MARK ROBERTS MOTION CONTROL PRIVACY NOTICE
In this privacy notice we explain how we collect and use your personal data. This privacy notice applies to all personal data we process about you when you order, purchase or use our products and services, visit our websites, use our customer support or otherwise interact with Mark Roberts Motion Control.
Mark Roberts Motion Control respects privacy and acknowledges that processing personal data in a lawful and proper manner is an important social responsibility and declares that it will strive to protect personal data. This privacy notice is part of Nikon’s Group Privacy Protection Statement and applies to all personal data that we process concerning our prospective, current and former customers and suppliers, and your usage of our products and services, our website at https://www.mrmoco.com/or otherwise doing business with MRMC (hereafter “you”). In this privacy notice, we explain what personal data we collect and how we use this data. Therefore, we encourage you to read this notice carefully.
- Who we are
- What personal data we collect and what we do with your data
- How we collect your data
- Information sharing
- Security measures and data retention
- International transfers of personal data
- Your rights
- How we look after this policy
- Contact details for your privacy inquiries
1. Who we are
We are Mark Roberts Motion Control Ltd, Unit 3, South East Studios, Eastbourne Road, Blindley Heath, Surrey, RH7 6JP, United Kingdom, moc.ocomrm@rellortnocatad, +441342838000. We are part of the Nikon Group. Together with Nikon Corporation, Shinagawa Intercity Tower C, 2-15-3, Konan, Minato-ku, Tokyo, 108-6290, Japan, we are responsible for the collection and use of your personal data described in this privacy notice. References to “Mark Roberts Motion Control”, “MRMC”, “we” and “our” throughout this notice, depending on the context, collectively refer to the aforementioned legal entities.
We have determined our respective responsibilities for compliance with the obligations under applicable privacy legislation for processing your personal data in relation to our global processing activities by means of an arrangement between us. In summary, we have arranged that if you want to exercise your rights, such as your right to access, correct, erase, restrict, object or port personal data or to withdraw your consent, or if you have any questions about the processing of your personal data, you can contact MRMC in accordance with Section 9. Contact details for your privacy inquiries. MRMC and Nikon Corporation will assist each other where necessary to ensure that you can exercise your rights and your questions will be handled.
2. What personal data we collect and what we do with your data
We have outlined our data processing operations and the purposes for which we process your personal data in the “Overview of MRMC processing activities” in the Annex below. In summary, we use various systems to deliver products and services to you. For example, MRMC provides Robotic Imaging Solutions, Development, Rental Services, Training and Customer Services.
MRMC processes your personal data to provide our products and services to you, to comply with legal obligations we are subject to or if it is necessary for our legitimate interests or the interests of a third party or on the basis of consent.
When we process your personal data for our legitimate interests or the interests of a third party, we will take reasonable measures to prevent unwarranted harm to you. Our legitimate interests are for example, our interest of improving our product and services delivery by storing contact details, reducing our costs, improving our newsletters and websites by analysing which parts of our communications are most relevant for you. Or for securing our services and facilities, such as for the purposes mentioned in the Annex. More information on the balancing tests we perform is available upon request. Where we process your personal data for our legitimate interests or the interests of a third party, you have the right to object at any time on grounds relating to your particular situation (please see Section 7. Your rights below).
You may withdraw your consent at any time by following the specific instructions in relation to the processing for which you provided your consent, by adjusting your setting (if available) or by reaching us through the contact details in Section 9. Contact details for your privacy inquiries below.
Where we process your personal data for a purpose other than that for which we collected it initially (and we rely on a legal basis other than consent or complying with legal obligations for this new purpose), we will ascertain whether processing for this new purpose is compatible with the purpose for which the personal data was initially collected. More information on this assessment is available upon request (please see Section 7. Your rights below).
3. How we collect your data
Most of the personal data we process is information that you knowingly provide to us directly or through third parties. However, in some instances, we process personal data that we are able to infer about you based on other information you provide to us or on our interactions with you, or personal data about you that we receive from a group company or a third party with your knowledge (please see Section 4. Information sharing and the Annex below).
