Mitmarkeye

Pri­va­cy

MIT­MARK Intel­li­gence is a pri­vate inves­ti­ga­tion and secu­ri­ty con­sul­tan­cy com­pa­ny based in the UK. MIT­MARK Intel­li­gence is a con­troller”, mean­ing it is respon­si­ble for decid­ing how it holds and uses per­son­al infor­ma­tion of its clients and any oth­er rel­e­vant third parties.

This Pri­va­cy Pol­i­cy sets out how MIT­MARK Intel­li­gence process­es per­son­al data in accor­dance with the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR) and oth­er applic­a­ble data pro­tec­tion laws.

1. Intro­duc­tion

MIT­MARK Intel­li­gence is whol­ly com­mit­ted to pro­tect­ing the pri­va­cy and secu­ri­ty of all per­son­al data we col­lect, process and hold about indi­vid­u­als. This pol­i­cy explains how we use per­son­al data, who we share it with, how we keep it secure, and the rights indi­vid­u­als have in rela­tion to their per­son­al data.

2. Who we are

MIT­MARK Intel­li­gence is a pri­vate inves­ti­ga­tion com­pa­ny reg­is­tered in the UK. We oper­ate as a data con­troller for the per­son­al data we col­lect and process. Our reg­is­tered office is at 13 Manette Street, Lon­don, Eng­land, W1D 4AP, and we can be con­tact­ed at support@​mitmark-​intelligence.​com or +44 (0)20 3398 9321.

We will aim to address all pri­va­cy relat­ed inquiries with­in 3 busi­ness days.

3. What per­son­al data we collect

We may col­lect and process a range of per­son­al data. The nature and type of data we col­lect will vary depend­ing on the spe­cif­ic context/​scope of a giv­en project. In gen­er­al terms we may col­lect the fol­low­ing per­son­al data:

  • Name, address, date of birth, con­tact details, and oth­er iden­ti­fy­ing information;
  • Infor­ma­tion about an individual’s per­son­al and pro­fes­sion­al life, includ­ing finan­cial, employ­ment and edu­ca­tion­al information;
  • CCTV footage and audio record­ings obtained dur­ing inves­ti­ga­tions, where appro­pri­ate and law­ful to do so (please see sec­tion 5 for details);
  • Infor­ma­tion obtained from pub­lic sources or from third-par­ty sources, such as social media plat­forms, where appro­pri­ate and law­ful to do so (please see sec­tion 5 for details).

4. How we use per­son­al data

The nature of how we process and use per­son­al data will vary depend­ing on the spe­cif­ic context/​scope of a giv­en project. In most sit­u­a­tions we may use per­son­al data for the fol­low­ing purposes:

  • Con­duct­ing inves­ti­ga­tions and car­ry­ing out back­ground checks on indi­vid­u­als and organisations;
  • Pro­vid­ing advice and sup­port to our clients based on the results of our investigations;
  • Com­ply­ing with legal and reg­u­la­to­ry requirements;
  • For oth­er legit­i­mate busi­ness purposes.

5. Legal basis for pro­cess­ing per­son­al data

Legal jus­ti­fi­ca­tion in order to car­ry out OSINT and oth­er research oper­a­tions is essen­tial to com­ply with data pro­tec­tion law. GDPR restricts the pro­cess­ing of per­son­al data to six areas of legal bases for the pro­cess­ing of per­son­al data (Arti­cle 6.1). The legal bases MTI­MARK Intel­li­gence relies on the legal basis for the pro­cess­ing of per­son­al data are:

  • Con­sent (Arti­cle 6.1.a) – where we have obtained an individual’s con­sent to process their per­son­al data for a spe­cif­ic purpose;
  • Legal oblig­a­tion (Arti­cle 6.1.c) – where pro­cess­ing is nec­es­sary for com­pli­ance with the law;
  • Legit­i­mate inter­ests (Arti­cle 6.1.f) – where pro­cess­ing is nec­es­sary for our legit­i­mate busi­ness inter­ests, pro­vid­ed that the inter­ests or fun­da­men­tal rights and free­doms of the indi­vid­ual are not overridden.

Due to the nature of MIT­MARK Intel­li­gence’s work requir­ing OSINT to be car­ried out with the direct con­sent of a sub­ject, legit­i­mate inter­est is like­ly to be the most com­mon jus­ti­fi­ca­tion. The con­sti­tut­ing cri­te­ria of legit­i­mate inter­est that allows the right to noti­fi­ca­tion to be sus­pend­ed and the require­ment of con­sent of a sub­ject are laid in Arti­cle 23 GDPR, they are:

  • (d) the pre­ven­tion, inves­ti­ga­tion, detec­tion or pros­e­cu­tion of crim­i­nal offences
  • (g) the pre­ven­tion, inves­ti­ga­tion, detec­tion and pros­e­cu­tion of breach­es of ethics for reg­u­lat­ed professions
  • (i) the pro­tec­tion of the data sub­ject or the rights and free­doms of others
  • (j) the enforce­ment of civ­il law claims

It is there­fore required that the legal basis of a project is clear­ly estab­lished ear­ly on. This should be done in the orig­i­nal scop­ing of a project pri­or to the begin­ning of any research and must include: the con­text, back­ground, rel­e­vant par­ties, objec­tives, and research pro­to­cols. The client request­ing the research must also sign off on this scope. This can be done in an engage­ment let­ter, for­mal pro­pos­al or oth­er valid document.

