Privacy Policy

Privacy Policy

This document provides you with everything you need to know about how we handle data, which data we control and which data we process on behalf of our clients, why we process it and what your rights are.

This Privacy Notice concerns the data for which we are the Data Controller.

In addition to this Notice we provide information about our role as Data Processor working on behalf of our clients who may be your Data Controller.

Note: This Privacy Notice may be referenced elsewhere and by others as a Privacy Policy, Privacy Statement or Fair Processing Notice.

Summary

  • Modern.Gov (Formally, Modern Mindset Ltd) is registered with the Information Commissioner’s Office.
  • We keep to a minimum the information we hold about you.
  • If you are visiting our corporate website, we use your data to offer our services to you, respond to your enquiries, manage our relationship with you, collect your details if you wish to receive more information about any of our services, meet our legal obligations and improve our website. In this capacity we are working as a Data Controller.
  • Our customers may hold a range of data, including personal data, in their Modern.Gov meeting management system. We may handle this data for the purposes of either support and maintenance, hosting, or data transfer. In this capacity we are working as a Data Processor. In these instances we refer you to those organisations to inspect their Privacy Notice describing their role as Data Controller in relation to your data, and to find details of their DPO.
  • You have privacy rights as described by the GDPR and Data Protection Act and we operate in accordance with these, taking security and privacy extremely seriously.
  • If you need any further information we are happy to help and you should contact us at DPO@theERSgroup.com

Who are Modern.Gov?

We are formally Modern Mindset Ltd, but known for our sole product, Modern.Gov. We are a specialist software company focusing on developing, supplying, and supporting our meeting and decision management system, promoting good governance, transparency, and paperless meetings. Our corporate website is www.ModernGov.co.uk.

Modern.Gov is part of The ERS Group (www.theERSgroup.com).

Modern.Gov is a ‘Data Processor’ registered with the ICO working on behalf of our clients, the ‘Data Controllers’. You can find the ICO’s definitions of Data Controller and Data Processor here.

Who is our Data Protection Officer? (DPO)?

Our DPO for the ERS Group of companies is:

Ian Robinson

33 Clarendon Road

London

N8 0NW

The DPO can be contacted at DPO@theERSgroup.com

The Data Controller for Modern.Gov is the Director of Operations, and can be contacted at info@ModernGov.co.uk

What information is gathered via our corporate website? (www.ModernGov.co.uk)?

Information in this site is gathered in two ways: indirectly (for example, through our site’s technology); and directly (for example through information that you enter). Examples of information we collect indirectly are your internet (IP) address which is automatically collected and is placed in our internet access logs, and the date and time of when you access the site. Examples of information collected directly are the details you may enter in order for us to be able to communicate with you, such as our ‘Contact Us’ form.

We may also use Cookies, which are small text files stored on your computer or device when you visit a website, which allow the website to work properly and help keep it secure, and help us understand how people are using the website so that we can improve it. For more information about the cookies we use, please read our Cookie Information below.

Using this information is done so on the basis of GDPR Articles; 6(b): we need to use your details to follow up with enquiries, and: 6(f): strategy planning via the use of gathering information regarding website visitors is a legitimate, indeed sensible, thing for a business to do.

With regard to our corporate website we are acting as a Data Controller.

What other information do we hold as a business?

For customers, prospective customers, suppliers, and staff, we hold names, identify and contact information, business activities, communications. We also hold and billing and payment information for customers and suppliers.

Using this information is done on on the basis of GDPR Articles; 6(b): necessary to deliver services to our customers and prospective customers; 6(c): we have legal and regulatory obligations to protect our clients and their information, and; 6(f): legitimate interests regarding strategy planning and administrative business functions for day-to-day activities such paying staff, suppliers, etc.

With regard to this business level information we are acting as a Data Controller.

For some of our internal administrative business functions for day-to-day activities, we use Google G-Suite cloud based services. This data is stored across Google’s data centres, and may reside outside of the European Economic Area (EEA).

We ensure that this data is protected in the same way as if it was being used in the EEA, via the following safeguards:

  • Only transfer it to a non-EEA country with privacy laws that give the same protection as the EEA, as deemed by the European Commission.
  • Ensure that a contract with the recipient is in place that means they must protect it to the same standards as the EEA.
  • Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries.

For more information on how Google handles this data to comply with the legislation, please see https://privacy.google.com/businesses/compliance/

Google are also currently developing the ability to control the geographic location of G-Suite data at rest, which will give us greater control over the data going forward.

