Terms & Conditions

Terms & Conditions

The Madson Interim Solutions Ltd t/a Best Business Enabler terms and conditions are set out to confirm that both parties understand the work to be completed, the costs involved, the payment policy and issues concerning Clients property.  A signed Contract giving details of the assignment and agreed charges,  is required before commencement of any work.  A signed proposal and commencement of work is confirmation of acceptance of these terms and conditions. 

1. General

1.1 In these Conditions, Madson Interim Solutions Ltd is referred to as ‘we’ or ‘us’ and “work” shall include goods supplied as well as services provided by us under the Contract.
1.2 These Conditions (” the Conditions”) shall apply to all contracts for the provision of Work by us to the Client (“the Contract”) to the exclusion of all other terms and conditions including any terms and conditions which the Client may purport to apply under any purchase order, confirmation of order or similar document.

2. Confidentiality

2.1 We have a strict confidentiality policy.  No details about our Clients or
information about the Work will be disclosed or passed to a third party, without prior consent unless we are legally obliged to do so. 
2.2   Madson interim solutions will sign a confidentiality agreement if the client requests, and can provide an agreement if necessary. 
2.3 A copy of our privacy policy and data protection policy is also available on our website and by request at any time.

3. Price and Payment

3.1   The price payable by the client shall be the price agreed between the parties, subject to written variation in accordance with these Terms. 
3.2   Before work can commence a detailed proposal will be sent to the Client which they should read carefully and then sign. The proposal outlines the work to be completed, systems we will need access to and also the monthly price excluding VAT for the services outlined in the proposal.
3.3 Payment is taken via Gocardless and the first payment is taken upon commencement of the contract.
3.4   Where the Client causes delays, changes the specification, requires extra work or meetings or changes previously accepted work, we shall be entitled to a reasonable extension of time and price increase and/or advance payment.  Upon our request a separate Contract shall be entered into if the changes are substantial or if they are likely to increase the price by 25%

3.5 Cancellation of service requires 4 weeks notice in writing either via email or snail mail.

3.6   Overdue payments shall accrue 8% statutory interest until the payment is made in full before or after any court action.  The Client shall indemnify us in full all our reasonable administrative charges and legal costs of recovering overdue payments. 

4. Delivery and Completion

4.1    Unless otherwise has been specifically agreed in writing, time for completion of the Work is given in good faith as an indication and is not of the essence. 
4.2   The risk in the goods shall pass to the Client on delivery.
4.3   Travelling time will be charged on all collections and deliveries of work. 

5. Virus Protection

5.1    For the purpose of computer safety, all incoming emails will be scanned.  We reserve the right to refuse to open any attachment that we consider to look suspicious in any way. 
5.2   We will not open unsolicited attachments to emails or emails from an unrecognised sender.  We will not open emails with no subject heading or attachments that contain no message alongside them.

6. File Back Up

6.1   Where possible we will always store your data on your systems. Should we require to save any data. This will be saved as encrypted files within Dropbox. You should ensure that the systems you use comply with European Law and GDPR.

7. Liability and Loss

7.1   We do not accept any responsibility for any loss or damage of the Client’s data and other properties while it is being delivered to us.  You should ensure the movement of your data complies with EU Law and GDPR
7.2  We shall not be liable to the Client for any loss or damage which may be suffered by the Client as a direct or indirect result of the duties and/or obligations of us being prevented, hindered, delayed or rendered uneconomic by reasons beyond the reasonable control of us which includes Acts of God, industrial action, illness, accident etc. 
7.3   It is the Client’s sole responsibility to proofread and check the Work executed.  The Client must do this as soon as practicable and shall notify us of any errors within seven days of receipt of completed work.  Any errors generated by Madson Interim Solutions Ltd will be amended free of charge, however, any amendments or alterations requested by the Client, will be completed as per the original signed proposal.  We will be entitled to raise
additional charges for the correction of any errors (even made by us) of which the Client notifies us of after the aforementioned seven-day period. 
7.4   Unless otherwise agreed in writing by the parties, we shall be under no liability whatever to the Client for any consequential or indirect losses and/or expense suffered by the Client arising out of a breach by us of the Contract.  In such situations, the liability of us in no circumstances shall exceed the price. 

8. Information

8.1   The Client shall supply to us all information and materials which are required for and relevant to the performance of the Work.  It is the sole responsibility of the Client to ensure that the information and materials provided are accurate and legible and that the uses of them are lawful.  The Client shall fully indemnify us of all costs, claims, demands, losses and expenses whatsoever arising out of the use of the materials and in the respect of any defamation claim, infringement or alleged infringement of any patent, copyright, registered design or other third party’s rights arising out of the use of such materials.
8.2  All reports and information provided by us to the Client during the performance of the Work are provided for the sole use of the Client and we accept no responsibility nor liability from any reliance that may have been made on such reports and information by any third parties unless we have given prior written permission specifically for such use or reliance. 
8.3 You will provide Madson Interim Solutions with a copy of your Data Protection Policy and Privacy Policy and confirm that the data you hold and the systems you use comply with current GDPR legislation.

9. Invalidity of Part of the Agreement

9.1    If any part of this Contract is held to be a violation of applicable law, statute or regulation, it shall be deemed to be deleted from the Contract and shall be of no force and effect as if that  part had not originally been contained in this Contract.

10. Assignment and Sub-Contract

10.1  The parties shall not assign any part of the Contract without the prior consent of the other and such consent shall not be unreasonably withheld.  We shall be entitled to sub-contract part of the Contract to a third party. 

11. Law

11.1  The Contract shall in all respects be governed by and construed and interpreted in accordance with the laws of England and the parties hereby submit to the exclusive jurisdiction of the English Courts. 

Hot Desk & Meeting Room

Definitions:
¥ The ‘Agreement’ means the Booking of a Hot Desk or Meeting Room through Madson Interim Solutions Ltd t/a Best Business Enabler;

¥ The ‘Provider’ means Madson Interim Solutions Ltd;

¥ The ‘Client’ means the booker and/or purchaser of the Agreement.

¥ The ‘Service(s)’ means any hot desk service or meeting room service selected by the Client
1. ACKNOWLEDGMENT AND ACCEPTANCE OF TERMS OF USE.
The Service(s) are offered to the Client conditional on their acceptance of the terms and conditions contained in the Agreement, without modification.
2. SERVICES
2.1. The Client is not entitled to use the Provider’s business address(es) as stated in the Agreement.
2.1.1The Client will not in any way use or combine the Provider’s name, in whole or in part, for the purpose of trading activities. 2.1.2 Mail will not be handled on behalf of the Client
2.1.3.The Provider will not be liable for any loss sustained as a result of any mechanical breakdown, strike, delay or failure of any staff, manager or caretaker to perform their duties.
2.1.4 The Provider will not accept any deliveries on behalf of the Client.
2.1.5 The Client agrees to abide by all rules and regulations of the country. Any violation of regulations may result in termination of Services by the Provider and may subject the violator to fines or imprisonment.
2.2 USE OF THE PROVIDER FACILITIES
2.2.1 The Provider will supply the following accommodation services to the Client during business opening hours (which may change from time to time) (other than UK public and bank holidays).
2.2.1.1 Hot Desking Clients will use a workstation (being the desk and chair), including Internet connection, up to the number of hours included in their package. The Provider may at any time, and in its absolute discretion, assign the Member to any workstation in the business centre. If no workstation is available for use to the Client, the Provider can, at its discretion, offer usage of internal meeting rooms in lieu of this.
2.2.1.2 Use of any Facilities will be subject to: (i) availability of the Facilities; (ii) payment of all fees and charges incurred in reserving and/or using the Facilities; and (iii) compliance with the terms and conditions and/or house rules from time to time applicable to the Facilities.
2.2.2 The heating, lighting, cleaning and maintenance of the workstation and the premises;
2.2.3 The use in common with others the kitchen.
2.2.4 At the discretion of the Provider, the full-time office Clients shall have access to the business

