Privacy Policy

About this Notice

CyberStreet, a trading style of MKSN Limited (CyberStreet), is committed to protecting your personal
information when you use our services. This notice explains how we collect, retain and process your
personal information in compliance with the UK General Data Protection Regulation (GDPR).

Your personal information

Here we set out how the personal information that we collect about you will be used.
We are committed to observing relevant legal and regulatory requirements and employing appropriate
security measures in order to protect your personal information.

Contacting Us

For the purposes of data protection legislation, CyberStreet is a “controller” meaning that we
determine the purpose and means of processing the information we collect from you.
If you ever have any questions, comments or complaints about this notice, or any of its contents,
please contact us via any of the following means and we will be pleased to assist you:
[email protected].

Information that we collect

This section details the types of information we collect from you and use the following information
about you:

  • information that you provide to us from time to time including through our website, where you
    request or use any of our services, or when you submit queries to us;
  • if you contact us by any means, we will keep a record of that correspondence and information that
    you provide to us in that correspondence;
  • details of transactions you carry out using our services;
  • details of your visits to any of our websites.

How we use your information

General uses of information

  • We use information supplied by you:
    to confirm your identity and allow us to carry out checks in the interest of security and to prevent
    fraud;
  • to provide you with our services;
  • to improve the services that we offer;
  • to respond to your queries;
  • to carry out our obligations under any contracts and/or statements of work entered into between
    you and us;
  • to notify you about any changes to our services and/or our websites;
  • to comply with legal and regulatory requirements that apply to us; and
  • for general statistical analysis to improve our services to you.

Our website uses cookies to distinguish you from other users of our website. This helps us to provide
you with a good experience when you browse our website and also allows us to improve our site. See
our cookies banner for more details.

Information used for marketing purposes

We may from time to time contact you by post and/or telephone (unless you are on the corporate TPS
list or have explicitly requested us not to do so) to provide you with details of our other services
and/or events that we think may be of interest to you. We will not contact you by email and/or SMS
about those products and services and/or events unless it is in our legitimate interests to do so or you
have specifically consented.

You have the right to ask us not to process your personal data for marketing purposes at any time. You
can exercise your right to prevent such processing by:

  • checking certain boxes on the forms we use to collect your data
  • by replying directly to the marketing message
  • or updating your direct marketing preferences
  • in case you wish to withdraw from all marketing communications, you can also unsubscribe from
    all marketing by clicking the appropriate link in any email you receive
  • at any time by contacting us.

Lawful Basis of Processing

In terms of the legal bases we rely on to process your information, these are where the processing is
necessary:

  • for the performance of a contract with you for provision of our services or to take steps at your
    request prior to entering into such a contract;
  • to comply with our legal obligations;
  • where you have consented;
  • for our legitimate interests in:
    • ensuring the quality of the services we provide to you;
    • communicating with you; and
    • statistical analysis.

CyberStreet has limited need to process ‘special category’ data for clients (this includes data
concerning your health, personal data revealing your racial or ethnic origin, political opinions, religious
or philosophical beliefs, or data concerning sexual orientation). This is because our services are
geared towards businesses. Where we do, this will normally involve us asking for your explicit consent
or otherwise where this is necessary:

  • for the establishment, exercise or defence of legal claims;
  • in the case that you have obviously made information public (e.g. on social media) we will process
    sensitive/special categories of information for the purposes of carrying out our legal obligations.

If provision of your personal information is a legal or contractual requirement or a requirement
necessary to enter into a contract with us, and you choose not to provide it, we may not be able to
perform some of the tasks we need to in order to provide certain products or services to you.
Where consent is our legal basis for processing, if you do choose to provide your consent you can
withdraw it at any time by contacting us.

Sharing your information

We will not pass your information on to third parties except:

  • when we provide your information to our service providers to allow them to assist us with delivering
    the products or services that you have requested, under the following categories:

    • accountants
    • credit reference agencies
    • lawyers
    • Information technology services suppliers
  • law enforcement agencies and regulators where we are under a duty to disclose or share your
    information in order to comply with any legal or regulatory obligation, or if we reasonably consider
    that this is necessary to help prevent or detect fraud or other crime or to protect the rights,
    property, or safety of CyberStreet, our customers or others;
  • if we are under a duty to disclose or share your information with HM Revenue & Customs (HMRC);
  • if our business, or any part of it, were to be acquired by a third party, in which case personal data
    about you as one of our clients would be one of the transferred assets;
  • if you have consented to any disclosure to a third party.

