HomePrivacy & Fair Processing Notice

Privacy & Fair Processing Notice

This is the Privacy Notice of the data controller Market Location Limited in respect of ML’s technically generated Business Database and its joint controllership of the 118 Business Database sourced by 118 Data Resource’s Contact / Call Centre activities. It is the current Privacy Notice as published on our websites at: https://marketlocation.co.uk/privacy-policy.

Controller’s Details

In this Privacy Notice when we refer to “ML”, “We”, “Us” or “Our” we mean Market Location Limited. ML is a private limited company registered in England and Wales with company registration number 01864009 and registered with the Information Commissioners’ Office in the UK with registration number Z6668189. Our registered office and postal address are: 62 Anchorage Road, Sutton Coldfield, England, B74 2PG. Our Email Address is: customerservices@marketlocation.com and telephone number is: 01926450388.

Notice Summary

Please read this Notice carefully as it contains important information on who We are and how and why We collect, store, use and share your Personal Data. It also explains your rights and how to contact Us or Our supervisory authority in the event you have any concerns We are unable to address. We are committed to protecting and respecting your privacy and will comply with the applicable data protection laws in all Our dealings with your Personal Data.

We operate with layered Privacy Notices depending on your interaction with Us.

This Privacy Notice tells you what to expect Us to do with your Personal Data when you are a business contact on Our UK trading and location business database (“Business Database”), a visitor to Our website or Our offices, make contact with Us or use one of Our services. We will tell you:

  • why We are able to process your information;
  • what purpose We are processing it for;
  • whether you have to provide it to Us;
  • how long We store it for;
  • whether there are other recipients of your Personal Data;
  • whether We intend to transfer it to another country, and
  • whether We undertake automated decision-making or profiling.

This Notice also provides details of Our additional Privacy Notices applicable as required by Our interaction.

Terminology

Our use of terminology in this document is in line with data protection laws. If you are unsure of terminology used in this Privacy Notice, please email compliance@marketlocation.com for explanation.

Controller’s Full Contact Details

In this Privacy Notice, Market Location Limited. ML is a private limited company registered in England and Wales with company registration number 01864009. Our registered office and Our postal address are: 62 Anchorage Road, Sutton Coldfield, England, B74 2PG. Our Email Address is: customerservices@marketlocation.com and telephone number is: 01926450388.

Market Location Limited is the data controller of your Personal Data and is registered with the Information Commissioners’ Office in the UK with registration number Z6668189. ML is responsible for processing the Personal Data you provide to Us on the website: marketlocation.co.uk.

Our principal place of business is 62 Anchorage Road, Sutton Coldfield, England, B74 2PG and Our registration number for Value Added Tax in the UK is GB270057131.

Other Data Controllers in Our Group

The following companies in Our Group may also be separate data controllers in respect of your Personal Data: 118 Group Limited and 118 Data Resource Limited and these companies are registered with the Information Commissioners’ Office in the UK. 118 Data Resource Limited (company registration number 06325712) is responsible for processing the Personal Data you provide to Us on the www.118information.co.ukmy118information.co.uk and 118group.co.uk websites and 118 business database.

When We use your Personal Data, We do so in accordance with the General Data Protection Regulation (UK GDPR). We are responsible as ‘controller’ of your Personal Data for the purposes of the GDPR. We will use your Personal Data in accordance with your engagement with us, the GDPR, other relevant legislation and your instructions. We are committed to ensuring that We process Personal Data in accordance with the principles set out in the Information Commissioner’s Guide to Data Protection.

Joint Data Controllers in Our Group

Market Location has a joint controller relationship with the following company in Our Group, 118 Data Resource Limited (“118”) (company registration number 06325712), in respect of the processing of your Personal Data in the 118 Business Database. Where there is a reference to the 118 Business Database in this Notice then “We”, “Us” and “Our” apply to both Market Location and 118.

Market Location Limited and 118 Data Resource Limited act as Joint Controllers for the Business Database. We have determined our respective responsibilities under Article 26 GDPR in a joint‑controller arrangement that allocates responsibilities, enables cross organisation auditability, and ensures that individuals may exercise their rights by contacting either controller. This means that both companies work together in respect of the Business Database to decide why and how your Personal Data is processed because We have shared and closely linked purposes for the processing of the Personal Data. It also means that We are jointly responsible to you under the law for that processing. We do not perform all processing of your personal data as joint controllers. Market Location makes decisions regarding certain processing of your Personal Data independently of 118, for which Market Location is solely responsible. Similarly, 118 makes decisions for certain processing of your Personal Data independently of Market Location, for which 118 is solely responsible. Please visit the 118 Data Resource Limited Privacy Notice at www.118information.co.ukmy118information.co.uk and 118group.co.uk to find out more about processing performed by 118 independently.

