Skip to content

Privacy Policy

We take your privacy very seriously. Please read this privacy policy carefully because this policy gives you important information about us and how we collect and use your personal data through your use of www.friendmts.com (Site) or when you interact with us in any other way (unless you are one of our employees or applying for a job with us, in which case our employee or job applicant data protection notice applies instead). It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.

Children

This Site is not intended for children and we do not knowingly collect data relating to children through it.

Third Party Sites

This Site may contain links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control those third party websites and are not responsible for their privacy statements. When you leave this Site, we encourage you to read the privacy policy of every website you visit. 

WHO WE ARE

When we refer to “Friend MTS”, "FMTS," “we”, “us” or “our”, we mean the Friend MTS entity that controls and is responsible for your information, which includes Friend MTS Limited. Friend MTS Limited, incorporated in England and Wales with registered number 03513618, registered office 177 Shaftesbury Avenue, London, England, WC2H 8JR is the controller and responsible for this website. 

HOW TO CONTACT US

If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact: 

Friend MTS Limited
177 Shaftesbury Avenue London WC2H 8JR
enquiries@friendmts.com
(+44) (0)203 588 2111

PERSONAL DATA THAT WE COLLECT ABOUT YOU

Personal data means any information about an individual from which that person could be identified. We may collect, use, store and transfer the following personal data about you, which we have grouped together as follows:

  • Identity Data includes: your first and last name, date of birth, any previous names, user name or similar identifier, marital status, title, gender, professional network profile details e.g LinkedIn profile URL, and information from accounts you link to with us e.g Facebook.
  • Contact Data includes: billing address, delivery address, email address, telephone numbers, and details of your employer. 
    Financial Data includes: bank account and payment account details.
  • Transaction Data includes: details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes: internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access this Site.
  • Profile Data includes: your username and password, purchases or orders made by you, your interests and preferences, and feedback and responses to surveys, competitions and promotions.
  • Usage Data includes: information about how you interact with and use our Site, products and services.
  • Marketing and Communications Data includes: your contact history, your preferences in receiving marketing from us and our third parties and your communication preferences.  

We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals’ Usage Data to calculate the percentage of users accessing a Site feature in order to analyse trends to help improve our Site and our service offerings. 

HOW WE COLLECT PERSONAL DATA

We use different methods to collect this personal data from and about you, including through:

  • Your interactions with us. You may give us personal data by completing online forms or by corresponding with us by email or otherwise. This includes when you: (a) contact us or give us feedback; (b) subscribe to a service or publication we provide; (c) request marketing to be sent you to; (d) create an account. 
  • Automated technologies or interactions. As you interact with the Site, we will automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our Cookie Policy for further details. 
WHY AND FOR WHAT PURPOSE WE COLLECT PERSONAL DATA
  • We only process your personal data to the extent we have a legal basis for doing so. Our legal basis for processing your personal data will be one or more of the following:
  • to comply with our legal and regulatory obligations; (Legal Obligation);
  • to perform a contract with you or take steps at your request before entering into a contract (Contract);
  • on a case-by-case basis, where you have given specific, informed and voluntary consent (Consent); or
  • where it is necessary to conduct our business and pursue our legitimate interests, unless those interests are overridden by your interests, rights or freedoms which require your personal data to be protected and we are not otherwise permitted to conduct such processing by law or with your consent (Legitimate Interest). We might carry out an assessment when relying on legitimate interests, to balance our interests against your own.

The table below sets out the purposes for which we use the various categories of your personal data and the legal basis that we rely on. Where Legitimate Interest applies, the table also describes the nature of the likely interest.

In the unlikely event that we process your special category personal data (personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data, or concerning health, sex life or sexual orientation) our legal basis will be one of the following: (a) we have your explicit consent; (b) this is necessary to protect your (or someone else’s) vital interests where you are incapable of giving consent; or (c) this is necessary to establish, exercise or defend legal claims.

