Relevant Privacy Notice but some examples are below.

PurposeLegal basis
Administration and service delivery.  Client onboarding including KYC checks; administration of any requests made of us such as to enquire about our services;  processing applications, creating and administering accounts;  dealing with any payments (including payroll for staff, debt recovery). 

Personal data
It is necessary to fulfil the contract that you are going to enter into or have entered into with us and/or
Consent or
It is necessary for compliance with a legal obligation and/or
It is necessary for our legitimate interests and those of others which are to ensure effective administration of Mustard IT activities and to ensure they meet Mustard IT’s objectives and it is in our legitimate interests to maintain records.

 

 

and, in addition for ‘special category’ personal data
Explicit consent or
It relates to personal data that are manifestly made public by you and/or
It is necessary for insurance purposes and/or
It is necessary for the establishment, exercise or defence of legal claims

 

 

 

 

 

 

 

 

 

 

Communications.  To communicate with you.
Security.  To ensure a safe environment.  Includes event administration and admission, event security, dealing with incidents. obtaining insurance

 

 

Records.  For record-keeping purposes.
Market research and service development.  To carry out market research so that we can understand requirements, improve our offerings and develop new services.
Analysis.  To track and analyse activity on our websites and apps and to understand the interests and views of those using them and/or engaging with us.
Getting to know you. To create an individual profile for you so that we can enhance your user experience, to understand and respect your preferences and to provide updates and details of relevant opportunities where you have agreed to receive them.
Complaint handling.  To deal with complaints.
Compliance.  Ensuring compliance with law.
Commercial activities. Administration of and carrying out Mustard IT commercial activities including those that have been specifically agreed with you / your organisation (as applicable)

 

Staff and visitor health and welfare. Dealing with any medical issues, injuries, allergies, special needs and health concerns which may include public health emergencies and situations.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Personal data
It is necessary to fulfil the contract that you are going to enter into or have entered into with us and/or
It is necessary for compliance with a legal obligation and/or
It is necessary for our legitimate interests which are to ensure health and welfare of those on our premises and to meet insurance requirements

 

and, in addition for ‘special category’ personal data
Explicit consent or
It relates to personal data that are manifestly made public by you and/or
It is in your vital interests or the vital interests of another person and/or
It is necessary for reasons of public interest in the area of public health and/or
It is necessary for the purposes of preventative or occupational medicine or assessment of your working capacity, medical diagnosis or the provision of health or social care or treatment and/or
It is necessary for the establishment, exercise or defence of legal claims
Diversity and inclusion.  Diversity monitoring and compliance (such as in respect of ethnicity, gender, race, age and disability) and providing equal opportunities and to enable us to monitor and ensure compliance with anti-discrimination law and policies

 

 

 

personal data
It is necessary for compliance with a legal obligation and/or
It is necessary for our legitimate interests which are to ensure we meet Mustard IT’s objectives and requirements.

 

and, in addition for ‘special category’ personal data
Explicit consent or
It is necessary for the purposes of quality of opportunity and/or
Is necessary for the establishment, exercise or defence of legal claims
Legal matters.  Including dealing with legal claims and disputes. 

Personal data
It is necessary to fulfil the contract that you are going to enter into or have entered into with us and/or
It is necessary for compliance with a legal obligation; and/or
It is necessary for our legitimate interests which are to ensure manage our business effectively

 

and, in addition for ‘special category’ personal data
Explicit consent or
It relates to personal data that are manifestly made public by you and/or
It is necessary for the establishment, exercise or defence of legal claims

 

 

 

Where you have given your consent to any processing of personal data, you have the right to withdraw that consent at any time.  If you do, it will not affect the lawfulness of any processing for which we had consent prior to your withdrawing it.

 

Where your personal data will be held or used

Unless we say otherwise in the Relevant Privacy Notice you are given, we do not normally transfer personal data outside of the United Kingdom or the European Economic Area other than, potentially, to a few of our service providers in other parts of the world.

Wherever we transfer your personal data outside of the United Kingdom, we will take proper steps to ensure that it is protected in accordance with this Privacy Policy and applicable privacy laws. In most cases, this will mean we use UK approved Standard Contractual Clauses or only allow the data to be processed in those countries which, the United Kingdom is satisfied, offer an adequate level of protection.

 

Disclosing your personal data

In order to provide our services, and to operate our business, we need to share relevant information with certain other organisations.  The Relevant Privacy Notice has specific details.

We may, occasionally, appoint other organisations to carry out some of the processing activities on our behalf. These may include, for example, technology hosts, support technicians and survey providers. In these circumstances, we will ensure that personal data is properly protected and that it is only used in accordance with the Relevant Privacy Notice and our Privacy Policy.