In respect of the 118 Business Database, 118 has primary responsibility for the day-to-day handling of your Personal Data as it collects this information and has direct contact with you and, or indirect contact with the business you work for or are employed by, due to the activities of 118’s Call and Contact Centre. Market Location’s data protection responsibilities to you in respect of the Business Database include:

  • Producing this section of the Notice jointly with 118 including any updates as required by applicable laws;
  • Ensuring it has legal grounds to use your Personal Data in the ways described in this Notice;
  • Responding to requests when you exercise your data protection rights and submitting such requests to 118 (see further information below regarding these rights); and
  • Ensuring that the Personal Data Market Location stores is secured and retained in accordance with data protection laws.

As a result, 118 is responsible for the following activities relating to the processing of your Personal Data in the Business Database for this purpose:

  • Producing this section of the Notice jointly with Market Location including any updates as required by applicable laws;
  • Acting as your main point of contact for any queries you may have relating to this Notice;
  • responding to requests when you exercise your data protection rights and submit such requests to 118 (see further information below regarding these rights);
  • Ensuring the legal grounds are in place to share your Personal Data with Market Location;
  • Ensuring the purposes for which the Personal Data is shared complies with the data protection principles under the applicable laws; and
  • Ensuring that the Personal Data We store is secured and retained in accordance with data protection laws.

Data Protection Officer’s Contact details

ML is the controller for this information unless this Notice specifically states otherwise. Our Data Protection Officer, Bethany Searson can be contacted at Compliance@marketlocation.co.uk or via Our address: 62 Anchorage Road, Sutton Coldfield, West Midlands B74 2PG (please mark the envelope ‘Data Protection Officer’).

How do We obtain your information?

The Personal Data We collect, and process is provided either directly or indirectly for one of the following reasons:

  • Directly from you as you are representing your organisation or business, and/or you have made an enquiry, comment or an information request to us, you have attended an event, or responded to a communication undertaken or sent by us;
  • Indirectly, provided by the company or organisation you are employed by, or work for, as a contact of the business and, or We have contacted a business organisation, and it provide Us your Personal Data in its response as a business contact of their customer, prospective customer, vendor or partner; and, or
  • Indirectly because We process data on individuals in Our business database based upon their business capacity, such as employee, director, and other roles held in an official capacity for limited and PLC companies provided by credit reference organisations, online directories, or other recorded images, debt collection agencies, health care providers, insurance companies, data brokers, legal and judicial sector organisations, schools, colleges, universities or other education organisations, councils and other public sector organisations, publicly available sources, previous employers, third parties, or recruiters or CCTV footage, or other recorded images. Where we obtain Personal Data from other sources, we will provide you with the information required by Article 14 UK/EU GDPR within one month of obtaining your data, or at the time of first communication or disclosure to another recipient, unless a narrow statutory exemption applies. We record and justify any reliance on an Article 14(5) exemption and implement alternative public transparency measures where appropriate.

Types of Personal Data

We may collect and process the following Personal Data about you:

  • Business contact information related to you, as a business contact for the business you are employed by or work for;
  • Business contact details related to you, as a business contact for the business you are employed by or work for, in respect of business identification and assessment;
  • Business contact details related to you, as a business contact for the business you are employed by or work for, in respect of directories and online directories;
  • Business contact information related to you, as a business contact for the business you are employed by or work for, in respect of receipt of advertising, marketing or direct marketing;
  • Business contact information related to you, as a business contact for the business you are employed by or work for, in respect of employment and recruitment agencies;
  • Business contact information related to you, as a business contact for the business you are employed by or work for, in respect of research organisations;
  • Business contact information related to you, as a business contact for the business you are employed by or work for, in respect of marketing list providers;
  • Business contact information related to you, as a business contact for the business you are employed by or work for, in respect of credit reference agencies, debt collection agencies, financial services firms, insurance or online payment solution providers;
  • Business contact details related to you, as a business contact for the business you are employed by or work for, in respect of retail, commerce and utilities;
  • Business contact information relating to website form completion, social media or email response or telephone interview. This includes information provided at the time of registering to use Our site, subscribing to Our services, posting material, requesting a free listing or requesting further services;
  • Business contact information if you contact Us and We keep a record of that contact and correspondence;
  • Business contact information relating to transactions and fulfilment of orders;
  • Business contact information purchased from third parties who compile your individual Business Contact Information using publicly available data, including from your employer’s website, and email generation based upon known email address structure;
  • Business contact information relating to supplier management including transactions and fulfilment of orders;
  • Business contact information relating to visits to Our websites, (such as weblogs), social media or other marketing and information media (where appropriate);
  • Suppression data of records of individuals who have made a right to ‘erasure’ request (right to be forgotten (in accordance with GDPR Art.17(1)) or objection to processing request (in accordance with GDPR Art.21 (1 and 2)). We suppress and process a suppression file of minimum information required to identify such individuals (such as business contact name, business name and business email address etc) to ensure that they do not receive any further direct marketing or other communications from Us and to ensure that their personal data is not re-acquired and re-added at a later time for processing in Our company systems.
  • Marketing/privacy preference information (including the Telephone Preference Service (TPS), Corporate Telephone Preference Service (CTPS) and MPS Mailing Preference Service, etc) where an individual or business has joined an ‘opt-out’ list to indicate that they do not want to be contacted via a particular marketing channel. We suppress and process this data in a Suppression File to identify matched records as relevant in Our Market Location and 118 Business Database.
  • In call audio recordings (as announced on calls), transcripts, call metadata (time, date, duration, queue/campaign, employee ID), and derived sentiment/quality assurance indicators.

In respect of the 118 Business Database, the types of Personal Data We collect and process about you is ‘business contact information’ and may include: first and last name, title, job position, organisation name and your business contact information (email, phone, business address, public social media address). Depending on Our engagement with you in respect of the 118 Business Database, We also may process marketing/privacy preferences, location data, viewing history, IP addresses, account information, website user information, call recordings and transcripts, records of meetings, decisions and information relating to comments, compliments or complaints.

In respect of the ML Business Database, the types of Personal Data We collect and process about you is ‘business contact information’ and may include: first and last name, title, job position, organisation name and your business contact information (email, phone, business address, public social media address). Depending on Our engagement with you in respect of Our Business Database, We also may process marketing/privacy preferences, location data, viewing history, IP addresses, account information, website user information, call recordings, records of meetings, decisions and information relating to comments, compliments or complaints.

If you prefer not to receive future direct marketing communications, you can request this at any time by selecting the ‘unsubscribe’ link in Our emails or by emailing customerservices@marketlocation.com. We will suppress your personal data to ensure that you do not receive any further direct marketing communications from Us and to ensure that your personal data is not re-acquired and re-added at a later time to Our Market Location or 118 business database.

We collect or use the following information to respond to enquiries, comments, compliments and complaints, manage suppliers, undertake recruitment, research or archiving purposes, employ employees, and to provide services and goods to clients, including delivery:

  • Names, title and contact details;
  • Job position;
  • Addresses;
  • Website user information (including user journeys and cookie tracking);
  • Contact details about the organisation you work for or are employed by;
  • Information for service updates;
  • Information for marketing purposes;
  • Marketing or privacy preferences;
  • Purchase or account history;
  • Payment details (including card or bank information for transfers and direct debits);
  • Financial transaction information and credit reference information;
  • Health information (including dietary requirements, allergies and health conditions);
  • Health and safety information;
  • Account information including registration details and records;
  • Recorded images such as photographs or video recordings;
  • Call recordings of which We record a transcript and undertake analysis using natural language processing to infer sentiment (positive/neutral/negative) and quality indicators;
  • Records of meetings and decisions;
  • Date of birth;
  • Identification documents;
  • Information relating to enquiries, requests, compliments or complaints;
  • Information used for security purposes;
  • Viewing history, IP addresses, location data, website and application user journey information,
  • Records of consent, where appropriate.

We may collect or use the following information to prevent crime, prosecute offenders, or defend against legal action including names and contact information, customer or client accounts and records, criminal offence data (including Disclosure Barring Service, Access NI or Disclosure Scotland checks), video, audio and CCTV recordings of public, private or staff areas (including indoor and outdoor spaces), body worn video or dashcam footage inside and outside of vehicles, with or without audio, call recordings, transcriptions, financial transaction information, information relating to health and safety, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic information, biometric information (where used to identify someone), sex life information, sexual orientation information and, or health information.

