Privacy Policy

At MASS we take your privacy seriously and this privacy statement explains what personal data or information we collect from you and from people who visit our website and how we use it.  We would encourage you to read the list below and click on ‘learn more’ if you would like more information on a specific topic.

We may change this information from time to time, so please check this page occasionally to ensure you’re happy with any changes.  This privacy statement was last updated on 21 August 2024.

If you have any questions regarding this statement and our privacy practices, please contact us by email dpo@mass.co.uk or by post at MASS Data Protection Officer, Enterprise House, Great North Road, Little Paxton, St Neots Cambridgeshire, PE19 6BN. Alternatively, you can telephone us on +44 1480 222 600.

Contents

Who are we?

MASS is a registered company (1705804) our registered office address is Enterprise House, Great North Road, Little Paxton, St Neots, Cambridgeshire, PE19 6BN. MASS is a registered data controller.

In this document, ‘We’, ‘Us’, ‘Our’ or the ‘Group’ includes MASS or its parent company Cohort plc.

What personal data or information do we collect?

The personal information we collect may include:

Identity dataFirst name, last name, title, job title
Contact DataBilling/contact address, delivery address, email address, telephone numbers
Financial DataBank account, billing and payment details
Contract DataDetails about contract agreements or proposed agreements between us
Transaction DataDetails about payments to and from you. Details of products and services you have purchased from us or supplied to us
Profile DataPurchases or orders made by you, feedback and survey responses
Technical DataInternet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website
Usage DataInformation about how you use our website, products and services
Marketing and Communications DataYour preferences in receiving marketing communications from us and/or our third parties, and your communication preferences

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

How is your personal data or information collected?

We may collect data or information about you when you:

How is your information used?

We collect your personal data or information to operate our business effectively and provide you with the best information on the products and services from MASS.

We may use your information:

We believe that all these purposes are justified on the basis of our legitimate interests in running and promoting our business, the contractual obligations to deliver products and services to you, and our legal obligations as appropriate.  We may also use your personal data to send you information, such as an email news update which you have signed up to receive and can opt-out from at any time.

Purpose/activityType of data heldLength of time data heldHow data held
As a client or agent of MASSIdentity data
Contact data
Contract information
Financial information
Transaction data
Information and documents relating to the products / services we are providing, including communications with you
Your communications & marketing preferences
6 years after expiry of contractBusiness administration and communications systems held on secure UK servers
Prospective clients of MASS (for example during a bid or tender process)Prospective clients of MASS (for example during a bid or tender process) Identity data
Contact data
Contract information
Financial information
Information and documents relating to the products / services we are discussing. including communications with you
The lesser of 6 years or when the warranty expiresBusiness administration and communications systems held on secure UK servers
Suppliers of products & services to MASSIdentity data
Contact data
Contract information
Transaction data
Information and documents relating to the products / services you are providing, including communications with you
6 years after expiry of contractBusiness administration and communications systems held on secure UK servers
Current or prospective trade/commercial partnersIdentity data
Contact data
Names of Shareholders
Company Director details, including CVs & contracts
Commercial information, including supplier & customer contract details
Information and documents relating to negotiations including communications with Advisors
As specified by the relevant Non-Disclosure AgreementBusiness administration and communications systems held on secure UK servers
Charitable organisations supported by MASSName
Contact information
Financial information
Information and documents relating to the support we are providing, including communications with you
6 yearsBusiness administration and communications systems held on secure UK servers
Website visitorTechnical data
Usage data
30 days Google Analytics
Job applicantsIdentity data
Personal data
Sensitive personal data
CVs
6 years after expiry of contract.

12 months if unsuccessful with application.
Our current and former staffPlease refer to our Staff Privacy PolicyEmail DPO@mass.co.uk if you require a copy.

Who has access to your information?

We do not sell or rent your personal data or information to any third party or share your information with third parties for their marketing purposes.

We will disclose your data or information if required by law, for example by a court order or for the prevention of fraud or other crime.

We may pass your information to our parent company Cohort plc for the purposes of providing you with relevant information about their products and services, or to enable discussions about co-operative working for mutual benefit.

We may pass your information on to our third party service providers, professional advisors, agents or subcontractors for the purposes of completing a task or providing services to you on our behalf. Additionally to HM Revenue & Customs, regulators and other authorities acting as processors based in the United Kingdom who require reporting of processing activities in certain circumstances.

We disclose only the personal information necessary to deliver that service and have a contract in place that requires them to keep your information secure and not to use it for their own marketing purposes. When you are giving your personal data or information to the relevant third party this will be made very clear. They may then be acting as the data processor of your information for this purpose and therefore we advise you to read their Privacy Policy which will be clearly displayed at the point of data collection.

Third party service providers who act as data processor on our behalf

Google AnalyticsWeb analyticsIP addressLink to privacy policy
WordPressWebsite providerIdentity and contact dataLink to privacy policy
EployTalent acquisition formIdentity, contact data, CVLink to privacy policy
InvestisRNS service providerName/email addressLink to privacy policy
EquinitiShareholder servicesIdentity, contact, financial and transactional dataLink to privacy policy
InvestecNominated adviser shareholder servicesIdentity, contact and transactional dataLink to privacy policy

Transfers outside of the European Economic Area

Your personal data or information in the European Economic Area (EEA) is protected by data protection laws, but other countries do not necessarily protect your personal information in the same way. The EEA covers all countries in the EU plus Norway, Liechtenstein and Iceland. Some of the third party providers we use to help us manage our business and services may involve data transferring to the United States or other countries outside of the EEA.

We use the following third party online tools which may involve your data being processed outside of the EEA:

Google Analyticsweb analyticsIP addressLink to privacy policy

Your choices and rights

You have a choice about whether or not you receive marketing communications about the innovative products and services available from MASS. We will not contact you for direct marketing purposes by post, email, phone or text message if you indicate to us that you wish to opt out of receiving such communications.

As an individual whose personal data is processed by MASS you have these rights:

How you can update your information

The accuracy of your information is important to us. You can change your marketing preferences, unsubscribe or opt-out from receiving communications from us by contacting us at any time.
If you change your email address or if you want to update any of the information we hold on you, please email us DPO@mass.co.uk or write to us at MASS, Enterprise House, Great North Road, Little Paxton, St Neots, Cambridgeshire, PE19 6BN. Alternatively you can telephone us on +44 01480 222600.

How you can access your personal information

You have the right to ask for a copy of the personal information MASS holds relating to you.  To do this please contact DPO@mass.co.uk or write to us at MASS, Enterprise House, Great North Road, Little Paxton, St Neots, Cambridgeshire, PE19 6BN. Alternatively you can telephone us on +44 01480 222600.

You also have the right to lodge a complaint about our processing of your personal data with the UK’s Information Commissioner’s Office https://ico.org.uk.

Keeping your data secure

When you give us personal information we take steps to ensure that it’s treated securely and strive to protect it on our internal systems and our secure server systems encrypt your information. 

Contacting us via email

We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

Link to other websites

Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

Cookie policy

You can read our cookie policy here.

Proud to be associated with