Privacy policy for users of Meridian’s website and persons interacting with Meridian on social media or by email.
This Privacy Notice gives information on Meridian’s collection, processing, storage and sharing of personal data belonging to visitors and users of Meridan’s website and persons interacting with Meridian on social media or by email.
1. Categories of personal data
The personal data that may be collected:
- Basic personal information, such as name, email address, phone numbers, title or position;
- Company information, details of the company you work for;
- Your IP address;
- Information obtained through our use of cookies (for Meridian’s use of cookies and how you can manage cookies, please read more here “link to cookie policy”);
- Other information that we obtain directly from you.
The information above may be collected when you make enquiries to MERIDIAN through email or social media, when filling in forms, signing up for newsletters and other use of Meridian’s website.
2. Purposes and lawful basis of processing
Meridian collects and processes personal data for legitimate business purposes, including marketing and its services and products, engaging in business development and responding to and communicating with you regarding any inquiries you make, or as otherwise permitted or required by law.
When you subscribe to a feed, sign up for a newsletter or otherwise opt-in to Meridian’s processing of your personal data, e.g. by providing us with your personal data, the lawful basis for Meridian’s processing may also be consent.
3. Social media
Any information you post or otherwise share on Meridian’s social media channels (for example, Facebook, LinkedIn or other social media applications) is public. Meridian cannot control the use of information disclosed on such platforms. Exercise caution when disclosing information in public areas, and be careful what personal data you disclose and how you disclose them. Content posted in Meridian’s social media channels, including advice and opinions, represents the views of the individuals who post that content and Meridian does not necessarily endorse, support, verify, or agree with such content.
4. Routines for storage and erasure
Meridian will process and retain personal data only for as long as is necessary for the purposes that applied when collecting the data and to comply with legal or contractual obligations, or to resolve disputes. Personal data may thus, for example, be collected and retained when you sign up for a newsletter until you decide to unsubscribe from the newsletter. Find out more about the storage of cookies here.
5. With whom we may share personal data
Personal data may be shared between the companies of the Meridian Group for the purposes described in this Privacy Notice. Personal data processed electronically by Meridian will mainly be stored on servers located in the UK/EEA. Because Meridian operates globally and has customers and projects worldwide, personal data may be transferred and processed by Meridian subsidiaries and trusted suppliers and business partners outside of the UK/EEA.
Personal data may be shared with third party service providers, who may process data on Meridian’s behalf, such as website and IT service providers.
Personal data may be shared with other third parties if we are required to do so to comply with a legal obligation or an order from a court or other competent authority or tribunal, or to comply with applicable stock exchange regulations.
Any international transfer of personal data that takes place will be subject to appropriate security measures and all reasonable steps to ensure that your personal data are protected and maintained in accordance with this Privacy Notice and applicable data privacy laws will be taken, including using ‘standard contractual clauses’ approved by the European Commission.
6. Your rights as a data subject
In accordance with applicable data protection legislation, subject to some conditions and exceptions, you have the following rights:
- The right to information about and access to your personal data, including the right to data portability;
- The right to have personal data corrected or updated;
- The right to erasure (‘The right to be forgotten’);
- The right to restrict processing;
- The right to object to certain processing.
7. Processing NHS Data on Behalf of Clients
Meridian Productivity provides analytics and transformation services to NHS organisations. In these projects, we may process confidential, pseudonymised, or aggregated data provided by the client for the purpose of supporting service improvement, operational efficiency, and transformation.
Meridian acts as a data processor in these contexts and only processes such data under a formal Data Processing Agreement (DPA) or Data Sharing Agreement (DSA), as agreed with each client. Every project involving NHS or special category data is subject to a Data Protection Impact Assessment (DPIA), conducted either independently or jointly with the client, depending on the scope.
We apply appropriate technical and organisational controls to protect this data, including encryption, secure file transfer, access restrictions, role-based permissions, audit trails, and mandatory staff training. No data is retained beyond the scope and duration of the agreed contract.
All such processing is governed by Meridian’s annual compliance with the NHS Data Security and Protection Toolkit (DSPT) and our certification under Cyber Essentials Plus
You have a right to lodge any complaints regarding Meridian’s compliance with data protection laws with the appropriate supervisory authority.
To exercise all relevant rights, queries or complaints in relation to this policy or any other data protection matter between you and us, please in the first instance contact our Data Representative on email info@meridianpl.co.uk
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England, UK.
