Privacy Policy

Who we are

This site (http://www.newmillenniumltd.co.uk) belongs to New Millennium Limited - Registered Office: 128 City Road, London EC1V 2NX, UK; Registered in England & Wales No. 10395882.

New Millennium Limited is committed to maintaining your privacy and we take our responsibility regarding the security of your personal information very seriously. Because of this, and the new EU data protection laws (General Data Protection Regulation – GDPR) which come into effect on the 25th May 2018 and the fact that the GDPR is retained in domestic law as the UK GDPR, we’ve updated our Privacy Policy to explain how we collect, handle and protect your Personal Data.

What we need

We only collect basic Personal Data about you – we DO NOT collect any special category data. The information we collect might include your name, your address, your email, your IP address, etc.

Why we need it

We need to know your basic Personal Data in order to:

• provide you with the services specified in the contract in place between you and New Millennium Limited. We will not collect any Personal Data from you we do not need in order to provide and oversee this service to you.

• help us improve the website and enhance your browsing experience (through the functionality cookies used by our website)

• manage and reply to your emails and other written / oral communications between us.

What we do with it

All the Personal Data we process is processed by the financial team, support team, sales & marketing team, professional advisors and consultants/contractors working for us.

The basic Personal Data collected through the cookies are not shared with anybody, except for those required by the website). We have reviewed the level of protection for the Personal Data offered by this third-parties facility and we have considered this level of protection to be adequate.

We may also share your Personal Data with any law enforcement agency, court, regulator, government authority or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.

We promise we’ll never share your Personal Data with anyone else.

For the purposes of IT hosting, logistics and maintenance personal data is currently located on servers within the UK or the European Union. If necessary, in the future the information might be moved to IT systems outside of the UK or the European Union; this can only occur in line with the UK GDPR legislation if there is an adequate level of protection of the Personal Data.

We have a Data Protection regime in place to oversee the effective and secure processing of your Personal Data.

How long we keep it 

• If there is a contract in place between you and New Millennium Limited, your information we use to provide you with the services according to the contract in place will be kept for the duration of the contract. We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years from the end of the last company financial year they relate to and in some cases specified by HMRC even longer. After this time it will be destroyed.

• Cookies to access this website currently (as of 24th May 2018) expiry after 7 days.

• If you have sent us an email or you have engaged in any other type of communication with us, we will keep the information for 5 years to facilitate potential follow-ups.

What are your rights?

We acknowledge that individuals have the following rights:

• the right to be informed;

• the right of access;

• the right to rectification;

• the right to erasure;

• the right to withdraw consent;

• the right to restrict processing;

• the right to data portability;

• the right to object;

• rights in relation to automated decision making and profiling.

If an individual requests that one or more of these rights is exercised and the relevant conditions are met, we shall review and respond to this request with assistance within 30 days.

This means that at any point you can request to see the information we process on you and, if you believe this is incorrect, you can request to have it corrected. If you have sent us an email or engaged in any other type of communication, you can ask us to delete all Personal Data at any time by contacting us at clientservices.newmillennium [at] gmail.com.

IT Security

A key principle of the UK GDPR is that we process personal data securely by means of ‘appropriate technical and organisational measures’. We acknowledge that:

• we are required to consider things like risk analysis, organisational policies, and physical and technical measures;

• we also have to take into account additional requirements about the security of our processing – and these also apply to data processors;

• we can consider the state of the art and costs of implementation when deciding what measures to take – but they must be appropriate both to our circumstances and the risk our processing poses;

• where appropriate, we will adopt measures such as pseudonymisation and encryption;

• our measures must ensure the ‘confidentiality, integrity and availability’ of our systems and services and the personal data we process within them;

• the measures must also enable us to restore access and availability to personal data in a timely manner in the event of a physical or technical incident;

• we also need to ensure that we have appropriate processes in place to test the effectiveness of our measures, and undertake any required improvements.

New Millennium Limited undertakes the following specific actions:

• files are stored on an encrypted system whenever practical;

• periodic backup copies are made;

• amount of paper documents with Personal Data is minimized, and electronic archival is preferred;

• paper documents with Personal Data to be disposed of are physically destroyed.

Data Minimisation

New Millennium Limited shall not hold Personal Data longer than is necessary and shall minimise the amount of Personal Data it holds and collects regarding data subjects wherever possible.

International transfers

The UK GDPR imposes restrictions on the transfer of personal data outside the UK or the European Union, to third countries or international organisations. These restrictions are in place to ensure that the level of protection of individuals afforded by the UK GDPR is not undermined.

If UK or EU Personal Data is to be transferred outside the UK or the European Union, New Millennium Limited must ensure that adequate protection or safeguards are in place.

Audit

Internal audits are carried out to ensure that New Millennium Limited is acting in compliance with this policy. We may also have audits from clients from time to time and we shall endeavour to comply with such exercises where necessary to meet our contractual obligations.

Personal data breaches

The UK GDPR introduces a duty on all organisations to report certain types of personal data breach to the relevant supervisory authority. We must do this within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, we must also inform those individuals without undue delay. We should ensure we have robust breach detection, investigation and internal reporting procedures in place. This will facilitate decision-making about whether or not we need to notify the relevant supervisory authority and the affected individuals. We must also keep a record of any personal data breaches, regardless of whether we are required to notify.

Changes to our Privacy Policy

If we decide or are required by data protection laws to change our Privacy Policy, we will post the new document on this website.

Further information and complaints

If you need more information on our Privacy Policy, or if you wish to raise a complaint on how we have handled your personal data, you can contact us at clientservices.newmillennium [at] gmail.com.

If you are not satisfied with our response or believe we are processing your Personal Data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO) - https://ico.org.uk/