If you refuse to provide personal data that we require for the performance of a contract or compliance with a legal obligation, we may not be able to provide all or parts of the services you have requested from us.
4. Information sharing
MRMC will process some of your personal data locally. However, as a global organisation, many of our business activities can also be carried out (and business efficiencies achieved) by processing or consolidating information about you in specific or centralised databases and systems located at specific secured facilities worldwide. As a result, your information may be shared with other entities within the Nikon Group. However, each Nikon Group company and those other systems and databases will only collect, receive, use, share or otherwise process such personal data in accordance with applicable laws, this privacy notice and our Nikon’s Group Privacy Protection Statement. Moreover, internally we maintain a strict access policy with regard to the processing of personal data. Only a limited group of authorised MRMC and Nikon staff on a need to know basis will have access to your personal data.
As a rule, we do not share your personal data with anyone outside the Nikon Group. However, we may share your personal data with trusted third parties that perform business functions or provide services to us. All such third parties will be required to adequately safeguard your personal data, subject to agreements that correspond to the requirements of applicable laws. Your personal data may also be shared for investigations (e.g. disclosure to prevent crime or fraud, or to comply with a court order or legislation).
5. Security measures and data retention
MRMC will secure your personal data in accordance with our IT and security policies so that personal data is protected against unauthorised use, unauthorised access and wrongful modifications, loss or destruction. Your personal data will be stored no longer than is necessary for the purpose it was obtained, including compliance with legal and fiscal obligations and for solving any disputes. We have outlined the specific data retention periods in the “Overview of MRMC processing activities” in the Annex below.
6. International transfers of personal data
Given the global nature of our company, your personal data may be transferred to Nikon entities and trusted third parties in countries outside the European Economic Area whose laws may not afford the same level of protection of your personal data. Where necessary, MRMC will ensure that adequate safeguards are in place to comply with the requirements for the international transfer of personal data under applicable privacy laws. For transfers of personal data outside the European Economic Area, MRMC will use Commission approved mechanisms, such as the Privacy Shield certification, and Standard Contractual Clauses as safeguards, such as the “(EU-)controller to (Non-EU/EEA-) controller” Decision 2004/915//EC (see Article 46 GDPR). If you wish to receive a copy of these safeguards, please contact us through the contact details in Section 9. Contact details for your privacy inquiries below.
7. Your rights
You can contact us (please see Section 9. Contact details for your privacy inquiries below) to exercise any of the rights you are granted under applicable data protection laws, which includes (1) the right to access your data, (2) to rectify them, (3) to erase them, (4) to restrict the processing of your data, (5) the right to receiving a file of your personal data and (6) or the right to object to the processing, and where we have asked for your consent, to withdraw this consent. These rights will be limited in some situations. We will, for example, deny your request for access when necessary to protect the rights and freedoms of other individuals or refuse to delete your personal data in case the processing of such data is necessary for compliance with legal obligations. The right to data portability, for example, does not apply in cases where the personal data was not provided by you or if we process the data not on the basis of your consent or for the performance of a contract.
When you would like to exercise your rights, please send your request to the contact details in Section 9. Contact details for your privacy inquiries below. Please note that we may need you to provide additional information to confirm your identity. You also have the right to lodge a complaint with the Information Commissioner’s Office.
You can also contact us if you have any questions, remarks or complaints in relation to this privacy notice.
7.1. Right to access
You may ask us whether or not we process any of your personal data and, if so, receive access to that data in the form of a copy. When complying with an access request, we will also provide you with additional information, such as the purposes of the processing, the categories of personal data concerned as well as any other information necessary for you to exercise the essence of this right.
7.2. Right to rectification
You have the right to have your data rectified in case of inaccuracy or incompleteness. Upon request, we will correct inaccurate personal data about you and, taking into account the purposes of the processing, complete incomplete personal data, which may include the provision of a supplementary statement.
