Global Privacy Notice

Last updated: Friday 13th September 2024

Mason and St John Ltd values your privacy and is committed to protecting it. This Privacy Notice explains how we collect, use, share, and store personal information about you. It also outlines your rights regarding your personal data and how to exercise them.

This Privacy Notice applies to personal data we collect through www.masonandstjohn.com or other websites that Mason and St John Ltd operates that link to this policy ("collectively Websites”), as well as through our products and related service offerings. If you have any questions or concerns about how we handle your personal data, please contact us using the contact information provided at the end of this document.

The personal information we may collect falls into the following categories:

Information You Provide Voluntarily: Certain areas of our websites may require you to provide personal information willingly, such as when you register for an account, request technical support, subscribe to marketing communications, sign up for events, access content, or submit inquiries. We will clearly inform you of the data we collect and the reasons for collecting it at the point of collection.

Information Collected Automatically: When you visit our websites, we may automatically collect certain information from your device. In some jurisdictions, including those in the European Economic Area, this information may be considered personal data under applicable data protection laws. This information may include your IP address, device type, unique device identifiers, browser type, broad geographic location (country or city level), and other technical data. We may also collect information about how your device interacts with our websites, such as the pages you access and links you click.

Collecting this information allows us to better understand who visits our websites, where they come from, and which content they find most relevant. We use this information for internal analytics and to improve the quality and relevance of our websites for our visitors. Some of this information may be collected using cookies and similar tracking technologies.

Information Obtained from Third Parties: Occasionally, we may receive personal information about you from third-party sources, such as lead generation providers, partners, content syndication providers, third-party enrichment tools, or meeting maker vendors. We only collect information from third parties that have your consent or are otherwise legally permitted to share it with us. The types of information we collect from third parties include name, contact information, job title, company data, and internet activity. We use this information to market our services to you.

Sensitive Personal Data: We may collect sensitive personal data, or special category personal data, from our customers in the course of providing our services. We do not use sensitive personal data for any other commercial purpose, we do not sell sensitive personal data, and we do not share sensitive personal data for online advertising.

We are committed to protecting your personal data. We implement appropriate technical and organisational security measures to protect your personal data from unauthorised access, use, disclosure, alteration, destruction, or accidental loss.

Who does Mason and St John Ltd Share Your Personal Data With?

We may share your personal data with the following categories of recipients:

Broad Categories Collected

Types of third parties we share with

Identifiers

Group companies, service providers, and partners

Select Information in Customer Records

Group companies, service providers, and partners

Commercial Purchasing Information

Group companies, service providers, and partners

Internet or Network Activity

Group companies, service providers, and partners

Mason and St John Ltd's Knowledge of Personal Data Sales:

Mason and St John Ltd has no actual knowledge that it sells or shares the personal information of individuals under 16 years of age.

Legal Basis for Processing Personal Data

The foundation upon which we collect and utilise the personal information described above is contingent on the specific data type and the context in which it is obtained. Typically, we will gather your personal information only if:

  1. We need the data to fulfil our obligations under a contract we have with you.
  2. Our legitimate interests dictate it: Processing personal data is essential to operate our platform and communicate with you as needed. For instance, when responding to your inquiries, analysing platform usage, improving our services, marketing to existing customers within legal limits, and identifying or preventing illegal activities.
  3. You consent: You have granted us explicit authorisation to process your personal data.

In certain situations, we may also be legally obligated to collect your personal information or require it to safeguard your or someone else's vital interests. If we request your personal information to comply with a legal obligation or fulfil a contract, we will clearly inform you at the appropriate time and advise you whether providing your personal information is necessary or not (along with the possible consequences of not providing such data).

If we collect and utilise your personal information based on our legitimate interests (or those of any third party), it will typically be to operate our platform and communicate with you as required. For example, responding to your inquiries, analysing platform usage and improving our services, undertaking marketing activities for existing customers within legal limits, and detecting or preventing illegal activities. We may have other legitimate interests, and we will inform you at the relevant time what those interests are. We rely on these legal bases to process data for the following purposes: to assist in providing services (e.g., customer support and usage data) and to market our services to you within legal limits.

If you have any questions or require further information regarding the legal basis upon which we collect and utilise your personal information, please contact us using the contact information provided under the "How to contact us" heading at the bottom of this notice.

Mason and St John Ltd's Use of Cookies and Similar Tracking Technology

Cookies are small data files that are placed on your computer or mobile device when you visit a website. Website owners can utilise cookies for various purposes, including enabling their websites to operate effectively, providing personalised content and advertising, and generating website analytics.

