Metro Production Group Ltd (MPG) is required to demonstrate accountability for compliance with data protection laws (including the General Data Protection Regulation (GDPR)). This Statement details the provision of data, media, or services with regard to the Processing and protection of Personal Data.
Compliance with the Law
This statement is underpinned by and MPG will abide by the legislation set out in the General Data Protection Regulations (GDPR).
MPG can confirm and evidence that appropriate security measures are in place to protect Personal Data, including appropriate technical and organisational measures, to protect against unauthorised or unlawful Processing and against unauthorised access, disclosure, loss, alteration, destruction or damage.
MPG will treat all client Personal Data as confidential and Process only in accordance with the instructions of the client and will not use or Process any client Personal Data for any purpose other than to provide the Services agreed.
MPG will ensure that any client Personal Data is returned to the client or destroyed, when it is no longer required for the performance of the Services agreed, unless otherwise instructed by the client.
MPG confirms that, as an operator of Digital Property (including for example filming footage or an app on an ipad) or any other online or offline service through which MPG collects Personal Data on behalf of a client, we have in place and can evidence, appropriate consent to collect the Personal Data from the client by means of the terms and conditions of service. MPG can confirm that the terms and conditions of service will constitute a legitimate interests to process the data as determined in Article 6 (1)(f) of the GDPR.
Personal Data Breach
In the event of a Personal Data Breach which involves client Personal Data MPG will:
1, immediately take all necessary and appropriate corrective action to remedy the underlying causes of the Personal Data Breach and make reasonable commercial efforts to ensure that such Personal Data Breach will not recur;
2, notify the client without delay providing reasonable detail of the Personal Data Breach and likely impact on Data Subjects;
3, take any action required by Applicable Law and/or at the reasonable request of the client.