This Privacy Policy describes how we, ML4Good Ltd (the company limited by guarantee incorporated in the UK), process personal data in our business as per the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), the Data Protection Act 2018, and other relevant data protection and privacy laws applicable to our business.
Last updated: January 23, 2025
We have no reason to sell, rent, or give away any of your data. We hope to provide you with clear and transparent information on how we process your personal data (as a controller) and your data protection rights. If you feel that any information is unclear or missing, please do not hesitate to contact us at info@ml4good.org.
Access and rectification: you may request a copy of the information we process about you and ask us to rectify any incorrect data.
Erasure or restriction: in some circumstances, you may ask us to delete or restrict our processing of your data, but we cannot delete any data we are legally required to process.
Object to processing: in some circumstances, you may ask us to stop processing your data.
Data portability: in some circumstances, you may ask us to transfer your data to you or another organisation.
Also, if you are unhappy about how we process your data, you have a right to complain to the Information Commissioner's Office (ICO) in the UK, or to your local supervisory authority in the EU. We hope, however, that you will contact us first so that we can try to resolve the matter for you in a satisfactory way.
Please get in touch with us if you have any questions about how we handle your data or want to exercise one of your rights. You are entitled to a reply within 30 days.
We typically process personal data on website visitors.
We may process personal data when you:
It is voluntary to provide us with personal data, but we cannot provide you with our services if you choose not to.
We do not rent, buy or sell personal data from or to others, use automated decisions or profiling in the processing of your personal data, or process any special category data as per Article 9 of the UK GDPR and EU GDPR.
We only process your personal data when we have a purpose and a lawful basis for doing so. Under Article 6(1) of the UK GDPR and EU GDPR, the lawful bases we rely on are:
As a rule, we do not process personal data for longer than necessary to fulfil the purpose for processing. To comply with this, we have regular internal data protection audits where we formally assess our data protection and privacy work with the intention to amend, update and, if necessary, delete personal data.
We will only retain data for as long as we are required to as per applicable legal obligations.
This section describes when and how we process your data, for what purposes and our legal grounds to do so (lawful bases). We also specify the retention periods for the processing.
When you use our website, we briefly process your IP address and data from your user agent, which are considered personal data under the UK GDPR and EU GDPR.
The lawful basis is (f), where our legitimate interests are to protect our business against cyberattacks and optimise and run our business effectively.
PS: We don't use cookies or similar technology on our website, and we don't collect any personal data that would trigger the consent requirement under the Privacy and Electronic Communications Regulations (PECR) in the UK or the ePrivacy Directive (Directive 2009/136/EC) in the EU.
Regardless of your relationship with us, as a potential or existing customer, vendor or other, we process your personal data whenever you communicate with us. This could be when you contact us through email, phone (call, text message) or social media. Depending on where and how you contact us, this may include your name, contact details, IP address and other information you choose to send to us. We use a customer support system to manage personal data on potential and existing customers.
The purpose is to be able to respond to your inquiries and, on some occasions, to keep records in case of complaints or legal claims. The lawful basis is (f), where our legitimate interest is to respond to your inquiries and, on some occasions, keep records in case of complaints or legal claims.
We typically keep this type of personal data for up to two years or six years if we have a legal obligation in accordance with accounting and bookkeeping rules.
To run our business efficiently and securely, we sometimes will have to share your personal data with other (trusted) parties such as:
We require that all such recipients secure data in accordance with good information security and as per the requirements of this Privacy notice. We review and quality assure all vendors and data processors and enter into a data processing agreement/addendum whenever necessary.
We use data processors for:
In some cases, your personal data will be transferred to a country outside the UK or the EU/EEA. For example, where we use data processors to manage email services. We only use data processors we trust that are well known, reputable, and have a data processing agreement/addendum.
We have ensured that every data processor in a third country has necessary safeguards in place, including:
You have a right to access your personal data and request a correction if you believe it is inaccurate. If you have submitted Personal Information and would like to have access to it, or if you would like to have it corrected, please get in touch with us using the contact information provided below.