2.3 MEETING, CONFERENCE ROOMS
2.3.1 The Provider entitles Clients to hire the meeting room by the hour from the Provider.
2.3.2 Use of any Facilities will be subject to: (i) availability of the Facilities; (ii) payment of all fees and charges incurred in reserving and/or using the Facilities; and (iii) compliance with the terms and conditions and/or house rules from time to time applicable to the Facilities.
2.3.3 Unless otherwise agreed in writing, settlement of all fees and charges incurred in reserving and/or using the Facilities is to be made by the Client in full prior to use, at the time of booking, and shall not be considered guaranteed until payment has been made in full.
2.3.4 Cancellations or changes received within 48 hours prior to the reserved date will be charged 100% of the total cost and 50% of the total cost when given sooner than 48 hours. Any cost incurred to third party suppliers (e.g. caterers or equipment suppliers) as a result of cancellation will be payable in full by the Client.
2.3.5 Reservations not made through the Provider are not guaranteed in any way and no pricing structure is guaranteed for reservations not made specifically with the Provider.
2.3.6 Notice from the Client to change or cancel an existing reservation must be made in writing and sent by email addressed to info@bestbusinessenabler.com
2.4 USE OF THE PROVIDER OTHER SERVICES
Any other services such as telephone, fax, fax to email, printing, copying or internet broadband connection will be charged as per the Provider’s current rate.
2.5 MODIFICATIONS TO THE SERVICE.
2.5.1 The Company reserves the right to modify or discontinue all or part of the Service, temporarily or permanently, with or without notice to the Client, and is under no obligation to support or update the Service.
2.5.2 The amended Terms shall be effective immediately after publication on the Provider’s website, www.eoffice.net. The Client’s continued use of the Service after the posting of the amended Terms on the Site constitutes:(a) acknowledgment of the Terms and its modifications by the Clientr; and (b) agreement to abide and be bound by the Terms, as amended.
2.5.3 The Client acknowledges and agrees that the Provider shall not be liable to the Client or any third party in event that the Provider exercises its right to modify or discontinue all or part of the Service.
2.5.4 The Company reserves the right, in its sole discretion, to change User pricing upon 30 days’ notice.

3 PAYMENT
3.1. Hot Desk and meeting and room usage fees are payable fully in advance.
3.2 Special offers. Every now and then the provider may send special promotions and offers to its Clients. Unless otherwise agreed in writing these offers, once accepted, are strictly not refundable.
4. PROVIDER’S RIGHT&RESPONSIBILITIES
4.1. The Provider may without notice suspend the provision of services (including access to the Office) for reasons of political unrest, strikes, or other events beyond our reasonable control.
4.2. The Provider is not liable for any loss as a result of failure to provide a service as a result of mechanical breakdown, strike, delay, failure of staff, termination of its interest in the building containing the business centre or otherwise, unless it does so deliberately or through gross negligence.
4.3 The Provider is also not liable for any failure until the Client has informed the Provider and given reasonable time for rectification. The Client agrees that the Provider will not be liable for any loss, damage or claim which arises as a result of, or in connection with, this agreement and/or the use of the services except to the extent that such loss, damage, expense or claim is directly attributable to its deliberate act or its gross negligence.
4.4 The Provider will not in any circumstances be liable for loss of business, loss of profits, loss of anticipated savings, loss of or damage to data, third party claims or any consequential loss.
4.5 The Provider strongly advises the Client to insure against all such potential loss, damage, expense or liability.
4.6 Unless there is an emergency, the Provider will as a matter of courtesy try to inform the Client in advance when it needs to carry out testing, repair or works other than routine inspection, cleaning and maintenance.
4.7 The Provider will use all reasonable endeavors to ensure accurate and expeditious handling of communications for the Client, but no responsibility shall attach to the Provider or its staff or agents for any injuries, damage or loss howsoever arising or to whomsoever caused.
4.8 The Provider shall have no liability to the Client in respect of any act, omission, neglect, delay or default by any of the Provider’s staff or agents whether in contract or in tort.
5 MEMBER’S RIGHTS AND RESPONSIBILITIES
5.1 The Client shall be entitled to receive the services subject to these Terms and Conditions.
5.2 The Client must only carry on business in the name specified on the Agreement.
5.3 Members may not use the Best Business Enabler or Madson Interim Solutions Ltd logo, brand or images in any document or publication, including the internet and in any way in connection with his/her business, unless previously agreed in writing with the Provider.
5.4 The Client must only use the office for office purposes, and only for the business stated in the Agreement or subsequently agreed with the Provider.
5.5 The Client will not carry on any business which could be construed by the Provider as illegal, defamatory, immoral or obscene and will not use the business centre whether directly or indirectly for any such purpose.
5.6 The Client must not carry on a business which involves frequent visits by members of the public or which competes with the Provider business.
5.7 The Client must not put up any signs on any part of the workstations or business centre unless previously agreed with the Provider.
5.8 The Client will not be allowed to use the business centre outside of normal business hours unless specifically authorized in writing in exceptional circumstances.
5.9 The Client’s obligations are to pay the stipulated fee and the costs of all other services provided on the due dates and to perform all of the obligations on the part of the Client contained in the Agreement.
5.10 The Client will fully indemnify the Provider against any expenses, costs, claims, damages or penalties incurred by the Provider in connection with this Agreement howsoever occasioned.
5.11 The Client will not send or deliver or cause to be sent or delivered to the Location any noxious, harmful, dangerous, live, perishable or bulky objects.
5.12 It is the Client’’s responsibility to arrange insurance for his/her own property, brought into the business centre and for his/her own liability for employees and to third parties.
5.13 While the Agreement is in force and for six months after it ends, the Client must not solicit or offer employment to any of the Provider’s staff. If the Client does so, the Provider estimates its loss at the equivalent of one year’s salary for each of the employees concerned and the Member must pay the Provider damages equal to that amount.
5.14 When the Client makes use of the Provider’s offices and meeting rooms the Member agrees that:
5.14.1 Such offices and meeting rooms shall be used for general office purposes only.
5.14.2 The Client shall maintain the offices and meeting rooms in their existing condition and shall notify the Provider immediately of any damage caused by the Client and the Client’s employees and visitors.
5.14.3 The Client shall be liable for all damage caused by the Client and the Client’s employees and visitors.
5.15 The common areas of the Premises will only be used in such a way as to have regard to the rights and interests of other users.
5.16 The Client must take good care of all parts of the office,, its equipment, fittings and furnishings. The Client must not alter any part of it. The Client is liable for any damage caused by the Client or those in the office with his/her permission or invitation. 5.17 The Client must not install any furniture or office equipment, cabling, IT or telecoms connections without the Provider consent, which it may withhold at its absolute discretion
5.18 The Client agrees to comply with the procedures and regulations which the Provider imposes generally on users of the office for health and safety and other reasons. It is the Client’s responsibility to ensure that everyone in the office with his/her permission or invitation also complies with these house rules.
5.19 The Client must at all times respect the privacy and convenience of others using the space. The Client agrees not to do anything that will cause any nuisance or annoyance, that will interfere in any way with the use of the office, that will increase the insurance premiums that the Provider has to pay, or cause loss or damage to the Provider or to the owner of any interest in the building which contains the office.
5.20 The Client must supply copies of at least 2 documents of personal identification, to be chosen from: passport, ID with photo, driving license with Photo, utility bill. Failure to present the required copies of these documents within 48 hours from signing the Agreement may result in the Agreement being terminated and initial payment retained.
5.21 All electrical appliances brought by the the Client to office must be PAT tested ensuring they are safe to use in the premises. The Provider reserve the right to removing from the premises all electrical appliances that have not been tested properly.
6 DURATION AND TERMINATION
6.1 This agreement lasts for the period stated in the Agreement 6.2 Standard Duration and Termination Terms and Conditions 6.2. The Provider may terminate this Agreement immediately by giving notice to the Member if:
6.2.1.a The Client’s conduct or that of someone at the office with the Client’s permission or at his/her invitation, is incompatible with ordinary office use or does not comply with the house rules.
6.3 Duration and Termination Terms and Conditions applicable to Hot Desk Service
6.3.1 The Agreement will terminate immediately upon full usage of the hot desk hour allowance. 6.3.2 The Client cannot claim a refund for hot desk hours not used.
6.4 Duration and Termination Terms and Conditions applicable to Meeting
6.4.1 More than 48 Hours Notice: 50% Total Cost;
6.4.2 Less than 48 Hours Notice: 100% Total Cost.
7 PROVIDER’S LIMITATION OF LIABILITY
7.1 The Client acknowledges that due to the imperfect nature of verbal, written and electronic communications, the Provider is not responsible for the negligence and/or failure to furnish any service, including but not limited to the service of conveying messages, communication and other utility or services or any of it’s Affiliates, Landlord, Suppliers and any of their respective Officers, Directors, Employee, Partners, Agents and Representatives. The Client’s sole remedy and Provider’s sole obligation for any failure to render any service, any error or omission, or any delay or interruption of any service, is limited to an adjustment to the Member’s bill in an amount equal to the charge for such service for the period during which the failure, delay or interruption continues.
7.2 With the sole exception of the remedy described above, the client expressly and specifically agrees to waive, and agrees not to make, any claim for damages, direct or consequential, including with respect to lost business or profits, arising out of any failure to furnish any service, any error or omission with respect there to, or any delay or interruption of services. The Office disclaims any warranty of merchantability or fitness for a particular purpose.
8 LICENCE AGREEMENT
This agreement is not a lease or any other interest in real property. It is a contractual arrangement that creates a revocable license.
The Provider retains legal possession and control of the desk or meeting room assigned to Client. The Provider’s obligation to provide the Client space and services is subject to the terms of the Provider’s lease with the Building. This agreement terminates simultaneously with the termination of the Provider’s master lease or the termination of the operation of the Provider for any reason. As the Provider’s Client, the Client does not have any rights under the Provider’s lease with the Provider’s landlord. When this agreement is terminated because the term has expired or otherwise, the Client’s license to occupy the Centre is revoked. The Client agrees to remove their personal property and leave the office as of the date of termination. The Provider is not responsible for property left in the office after termination.
9 DAMAGE AND INSURANCE
9.1 The Client is responsible for any damage the Client causes to the Provider or Client’s office(s) beyond normal wear and tear. The provider has the right to inspect the condition of the office from time to time and make any necessary repairs.
9.2 The Client is responsible for insuring their personal property against all risks. The Client has the risk of loss with respect to any of their personal property. The Client agrees to waive any right of recovery against the Provider, its directors, officers and employees for any damage or loss to the Client’s property under their control. All property in the Client’s office(s) or desk is understood to be under the Client’s control.