7.3. Right to erasure
You also have the right to have your personal data erased, which means the deletion of your data by us and, where possible, any other controller to whom your data has previously been made public by us. Erasure of your personal data only takes place in certain cases, prescribed by law and listed under article 17 of the General Data Protection Regulation (GDPR). This includes situations where your personal data is no longer necessary in relation to the initial purposes for which it was processed as well as situations where it was processed unlawfully. Due to the way we maintain certain services, it may take some time before backup copies are erased.
7.4. Right to restriction of processing
You have the right to obtain the restriction of the processing of your personal data, which means that we suspend the processing of your data for a certain period of time. Circumstances which may give rise to this right include situations where the accuracy of your personal data was contested but some time is needed for us to verify their (in)accuracy. This right does not prevent us from continuing to store your personal data. We will inform you before the restriction is lifted.
7.5. Right to receive your file (data portability)
Your right to data portability entails that you may request us to provide you with your personal data in a structured, commonly used and machine-readable format and to have such data transmitted directly to another controller, where technically feasible. Upon request, and where this is technically feasible, we will transmit your personal data directly to the other controller.
7.6. Right to object
You also have the right to object to the processing of your personal data, which means you may request us to no longer process your personal data. This only applies in case the ‘legitimate interests’ ground (including profiling) constitutes the legal basis for processing (see para. ‘Legal basis’ above).
At any time and free of charge you can object to direct marketing purposes in case your personal data is processed for such purposes, which includes profiling purposes to the extent that it is related to such direct marketing. In case you exercise this right, we will no longer process your personal data for such purposes.
8. How we look after this policy
We have most recently updated this notice on 27 November 2019 and it replaces earlier versions. We will update this privacy notice from time to time and notify you of any substantive changes.
9. Contact details for your privacy inquiries
Mark Roberts Motion Control Ltd, Establishment Division
Unit 3, South East Studios, Eastbourne Road, Blindley Heath, Surrey, RH7 6JP, United Kingdom
OVERVIEW OF MARK ROBERTS MOTION CONTROL PROCESSING ACTIVITIES
|Processing operation||Categories of personal data||Special categories of pers data||Purposes||Recipients||Retention period||Further explanation and source of personal data (if applicable)|
|Partners, Suppliers, Customers and Group Company Contacts Communication||Address, Country, Email, Name, Title Postal Code, Phone number||No||Business Operation, Communication and Administration, including contract administration||All staff (Personal Communication via email, phone and post with Suppliers, Partners and Clients). Group Company Contacts supplied to Authorised Staff only. Telephone system provider - Southern Communications (Name and telephone only)||Data is kept no longer than it is necessary for company operations. For example, criteria for determining data retention period could be: whether our business relationship is active or if there is an existing legal obligation for us to keep your details||Data subject, Third Party: Group Company Liaison Managers providing contact details to enable business operation|
|Taxi Administration||Address, Name, Phone number||No||Administration, Transfers provision for staff and visitors||Reception, Taxi Hire Companies||Not stored||Data subject|
|CCTV||Video and Image recording||No||Administration, Building and Premises Security||Authorised staff with an account. Restricted access||Data is kept no longer than it is necessary for company operations. Criteria for establishing retention period could be: level of security on site||Data Subject, Internal use Only|
|Visitors Administration, including visits from clients, partners, local schools, suppliers and any other type of visitor||Name, Car Registration N, Photo Image, Video Image||No||To Enable visitors’ access to the building, Safety, promotion of events||Establishment division. Relevant staff inviting visitors or organising events. Photos have restricted access||Data is kept no longer than it is necessary for the company operations. For example, it could be for the duration of the visitors book. Criteria for determining data retention period could be: whether photos have been taken and we obtained consent to use images for marketing purposes.||Data subject (legal representative)|
|Recruitment Administration||Full Name, Address, Phone, CV, E-mail||No||Recruitment||HR Department. Restricted access.||Data is only kept for as long as it is required and within recommended Retention Periods by CIPD||Data Subject|