We collect or use the following information as part of Our direct marketing, advertising and promotional activities including employee and other stakeholder names, title, job position and organisation contact details, information for marketing purposes, recorded images such as photographs or video recordings.

We collect or use the following information to comply with legal requirements: identification documents, financial transaction information, suppression data, marketing/privacy preference data, criminal offence data (including Disclosure Barring Service (DBS), Access NI or Disclosure Scotland checks), health information, health and safety information.

We collect or use the following information for recruitment purposes: contact details (eg name, address, telephone number or personal email address), date of birth, National Insurance number, copies of passports or other photo ID, employment history (eg job application, employment references or secondary employment), education history (eg qualifications), right to work information, and details of any criminal convictions (eg Disclosure Barring Service (DBS), Access NI or Disclosure Scotland checks). We also may collect or use the following information for recruitment purposes: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic information, biometric information (where used to identify someone), health information, sex life information and sexual orientation information.

Legal Basis to Process Your Personal Data

Under the applicable data protection laws, We require a lawful basis to collect and use your Personal Data of which there are seven lawful bases to process an individual’s Personal Data.

Depending on the processing activity, We rely on the following lawful basis for processing your Personal Data under the UK GDPR:

  • Article 6(1)(a) Consent where the data subject has given consent to the processing of his or her personal data for tracking, analytics, advertising, or user behaviour analysis relating (such as non-essential cookies);
  • Article 6(1)(b) which relates to processing necessary for the performance of a contract (where applicable);
  • Article 6(1)(c) so We can comply with Our legal obligations (e.g., accounting, suppression lists, AML checks, regulatory duties);
  • Article 6(1)(d) in order to protect your vital interests or those of another person (only where processing is necessary to protect life);
  • Article 6(1)(f) for the purposes of Our legitimate interest for which We have completed Legitimate Interest Assessments (LIAs) for each processing purpose relying on this basis; and
  • Article 6(1)(ea) for the strictly limited purposes that fall within Our Recognised Legitimate Interests including safeguarding vulnerable individuals and crime prevention.

We only use your Personal Data for clearly defined and proportionate purposes. These fall into the following categories:

1. Tracking, analytics, advertising, or user behaviour analysis

We rely on Article 6(1)(a) consent as Our lawful basis for processing optional cookies and only collect the analytics information if you consent to the use of non-essential cookies and similar technology (for which consent-withdrawal can be made at any time). Unless notified as relevant, We do not process other Personal Data under the lawful basis of Article 6(1)(a) consent.

2. Operational & Service Delivery Purposes

Where We process your Personal Data under the lawful basis of Article 6(1)(f) for the purposes of Our legitimate interest, We have documented Legitimate Interest Assessments. We process Personal Data under Our legitimate interests to operate, manage and share Our 118 Business Database of businesses and business contacts, ML Business Database of businesses and business contacts, to trade and to deliver goods and services, for the operation of customer accounts and guarantees for Our goods and services, to collect and use personal data in order to provide service updates or marketing services, including marketing services for and on behalf of Our clients, to collect and use personal data to prevent crime, for research and archiving, to recruit individuals, to manage suppliers and to collect and use personal data in cookies for a technically error-free and optimised service-provision.

3. Data Sharing with Joint Controllers & Partners

As part of the jointly managed Business Database, We share relevant business contact data between 118 Data Resource Limited and Market Location Limited under the lawful basis of Legitimate interests (Art. 6(1)(f)). This is to ensure data accuracy, reliability and availability across Our shared database infrastructure so both organisations can maintain and supply accurate business information to clients.

4. Marketing & Advertising (B2B)

In compliance to PECR and its suppression obligations, as well as Our Legitimate Interests (Art. 6(1)(f)), We may use business contact details to send relevant B2B marketing communications, conduct segmentation, and support client campaigns, always respecting suppression lists, privacy preferences and TPS/CTPS registrations.

Where We process your Personal Data as suppression data and as marketing/privacy preference information We have relied upon the current data protection rules, which allow Us to process personal data in a suppression file because the processing is necessary for Our compliance with a legal obligation to you to which We as a data controller are subject, in accordance with Article 6 (1(c)) of GDPR.