10 GENERAL
10.1 Any notice given by either party shall be made in writing and shall be deemed sufficiently served (i) in the case of notice to the Provider at the Premises or such other addresses or shall have been notified by the Provider for the receipt of notices and (ii) in the case of notice to the Client at the addresses indicated in the Agreement or such other addresses have been notified by the Client to the Provider for the receipt of notices, including at the email address of the Client..
10.2 Any notice sent by post should be deemed received by the addressee in the normal course of posting.
10.3 All formal notices must be in writing and will be considered given to the Provider if delivered personally to the Provider at the office, or sent by courier or first class post to its Registered Office address or to the address indicated in the Agreement. 10.4 The terms of the Agreement are confidential. Neither party must disclose them without the other’s consent unless required to do so by law or an official authority. This obligation continues for 1 year after the Agreement ends.
10.5 Except where we are grossly negligent, you must indemnify us in respect of all liability, claims, damages, losses and expenses which may arise
10.5.1 If someone dies or is injured in the workstations in use;
10.5.2 from a third party in respect of the use of the office and the services;
10.5.3 if the Client does not comply with the terms of the Agreement.
10.6 The Client must also pay any costs, including reasonable legal fees, which the Provider incurs in enforcing the Agreement. 10.7 The Agreement is personal to the Client and is not capable of assignment.
10.8 The Provider may transfer the benefit of the Agreement and its obligations under it at any time.

Data Protection Policy

Foreword

In the information age we offer our customers the means to be always connected. This requires data to be collected and processed. When handling any data we adhere to this principle: When storing and transmitting data, we must ensure a high level of data protection and data security. That goes for information pertaining to our customers, prospects, business partners and employees.

We view it as our duty to comply with the various legal regulations around the world that govern the collection and processing of personal data. Our top priority is to ensure universally applicable, worldwide standards for handling personal data. For us, protecting personal rights and privacy for everyone is the foundation of trust in our business relationships.

Our Corporate Data Protection Policy lays out strict requirements for processing personal data pertaining to customers, prospects, business partners and employees. It meets the requirements of the European Data Protection Directive and ensures compliance with the principals of national and international data protection laws in force all over the world. The policy sets a globally applicable data protection and security standard for our company. We have established seven data protection principles – among them transparency, data economy and data security – as our guideline.

Our Directors and employees are obligated to adhere to the Corporate Data Protection Policy and observe their local data protection laws. As the Chief Officer of Corporate Data Protection, it is my duty to ensure that the rules and principles of data protection at Madson Interim Solutions are followed around the world.

My staff and I will be pleased to answer any questions you have about data protection and security at Madson Interim Solutions.