Where we store and use your information

We currently do not transfer, use and/or store your personal information outside of the European
Economic Area (“EEA”) or the UK. We may update this situation from time to time and any changes
will be communicated to you via an update to this privacy notice.

Transfers to our third party service providers are to enable them use and store your personal
information on our behalf. We will, however, put in place appropriate security procedures in order to
protect your personal information.

Keeping your information

We will keep your information only for as long as necessary depending on the purpose for which it was
provided.

When determining the relevant retention periods, we will take into account factors including:

  • whether are continuing to provide services to you, or have recently done so
  • what type of service we have provided (see below in relation to CyberStreet Law)
  • legal obligations under applicable law to retain data for a certain period of time
  • statute of limitations under applicable law(s)
  • (potential) disputes, and
  • guidelines issued by relevant supervisory authorities.

Once retention periods have expired, we securely erase your information once this is no longer needed.
We delete enquiries data following a specific retention period based upon the type and risk of use. We
review these retention periods from time to time.

Where we have provided work via CyberStreet Law specifically, the following retention periods will
apply:

  • we will retain electronic files relating to your work (matter) for a period of 8 years, running from the
    time a final bill for the work has been raised);
  • we will retain ID checks we have conducted, in order to comply with anti-money laundering
    requirements, for a period of 8 years; and
  • we will retain conflicts search details for 10 years.

Security

We take information security seriously and have deployed technological and organisational measures
to keep personal data safe. These measures are intended to prevent your personal information from
being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. For example:

  • we limit access to your personal information to those employees, agents, contractors and other
    third parties who have a business need to know. They will only process your personal information
    on our instructions and they are subject to a duty of confidentiality.
  • we have put in place procedures to deal with any suspected personal data breach and will notify
    you and any applicable regulator of a suspected breach where we are required to do so.
  • where we are sending you attachments or confidential email, we will utilise encrypted email as our
    part of our normal processing unless you expressly wish for us not to do so; and
  • we have automated (for example, for mailboxes) and manual deletion in place to delete data where
    it is not legally required to be retained under our regulator's rules.

Your rights

You have the right to be provided with clear, transparent and easily understandable information about
how we use your information and your rights. This is why we’re providing you with the information in
this notice. Your rights in connection with personal information Under certain circumstances, by law
you have the right to:

  • Object to processing of your personal information where we are relying on a legitimate interest
    (or that of a third party) and there is something about your particular situation which makes
    you want to object to processing on this ground. You also have the right to object where we are
    processing your personal information for direct marketing purposes.
  • Request access to your personal information (commonly known as a "data subject access
    request"). This enables you to receive a copy of the personal information we hold about you
    and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to
    have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove
    personal information where there is no good reason for us continuing to process it. You also
    have the right to ask us to delete or remove your personal information where you have
    exercised your right to object to processing (see above).
  • Request the restriction of processing of your personal information. This enables you to ask us to
    suspend the processing of personal information about you, for example if you want us to
    establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party in a machine-readable,
    commonly used and structured format.

If you want to review, verify, correct or request erasure of your personal information, object to the
processing of your personal data, or request that we transfer a copy of your personal information to
another party, please contact the [email protected] and we will provide you with a data
subject rights form to clarify the details of your request.

Please note that the various rights are not absolute and each is subject to certain exceptions or
qualifications. Data subject rights must be related to an individual and cannot be exercised on behalf
of a company’s interest.

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us
informed if your personal information changes during your working relationship with us.

Fees

Normally you will not have to pay a fee to access your personal information (or to exercise any of the
other rights). In some cases, we may charge a reasonable fee if your request for access is clearly
unfounded or excessive, or if you request multiple copies of the information. Alternatively, we may
refuse to comply with the request in such circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure
your right to access the information (or to exercise any of your other rights). This is another
appropriate security measure to ensure that personal information is not disclosed to any person who
has no right to receive it.

Right to complain

If you wish to request further information about any of the above rights, or if you are unhappy with
how we have handled your information, contact us (see above).

If you are not satisfied with our response to your complaint or believe our processing of your
information does not comply with data protection law, you can make a complaint to the Information
Commissioner’s Office (“ICO”): https://ico.org.uk/global/contact-us/ or 0303 123 1113.
Changes to our privacy notice

We keep our privacy notice under regular review and any updates in the future will be posted on our
website. Where appropriate, changes may be notified to you by post or email