Meridian West Ltd prioritises the protection of your privacy. This document outlines our approach to collecting and utilising the personal information that you supply, whether through the internet, telephone, mobile, email, post, our research activities, or any other form of communication. The terms “Meridian West”, “we”, “us”, and “our” refer to Meridian West Limited, a firm incorporated in England and Wales with the registration number 04224059 and a registered office located at Private Office 4.07 Uncommon Borough, Long Lane, London, England, SE1 4PG. The term ‘personal data’ denotes any data about a person who can be identified directly or indirectly. The pronouns “you” and “your” in this statement pertain to the individual whose personal data is in question. Meridian West manages personal data for various reasons, and the method of data collection, the legal grounds for its processing, its usage, disclosure, and the durations of its retention vary depending on the purpose.

Core principles

At Meridian West, we firmly uphold the conviction that the privacy of our users and the protection of their data represent fundamental human rights. This belief is deeply embedded in our operational ethos and guides our approach to handling personal data. Our commitment to these principles is reflected in our comprehensive privacy practices, which are designed to respect and safeguard the privacy and security of all individuals whose data we manage. Below, we further elaborate on our core principles:

Respect for Individual Privacy

We recognise the importance of personal privacy not just as a legal requirement, but as a cornerstone of human dignity. Every individual has the right to control their personal information and to make informed decisions about how it is used. We are committed to maintaining transparency with our users about the data we collect, the purposes for which we collect it, and how it is processed and protected.

Minimisation of Data Collection

Meridian West adheres to the principle of data minimisation, ensuring that we only collect and process data that is directly relevant and necessary to accomplish specified purposes. We continuously evaluate our data collection practices ensuring they align with the need to provide our services effectively while respecting the privacy of individuals.

Duty of Care

We acknowledge our responsibility and duty of care towards individuals whose data we hold. This duty extends beyond mere compliance with legal requirements; it encompasses a moral obligation to protect individuals from harm that might arise from misuse of their data. We implement robust security measures to protect personal data from unauthorised access, disclosure, alteration, and destruction.

Necessity and Proportionality

Our data collection and processing activities are guided by the principles of necessity and proportionality. We ensure that the collection of personal data is justified by a legitimate purpose and that the extent of processing is proportionate to that purpose. This approach helps to prevent excessive data collection and storage, thereby reducing potential risks to individual privacy.

Transparency and Accountability

Meridian West is committed to maintaining a high level of transparency in all our data handling practices. We provide clear and accessible information to individuals about how their personal data is used, and we are accountable for managing this data in a way that is consistent with both our declared practices and legal obligations. We regularly review and update our privacy policies and practices to adapt to new challenges and to ensure ongoing compliance with data protection laws.

Empowering Individuals

We empower individuals by providing them with access to their personal data upon request and offering them the opportunity to correct, update, or delete this data where appropriate. We recognise the right of individuals to object to certain processing activities and to withdraw consent at any time, respecting their choices and preferences regarding their personal data.

Ethical Data Management

Our approach to data management is grounded in ethical considerations, ensuring that personal data is treated with the utmost respect and integrity. We engage in fair processing practices that consider the interests and rights of the individuals concerned, aiming to foster trust and confidence among our users. By adhering to these core principles, Meridian West strives to create a secure and respectful environment for managing personal data. Our commitment to these values is unwavering, as we believe they are essential to building and maintaining trust with the individuals who share their personal data with us.

Relevant legislation

The EU General Data Protection Regulation (GDPR) effective from May 2018 gives all EU citizens more rights and protections for their personal data, to minimise the possibility of theft and fraud. The provisions of European law were enacted in UK law in the Data Protection Act 2018 (DPA). On 28 June 2021, the EU approved adequacy decisions for the EU GDPR and the Law Enforcement Directive (LED). This means data can continue to flow as it did before, in most circumstances. Both decisions are expected to last until 27 June 2025. The General Data Protection Regulation has been kept in UK law as the UK GDPR. Meridian West regularly reviews and updated its business practices and policies to ensure compliance with the following national and international legislation with regards to data protection and user privacy:

• UK Data Protection Act 2018 (DPA)
• EU General Data Protection Regulation 2018 (GDPR)

Our compliance with the above legislation, all elements of which are stringent in nature, means that Meridian West Limited is likely to be compliant with the data protection and user privacy legislation set out by many other countries and territories as well.

UK Data Protection Act 2018

In carrying out our day-to-day activities we process, and store personal information and we are therefore required to adhere to the requirements of the UK Data Protection Act 2018. We take our responsibilities under this act very seriously and we ensure the personal information we obtain is held, used, transferred and otherwise processed in accordance with that Act and all other applicable data protection laws and regulations including, but not limited to, the Privacy and Electronic Communication Regulations (PECR).