Alice Jackson
Director – Business Services

Contents

I. Aim of the Data Protection Policy 4

II. Scope and amendment of the Data Protection Policy 4

III. Application of national laws 5

IV. Principles for processing personal data 5
1. Fairness and lawfulness
2. Restrictions to a specific purpose
3. Transparency
4. Data reduction and data economy
5. Deletion
6. Factual accuracy; up-to-date data
7. Confidentiality and data security

V. Reliability of data processing 7

1. Customer and partner data
1.1 Data processing for contractual relationship
1.2 Data processing for advertising purposes
1.3 Consent to data processing
1.4 Data processing pursuant to legal authorization
1.5 Data processing pursuant to legitimate interest
1.6 Processing of highly sensitive data
1.7 Automated individual decisions
1.8 User data and internet

2. Employee Data 10
2.1 Data processing for the employment relationship
2.2 Data processing pursuant to legal authorization
2.3 Collective agreements on data processing
2.4 Consent to data processing
2.5 Data processing pursuant to legitimate interest
2.6 Processing of highly sensitive data
2.7 Automated decisions
2.8 Telecommunications and internet

VI. Transmission of personal data 13

VII. Contract data processing 14

VIII. Rights of the data subject 15

IX. Confidentiality of processing 16

X. Processing security 17

XI. Data protection control 17

XII. Data protection incidents 18

XIII. Responsibilities and sanctions 18

XIV. Chief Officer of Corporate Data Protection 19

XV. Definitions 20

I. Aim of the Data Protection Policy

As part of its social responsibility, Madson Interim Solutions is committed to international compliance with data protection laws. This Data Protection Policy applies worldwide and is based on globally accepted, basic principles on data protection. Ensuring data protection is the foundation of trustworthy business relationships and reputation of Madson Interim Solutions Ltd as an attractive employer.

The Data Protection Policy provides one of the necessary framework conditions for cross-border data transmission. It ensures the adequate level of data protection prescribed by the European Union Data Protection Directive and the national laws for cross-border data transmission, including in countries that do not yet have adequate protection laws.

II. Scope and amendment of the Data Protection Policy

This Data Protection Policy extends to all processing of personal data. In countries where the data of legal entities is protected to the same extent as personal data, this Data Protection Policy applies equally to data of legal entities. Anonymized data, e.g. for statistical evaluations or studies, is not subject to this Data Protection Policy.

This Data Protection Policy will only be amended by the Chief Officer Corporate Data Protection. The latest version of the Data Protection Policy can be accessed with the data privacy information at Madson Interim Solutions website: www.bestbusinessenabler.com

III. Application of national laws

This Data Protection Policy comprises the internationally accepted data privacy principles without replacing the existing national laws. It supplements the national data privacy laws. The relevant national law will take precedence in the event it conflicts with the Data Protection Policy, or it has stricter requirements than this Policy. The content of this Data Protection Policy must also be observed in the absence of corresponding national legislation. The reporting requirements for data processing under national laws must be observed.

IV. Principles for processing personal data

1. Fairness and lawfulness
When processing personal data, the individual rights of the data subjects must be protected. Personal data must be collected and processed in a legal and fair manner.

2. Restriction to a specific purpose
Personal data can be processed only for the purpose that was defined before the data was collected. Subsequent changes to the purpose are only possible to a limited extent and require substantiation.

3. Transparency
The data subject must be informed of how his/her data is being handled. In general, personal data must be collected directly from the individual concerned. When the data is collected, the data subject must either be aware of, or informed of:

• The identity of the Data Controller
• The purpose of the data processing
• Third parties or categories of third parties to whom the data might be transmitted

4. Data reduction and data economy
Before processing personal data, you must determine whether and to what extent the processing or personal data is necessary in order to achieve the purpose for which it is undertaken. Where the purpose allows and where the expense involved is in proportion with the goal being pursued, anonymized or statistical data must be used. Personal data may not be collected in advance and stored for potential future purposes unless required or permitted by national law.

5. Deletion
Personal data that is no longer needed after the expiration of legal or business process-related periods must be deleted. There may be an indication of interests that merit protection or historical significance of this data in individual cases. If so, the data must remain on file until the interests that merit protection have been clarified legally, or the corporate archive has evaluated the data to determine whether it must be retained for historical purposes.

6. Factual accuracy; up-to-dateness of data
Personal data on file must be correct, complete, and – if necessary – kept up to date. Suitable steps must be taken to ensure that inaccurate or incomplete data are deleted, corrected, supplemented or updated.

7. Confidentiality and data security
Personal data is subject to data secrecy. It must be treated as confidential on a personal level and secured with suitable organizational and technical measures to prevent unauthorized access, illegal processing or distribution, as well as accidental loss, modification or destruction.

V. Reliability of data processing

Collecting, processing and using personal data is permitted only under the following legal bases. One of these legal bases is also required if the purpose of collecting, processing and using the personal data is to be changed from the original purpose.

1 Customer and partner data

1.1 Data processing for contractual relationship
Personal data of the relevant prospects, customers and partners can be processed in order to establish, execute and terminate a contract. This also includes advisory services for the partner under the contract if this is related to the contractual purpose. Prior to a contract – during the contract initiation phase – personal data can be processed to prepare proposals or purchase orders or to fulfill other requests of the prospect that relate to contract conclusion. Prospects can be contacted during the contract preparation process using the information that they have provided. Any restrictions requested by the prospects must be complied with. For advertising measures beyond that, you must observe the following requirements under V.1.2.

1.2 Data processing for advertising purposes
If the data subject contacts Madson Interim Solutions to request information (e.g. request to receive information material about a product or service), data processing to meet this request is permitted.

Customer loyalty or advertising measures are subject to further legal requirements. Personal data can be processed for advertising purposes or market and opinion research, provided that this is consistent with the purpose for which the data was originally collected. The data subject must be informed about the use of his/her data for advertising purposes. If data is collected only for advertising

purposes, the disclosure form the data subject is voluntary. The data subject shall be informed that providing data for this purpose is voluntary. When communicating with the data subject, consent shall
be obtained from him/her to process the data for advertising purposes. When giving consent, the data subject should be given a choice among available forms of contact such as regular mail, email and phone (Consent, see V.1.3).

1.3 Consent to data processing
Data can be processed following consent by the data subject. Before giving consent, the data subject must be informed in accordance with IV.3 of this Data Protection Policy. The declaration of consent must be obtained in writing or electronically for the purposes of documentation. In some circumstances, such as telephone conversations, consent can be given verbally. The granting of consent must be documented.

1.4 Data processing pursuant to legal authorization
The processing of personal data is also permitted if national legislation requests, requires or allows this. The type and extent of data processing must be necessary for the legally authorized data processing activity, and must comply with the relevant statutory provisions.

1.5 Data processing pursuant to legitimate interest
Personal data can be processed if it is necessary for a legitimate interest of Madson Interim Solutions Ltd. Legitimate interests are generally of a legal (e.g. collection of outstanding receivables) or commercial nature (e.g. avoiding breaches of contract). Personal data may not be processed for the purposes of a legitimate interest if, in individual cases, there is evidence that the interest of the data subject merit protection, and that this takes precedence. Before data is processed, it is necessary to determine whether there are interests that merit protection.

1.6 Processing of highly sensitive data
Highly sensitive personal data can be processed only if the law requires this or the data subject has given express consent. This data can also be processed if it is mandatory for asserting, exercising or defending legal claims regarding the data subject. If there are

plans to process highly sensitive data, the Chief Officer Corporate Data Protection must be informed in advance.

1.7 Automated individual decisions
Automated processing of personal data that is used to evaluate certain aspects (e.g. creditworthiness) cannot be the sole basis for decisions that have negative legal consequences or could significantly impair the data subject. The data subject must be informed of the facts and results of automated individual decisions and the possibility to respond. To avoid erroneous decisions, a test and plausibility check must be made by an employee.