|Web-Site Management and Marketing||Browser History, IP address and Details||No||Web-Site Management and User Experience, Customer Service, Marketing||Marketing Department. Restricted access||Cookies retention period depend on their type. However, all cookies are kept within lawful retention periods. Criteria for cookie retention period could be a type of cookie or their purpose. For example, session cookies only exist while your browser is open||Data Subject, Consent for Cookies is obtained|
|Marketing Database||Contact name, Title, Work address, Phone number, Work or Personal email address||No||Marketing and Sales, Newsletters, Leads Generation and Continuity||Marketing and Sales Department||Until recipient opts Out||Data Subjects, Enquiry Forms on the Web-Site, Third Party: Exhibition Lists supplied by Exhibition Organisers|
|Press and Media contacts database||Contact name, Title, Work address, Phone number, Work or Personal email address||No||Marketing, Press Releases||Marketing Department||Data is kept no longer than it is necessary for company operations. Criteria for establishing retention period could be: continued business with the media or press contact||Data Subject|
|Social Networking: LinkedIN Contacts Database, Facebook, Google +, Vimeo, Twitter, You Tube, Instagram||Account Name (Username) and other data made available by source. Linked IN (name, email, work history, phone)||No||Social Networking, Sharing news, videos, advertising, marketing, connecting to prospective clients and candidates on LInkedIN||Relevant Social Networks Platforms, Marketing Department has access. Linked IN access also is with HR Department||Data is stored and managed by relevant Social Networking Platforms. MRMC only has data if connection request has been sent by or accepted by the data subject. This could be withdrawn at any time by Data Subject||Data Subject, fully managed by relevant Social Networking Platform|
|Customer Service and Repair Administration||Address, Country, Email, Name, Postal Code, Phone number, Customer's Product information (Serial No.)||No||Administration, Customer relationship, Service Delivery, Contract execution.||Authorised staff, service repair point||Warranty Period and Product Life Period||Data Subject Paperwork and emails received from customer with the repair or during the course of servicing or support|
|Supplier, customer business cooperation using third party software systems||E-mail, Name, address (where applicable), phone number, username and password||No||Business operation Delivery||Authorised staff only for each relevant software system used. Various software systems||Data is kept no longer than it is necessary for company operations. Criteria for establishing retention period could be: continued business with the supplier or customer. Third party software companies keep data in line with their policies||Data Subject|
|Business Accounts and Contracts||Phone number, Address, Country, Email, Name, Postal Code, Phone number, Bank Account Numbers, Invoice Data, VAT, UTR etc||No||Business Relationships with Customers, Suppliers and Partners – Administration of Payments on Incoming and Outgoing Invoices, Contract Execution||Authorised staff with a Business Enterprise system login||Data is kept no longer than it is necessary for the company operations. For example, criteria for determining data retention period could be: whether you have an account with us. In this case, we will keep your data while your account is active or for as long as needed to provide the services to you||Data Subject|
|Rental Operations||Name and Email of a shooting event participants||No||Access to and Safety on Shooting Locations||Rental Department||Data is only kept for as necessary as it is required. In this case, it could be the duration of a shooting event||Third Party (Shooting Administrator)|
|Provision of a personalised link with Photo Image or Video Footage captured using ShowBolt Robot||Email Address,|
Photo/Image, Video Footage
|No||Provision of Showbolt Service||Recording of video footage is automated and is recorded on our Servers. Access to these records is restricted and may include: IT and R&D department, Rental Department||Data is kept no longer than it is necessary for provision of services. For example, criteria for determining data retention period could be: whether our business relationship with the client is active, client requirements or if there is an existing legal obligation for us to keep your details Data subject.||Data Subject|
|Customer Training||Name, Email, Passport N (if required for visa letter), Photo Image||No||Training provision and administration. Marketing. Issuance of Visa invitation letter||Quality Department, HR Department||Data is kept no longer than it is necessary for company operations. Criteria for establishing retention period could be: continued business with the media or press contact||Data Subject. Photo consent obtained separately.|