Our website utilises first-party and third-party cookies for various purposes. Essential cookies are crucial for operating our site, while additional cookies enhance user experience by providing personalised content and advertising.

First-party cookies gather standard information like browser type, language, access times, and the previous website visited. They also collect IP address, clickstream behaviour, and product information.

Third-party advertising networks, contracted by Mason and St John Ltd, collect non-personal and personal data through our website, emails, and third-party websites. These networks track online activities to deliver tailored ads about products and services across the web. This process also aids in monitoring marketing effectiveness.

The website may incorporate third-party social media features and widgets. These components may collect IP address, visited page, and set cookies for proper functioning. Interaction with these elements is governed by the respective provider's privacy policy.

Learn More About Cookies

If you want to learn more about cookies, or how to control, disable, or delete them, please visit http://www.allaboutcookies.org for detailed guidance. 

Detailed information about first- and third-party cookies served and their purposes may be found on our cookie settings page.

Cookie Control

Users have the choice to accept or reject cookies. Cookie preferences can be managed in the cookie settings page. Our cookie consent tool automatically honours Google Consent.

Web browser controls can be configured to accept or reject cookies. While rejecting cookies may restrict site functionality, it's still possible to access the website. Refer to browser help menus for specific instructions. Targeted advertising opt-out options are available through most advertising networks. Visit http://www.aboutads.info/choices/, http://www.youronlinechoices.com, or http://www.youronlinechoices.eu 

Data Security

Mason and St John Ltd employs appropriate technical and organisational measures to safeguard personal data collected and processed. These measures aim to provide a security level commensurate with the risk associated with handling personal data. 

Mason and St John Ltd resides on leading cloud service providers (linked on our security page) utilising industry-standard security protocols to protect personal data. Personal data is stored on private servers within a secure security group. End-user to server connections are encrypted using SSL, and server software is updated regularly with the latest security patches.

Data Transfers

Your personal data may be transferred to, and processed in, countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. However, we have taken appropriate safeguards to ensure that your personal data will remain protected in accordance with this Privacy Notice.

Mason and St John Ltd is committed to safeguarding the privacy of personal data transferred from the European Union, United Kingdom, and Switzerland. To ensure compliance with the EU-U.S. Data Privacy Framework ("EU-U.S. DPF"), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework ("Swiss-U.S. DPF"), Mason and St John Ltd has certified that our data processors are compliant with the DPF. These DPA agreements may be referenced here -

https://webflow.com/legal/dpa

Mason and St John Ltd - INSERT ANY OTHER DPA LINKS HERE

Mason and St John Ltd is accountable for the personal data it receives under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, even if it is subsequently transferred to a third party. This means that Mason and St John Ltd remains responsible and liable if these third-party agents process the personal data in a manner inconsistent with the principles of the DPFs, unless Mason and St John Ltd can demonstrate that it is not at fault for the resulting harm. 

Data Retention

We retain your personal data as long as we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with legal requirements). When we no longer have a legitimate business need to process your personal data, we will either delete or anonymize it, or if this is not possible, securely store it and isolate it from any further processing.

Your Data Protection Rights

You have the following data protection rights:

You can exercise these rights by contacting us using the contact details provided under the "How to contact us" heading at the bottom of this notice.

Sensitive Personal Data

We do not use or disclose your sensitive personal data, except for the purposes of providing services to our customers.

Non-discrimination

We will not discriminate against you for exercising your data protection rights.

Authorised Agent

You can authorise another person to make a data privacy request on your behalf. To do this, you will need to provide us with a written authorization that includes the specific data protection request you want the authorised agent to make.

Data Protection Authority

You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority.

Appealing Our Decision

If you are not satisfied with our response to your data privacy request, you have the right to appeal our decision. To do this, please contact us using the contact details provided under the "How to contact us" heading at the bottom of this notice. If you are not satisfied with the result of the appeal, you have the right to contact your respective attorney general depending on where you reside.

Verifying Data Protection Requests

We verify data protection requests to ensure that they are legitimate and to prevent unauthorised access to your personal data. Our verification process is based on matching personal data provided by the requestor with personal data that we have on file with the requestor. The personal data points matched vary based on what Mason and St John Ltd has on the requestor, but Mason and St John Ltd uses multiple personal data points for verification. During the verification process, Mason and St John Ltd aims to avoid collecting additional personal data from the requestor that has not been previously collected by Mason and St John Ltd.

Updates to this Privacy Notice

We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws. 

You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice. 