1.8 User data and internet
If personal data is collected, processed and used on websites or in apps, the data subjects must be informed of this in a privacy statement and, if applicable, information about cookies. The privacy statement and any cookie information must be integrated so that it is easy to identify, directly accessible and consistently available for the data subjects.

If use profiles (tracking) are created to evaluate the use of websites and apps, the data subjects must always be informed accordingly in the privacy statement. Personal tracking may only be effected if it is permitted under national law or upon consent of the data subject. If tracking uses a pseudonym, the data subject should be given the chance to opt out in the privacy statement.

If websites or apps can access personal data in an area restricted to registered users, the identification and authentication of the data subject must offer sufficient protection during access.

2 Employee data

2.1 Data processing for the employment relationship
In employment relationships, personal data can be processed if needed to initiate, carry out and terminate the employment agreement. When initiating an employment relationship, the applicants’ personal data can be processed. If the candidate is rejected, his/her data must be deleted in observance of the required retention period, unless the applicant has agreed to remain on file for a future selection process. Consent is also needed to use the data for further application processes.

In the existing employment relationship, data processing must always relate to the purpose of the employment agreement if none of the following circumstances for authorized data processing apply.

If it should be necessary during the application procedure to collect information on an applicant from a third party, the requirements of the corresponding national laws have to be observed. In cases of doubt, consent must be obtained from the data subject.

There must be a legal authorization to process personal data that is related to the employment relationship but was not originally part of performance of the employment agreement. This can include legal requirements, collective regulations with employee representatives, consent of the employee, or the legitimate interest of the company.

2.2 Data processing pursuant to legal authorization
The processing of personal employee data is also permitted if national legislation requests, requires or authorizes this. The type and extent of data processing must be necessary for the legally authorized data processing activity, and must comply with the relevant statutory provisions. If there is some legal flexibility, the interests of the employee that merit protection must be taken into consideration.

2.3 Collective agreements on data processing
If a data processing activity exceeds the purposes of fulfilling, it may be permissible if authorized through a collective agreement.

Collective agreements are pay scale agreements or agreements between employers and employee representatives, within the scope allowed under the relevant employment law. The agreement must cover the specific purpose of the intended data processing activity, and must be drawn up within the parameters of national data protection legislation.

2.4 Consent to data processing
Employee data can be processed upon consent of the person concerned. Declarations of consent must be submitted voluntarily. Involuntary consent is void. The declaration of consent must be obtained in writing or electronically for the purposes of documentation. In certain circumstances, consent may be given verbally, in which case it must be properly documented. In the event of informed, voluntary provision of data by the relevant party, consent can be assumed if national laws do not require express consent. Before giving consent, the data subject must be informed in accordance with IV.3. of this Data Protection Policy.

2.5 Data processing pursuant to legitimate interest
Personal data can be processed if it is necessary to enforce a legitimate interest of Madson Interim Solutions Ltd. Legitimate interests are generally of a legal (e.g. filing, enforcing or defending against legal claims) or financial (e.g. valuation of company) nature.

Personal data may not be processed based on legitimate interest if, in individual cases, there is evidence that the interests of the employee merit protection. Before data is processed, it must be determined whether there are interests that merit protection.

Control measures that require processing of employee data can be taken only if there is a legal obligation to do so or there is a legitimate reason. Even if there is a legitimate reason, the proportionality of control must also be examined. The justified interests of the company in performing the control measure (e.g. compliance with legal provisions and internal company rules) must be weighed against

any interests meriting protection that the employee affected by the measure may have in its exclusion, and cannot be performed unless appropriate. The legitimate interests of the company and any interests of the employee meriting protection must be identified and
documented before any measures are taken. Moreover, any additional requirements under national law (e.g. rights of co-determination for the employee representatives and information rights of the data subjects) must be taken into account.

2.6 Processing of highly sensitive data
Highly sensitive data can be processed only under certain conditions. Highly sensitive data is data about racial and ethnic origin, political beliefs, religious or philosophical beliefs and health and sexual life of the data subject. Under national law, further data categories can be considered highly sensitive or the content of the data categories can be filled out differently. Moreover, data that relates to a crime can often be processed only under special requirements under national law.

The processing must be expressly permitted or prescribed under national law. Additionally, processing can be permitted if it is necessary for the responsible authority to fulfill its rights and duties in the area of employment law. The employee can also expressly consent to processing.

If there are plans to process highly sensitive data, the Chief Officer Corporate Data Protection must be informed in advance.

2.7 Automated decisions
If personal data is processed automatically as part of the employment relationship, and specific personal details are evaluated (e.g. as part of personnel selection or the evaluation of skills profiles), this automatic processing cannot be the sole basis for decisions that would have negative consequences or significant problems for the affected employee. To avoid erroneous decisions, the automated process must ensure that a natural person evaluates the consent of the situation, and that this evaluation is the basis for the decision. The data subject must also be informed of the facts and results of automated individual decisions and the possibility to respond.

2.8 Telecommunications and internet
Telephone equipment, e-mail addresses, intranet and internet along with internal social networks are provided by the company primarily for work-related assignments. They are a tool and a company resource. They can be used within the applicable legal regulations and internal company policies. In the event of authorized use for private purposes, the laws on secrecy of telecommunications and the relevant national telecommunications laws must be observed if applicable.

There will be no general monitoring of telephone and e-mail communications or intranet/internet use. To defend against attacks on the IT infrastructure or individual users, protective measures can be implemented for the connections to the Madson Interim Solutions network that block technically harmful content or that analyze the attack patterns. For security reasons, the use of telephone equipment, e-mail addresses, the intranet/internet and internal social networks can be logged for a temporary period. Evaluations of this data from a specific person can be made only in a concrete, justifiable case of suspected violations of laws or policies of Madson Interim Solutions Ltd. The evaluations can be conducted only by investigating officers while ensuring that the principle of proportionality is met. The relevant national laws must be observed in the same manner Company regulations.

VI. Transmission of personal data

Transmission of personal data to recipients outside or inside Madson Interim Solutions Ltd is subject to authorization requirements for processing personal data under section V. The data recipient must be required to use the data only for the defined purposes.

In the event that data is transmitted to a recipient outside of Madson Interim Solutions to a third country this country must agree to maintain a data protection level equivalent to this Data Protection Policy. In the alternative, the laws of the domiciliary country can acknowledge the purpose of data transmission based on the legal obligation of a third country. It must be ensured that the data can be used for the intended purpose.
The data subject is entitled to assert his or her rights against the company exporting the data. In the event of claims of violation, the company exporting the data must document to the data subject that the company importing the data in a third country (in the event that the data is further processed after receipt) did not violate this Data Protection Policy.

In the case of personal data being transmitted from the European Economic Area to a company located in a third country, the data controller transmitting the data shall be held liable for any violations of this Policy committed by the company in a third country with regard to the data subject whose data was collected in the European Economic Area, as if the violation had been committed by the data controller transmitting the data. The legal venue is the responsible court where the company exporting the data is located.