How long will we keep this information?

We will only keep information for as long as it is needed for the purposes described when it was collected. The information will not be kept for longer than legislation permits. You may also request that your information is removed or forgotten, that processing is restricted or consent is withdrawn by emailing DPO@theERSgroup.com or writing to the address below.

I use one of your apps from an app store that requires permissions, what are they used for?

We currently have tablet apps for iOS, Android, and Windows, for the purposes of accessing content (eg, meeting papers and reports) from our customers Modern.Gov systems. They ask for the following permissions:

  • Internet connection: The apps download content from our customers Modern.Gov systems. This requires an internet connection to function.
  • Wi-Fi Connection detection: Some of our apps allow the option to operate over Wi-Fi only in order to limit mobile data use. This is required to know if a Wi-Fi connection is present.
  • Storage: All apps require storage permissions, in order to store content from our customers Modern.Gov systems offline on the device.
  • Device ID: The apps can work in two modes, as a Public User, or as a Registered User. As a Registered User (eg, an individual who has been granted access by a customer), we need to collect the Device ID as part of the registration process to identify the device to the individual as part of our security model. The Device ID is stored on the customers Modern.Gov system for the duration of being a Registered User. As a public user, this information is not collected.

What security controls are in place?

We want you to be secure when visiting our site and are committed to maintaining your privacy when doing so. Modern.Gov and ERS have physical security in our facilities to protect against the loss, theft, misuse, or alteration of information. There are also different layers of security implemented throughout our website platform, for example hardware and application firewalls; intrusion detection systems; and SSL encryption. In addition both organisations are accredited to the Cyber Essentials scheme and are ISO 27001 accredited.

Cookies

This site uses session cookies, which simply allows secure navigation from one page to the next once. The Session Cookie is a first party cookie (i.e. only placed by Modern.Gov websites) and is temporary (i.e. it is deleted when your session ends).

Our Modern.Gov website uses Google Analytics cookies, which allow us to collect information such as the browser, operating system and screen resolution used, the pages you visit on our website, an anonymised version of your IP address, and your location (country only). This information helps us to improve the usability and performance of the website. These Google Analytics cookies are first party cookies (i.e. only placed by Modern.Gov) and may persist on your computer for up to two years. The anonymous information collected is sent to Google so that we can use their analytics reporting tools. This analytics data is deleted after 38 months. We do not send personally identifiable information to Google. For more information on how Google uses the data we send them, please see https://www.google.com/policies/privacy/partners/.

If you do not want Analytics to be used by your browser, you can install the Google Analytics opt-out add-on from https://tools.google.com/dlpage/gaoptout. Examples of Google Analytics cookies include _ga, _gid, __utma, __utmb etc.

On webpages that include videos, there are third party cookies placed by vimeo.com, we cannot show videos without these.

What are my rights?

You have lots of rights in respect of our processing of your personal data. The relevant rights where we are acting as a Data Controller are:

  • The Right to Access their personal data
  • The Right to Rectify incorrect personal data
  • The Right to Object to processing
  • The Right to be Forgotten (or to Restrict processing)
  • The Right to Data Portability

Please contact us if you wish to exercise any of these rights.

You also have the right to lodge a complaint regarding our use of your data. Please tell us first, so we have a chance to address your concerns. If we fail in this, you can address any complaint to the UK Information Commissioner’s Office, either by calling their helpline or as directed on their website at https://ico.org.uk/

Copyright

Copyright © 1987-2018 Modern Mindset Ltd. All rights reserved.

Unless otherwise stated, the contents of this site including, but not limited to, the text and images contained herein and their arrangement are the property of Modern.Gov. All trademarks used or referred to in this website are the property of their respective owners. Nothing contained in this site shall be construed as conferring by implication, estoppel, or otherwise, any license or right to any copyright, patent, trademark or other proprietary interest of Modern.Gov, the ERS Group of companies or any third party. This site and the content provided in this site, including, but not limited to, graphic images, audio, video, html code, buttons, and text, may not be copied, reproduced, republished, uploaded, posted, transmitted, or distributed in any way, without the prior written consent of ERS, except that you may download, display, and print one copy of the materials on any single computer solely for your personal, non-commercial use, provided that you do not modify the material in any way and you keep intact all copyright, trademark, and other proprietary notices.

Who is the supervisory authority?

The Information Commissioner’s Office: https://ico.org.uk/

Modern.Gov (Modern Mindset Ltd) is registered with the ICO and our registration number is ZA060107.