We may share relevant information with relevant MUSTARD IT VENDORS , our professional advisers and regulators and, if you are a Mustard IT employee we may share certain details with relevant clients.

Where relevant (for example, if you have attended an event), we may share details with the relevant venue and insurers.

 

MUSTARD IT VENDORS

Mustard IT works with a variety of commercial partners each of which support us or bring value to the services we offer and many of them are happy to make offers and opportunities available to you or your organisation so that you can also benefit from them associated with us.

You can view an up-to-date list of MUSTARD IT VENDORS by clicking the link.

Invitations, newsletters, offers and opportunities

Mustard IT would like to contact you and/or any person whose information you provide to us to invite you to enjoy other products and services, to provide newsletters and to tell you and/or them about service offerings and opportunities that are available and about a range of other initiatives in a number of ways, including by post, text message, email or, for relevant services, push notification, personalised on-screen messages and social media.

Preferences / subscribe / unsubscribe

Details of how to opt-in to or opt-out of receiving newsletters and details of offers are on relevant pages of our websites and apps, in relevant forms you complete and/or in the message you receive.

You (and any other person whose information you have provided to us) can notify us that you/they have changed your/their mind about whether you/they wish to receive details of offers and opportunities by using any of the methods shown below (see the section ‘How to contact us’ below or refer to the Relevant Privacy Notice) or by following the instructions provided with each offer you/they receive.

 

Security

We take the security of personal data seriously.  We use security technology, including firewalls, password protection and encryption to safeguard information and have procedures in place to ensure that our paper and computer systems and databases are protected against unauthorised disclosure, use, loss and damage.  We have processes in place to deal with a data breach in the unlikely event one should occur.

We only use third party service providers where we are satisfied that they provide adequate security for your personal data.

Where you use one of our websites, apps or other services that requires use of access controls such as a password, you are responsible for keeping your log in details confidential.

How long we will keep your personal data

The duration for which we keep your personal data depends on the type of information and the purpose for which we use it as well as the nature of Our Relationship, our legal obligations and whether we expect the personal data may be needed for dealing with any issues or complaints.

Some information is kept for a very short time (such as website and app device data) but other information may be kept for much longer.  A detailed explanation is set out in the Relevant Privacy Notice.

Updating and correcting information

You may update or correct your personal data where relevant, in online areas, or by contacting us in writing or by email (see the section ‘How to contact us’ below or refer to the Relevant Privacy Notice). Please include your name, address and/or email address when you contact us as this helps us to ensure that we accept amendments only from the correct person. We encourage you to promptly update your personal data if it changes.

If you are providing updates or corrections about another person, we may require you to provide us with proof that you are authorised to provide that information to us.

 

Your legal rights in respect of your personal data

You have a number of legal rights over your personal data, which are:

RightExplanation
AccessYou have the right to receive a copy of the personal data that we hold about you.  We will need proof of identity and proof of authority if the request comes from someone other than you.  This will ensure we only provide information to the correct person.
withdraw consent to direct marketingYou can exercise this right at any time.  Just send an email to privacy@mustardit.co.uk and we will take care of this for you.
withdraw consent to other processingWhere the only legal basis for our processing your personal data is that we have your consent, you can withdraw that consent at any time, and we will have to stop processing your personal data.  Please note, this does not mean that processing carried out before you withdrew your consent is unlawful.
rectification If you think any of the personal data we hold about you is inaccurate – please contact us at privacy@mustardit.co.uk and we will check and, if necessary, amend our records.
RestrictionIn limited circumstances you may be able to require us to restrict our processing of your personal data.  For example, if you think what we hold is inaccurate and we disagree, we may restrict what we do with your personal data until the accuracy has been verified.
ErasureIn some circumstances, for example, where we have no legal basis for keeping your personal data, you may be entitled to require us to delete it.
objection Where our processing is based on it being in our legitimate interests, you may be entitled to object to us processing it.
portability Where you have provided personal data to us electronically, you may be entitled to require us to provide that data to you electronically or to transmit it to someone else.
complain If you have any concerns or complaints about how we are handling your personal data we would prefer you to get in touch with us directly so that we can try to resolve the You can also contact the Information Commissioner’s Office at www.ico.org.uk.

 

Some of these legal rights are subject to exceptions which means that we may be entitled, or required, to refuse to comply with a request or to charge a fee for dealing with the request

How to contact us

You can contact us as follows:

 

Address:

Privacy Officer
Mustard IT Limited
1 Richmond Mews
Soho
London
W1D 3DA

Phone: +44 20 7043 4382

Email address:privacy@mustardit.co.uk

If you have any questions or concerns about how we are handling your personal data you can direct them to our Privacy Officer at privacy@mustardit.co.uk or you can make a complaint to the Information Commissioner’s Office (www.ico.org.uk).