MIM Systems GDPR Key Facts

GDPR Compliance Information

This page details the information we hold and process that could conceivably be classed as 'personal data' under the terms of the GDPR. The vast majority of the personal information we hold concerns individuals in their professional capacity, and is used by us solely to facilitate and maintain a professional relationship with those individuals and the organisations they represent. 

If you're looking for information on the ways in which our Time & Attendance Systems relate to the GDPR, please click here


GDPR Contact Information

Business Name Motor Industry Management Systems Limited
Assigned Data Controller Employee Kevin Churn
Data Controller Telephone Number +44 (0)1246 267715 
Data Controller Email gdpr@clockrite.co.uk

In this article

Not what you're looking for?  Click here to go back to the Portal


The Data we hold, and how we use it

We may process personal data as far as it pertains to our prospective or ongoing business relationship with your company. Most data is held and processed on legitimate interest grounds, in such a way as would reasonably be expected, and without unnecessary intrusion. This data is processed with the sole aim of providing the best possible service to you and your company, from initial enquiry, to purchase, to aftercare. If you'd like to learn more about what we mean by legitimate interests, please  click here.

The personal data we hold is primarily used to follow enquiries to their reasonable conclusion, process orders, and provide ongoing support to existing customers. We may hold any, but not necessarily all, of the following information:

CRM Database:

  • The contact names of those directly involved in the purchase and ongoing operation of the ClockRite System 
  • Titles and departments of contacts, if provided
  • Landline and/or mobile telephone numbers, as provided
  • Email addresses, as provided
  • Business billing and shipping address
  • Business details, including size of business and industry sector
  • Referral information, including the date of initial enquiry
  • Details of interaction between MIM Systems and contacts, including enquiry, sale, and support. In all cases these details are concise, focused, and pertain only to the matter at hand

Accounts and Invoicing

  • Relevant contact names
  • Business billing and shipping information
  • Previous invoices and method of payment
We do not store any bank account or credit card details.

Remote Support

Due to the broad definition of 'personal data' and the 'processing' thereof under the GDPR, our Remote Support service falls under its legislation. Please  click here for a detailed breakdown of how we conduct our Remote Support and how this relates to the GDPR. 

ClockRite Website

In addition to data supplied by you during the course of an order or enquiry we may collect limited data, with your consent, through the use of cookies on our website. Please see our cookie and privacy policies for more information pertaining to use of the ClockRite Website. 


Data shared with 3rd party/external sources

We've listed the circumstances under which data passes to third parties below. Information only passes to third parties for legitimate business reasons, such as taking payment for an order, managing our interaction with you via email, and providing remote support. We've taken care to ensure all third parties we deal with are GDPR compliant. 

Telephone Payments Any payments taken over the phone are processed using the Cardsave Payment gateway. Cardsave is a product of Worldpay, and you can read their privacy policy here.
Website orders Web orders are processed using Stripe. You can read their privacy policy here. More detailed information about data that may be collected when you use our website can be found in our privacy policy
Communicating via Email Our emails are hosted by Helpscout. You can read their privacy policy here, and they also have some great information on the steps they've taken to ensure GDPR compliance. 
Providing Remote Support We use TeamViewer to provide remote support, and have a dedicated page covering our use of the platform.
You can read Teamviewer's own statement on GDPR  here, and their privacy policy here.
MIM Systems Installation Engineers Where applicable our contracted engineers will hold basic client contact data.  Some clients may opt to have basic employee details pre-loaded into their ClockRite System prior to installation.  Our engineer will keep this data until the day of the installation in a password protected database, after which point it will be deleted. Where applicable, consent for this is received via our standard excel installation documentation. 

How we ensure your data is secure

  • All data in our CRM, Accounts, and Invoicing programs are held on our secure internal network.    
  • All PC's, devices and software applications used on our internal network are secured with a password.  
  • All staff adhere to our privacy, security, and confidentiality policies.  
  • Where data has been transferred to us via email, our email communication system provider is PCI compliant and supports TLS v1.2. Emails cannot be viewed by third parties.   
  • Where data has been transferred to us during a remote support session it will only be stored until the conclusion of the support issue, after which it will be erased.

How long we hold data for

Existing Customers
  • Detailed company contact information such as names and emails will be held electronically on our secure internal network for as long as it required pursuant to the lawful purpose under which it was obtained.  We will request an up to date contact list via email each year.    
  • Records of any previous purchases and associated invoices will be stored within our accounting and CRM system for as long as required, or for as long as we are legally obligated to maintain such records.  
  • Support notes and records of other relevant customer contact will be stored securely in our CRM database for as long as it required pursuant to the lawful purpose under which it was obtained.   
  • Specific customer setup information used for databases preparation will be stored for a maximum of 2 months. 
Past Customers
  • We will permanently hold client's purchasing history electronically in line with our legal obligation to do so.  This data may include contact names and titles.  
  • Past customer data will not be used for future marketing or other non consented reasons 
Active Prospects 
  • We will store contact details for active prospects in our CRM database.  If the enquiry does not proceed to order we will request consent to keep data.  If consent is not granted we will delete the record and any associated data.
Website Visitors
  • Data collected through visits to our website will be stored according to the principles set out for either 'Existing Customers' or 'Active Prospects', depending on the outcome of the enquiry. More detailed information about information collected via the ClockRite website can be found here


Your Rights under the GDPR

You have the following rights under law in regard to the collection and use of your personal information.

  •  The right to be informed about the collection and use of your personal data
  • The right of access to your personal data
  • The right to request that inaccurate or incomplete data is rectified
  • The right to request the erasure of your data where there is no further reason for us to use it
  • The right to restrict the use of your information
  • The right to object to certain uses of your data

Your rights are listed here in summary only. If you wish to learn more about your rights and how they apply to your personal data you may find the following ICO guidance useful:

Should you wish to exercise any of these rights you can do so at any time by contacting us at gdpr@clockrite.co.uk, or by writing to us at the following address:

MIM Systems Ltd, Dunston Innovation Centre, Dunston Road, Chesterfield, Derbyshire, S41 8NG

In some cases we are permitted to charge a small administrative fee in responding to such requests. 

If you feel that your rights have been breached in any way you should contact our assigned Data Controller, Kevin Churn, through either method listed above. You may also lodge an official complaint with the Information Commissioners Office via  their website, or in writing to: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF


Back to the Portal