Purpose / Use
Type of Data
Legal Basis
To register you as a new customer
  1. Identity
  2. Contact
Contract
Providing products and/or services to or purchasing them from your business or that of your employer, including: (a) managing payments, fees and charges; and (b) collecting and recovering money owed to us. 
  1. Identity
  2. Contact
  3. Financial
  4. Transaction
  5. Marketing and Communications
  1. Contract
  2. Legitimate Interest – to recover debts due to us
To manage our relationship with you, which will include: (a) notifying you about changes to our terms or policies; and (b) dealing with your requests, complaints and queries 
  1. Identity
  2. Contact
  3. Profile
  4. Marketing and Communications
  1. Contract
  2. Legal Obligation
  3. Legitimate Interest – to keep our records updated and manage our relationship with you
To enable you to partake in a promotional activity or complete a survey
  1. Identity
  2. Contact
  3. Profile
  4. Usage
  5. Marketing and Communications 
  1. Contract
  2. Legitimate Interest – to study how customers use our products and services to develop them and grow our business
Preventing and detecting fraud against you or us   Legitimate Interest – to minimise fraud that could be damaging for you and/or us. 
Conducting checks to identify any actual, potential or past customers, suppliers, partners or intermediaries (each a Business Partner) and verify their identity. 
Screening for financial and other sanctions or embargoes. 

Other activities necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g. under health and safety law. 
  Legal Obligation.

Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies   Legal Obligation.
Ensuring business policies are adhered to, e.g. policies covering security and internet use   Legitimate Interest – to make sure we are following our own internal procedures or your procedures, so we can deliver the best service.
To administer and protect our business and this Site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
  1. Identity
  2. Contact
  3. Technical
  1. Legitimate Interest – to be as efficient as we can so we can deliver the best service to you
  2. Legal Obligation
Ensuring the confidentiality of commercially sensitive information  
  1. Legitimate Interest – to protect trade secrets and other commercially valuable information
  2. Legal Obligation
Statistical analysis to help us manage our business, e.g. in relation to our financial performance, customer base, product range or other efficiency measures
  1. Technical
  2. Usage
Legitimate Interest – to be as efficient as we can so we can deliver the best service to you
Preventing unauthorised access and modifications to systems  
  1. Legitimate Interest – to prevent and detect criminal activity that could be damaging for you and/or us
  2. Legal Obligation
Updating and enhancing Business Partner records  
  1. Contract
  2. Legal Obligation
  3. Legitimate Interest – making sure that we can keep in touch with our Business Partners about existing orders and new products
Statutory returns   Legal Obligation. 

Ensuring safe working practices, staff administration and assessments  
  1. Legal Obligation
  2. Legitimate Interest – to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you

Marketing our services and those of selected third parties to:

  • existing and former Business Partners;
  • third parties who have previously expressed an interest in our services;
  • third parties with whom we have had no previous dealings.
  1. Identity
  2. Contact
  3. Profile
  4. Usage
  5. Marketing and Communications
  6. Technical
Legitimate Interest – to promote our business to existing and former Business Partners and others, to grow our business and inform our marketing strategy

Credit reference checks via external credit reference agencies   Legitimate Interest – to ensure our actual and prospective Business Partners and suppliers are solvent and likely to be able to meet their obligations. 
External audits and quality checks, e.g. for ISO or Investors in People accreditation and the audit of our accounts  
  1. Legitimate Interest – to maintain our accreditations so we can demonstrate we operate at the highest standards
  2. Legal Obligation

Direct Marketing

As part of the customer onboarding process, or when you subscribe to communications via the Friend MTS website, your personal data is collected through our Site. At this point you will be asked to indicate your preferences for receiving direct marketing communications from FMTS or Friend MTS by email. 

Third Party Marketing 

 We will get your express consent before we share your personal data with any third party for their own direct marketing purposes. 

Opting out of Marketing

You can ask to stop sending you marketing communications at any time by using the Unsubscribe function in FMTS marketing emails, or by emailing your request to Unsubscribe to marketing@friendmts.com. If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes.

