top of page

Data protection policy

It is a legal requirement for MSS Global Ltd to comply with the General Data Protection Regulations EU 2016/679, introduced in May 2018. It is also MSS Global Ltd policy which is contractually underpinned to ensure that every employee, subcontractor and service supplier maintains the confidentiality of any personal or commercial data held by, or gained through employment with MSS Global Ltd, in whatever form. 

Data Protection Principles 

MSS Global Ltd, as a conformance auditing Certification Body needs to legitimately gain, review and manage certain information about it’s employees, clients and suppliers for core operational, commercial and financial reasons.  Regularly reviewed, effective data management forms an element of our performance management review input, and helps us ensure legal and health and safety compliance.  


To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. This means that we must comply with the Principles set out in the GDPR. 


These principles require that personal data must be: 


  • Obtained fairly and lawfully and shall not be processed unless certain conditions are met (ie the person or client understands what we are collecting, why, and consents that we collect it as part of our service delivery process); 

  • Obtained for specified and lawful purposes and not further processed in a manner incompatible with that purpose; 

  • Adequate, relevant and not excessive; 

  • Accurate and up to date; 

  • Kept for no longer than necessary; 

  • Processed in accordance with data subjects’ rights – including the right to request access to the data held on them; 

  • Protected by appropriate security; 

  • Not transferred to a country outside the European Union without adequate protection. 


In processing or using any personal information you, as an employee, subcontractor, supplier or representatives of MSS Global must ensure that you follow these principles at all times. 

Data Protection Coordinator 

MSS Global does not have a data protection officer, however to ensure the implementation of this policy MSS Global Ltd has designated the Office Manager as the company’s data protection coordinator. All enquiries relating to the holding of personal data should be referred to the Office Manager in the first instance. 

Notification Of Data Held 

You are entitled to know: 


  • What personal information the company holds about you and the purpose for which it is used; 

  • How to gain access to it; 

  • How it is kept up to date; 

  • What the company is doing to comply with its obligations under the GDPR. 


This information is available from the Office Manager. 

Individual Responsibility 

As a full employee, subcontractor, supplier or representative you are responsible for: 


  • Checking that any information that you provide in connection with your employment is accurate and up to date; 

  • Notifying the company of any changes to information you have provided, for example changes of address; 

  • Ensuring that you are familiar with and follow the MSS Global Ltd data protection policy. 

  • Ensuring that you comply with the MSS Global confidentiality requirements set forth in any appropriate contract of engagement. 


Any breach of the data protection policy, either deliberate or through negligence, may lead to disciplinary action being taken and could in some cases result in a criminal prosecution. 


Data Security 

You are responsible for ensuring that: 


  • Any personal data that you hold, whether in electronic or paper format, is kept securely; 

  • Personal and client information is not disclosed either verbally or in writing, accidentally or otherwise, to any unauthorised third party; 

  • Items that are marked ‘personal’ or ‘private and confidential’, or appear to be of a personal nature, are opened by the addressee only. 

  • Client information and data is to be removed from personal electronic devices upon completion of each task. 


You should not use your office address for matters that are not work related. 


If you are unsure, you are to seek guidance from the Office Manager. 

Directors reviewed:  30 April 2024

bottom of page