VII. Contract data processing

Data processing on Behalf means that a provider is hired to process personal data, without being assigned responsibility for the related business process. In these cases, an agreement on Data Processing on Behalf must be concluded with external providers and Madson Interim Solutions Ltd. The client retains full responsibility for correct performance of data processing. The provider can process personal data only as per the instructions from the client. When issuing the order, the following requirements must be complied with; the department placing the order must ensure that they are met.

1. The provider must be chosen based on its ability to cover the required technical and organizational protective measures.
2. The order must be placed in writing. The instructions on data processing and the responsibilities of the client and provider must be documented.
3. The contractual standards for data protection provided by the Chief Officer Corporate Data Protection must be considered.
4. Before data processing begins, the client must be confident that the provider will comply with the duties. A provider can document its compliance with data security requirements in particular by presenting suitable certification. Depending on the risk of data processing the reviews must be repeated on a regular basis during the term of the contract.

5. In the event of cross-border data processing, the relevant national requirements for disclosing personal data abroad must be met. In particular, personal data from the European Economic Area can be processed in a third country only if the provider can prove that it has
a. Data protection standards equivalent to this Data Protection Policy. Suitable tools can be:
i. Agreement on EU standard contract clauses for contract data processing in third countries with the provider and any subcontractors.
ii. Participation of the provider in a certification system accredited by the EU for the provision of a sufficient data protection level.
iii. Acknowledgement of binding corporate rules of the provider to create a suitable level of data protection by the responsible supervisory authorities for data protection.

VIII. Rights of the data subject

Every data subject has the following rights. Their assertion is to be handled immediately by the responsible unit and cannot pose any disadvantage to the data subject.

1. The data subject may request information on which personal data relating to him/her has been stored, how the data was collected, and for what purpose. If there are further rights to view the employer’s documents (e.g. personnel file) for the employment relationship under the relevant employment laws, this will remain unaffected.
2. If personal data is transmitted to third parties, information must be given about the identity of the recipient or the categories of recipients.
3. If personal data is incorrect or incomplete, the data subject can demand that it be corrected or supplemented.
4. The data subject can object to the processing of his or her data for purposes of advertising or market/opinion research. The data must be blocked from these types of use.

5. The data subject may request his/her data to be deleted if the processing of such data has no legal basis, or if the legal basis has ceased to apply. The same applies if the purpose behind the data processing has lapsed or ceased to be applicable for other reasons. Existing retention periods and conflicting interests meriting protection must be observed.
6. The data subject generally has a right to object to his/her data being processed, and this must be taken into account if the protection of his/her interests takes precedence over the interest of the data controller owing to a particular personal situation. This does not apply if a legal provision requires the data to be processed.

Additionally, ever data subject can assert the rights under III, IV, V, Vi, IX, X and XIV as a Para. 3 as a third-party beneficiary if a company that has agreed to comply with the Data Protection Policy does not observe the requirements and violates the party’s rights.

IX. Confidentiality of processing

Personal data is subject to data secrecy. Any unauthorized collection, processing, or use of such data by employees is prohibited. Any data processing undertaken by an employee that he/she has not been authorized to carry out as part of his/her legitimate duties is unauthorized. The “need to know” principle applies. Employees may have access to personal information only as is appropriate for the type and scope of the task in question. This requires a careful breakdown and separation, as well as implementation, of roles and responsibilities.

Employees are forbidden to use personal data for private or commercial purposes, to disclose it to unauthorized persons, or to make it available in any other way. Supervisors must inform their employees at the start of the employment relationship about the obligation to protect data secrecy. This obligation shall remain in force even after employment has ended.

X. Processing security

Personal data must be safeguarded from unauthorized access and unlawful processing or disclosure, as well as accidental loss, modification or destruction. This applies regardless of whether data is processed electronically or in paper form. Before the introduction of new methods of data processing, particularly new IT systems, technical and organizational measures to protect personal data must be defined and implemented. These measures must be based on the state of the art, the risks of processing, and the need to protect the data (determined by the process for information classification).

In particular, the responsible department can consult with its Information Security Officer (ISO) and data protection coordinator. The technical and organizational measures for protecting personal data are part of Corporate Information Security management and must be adjusted continuously to the technical developments and company changes.

XI. Data protection control

Compliance with the Data Protection Policy and the applicable data protection laws is checked regularly with data protection audits and other controls. The performance of these controls is the responsibility of the Chief Officer Corporate Data Protection, the data protection coordinators and others within the company with audit rights or external auditors hired. The results of the data protection controls must be reported to the Chief Officer Corporate Data Protection. On request, the results of data protection controls will be made available to the responsible data protection authority. The responsible data protection authority can perform its own controls of compliance with the regulations of this Policy, as permitted under national law.

XII. Data protection incidents

All employees must inform their supervisor, data protection coordinator or the Chief Officer Corporate Data Protection immediately about cases of violations against this Data Protection Policy or other regulations on the protection of personal data (data protection incidents). The manager responsible for the function of the data is required to inform the responsible data protection coordinator or the Chief Officer Corporate Data Protection immediately about data protection incidents.

In cases of:

• Improper transmission of personal data to third parties,
• Improper access by third parties to persona data, or
• Loss of personal data

the required company reports (Information Security Incident Management) must be made immediately so that any reporting duties under national law can be complied with.

XIII. Responsibilities and sanctions

The company is required to ensure that the legal requirements, and those contained in the Data Protection Policy, for data protection are met (e.g. national reporting duties). Management staff are responsible for ensuring that organizational, HR and technical measures are in place so that any data processing is carried out in accordance with data protection. Compliance with these requirements is the responsibility of the relevant employees. If official agencies perform data protection controls, the Chief Officer Corporate Data Protection must be informed immediately.

The data protection coordinators are the contact persons on site for data protection. They can perform checks and must familiarize the employees with the content of data protection policies. The relevant management is required to assist the Chief Officer Corporate Data

Protection and the data protection coordinators with their efforts. Those responsible for business process and projects must inform the data protection coordinators in good time about new processing of personal data. For data processing plans that may pose special risks to the individual rights of the data subjects, the Chief officer Corporate Data Protection must be informed before processing begins. This applies in particular to extremely sensitive personal data. The managers must ensure their employees are sufficiently trained in data protection.

Improper processing of personal data, or other violations of the data protection laws, can be criminally prosecuted in many countries and result in claims for compensation of damage. Violations for which individual employees are responsible can lead to sanctions under employment law.

XIV. Chief Officer of Corporate Data Protection

The Chief officer Corporate Data Protection, works towards the compliance with national and international data protection regulations. He/She is responsible for the Data Protection Policy, and supervises its compliance. The Chief Officer Corporate Data Protection is appointed by Madson Interim Solutions Ltd.

The data protection coordinators shall promptly inform the Chief Officer Corporate Data Protection of any data protection risks.

Any data subject may approach the Chief Officer Corporate Data Protection, or the relevant data protection coordinator, at any time to raise questions, request information or make complaints relating to the data protection or data security issues. If requested, concerns and complaints will be handled confidentially.

If the data coordinator in question cannot resolve a complaint or remedy a breach of the Policy for data protection, the Chief Officer Corporate Data Protection must be consulted immediately. Decisions made by the Chief Officer Corporate Data Protection to remedy data

protection breaches must be upheld by the management of the company in question. Inquiries by supervisory authorities must always be reported to the Chief Officer Corporate Data Protection.