5. Accuracy, Verification and Data Quality

In order to ensure up to date business data We validate, refresh and quality check Personal Data using direct contact with businesses; verification partners such as credit reference agencies, identity solution providers, sectoral directories and public sources; and periodic refresh cycles to confirm employment, contact roles or business association under the lawful basis of Legitimate interests (Art. 6(1)(f)), ensuring data quality and up to date business data. For the purposes of service quality monitoring, customer experience improvement, timely support during difficult interactions, and evidence-based coaching of employees, We analyse recorded calls and transcripts using natural language processing to infer positive/neutral/negative sentiment and quality indicators. This analysis does not make decisions about you, nor does it identify or infer special category personal data.

6. Compliance, Security and Auditability

Under the lawful basis of Legal obligation (Art. 6(1)(c)) and Legitimate interests (Art. 6(1)(f)) — security, prevention of misuse, We use Personal Data to comply with regulatory requirements, prevent fraud, wrongful impersonation or unlawful activity, maintain audit trails, and uphold suppression requests and ensure records are not re acquired after opt out.

7. Profiling & Segmentation (Non Detrimental B2B Use)

We use Personal Data to comply with regulatory requirements, prevent fraud, wrongful impersonation or unlawful activity, maintain audit trails, and uphold suppression requests and ensure records are not re acquired after opt out under the Lawful basis of Legal obligation (Art. 6(1)(c)) and Legitimate interests (Art. 6(1)(f)) — security, prevention of misuse.

Other Privacy Notices

Employee and prospective employees may request Our separate Employee or Applicant Privacy Notice from the Data Protection Officer at customerservices@marketlocation.com. Additionally, a supplier, client or call recording Privacy Notice may be shared with you depending on your interaction with Us.

Special Category Data Processing

We do not process special category data in respect of Our Business Database.

Where the information We process in respect of employees and applicants is special category data, for example relating to employee health data, the additional bases for processing that We rely on are:

  • Article 9(2)(b) which relates to carrying out Our obligations and exercising Our rights in employment and the safeguarding of your fundamental rights;
  • Article 9(2)(c) to protect your vital interests or those of another person where you are incapable of giving your consent; and, or
  • Article 9(2)(f) for the establishment, exercise or defence of legal claims.

In addition, We rely on the processing condition (b) at Schedule 1 part 1 paragraph 1 of the DPA 2018. This relates to the processing of special category data for employment purposes.

Uses Made of the Information

We use your Personal Data only for clearly defined operational, compliance and marketing purposes, as outlined below, in line with DUAA principles:

  • Maintain Our ML Business Database of UK business information;
  • Maintain Our 118 Business Database of UK business information;
  • Share to Our partners such as Our clients and sub processors;
  • Promote your business so that it can be found when searched via, for example, mapping, across major search engines and online directories;
  • Promote Our client’s goods and services which include by direct marketing by email, post, telephone and social media;
  • Trace individuals, verification and/or validation of the identify of individuals for the purposes, but not limited to, anti-money laundering regulations, national security, crime prevention and detection, anti-fraud processes, asset recovery and asset reunification;
  • Provide Our clients with Business Databases to enable Our clients to promote their goods and services;
  • Provide Our clients with services and goods including delivery and for the operation of client accounts;
  • Ensure that content from Our site is presented in the most effective manner for you and for your device;
  • Provide you with information, products or services that you request from Us or which We feel may interest you;
  • Carry out Our obligations arising from any contracts entered into between you and Us;
  • Allow you to participate in interactive features of Our service, when you choose to do so;
  • Monitor entry and exit of Our premises via Our door swipe access systems;
  • Monitor and operate CCTV inside Our office premises (further information is available in Our CCTV Policy);
  • To prevent crime, prosecute offenders, or defend against legal action;
  • Carry out optional feedback surveys from time to time in online, paper or email format;
  • Carry out employee and other stakeholder training;
  • Conduct limited B2B business focused profiling to categorise businesses or business contacts by sector, size, role or purchasing relevance for segmentation and business classification purposes only. This does not produce legal or significant effects on individuals;
  • Monitor service quality for the purpose of customer experience improvement, timely support during interactions, and evidence-based coaching of employees;
  • Promote Our business so that it can be found when searched via, for example, mapping, across major search engines, across social media platforms and online directories;
  • Promote Our own goods and services which include by direct marketing by email, post, telephone, website and social media; and
  • To notify you about changes to Our service.

When contacting you for the above purposes We may do so by phone, post, email, social media or other electronic means, unless you tell Us otherwise.