In order to meet its oblig­a­tions each project shall have a data pro­tec­tion impact assess­ment and an up to date gen­er­al record of pro­cess­ing activ­i­ties will be main­tained at all times.

6. Shar­ing per­son­al data

We may share per­son­al data with the fol­low­ing parties:

  • Our clients and their legal rep­re­sen­ta­tives, where appro­pri­ate and nec­es­sary to car­ry out an inves­ti­ga­tion or pro­vide advice and sup­port in line with the scope of a giv­en project;
  • Third-par­ty ser­vice providers who pro­vide us with IT, tech­ni­cal infra­struc­ture and oth­er sup­port services;
  • Reg­u­la­to­ry bod­ies and law enforce­ment agen­cies, where required by law or reg­u­la­to­ry obligations.

7. How long we keep per­son­al data

We will only retain per­son­al data for as long as nec­es­sary to ful­fil the pur­pos­es for which it was col­lect­ed, includ­ing for the pur­pos­es of sat­is­fy­ing any legal, reg­u­la­to­ry, account­ing, or report­ing require­ments. The length of time for which we retain per­son­al data will vary depend­ing on the nature of the infor­ma­tion and the pur­pos­es for which it was collected.

8. Data security

We have imple­ment­ed appro­pri­ate tech­ni­cal and organ­i­sa­tion­al mea­sures to ensure the secu­ri­ty of per­son­al data we hold. We secure­ly store your data on our cloud busi­ness envi­ron­ment pro­vid­ed by Google. This envi­ron­ment includes mea­sures to pre­vent unau­tho­rised access, use, alter­ation, dis­clo­sure, or destruc­tion of data.

Access to data is restrict­ed based on the prin­ci­ple of least priv­i­lege. This means access to your per­son­al data is restrict­ed to only those employ­ees, con­trac­tors and oth­er third par­ties that have a legit­i­mate busi­ness need to know. Any­one who is grant­ed access to your data will only process it for a legit­i­mate busi­ness pur­pose and will be sub­ject to a duty of confidentiality.

9. Indi­vid­ual rights

Indi­vid­u­als have the fol­low­ing rights in rela­tion to their per­son­al data:

  • Right to access – indi­vid­u­als have the right to request access to their per­son­al data and to receive a copy of the per­son­al data we hold about them;
  • Right to rec­ti­fi­ca­tion – indi­vid­u­als have the right to request that we cor­rect any inac­cu­rate or incom­plete per­son­al data we hold about them;
  • Right to era­sure – indi­vid­u­als have the right to request that we delete their per­son­al data in cer­tain circumstances;
  • Right to restrict pro­cess­ing – indi­vid­u­als have the right to request that we restrict the pro­cess­ing of their per­son­al data in cer­tain circumstances;
  • Right to data porta­bil­i­ty – indi­vid­u­als have the right to receive the per­son­al data they have pro­vid­ed to us in a struc­tured, com­mon­ly used, and machine-read­able for­mat, and to trans­mit that data to anoth­er data controller;
  • Right to object – indi­vid­u­als have the right to object to the pro­cess­ing of your per­son­al data under cer­tain circumstances;
  • Right to data porta­bil­i­ty — indi­vid­u­als have the right to request that our com­pa­ny trans­fer the data we have col­lect­ed to anoth­er organ­i­sa­tion, or direct­ly to you, under cer­tain circumstances.

Please note that, as laid out in sec­tion 5, in the event of cer­tain cir­cum­stances (i.e. an inves­ti­ga­tion relat­ing to a crim­i­nal offence or civ­il case) the data rights of sub­jects may be restricted.

10. Cook­ies

By using our web­site we will auto­mat­i­cal­ly col­lect any data pro­vid­ed to us by your brows­er via our web­site’s cookies.

Cook­ies are text files placed on your com­put­er to col­lect stan­dard Inter­net log infor­ma­tion and vis­i­tor behav­iour infor­ma­tion. This data includes inter­net pro­to­col (IP) address, your brows­er type and ver­sion, your time zone set­ting and loca­tion, brows­er plug-in types and ver­sions, oper­at­ing sys­tem and plat­form and oth­er tech­nol­o­gy on the devices you use to access this web­site. A mix of first-par­ty and third-par­ty cook­ies are used.

11. How to con­tact the appro­pri­ate authority

Should you wish to report a com­plaint or if you feel that our com­pa­ny has not addressed your con­cern in a sat­is­fac­to­ry man­ner, you may con­tact the Infor­ma­tion Com­mis­sion­er’s Office.

Phone Num­ber: 0303 123 1113

Web­site: https://​ico​.org​.uk/​m​a​k​e​-​a​-​c​o​m​p​l​aint/

While we ful­ly respect your right to make any com­plaint you feel is nec­es­sary we would request that you con­tact us first in order to resolve any issues.