Contact details for the Chief Officer Corporate Data Protection and staff are as follows:

Chief Officer Corporate Data Protection
Madson Interim Solutions Ltd,
217 Finney Lane
Heald Green
Cheshire
SK8 3PX

Email: COCPD@bestbusinessenabler.com

XV. Definitions

• Data is anonymized if personal identity can never be traced by anyone, or if the personal identity could be recreated only with an unreasonable amount of time, expense and labour.
• Consent is the voluntary, legally binding agreement to data processing.
• Data protection incidents are all events where there is justified suspicion that personal data is being illegally captured, collected, modified, copied, transmitted or used. This can pertain to actions by third parties or employees.
• Data subject under this Data Protection Policy is any natural person whose data can be processed. In some countries, legal entities can be data subjects as well.
• The European Economica Area (EEA) is an economic region associated with the EU, and includes Norway, Iceland and Liechtenstein.
• Highly sensitive data is data about racial and ethnic origin, political opinions, religious or philosophical beliefs, union membership or the health and sexual life of the data subject. Under national law, further data categories can be considered highly sensitive or the content of the data categories can be structured differently. Moreover, data that relates to a crime can often be processed only under special requirements under national law.

• Personal data is all information about a certain or definable natural persons. A person is definable for instance if the personal relationship can be determined using a combination of information with even incidental additional knowledge.
• Processing personal data means any process, with or without the use of automated systems, to collect, store, organize, retain, modify, query, use, forward, transmit, disseminate or combine and compare data. This also includes disposing of, deleting and blocking data and data storage media.
• Processing personal data is required if the permitted purpose or justified interest could not be achieved without the personal data, or only with exceptionally high expense.
• A sufficient level of data protection in third countries is acknowledged by the EU Commission if the core of the personal privacy, as unanimously defined in the member countries of the EU is adequately ensured. When making its decision, the EU Commission accounts for all circumstances that play a role in data transmission or a category of data transmission. This includes the opinions under national law and relevant applicable professional standards and security measures.
• Third countries under the Data Protection Policy are all nations outside the European Union/EEA. This does not include countries with a data protection level that is considered sufficient by the EU Commission.
• Third parties are anyone apart from the data subject and the Data Controller. In a case of Data Processing in Behalf data processors in the EU are not third parties under the data protection laws, because they are assigned by law to the responsible entity.
• Transmission is all disclosure of protected data by the responsible entity to third parties.

Privacy Statement

Collection and processing of personal data
When you visit our website, our web servers store as standard details of your browser and operating system, the website from which you visit our website, the pages that you visit on our website, the date of your visit, and, for security reasons, e.g. to identify attacks on our website, the IP address assigned to you by your internet service provider; this IP address is stored for seven days. With the exception of the IP address, personal data is only stored if you choose to submit it to us, e.g. during registration, in a survey, in a competition or in order to enable performance of an agreement. Use and passing on of personal data and limitation of use to specific circumstances

Madson Interim Solutions t/a Best Business Enabler uses your personal data only to the extent necessary for the purpose of technical administration of the website, for customer management, for product surveys, and for marketing.
Personal data is transferred to state organizations and authorities only within the scope of mandatory national provisions of law. We have placed our employees under a duty of confidentiality.

Choice
We would like to use your data to inform you about our products and services and, if applicable, to ask you about them. Of course, participation in such activities is voluntary. If you do not wish to take part, you can notify us at any time so that we can exclude your data accordingly. You can find further information on the relevant page of the website.
Newsletters
Our website can be used to subscribe to newsletters or show interest in products and services. The data provided during the registration will be used only for this purpose, provided you have not consented to other use. You can cancel the subscription at any time by using the unsubscribe option provided in the newsletter or emails relating to our products and services.

Social plugins
Madson Interim Solutions Ltd t/a Best Business Enabler uses social plugins (‘buttons’) of social networks such as Facebook, Google+ and Twitter.
When you visit our websites these buttons are deactivated by default, i.e. without your intervention they will not send any data to the respective social networks. Before you are able to use these buttons, you must activate them by clicking on them. They then remain active until you deactivate them again or delete your cookies (please refer to Cookies).
After their activation, a direct link to the server of the respective social network is established. The contents of the button are then transmitted from the social network directly to your browser and incorporated in the website by it.
After activation of a button, the social network can retrieve data, independently of whether you interact with the button or not. If you are logged on to a social network, the network can assign your visit to the website to your user account. A social network cannot assign a visit to other Daimler websites unless and until you activate the respective button there as well.
If you are a member of a social network and do not wish it to combine data retrieved from your visit to our websites with your membership data, you must log out from the social network concerned before activating the buttons.
We have no influence on the scope of data that is collected by the social networks through their buttons. The data use policies of the social networks provide information on the purpose and extent of the data that they collect, how this data is processed and used, the rights available to you and the settings that you can use to protect your privacy.
Cookies
Information on the cookies that we use and their features can be found in ‘Cookies’.

Cookies
Analysis of usage data
We use Google Analytics to track the preferences of visitors and to identify especially popular sections of our websites. In this way, we can adapt the content of our website more specifically to your needs and thereby improve what we offer you.
If you do not wish Madson Interim Solutions Ltd t/a Best Business Enabler to collect and analyze statistical data related to your visit you may object to the future use of your date at any time (opt-out).
For the technical implementation of your objection it is necessary to install an opt-out cookie on your browser. This cookie will only indicate that you have opted out. Please note that for technical reasons the opt-out cookie will only affect the browser you object from. If you delete the cookies in your browser or use a different end device or browser, you will need to opt out again.
We use Google Analytics products to identify visitor preferences and particularly popular areas of our internet presence. This allows us to adapt the content of our website more specifically to your needs and thereby improve what we offer you.
To enable us to show you content relevant to your needs and interests on our website we may also from time-to-time employ retargeting technology. This uses cookies to store details of your interest in our products and services. These cookies are read when you visit our website. The process is anonymized, i.e. you cannot be identified through retargeting. If you do not wish Madson Interim Solutions Ltd t/a Best Business Enabler to collect, store, and analyze statistical data related to your visit, or you do not want to receive information relevant to your interests on our website you may object to the future use of your data at any time (opt-out). For the technical implementation of your objection it is necessary to install an opt-out cookie on your browser. This cookie will only indicate that you have opted out. Please note that for technical reasons the opt-out cookie will only affect the browser you object from. If you delete the cookies in your browser or use a different end device or browser, you will need to opt out again.

Usage-based information (targeting and retargeting)
We, from time-to-time also employ retargeting technology to allow us to adapt our online marketing (e.g. banner ads) on the websites of our retargeting partners (Google Adwords, Google) more specifically to your needs and interests. This uses cookies to store details of your interest in our products and services. These cookies are read and used when you visit other websites that cooperate with our retargeting partners, to provide you with information that is as relevant as possible to your interests. The process is anonymized, i.e. you cannot be identified through retargeting.
If you do not wish Madson Interim Solutions Ltd t/a Best Business Enabler and its retargeting partners to collect, store, and analyze statistical data related to your visit, or to adapt banner ads to your interests, you may object to the future use of your data at any time (opt-out).
For the technical implementation of your objection it is necessary to install an opt-out cookie on your browser. This cookie will only indicate that you have opted out. Please note that for technical reasons the opt-out cookie will only affect the browser you object from. If you delete the cookies in your browser or use a different end device or browser, you will need to opt out again.