IP Addresses

We may collect information about your computer, including where available, your IP address, operating system, location and browser type, for system administration and to report aggregate information to Our partners, sponsors or advertisers. This is statistical data in aggregated form about Our users’ browsing actions and patterns, and will not allow Our partners, sponsors or advertisers to identify you from such data.

Use of Cookies

Cookies are small, unique strings of code stored as files that are placed on your computer, mobile device or other device by a website, containing the details of your browsing history on that website. We use a cookies tool on Our website to gain consent for the optional cookies We use. In accordance with your selections from the cookies tool We use non-essential or optional cookies to monitor website usage and analytics, improve functionality (such as allow you to more easily find previously viewed content when you return), and improve security of the site. Cookies that are necessary for functionality, security and accessibility are set and are not deleted by the tool. We log and monitor such website use in line with your preferences and Our Cookie Policy.

You can refuse to accept all or some cookies by modifying settings within your browser (for guidance on how to do this visit https://www.aboutcookies.org/). However, if you block certain cookies you may be unable to access certain parts of Our sites.

Website Analytics

We use Google Analytics on Our website. Google Analytics is a web analytics service offered by Google that collects information about visitors and how visitors use Our website. Google uses the data collected to track and monitor the use of Our website service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the advertisements of its own advertising network. We use the information to compile reports and to help Us improve the website. We collect identifiable information including the number of visitors to the website, IP address, browser details, visitor location and demographics, where visitors have come to the website from and the pages they visited. We rely on consent (GDPR Art. 6 para. (1) (a)) as Our lawful basis for processing optional cookies and only collect the analytics information if you opt-in to the use of non-essential cookies and similar technology (your consent can be revoked at any time). For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy.

Email Cookies

We use a type of cookie called a hyperlink tracking or web beacon in some emails We send from Us or for and on behalf of Our clients. Email communications which contain hyperlinks, each have a unique tag so that when you click on a link you will be automatically redirected to Our server and the relevant webpage with logging of the click. This process enables Us to understand who has clicked through from an email to visit a website and We use this information to tailor messages to you. Email communications which contain a web beacon, include an invisible miniature image within the email message which reports your browser, location, IP address and when you open /re-open an email, interact with the email. They help Us to display emails in the best format for your device, understand your interaction with Our emails, and are used to provide analytics in order to improve Our future email communications.

Who We share your information with

We may share information, including Personal Data, with the following categories of third party suppliers of business to business goods and services, (which will allow your business to be found via online search engines or directories, and also by prospective customers) including:

  • Advertising;
  • Business identification and assessment;
  • Credit reference agencies;
  • Debt collection agencies;
  • Directories;
  • Employment and recruitment agencies;
  • Financial services firms;
  • Identity and Fraud Service Providers;
  • Insurance;
  • Online directory;
  • Online payment solution providers;
  • Marketing;
  • Marketing list providers;
  • Research organisations;
  • Retail and Commerce;
  • Utilities; and;
  • Waste Management.

Our use of Data Processors

We use a number of data processors to help Us with Our activities and share your information with such data processors. These suppliers include other companies in Our Group, UK hosted cloud PAAS and IAAS service providers, suppliers of SAAS applications (such as for record management, financial, file transfer and email campaign activities), professional organisations (such as those providing insurance, legal, financial, auditing, and health care services), and consultancy services (such as IT and risk management providers). We maintain a list of all sub processors and typical data recipients, which is available on request.

Other organisations We share personal data with include, organisations We are legally obliged to share Personal Data with, emergency services (where necessary), debt collection agencies, other relevant third parties such as HMRC.

Transfers of Personal Data

Where We transfer Personal Data outside of the UK/EEA, we implement appropriate safeguards such as the UK IDTA/Addendum and/or EU SCCs, conduct transfer risk assessments, and apply additional measures where necessary. When doing so, We comply with the UK GDPR, making sure appropriate safeguards are in place. Please contact Us for more information. A list of key hosting and support locations and Our current processors is available on request. Where necessary, Our data processors may share Personal Data outside of the UK. When doing so, they comply with the UK GDPR, making sure appropriate safeguards are in place.

Data Retention

We keep information in accordance with Our purpose-based Retention Schedule and with defined review points. We collect and store Personal Data for the purpose it was collected and for as long as We have a business need. Such as, Personal Data on Our 118 or ML Business Database is retained for as long as it is associated with a business that is included in the Business Database. For Our Business Database, We verify business contact information periodically and remove or update records when roles change. Where we learn that you are no longer associated with a listed business, We remove your contact details within 30 days.