Cookies

For more information about the cookies we use and how to change your cookie preferences, please see our Cookie Policy

HOW LONG YOUR PERSONAL DATA WILL BE KEPT

Because the purposes and types of personal data that we process vary, different retention periods apply. The table below sets out categories of data and the retention period that applies in respect of each. In each case the retention period stipulated is a maximum retention period (we may delete your personal data earlier) and relates only to the personal data contained within the record after which time such data may be anonymised, pseudonymised or deleted. In all cases, we will keep your personal data only for so long as is necessary for the purposes of our processing or for any legally required period. Broadly, this is for as long as we have an active relationship with you or your employer and for as long as necessary afterwards:

  • to respond to any questions, complaints or claims made by you or on your behalf;
  • to keep records required by law; and
  • to enforce or defend our rights against any possible legal action for the applicable limitation period, typically six years after the cause of action arose.

Business Partner Records

Record
Retention Period
Account details 7 years from end of relationship, i.e. end of contractual relationship or date of last contact (whichever is later)
Sales/purchase analysis records 5 years from the date of the earliest record being analysed
Business Partner advice and opinions 7 years from end of relationship with Business Partner
Business Partner complaints 7 years from end of relationship with Business Partner (including any extension to the relation while dealing with the complaint)
Details of products/services not taken up 5 years from end of relationship with Business Partner
Voice recording 6 months from date of the telephone conversation, provided that the period may be extended where there is an ongoing complaint or dispute
Business Partner feedback — employee performance 18 months from the date of the record
Reviews by Business Partners 5 years from end of relationship
Records of Business Partners who have signed-up to receive non-marketing newsletters Until Business Partner unsubscribes

Marketing and business development records

Business Partner relationship management records — of former, current and potential Business Partners 2 years from last active engagement with Business Partner
Direct marketing information relating to a current Business Partner, 2 years from last active engagement
Direct marketing information relating to a potential Business Partner 2 years from data collection
Information recorded on marketing suppression lists, ie individuals who have notified as they do not wish to receive marketing communications 50 years from the date the marketing opt-out request was received
Website cookie data for targeted advertising 12 months from the date the cookie or tracking code was created

Data protection records

Management of data subject requests 3 years from the date the request is completed (including regulatory appeals, investigations and court action), or last contact with data subject, whichever is later
Data protection complaints 7 years from end of relationship with Business Partner (including any extension to the relation while dealing with the complaint)
Compliance records 7 years from the date the document is no longer active or has been superseded
HOW AND WITH WHOM DO WE SHARE YOUR PERSONAL DATA
  • We may share your personal data where necessary with the parties set out below for the purposes set out in the table above.
    companies within our group, such as Friend MTS (US) Inc.
  • third parties we use to help deliver our products or services, e.g. sub-contractors, payment service providers, mailing houses and delivery companies;
  • other third parties we use to help us run our business, e.g. marketing agencies or website hosts;
  • third parties approved by you, e.g. social media sites you choose to link your account to or third party payment providers;
  • credit reference agencies;
  • our insurers and brokers;
  • external auditors, e.g. in relation to accreditations and the audit of our accounts; and
  • our bankers.

Where service providers and other third parties act as data processors on our behalf, we only appoint them if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on those service providers to ensure they can only use your personal data to provide services on our instructions.

We may also need to share personal data with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations, and to share personal data with other parties, such as potential buyers of some or all of our business or during a restructuring—usually, information will be anonymised, but this may not always be possible, however, the recipient of the information will be bound by confidentiality obligations.

INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA

To deliver services to you, it is sometimes necessary for us to share your personal data outside the UK and EEA, including:

  • with our offices or other companies within our group;
  • with your and our service providers
    where there is a European and/or
  • international dimension to the services we are providing to you.