Security
Madson Interim Solutions Ltd t/a Best Business Enabler uses technical and organizational security measures to protect the data supplied by you and managed by us against manipulation, loss, destruction, and access by third parties. Our security measures are continually improved in line with technological developments.

Right to information
On request, Madson Interim Solutions Ltd t/a Best Business Enabler or the representative responsible for you will inform you in writing as soon as possible and in accordance with applicable law whether and what personal data relating to you has been stored by us. If you are registered as a user, we also enable you to view the data yourself and, if applicable, to delete or amend it. If incorrect information is stored despite our efforts to ensure that data is accurate and up to date, we will correct it at your request.
If you have any questions about the processing of your personal data, you can contact our Data Protection Officer, who, along with his team, is available should you have any requests for information, suggestions or complaints.
Data Protection Officer
Alice Jackson
Director
Madson Interim Solutions Ltd t/a Best Business Enabler
217 Finney Lane
Heald Green
Cheshire SK8 3PX

Cookies

Madson Interim Solutions Ltd t/a Best Business Enabler uses cookies and similar technologies, such as HTML5 web storage and local shared objects (all referred to as ‘cookies’ below), to record the preferences of users and optimize the design of its websites. They make navigation easier and increase the user-friendliness of a website.
Cookies are small files that are stored on your end device. They can be used to determine whether there has been any contact between us and your end device in the past. Only the cookie on your end device is identified. Personal data can only be saved in cookies if you have given your consent or if it is essential for technical reasons, e.g. to enable a secure login.
By using our website, you consent to the use and storage of cookies on your end device. However, you can also view our website without cookies. Most browsers accept cookies automatically. You can prevent cookies from being saved on your end device by setting your browser to not accept cookies. You can delete cookies stored on your end device at any time. The exact instructions for how to do this can be found in the manual for your browser or end device. Further information about deactivating local shared objects can be found here:
If you choose not to accept cookies it may result in a reduced availability of the services provided on our website.

We categorize cookies as follows:
Essential cookies (type 1)
These cookies are essential for websites and their features to work properly.
Functional cookies (type 2)
These cookies enable us to improve the usability and performance of websites and to provide various features. Functional cookies can store language settings, for example.
Performance cookies (type 3)
These cookies collect information about how you use websites. Performance cookies help us, for example, to identify especially popular areas of our website. In this way, we can adapt the content of our websites more specifically to your needs and thereby improve what we offer you. These cookies do not collect personal data. Further details on how the information is collected and analyzed can be found in the section ‘Analysis of usage data’.
Third-party cookies (type 4)
These cookies are installed by third parties, e.g. social networks. Their main purpose is to integrate social media content on our site, such as social plugins. Information about how we use social plugins can be found in the ‘Social Plugins’ section of the privacy statement.

Analysis of usage data
We use cookies to track the preferences of visitors and to identify especially popular sections of our website. In this way, we can adapt the content of our website more specifically to your needs and thereby improve what we offer you.
For the purpose of statistical analysis Madson Interim Solutions Ltd t/a Best Business Enabler uses Google products.
If you do not wish Madson Interim Solutions Ltd t/a Best Business Enabler to collect and analyze statistical data related to your visit you may object to the future use of your data at any time (opt-out).
For the technical implementation of your objection it is necessary to install an opt-out cookie on your browser. This cookie will only indicate that you have opted out. Please note that for technical reasons the opt-out cookie will only affect the browser you object from. If you delete the cookies in your browser or use a different end device or browser, you will need to opt out again.

Employee Privacy

In order to comply with its contractual, statutory, and management obligations and responsibilities, Madson Interim Solutions Ltd (the “Company”) is required to process personal data relating to its employees, including ‘sensitive’ personal data, as defined in the Data Protection Act 1998 (the “Act”) which includes information relating to health, racial or ethnic origin, and criminal convictions. All such data will be processed in accordance with the provisions of the Act and the Company Policy on Data Protection as amended from time to time. For the purposes of the Act, the term ‘processing’ includes the initial collection of personal data, the holding and use of such data, as well as access and disclosure, through to final destruction. In certain circumstances, the provisions of the Act permit the Company to process an employee’s personal data, and, in certain circumstances, sensitive personal data, without their explicit consent.  Further information on what data is collected and the purposes for which it is processed is given below.

Contractual responsibilities
The Company’s contractual responsibilities include those arising from the contract of employment. The data processed to meet contractual responsibilities includes, but is not limited to, data relating to: payroll; bank account; postal address; sick pay; leave; maternity pay; and pension and emergency contacts.

Statutory responsibilities
The Company’s statutory responsibilities are those imposed on the Company by legislation. The data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax; national insurance; statutory sick pay; statutory maternity pay; family leave; work permits; and equal opportunities monitoring.

Management responsibilities
The Company’s management responsibilities are those necessary for the organisational functioning of the Company. The data processed to meet management responsibilities includes, but is not limited to, data relating

to: recruitment and employment; training and development; teaching; research; absence; disciplinary matters; health and safety; security, including Company-operated CCTV; e-mail address and telephone number; swipe cards; and criminal convictions.

Sensitive personal data
The Act defines ‘sensitive personal data’ as information about racial or ethnic origin; political opinions; religious beliefs or other similar beliefs; trade union membership; physical or mental health; sexual life; and criminal allegations, proceedings or convictions.  In certain limited circumstances, the Act permits the Company to collect and process sensitive personal data without requiring the explicit consent of the employee.
(a)     The Company will process data about an employee’s health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to an Occupational Health Service, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee’s knowledge and consent.
(b)   Save in exceptional circumstances, the Company will process data about an employee’s racial and ethnic origin, their sexual orientation or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and upholding the Company’s equal opportunities policies and related provisions.
(c)   Data about an employee’s criminal convictions will be held as necessary.

Disclosure of personal data to other bodies
In order to perform its contractual and management responsibilities, the Company may, from time to time, need to share an employee’s personal data with one or more agencies. In such cases, the agency or agencies will be required to process the data in accordance with the provisions of the Act.
For the performance of the employment contract, the Company is required to transfer an employee’s personal data to third parties, for example, to pension providers and HM Revenue & Customs.

In order to fulfil its statutory responsibilities, the Company is required to provide some of an employee’s personal data to government departments or agencies e.g. provision of salary and tax data to HM Revenue & Customs.
The Company may display an employee’s company webmail address and company telephone number Online, which is accessible to internet users, including those in countries outside the European Economic Area (EEA). Employees should be aware that many countries outside the EEA do not have data protection legislation, or have different data protection or privacy regimes, and so may not always protect their personal data to the same standard as within the EEA. Requests to have an email address and/or telephone number omitted from Online use should be addressed to their Office Manager and will need to be approved by the Director of Business Services.

Keeping personal data up-to-date
The Act requires the Company to take reasonable steps to ensure that any personal data it processes is accurate and up-to-date. It is the responsibility of the individual employee to inform the Company of any changes to the personal data that they have supplied to it during the course of their employment.

Requesting information
Under the Act, it is possible for individuals to request access to any of their personal data held by the University, subject to certain restrictions.  A request for disclosure of such information is called a subject access request. Any such requests should be addressed to the Company’s Director of Business Services, Alice Jackson.