GDPR

The EU General Data Protection Regulation (GDPR) effective from May 2018 gives all EU citizens more rights and protections for their personal data, to minimise the possibility of theft and fraud. These regulations include provisions for the following areas:

• The right to be informed: Organisations must publish a privacy notice, in addition to explaining transparently how they use this personal data.
• The right of access: Individuals will have the right to demand details of any of their data that an organisation may hold. This information must be provided within one month of request at no charge to the individual.
• The right to rectification: If a person’s data is incorrect or incomplete, they have the right to have it corrected. If the organisation that holds the information has passed any of that information to third parties. The company must inform the third party of the correction and inform the person which third parties have their personal data.
• The right to be forgotten: A person may request the removal of their personal data in specific circumstances.
• The right to restrict processing: Under certain circumstances, an individual can block the processing of their personal data.
• The right to data portability: A person can obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.
• The right to object: A person can object to the use of their personal data for most purposes.

Information sharing and disclosure

We may share your information with our data processors. These are trusted partner organisations that work with us in connection with our organisation’s purposes. All our trusted partners are required to comply with data protection laws and our high standards and are only allowed to process your information in strict compliance with our instructions. We will always make sure appropriate contracts and controls are in place and we regularly monitor all our partners to ensure their compliance. For example, providers of information technology, cloud-based software as a service, website hosting and management, data analysis, data back-up, security and storage services. The servers are in secure data centres around the world, and personal data may be stored in any one of them. Further details of these providers are set out below.

Name	Role
Anthropic (Claude)	AI assisted audio transcription and document summarisation.
Data Experts	Outsourced data engineering and visualisation partners.
GEEX Ltd	Meridian West Outsourced IT Security Management
HubSpot	Meridian West CRM system.
Microsoft	Provides MW cloud infrastructure and business software.
OpenAI (ChatGPT)	AI assisted audio transcription and document summarisation.
RubikLab	AI assisted audio transcription, document summarisation and analysis.
37 Digital	Website development & maintenance

We may disclose your personal information to third parties if we are required to do so through a legal obligation (for example to the police or a government body); to enable us to enforce or apply our terms and conditions or rights under an agreement; or to protect us, for example, in the case of suspected fraud or defamation.

The accuracy of your information

We aim to ensure that all information we hold about you is accurate and, where necessary, kept up to date. If any of the information we hold about you is inaccurate and either you advise us or we become otherwise aware, we will ensure we amend and update it as soon as possible.

Storing your information

Although most of the information we store and process stays within the UK, some information may be transferred to countries outside the European Economic Area. This may occur if, for example, one of our trusted partners servers are located in a country outside the EU. These countries may not have similar data protection laws to the UK however, we will take steps with the aim of ensuring your privacy continues to be protected as outlined in this privacy policy. When we no longer need to retain your information, we will ensure it is securely disposed of, at the appropriate time.

Our activities

To find out more about our specific processing activities, please go to the relevant sections of this statement:

Business contacts and clients

• Events

Meridian West Ltd is committed to protecting your privacy during event registration and attendance. This brief statement explains our approach to handling your personal data in relation to Meridian West events.

Personal Data Collection and Use

When you register for an event with us, we collect essential information such as your name, professional details, contact information, and any specific requirements you may have (e.g., dietary, accessibility). This information is used to manage your participation effectively and ensure your needs are met during the event.

Photography

We may take photos at our events for use in our marketing materials. By attending, you acknowledge this possibility.

Special Category Data

For any data that could reveal religious beliefs, health details, or similar sensitive information, we only proceed with explicit consent.

Legal Basis for Processing

Our processing is based on legitimate interests to offer and promote our services, and where necessary, with your consent for special category data. Data Sharing We only share your data when necessary for event hosting, with providers like venues or catering to accommodate your needs. Your data is shared under strict confidentiality and security measures. Data Retention Data is retained according to our Data Retention Policy and legal obligations. Conclusion Meridian West ensures your data is used responsibly and with respect to your privacy. If you have questions or need further information, please contact us.

• Personnel and Recruitment

This section highlights Meridian West Ltd.’s approach to the privacy of individuals in our recruitment and personnel management processes. It encompasses the collection and use of personal data for candidates applying directly or through agencies and extends to our employees upon successful recruitment.

Data Collection During Recruitment

In the recruitment phase, we collect essential information including but not limited to:

• Personal and contact details
• Professional background (CV, qualifications, job preferences)
• Identity verification documents
• Data on diversity and equal opportunities, where provided voluntarily

This data aids in managing applications, conducting interviews, and if successful, proceeding with pre-employment checks which may involve background screenings appropriate to the job role. Use of Personal Data The collected data is utilized to:

• Facilitate recruitment and evaluate suitability for roles
• Administer and improve the recruitment process
• Conduct pre-employment screenings, with checks tailored to specific job requirements
• Manage our candidates’ database and communicate effectively throughout the recruitment cycle

Sources of Data

Data may be sourced directly from candidates, through recruitment agencies, or from publicly available platforms (e.g., LinkedIn) to ensure a comprehensive understanding of an applicant’s profile.

Legal Basis for Processing

Processing is grounded on legitimate interests to efficiently manage recruitment and, upon success, prepare for onboarding. For sensitive data, processing is based on explicit consent or legal requirements.