Data Accuracy

To maintain accurate, reliable and up to date business information We operate scheduled data refresh cycles, apply multi source validation, and perform supplier due diligence checks. We apply scheduled refresh cycles to regularly verify whether you still work for the organisation listed in Our Database. We perform Supplier due diligence on all data providers, including audits of data provenance, contractual assurances on accuracy and lawful acquisition, and validation safeguards and automated inconsistency checks. If you notify Us of any change, We update records promptly. We promptly update records when inaccuracies are identified or notified to Us. We verify Our data periodically, for example , if We learn that you are no longer involved with a business that is listed in Our Business Database, We will remove your Personal Data from Our records. We apply suppression safeguards, so that once you request erasure or object to processing, We retain only minimal suppression data to prevent re acquisition from external sources. We prevent re acquisition of suppressed data by applying source blocking and match level suppression controls across all inbound data supply channels. These controls form part of Our Data Use and Access Act (DUAA) internal governance programme, designed to ensure traceability, auditability and responsible data stewardship.

Accountability and Governance

We operate a documented data governance framework under Our ISO/IEC 27001 and ISO/IEC 27701 certifications, including:

  • role based accountability for data stewardship;
  • regular Data Use and Access Act and other audits, data quality assessments and supplier oversight checks;
  • a maintained Register of Processing Activities (ROPA);
  • periodic risk assessments and DPIAs, including Our Business Database;
  • structured retention controls aligned to Our retention schedule and Data Use and Access Act principles.

How We keep your Personal Data Secure

We utilise appropriate procedures and technologies to protect your Personal Data from being accessed unlawfully, used or accidentally lost. Access to data is limited to those with a genuine need to access it. Those processing your information will do so only in an authorised manner and subject to a duty of confidentiality.

ML operates to an Information Security and Privacy Policy based upon a nationally recognised UK standard of Cyber Essentials and an internationally recognised standard of security (ISO/IEC27001:2022 Information Security Management System standard (external auditor BSI)). ML also operates to a Data Protection Policy based upon an internationally recognised standard for privacy (ISO/IEC27701:2019 Privacy Information Management System (external auditor: BSI)).

All electronic data is held on approved providers (see sub processor section) who hold international standards certification including ISO/IEC27001:2022, Cyber Essentials and Cyber Essentials Plus.

Information may also be held by other third parties as described in this Notice.

In the event of a data Security Breach or a suspected Data Breach We have procedures in place. We will notify you and any applicable regulator of a suspected Security Breach where legally required to do so. For further information please contact Our Data Protection Officer at customerservices@marketlocation.com.

Automated Decision Making and Profiling

We use automated tools to analyse recorded customer interactions for quality and training purposes. This may include profiling as defined under UK GDPR, but this does not result in solely automated decisions that produce legal or similarly significant effects.

Children’s Data

We do not provide services directly to children or collect children’s Personal Data.

Your Data Protection Rights

Under data protection law, you have rights to your information as detailed below:

Your right to be informed – You have the right to be told how We will use your Personal Data – which is set out in this Notice. We also may provide you with additional Privacy Notices when you provide Us with your Personal Data, such as when you become an employee or during recruitment.

Your right of access – You have the right to ask Us for copies of your Personal Data. We will supply the personal data you ask for as soon as possible but within 1 month, once We are satisfied of your identity with no charge. This is called a data subject access request. You can read more about this at the ICO’s webpage: https://ico.org.uk/for-the-public/getting-copies-of-your-information-subject-access-request/.

Your right to rectification – You have the right to ask Us to rectify Personal Data you think is inaccurate or to complete information you think is incomplete. You can request that We correct any inaccuracies in the Personal Data that We hold concerning you if you believe Our records are inaccurate. You can read more about this at the ICO’s webpage: https://ico.org.uk/for-the-public/your-right-to-get-your-data-corrected/

Your right to erasure – You have the right to ask Us to erase your Personal Data in certain circumstances which is also referred to as the right to erasure (to be forgotten) (e.g. to have your Personal Data erased or deleted from Our Business Database). Where you have requested this We will keep some limited information in order to ensure that your data is not re-acquired in the future. You can read more about this at the ICO’s webpage: https://ico.org.uk/for-the-public/your-right-to-get-your-data-deleted/