Under data protection law, we can only transfer your personal data to a country outside the UK and EEA where:

  • the UK government or EU Commission has decided the particular country ensures an adequate level of protection of personal data (an adequacy decision);
  • there are appropriate safeguards in place, together with enforceable rights and
  • effective legal remedies for data subjects; or
    a specific exception applies under data protection law

These are explained below:

Adequacy decision
We may transfer your personal data to certain countries, on the basis of an adequacy decision. The countries that benefit from adequacy decisions will change from time to time. We will always seek to rely on an adequacy decision, where one exists. Countries we can currently transfer to as at the date of this policy, include:

  • all European Union countries, plus Iceland, Liechtenstein and Norway (the EEA), Gibraltar; and
  • Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan (private sector organisations only), Jersey, New Zealand, Switzerland, Uruguay, certain commercial organisations in Canada and the USA (for organisations certified under the EU-US Data Privacy Framework).

Safeguards
Where there is no adequacy decision, we may transfer your personal data to another country if we are satisfied the transfer complies with data protection law, appropriate safeguards are in place, and enforceable rights and effective legal remedies are available for data subjects. The safeguards will usually include using legally approved standard data protection contracts/clauses, such as the IDTA and Addendum (see https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance/ or you can contact us at marketing@friendmts.com to obtain a copy). 

Transfers under an exception

In the absence of an adequacy decision or appropriate safeguards, we may transfer personal data to a third country or international organisation where an exception applies under relevant data protection law, namely:

  • you have explicitly consented to the proposed transfer after having been informed of the possible risks;
  • the transfer is necessary for the performance of a contract between us or to take pre-contract measures at your request;
  • the transfer is necessary for a contract in your interests, between us and another person; or
  • the transfer is necessary to establish, exercise or defend legal claims


We may also transfer information for the purpose of our compelling legitimate interests, so long as they are not overridden by your interests, rights and freedoms. Specific conditions apply to such transfers, and we will provide relevant information if and when we seek to transfer your personal data on this ground.

YOUR LEGAL RIGHTS

You have the following rights in relation to your personal data:

Access
The right to be provided with a copy of your personal data and to check that we are lawfully processing it. 

Rectification
The right to require us to correct any mistakes in your personal data, those we may need to verify the accuracy of the new data that you provide to us. 

Erasure (also known as the right to be forgotten)
The right to require us to delete your personal data where there is no good reason for us to continue processing it, provided that if there is a legal reason for us to not comply with this request we may not be required to comply, and will notify you of this case at the time of your request. 

Restriction of processing
The right to require us to restrict processing of your personal data in one of the following cases: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold that data even if we no longer require it, as you need it to establish, exercise or defend legal claims; (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. 

Data portability
In respect of automated information that you initially consented for us to use, or where we used the information to perform a contract with you, you will have a right to request the transfer of that personal data to you or a third party. The data must be sent in a structured, commonly used and machine-readable format. 

To object
The right to object at any time to your personal data being processed for direct marketing (including profiling). In addition, you have the right to object to processing of your personal data where we are relying on legitimate interest as the legal basis for the use of your data and where we are unable to demonstrate that we have compelling legitimate grounds for processing. 

For further information on each of those rights, including the circumstances in which they apply, please contact us. If you would like to exercise any of those rights, please email us and:

  • provide enough information to identify yourself (e.g. your full name, address, employer and customer, supplier or product reference number) and any additional identity information we may reasonably request from you; and
  • let us know what right you want to exercise and the information to which your request relates.


You will not have to pay a fee to access your personal data (or to exercise any other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances. 

We try to respond to all legitimate requests within a month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. 

KEEPING YOUR PERSONAL DATA SECURE

We have appropriate security measures to prevent personal data from being accidentally lost or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We continually test and improve our systems.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where legally required to do so.

HOW TO COMPLAIN

Please contact us if you have any query or concern about our use of your information. We hope we will be able to resolve any issues you may have. You also have the right to lodge a complaint with the Information Commissioner’s Office. The Information Commissioner’s Office may be contacted at https://ico.org.uk/make-a-complaint or telephone: 0303 123 1113.

CHANGES TO THIS PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example, a new email address. 

This privacy policy was last updated on 10 May 2024 when it replaced any previous privacy policy published on our Site.