How to contact us

If you have any questions or concerns about our use of your personal data, please contact us at info@masonandstjohn.com (we operate online), or at the following address: 

Mason and St John Ltd Ltd

4 Cornhouse Buildings

Claydons Lane

Rayleigh

SS6 7UP

Glossary of Terminology and Frameworks

1.1 "controller", "processor", "data subject", "personal data" and "processing" (and "process") will have the meanings given in EU/UK Data Protection Law;

1.2 "Applicable Data Protection Law" means all worldwide data protection and privacy laws and regulations applicable to the Personal Data in question, including, where applicable, EU/UK Data Protection Law, US Data Protection Law, Serbian Data Protection Law, Canadian Data Protection Law, and the Swiss DPA;

1.3 “Breach” means an accidental or unlawful destruction, loss, alteration, or unauthorised disclosure or access that is in violation of Mason and St John Ltd’s security obligations under this Agreement by Mason and St John Ltd or its agents of which Mason and St John Ltd becomes aware.  Breach will not include an unsuccessful Breach, which is one that results in no unauthorised access to Personal Data or to any Mason and St John Ltd equipment or facilities storing the Personal Data, and could include (without limitation) pings and other broadcast attacks of firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, packet sniffing (or other unauthorised access to traffic data that does not result in access beyond headers) or similar incidents;

1.4 "Canadian Data Protection Law" means: (i) the Personal Information Protection and Electronic Documents Act S.C. 2000, c. 5; (ii) applicable provincial law; (iii) any and all applicable data protection laws made under, pursuant to or that apply in conjunction with any of (i) or (ii); in each case as may be amended or superseded from time to time; 

1.5 “Data Privacy Framework” means the EU-US Data Privacy Framework, the UK extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework self-certification program operated by the US Department of Commerce;

1.6 “Data Privacy Principles” means the Data Privacy Framework principles (as supplemented by the Supplemental Principles);

1.7 "EU/UK Data Protection Law" means: (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (the "EU GDPR"); (ii) the EU GDPR as saved into United Kingdom law by virtue of section 3 of the United Kingdom's European Union (Withdrawal) Act 2018 (the "UK GDPR"); (iii) the EU e-Privacy Directive (Directive 2002/58/EC); and (iv) any and all applicable national data protection laws made under, pursuant to or that apply in conjunction with any of (i), (ii) or (iii); in each case as may be amended or superseded from time to time; 

1.8 "US Data Protection Law '' means: (i) the California Consumer Privacy Act of 2018, including as amended by the California Privacy Rights Act of 2020, codified at Cal. Civ. Code §1798.100 et seq., upon the CPRA’s enforcement date of July 1, 2023 (together with its implementing regulations) (“CPRA”); (ii) the Virginia Consumer Data Protection Act; (iii) the Colorado Privacy Act; (iv) the Connecticut Personal Data Privacy and Online Monitoring Act; (v) the Utah Consumer Privacy Act; (vi) the Iowa Consumer Data Protection Act; (vii) the Indiana Consumer Data Protection Act;  (viii) the Tennessee Information Protection Act; (ix) the Montana Consumer Data Privacy Act; (x) the Texas Data Privacy and Security Act; (xi) the Oregon Consumer Privacy Act; (xii) the Delaware Personal Data Privacy Act; and (xiii) any and all applicable comprehensive state data protection laws and regulations that are or are not yet in effect as of the Effective Date; in each case as may be amended or superseded from time to time; 

1.9 "Serbian Data Protection Law" means: Law on Personal Data Protection (Zakon o zaštiti podataka o ličnosti; Official Gazette of the Republic of Serbia, no 87/2018).  In the case of a transfer of Personal Data to a Non-Adequate Country, by entering into this DPA, the Customer is entering into the Serbian Standard Contractual Clauses (“Serbian SCCs”) as adopted by the "Serbian Commissioner for Information of Public Importance and Personal Data Protection", to provide an adequate level of protection. References to the Standard Contractual Clauses in this DPA will include the Serbian SCCs.  

1.10 “Supplemental Principles” will have the meaning given in the Data Privacy Framework;

1.11 "Standard Contractual Clauses" means: (i) where the EU GDPR or Swiss DPA applies, the contractual clauses annexed to the European Commission's Implementing Decision 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council ("EU SCCs"); and (ii) where the UK GDPR applies, standard data protection clauses adopted pursuant to or permitted under Article 46 of the UK GDPR ("UK SCCs"); and (iii) where Serbian Data Protection Law applies, the Serbian SCCs; and

1.12 "Swiss DPA" means the revised Swiss Federal Act on Data Protection enacted on September 25, 2020, and effective on September 1, 2023, as may be amended or superseded from time to time.