Your right to restriction of processing – You have the right to ask Us to restrict the processing of your Personal Data in certain circumstances: because there is some disagreement about its accuracy or legitimate usage. You can read more about this at the ICO’s webpage: https://ico.org.uk/for-the-public/your-right-to-limit-how-organisations-use-your-data/

Your right to object to processing – You have the right to object to the processing of your Personal Data in certain circumstances: for direct marketing purposes and Our legitimate interests, and We must stop, unless We can demonstrate a compelling legitimate ground for processing that overrides your interests, rights and freedoms. Where you have requested that We do not send you direct marketing materials We will keep some limited information in order to ensure that you are not contacted in the future. You can read more about this at the ICO’s webpage: https://ico.org.uk/for-the-public/the-right-to-object-to-the-use-of-your-data/

Your right to data portability – You have the right to ask that We transfer the Personal Data you gave Us to another organisation, or to you, in certain circumstances, and in a structured, commonly used and machine-readable format and/or transmit that data to a third party. You can read more about this at the ICO’s webpage: https://ico.org.uk/for-the-public/your-right-to-data-portability/

Right not to be subject to automated decision making including profiling: The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. You can read more at the ICO’s webpage: https://ico.org.uk/for-the-public/your-rights-relating-to-decisions-being-made-about-you-without-human-involvement/

Right to withdraw consent – When We use consent as Our lawful basis you have the right to withdraw your consent. You can read more at the ICO’s webpage: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/lawful-basis/consent/

Your right to make a data protection complaint to Us – You have the right to complain to Us if you think We have not handled personal information responsibly and in line with good practice. You can complain to Us about how We handle yours or other people’s information; if We have not properly responded to your request for your personal information; We are not keeping information secure; We hold inaccurate information about you; We have disclosed information about you; are keeping information about you for longer than is necessary; have collected information for one reason and are using it for another purpose; or have not upheld any of your data protection rights. You should give Us a chance to sort things out before bringing a complaint to the Information Commissioner. We have one month to respond to your complaint or request. You can also ask Us for clarification of any response We have provided. You can read more about this at the ICO’s webpage: https://ico.org.uk/for-the-public/how-to-make-a-data-protection-complaint/.

To make a data protection rights request, please contact Us using the contact details below. You do not usually need to pay a fee to exercise your rights. If you make a request, We have one calendar month to respond to you.

Please contact Us at customerservices@marketlocation.com or telephone 01926450388 or by post at Customer Services, 62 Anchorage Road, Sutton Coldfield, West Midlands B74 2PG if you wish to make a request.

You may also wish to view the UK Information Commissioner or Information Commission’s Office (ICO) guidance on individuals’ rights under the General Data Protection Regulation.

How to Raise a Concern about your Personal Data

We hope that We can resolve any query or concern you may raise about Our use of your information. If you have any concerns about Our use of your personal data, you can make a complaint to Us using the contact details at the top of this Privacy Notice.

If you remain dissatisfied, the UK GDPR gives individuals the right to raise a concern with the supervisory authority in the event that We are unable to satisfy your concerns. The supervisory authority in the UK is the Information Commissioner / Information Commission.

You can contact the Information Commissioner / Information Commission’s Office at:

Website: https://ico.org.uk/make-a-complaint/

Address: Information Commissioner / Information Commission’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK95AF

Telephone: 0303 123 1113.

Changes To This Privacy Notice:

We may update this Privacy Notice from time to time. We will notify you of any changes by posting the new Privacy Notice on this page and so you may wish to check this webpage occasionally to ensure you are still happy to share your information with us. Where possible when We make any significant changes, We will inform you via a notice on Our website and, or within Our email footers. Where it is practicable, We will notify you directly.

We encourage you to review this Notice periodically to be informed of how We use your Personal Data. Changes to this Privacy Notice are effective when they are posted on this web page.

The Version Details of this Privacy Notice are version 1.16 with a version date of 11th February 2026.

When appropriate We will provide a ‘just in time’ notice to cover any additional processing activities not mentioned in this document.

How to Contact Us:

Please contact Us via Our Customer Services Team if you have any questions about this Notice, Our other Privacy Notices or the information We hold about You. You can contact Customer Services at:

You can contact Customer Services at:

Email Address: customerservices@marketlocation.com

Telephone: 01926450388

Postal Address: Customer Services, 62 Anchorage Road, Sutton Coldfield, West Midlands B74 2PG