Retention and Sharing of Data

Data is retained as per our Data Retention Policy, ensuring it is only held as long as necessary for the purposes it was collected. Necessary data may be shared with third-party service providers for background checks and other recruitment-related services.

Automated Decision-Making

We don’t use automated tools for initial screening based on predefined criteria. Candidates have the right to request human intervention or challenge decisions made by automated processes.

Conclusion

• Meridian West is committed to protecting the privacy of our personnel and candidates, ensuring transparency, security, and respect for personal data throughout our recruitment activities. For further inquiries, please contact our privacy team.Error! Reference source not found.
• Research/survey respondents
• Our policy is to collect only the personal data necessary for the specific research purposes and we ensure that such data collection is communicated clearly to our respondents. The types of personal data collected may include:
• Personal details (e.g., name, age/date of birth, gender)
• Contact information (e.g., email address, phone number)
• Professional information (e.g., job title, employer)
• Opinion data related to our research topics

We strive to ensure that any personal data shared with us is provided with the informed consent of the respondents or is otherwise collected in accordance with applicable data protection laws. 

Use of Personal Data

The personal data collected from research/survey respondents is used for the following purposes:

• Conducting and managing research studies to gather insights
• Analysing data to inform our services and client advice
• Developing and improving our professional services based on respondent feedback

Legal Grounds for Processing

We process this personal data based on legitimate interests to conduct research and develop our professional services. When special categories of personal data are involved, we ensure to obtain explicit consent from the respondents or rely on other lawful bases permitted under data protection laws for processing.

Data Retention

We retain personal data collected from research/survey respondents as long as necessary for the research purposes for which it was collected and in accordance with any applicable legal or regulatory requirements. Typically, personal data is anonymized or securely deleted after the conclusion of the research project or after the required retention period.

Sharing and Processing Locations

Personal data collected through research activities may be shared with third-party service providers for the purpose of data analysis and research facilitation, under strict confidentiality agreements. Data processing locations are selected with data protection compliance in mind, ensuring that respondents’ personal data is handled securely.

Conclusion

Meridian West is committed to protecting the privacy of individuals participating in our research activities. We take careful steps to ensure that personal data is collected, used, and retained in accordance with our privacy standards and applicable data protection laws. For further details or inquiries about how we handle research/survey respondent data, please contact our privacy team.

• Suppliers

Meridian West Ltd acknowledges the importance of privacy for our suppliers, including subcontractors and those associated with our suppliers and subcontractors. This section of our privacy statement details our practices regarding the collection, use, and protection of personal data from our suppliers in the course of business interactions.

Collection of Personal Data

We collect personal data from our suppliers to facilitate our professional relationship, manage contracts, and receive services. This typically includes business contact information such as names, employer names, phone numbers, email addresses, and other relevant communication details.

Use of Personal Data

Our use of supplier personal data includes: Receiving Services: We process personal data necessary to receive services from our suppliers. This encompasses data from individuals directly providing services to us, ensuring smooth business operations. Providing Professional Services to Clients: When suppliers assist in delivering services to our clients, we process personal data of those involved to manage our supplier relationships and fulfil client service delivery effectively. Business Administration and Development: Personal data is used to manage our supplier relationships, enhance our services, maintain IT systems, host events, and manage our website and applications. Security and Risk Management: We implement security measures that may involve processing personal data for threat detection and resolution. Quality and risk management activities also necessitate personal data processing to ensure service standards and manage business risks. Marketing and Communications: We use supplier contact details to share information about our services, industry insights, and event invitations, aiming to keep our suppliers informed about relevant updates and opportunities.

Legal Basis for Processing

The processing of personal data in these contexts is grounded in our legitimate interests to ensure effective service receipt, business operation, and client service provision. Additionally, legal compliance and regulatory obligations may require the processing of personal data, underpinning our commitment to lawful and ethical business practices.

Data Retention

Personal data collected from suppliers is retained as long as necessary for the purposes for which it was collected, adhering to applicable laws and regulations. This duration aligns with the length of our relationship with the supplier or as required to fulfil our legal and regulatory obligations, after which data is deleted in accordance with our data Retention Policy.

Conclusion

Meridian West is committed to handling supplier personal data with the utmost care and respect, ensuring privacy and compliance throughout our business engagements. Our practices are designed to protect personal information while enabling productive and secure business relationships.

• Visitors to our office

At Meridian West, located in the shared office space provided by Uncommon, we prioritize the security and privacy of our visitors. This section outlines how we handle personal data and implement security measures for individuals visiting our premises.

Security Measures

Our office environment is equipped with security measures, including CCTV and access controls, to ensure the safety and security of our staff, visitors, and property.

CCTV Surveillance

Notices are prominently displayed around our offices indicating the operation of CCTV surveillance. The purpose of these cameras is to enhance safety, deter criminal activity, and support the establishment, exercise, or defence of legal claims. Recorded footage is securely stored and accessed only when necessary, such as in response to incidents.