Privacy Policy



Table of Contents

 1. Importance of MMAAS Ltd in protecting the information

2. Ways of Data collection.

3. Procedures for Data collection.

4. Utilisation of personal data.

5. Disclosure of information.

6. International transfer

7. Information (Data) Security.

8. Retention of data.

9. Legal rights of the customers.

10. GDPR statement

11. Glossary.




1. Importance of MMAAS Ltd in protecting the information

MMAAS Ltd. is responsible for safeguarding personal information of their clients and has taken necessary actions to comply with latest GDPR regulations. We try to benefit our customers with provisions of guarantee of proper data handling. The company follows certain privacy policies to safeguard important confidential data of its clients and all stakeholders. This involves offering of an ethical promise to their clients and stakeholders that the company will protect their private information.

Purposes for providing the guidelines about our privacy policy

The present privacy notice attempts to offer the customers the required information on our company procedures for data accumulation and processing. The clients entrust MMAAS Ltd. with their personal information through company website or other engagements in person. Hence, it is essential for the clients to read the privacy notice along with additional notices for fair processing. We provide relevant circulars in the processes of data accumulation. This is done to ensure that the clients are aware of the reasons of data being used. The present privacy notice acts as a supplement to additional notices and there is no intention of data overriding.

Managing and organising the data

The next process of personal data accumulation from clients involves appropriate organisation and maintenance of data by the company to maintain privacy of the clients. We, as an information safeguard company, take help from our experienced managers to maintain personal data and its privacy, on the behalf of our clients. High-level managers are responsible for maintaining the consistency in protecting the information. If in case, the client possesses a doubt rendering to ethical and efficient privatisation of their data, they can exercise their legal rights as and when needed.

MMAAS Ltd is also known as MMAAS Ltd, which is a Trading name that is used at time when appropriate. The clients of MMAAS Ltd have the right to make any grievance related to data protection issue to the Information Commissioner’s Office. MMAAS Ltd request their clients to contact them in the first instance if there is any issue related to data protection.

Modification of the privacy notice

The present version of legal and subsidiary notice is last updated on 25th June 2018. It is essential that the personal information held by the company is current and accurate. Clients are requested to keep the company informed in case of any modification of their personal information during the service period.

Others website

MMAAS Ltd make aware to its clients if within the website the client clicks on any other links which may allow the third party to get the access of the data. In this case the company is not in control of the aforementioned links or websites and cannot be held responsible for any misuse or data breach.

2. Ways of Data collection

MMAAS Ltd collects the personal data, information of an individual in a specific way by which a person can be identified. This process is implemented with the help of specific accumulation, preservation and utilisation techniques; the most preferable being data collection over the World Wide Web.

  • Identification of the information: This amounts to the initial step of data collection and that involves the documentation of background information like names. age, gender of the client.
  • Contact information: The next step involves the collection of necessary contact information of the customer such as a contact number, home address and a email address.
  • Professional background: The information of the professional background is collected to understand in depth the background of the individual and the individual’s business.
  • Technical information: This step involves the collection of technical data that informs the clients about the technology used during the terms of service. MMAAS Ltd records internet protocols address and web browsers that are used by the clients to access the website of MMAAS Ltd. This helps us to enhance the user experience on the website.
  • MMAAS Ltd also collects the information from communication reference and marketing references of the clients.

In addition to the steps mentioned above, MMAAS Ltd is responsible for the processing of information accumulation. These protocols are usually applicable during statistical and demographic record collection.

MMAAS Ltd. refrains from the collection of specific personal data. This involves documentation of religious or political preferences, biometric data, lifestyle choices, and sexual preferences. This is because the company aims to prevent the misuse of sensitive data of their clients.

Failure to provide the data

There must be a number of cases where MMAAS Ltd may have to retrieve personal data under the action of the law. A similar event can take place if it is listed under the contract terms that has already been formulated between the client and MMAAS Ltd. If the client fails to supply the requested information, the company must not be liable to perform the above-mentioned contract. An example can be cited in the case that includes a client’s inability to provide private information to MMAAS Ltd. In such an event, the company can cancel the requested services. However, in all instances, MMAAS Ltd. will always notify the client if a termination of contract occurs.

3. Procedures for Data collection

MMAAS Ltd uses different procedures for the data collections from its clients, which are as follows:

  • Direct communication: Direct communication is mainly applicable when MMAAS Ltd needs to retrieve the identity, contact information and professional dossier through several forms. In addition to this correspondence between clients and the company can occur through phone, mails, or meetings. This type of communication is mainly applicable when the personal information supplied by the client is viable for an enquiry, or the company wants to request marketing consent from the client.
  • Interactions through a digital platform: MMAAS Ltd. also collects the information of its clients by recording the technical data. The interaction between the client and the website allows MMAAS Ltd. to accumulate required technical data about gadgets, devices and browsing patterns. The cookies installed on the website is used to collect such data.

4. Utilisation of personal data

MMAAS Ltd is an organisation, which abides by the law in UK, MMAAS can only use the personal information if it is allowed by law.

MMAAS Ltd mostly uses the personal information in the following situations.

  • In the case where the company needs to implement the contract with its customer
  • In case where it is critical to safeguard the legitimate interests of the stakeholders or an authorised third party, within the boundaries of fundamental rights
  • In the case where the company is required to comply with a regulatory or legal obligation

The purpose of using the information

A table has set by the MMAAS Ltd where it will show the causes for using the personal data. Here we will describe our individual plans for utilisation of personal data. This must be noted that MMAAS Ltd must use the client’s personal information on different legitimate grounds due to specific purposes. If you have, any query related to the legal grounds of your data processing, clients could contact us. The below table displays the several grounds on which we rely on, for the processing of personal data.

Purpose Type of Information Lawful basis in order to process personal data
Responding to a enquiry – One can submit the query on the official website or contact via phone or email ●       Identification

●       Contact

●       Professional

 Performance of the developed contract with client
In order to protect and administer the website and business These protections involve data hosting, reporting, support, system maintenance, testing, data analysis and trouble-shooting. ●       Identify

●       Contact

●       Digital technology

This is essential for the legal and legitimate interests. These legitimate interests include exercise of group restricting, business reorganisation, prevention of fraud, provision of network security, IT services and delivery of administration.
Use of data analytics for the improvement of product and service improvement, experience, customer relationship and website ●       Technical

●       Usage

(b) Legal obligations must be complied with. This is essential for legitimate interests. (This involves definition of customer types for different services and products, keeping the website relevant and updated and even n informing the specific marketing strategy.
To deliver recommendations and suggestions regarding services in which you might be interested ●       Identity

●       Contact

●       Technical

 For the legitimate interests we must comply this. (for ensuring business growth and service and product development)
To deliver professional services to clients ●       professional  Contract based performance with client
To deliver suggestions and recommendations regarding the services in which you are interested ●       Identify

●       Contact

●       Communication and marketing



Table 1: Factors influencing data application of MMAAS Ltd

Marketing Strategies and related policies

MMAAS Ltd always ensures the maintenance of quality standards that attempts to offer the customers with a wide options of choices. These choices pertain to the spheres of specific usability of private data. The ethical application of personal information often involves the use of third party advertising and marketing. We can apply the personal identity and contact information of our clients to provide a perspective on the marketing spheres. Use of technical communications can formulate significant views on customer and company viewpoints. These perspectives do not necessarily classify in an identical category. A wider area of information can be applicable to form an interest for the client. This is a marketing method for us to recommend to you further services based on the information that you provide during several activities over the World Wide Web. Clients may receive specific modes of marketing communications on their request of information. In case the client wants to opt out of receiving these emails, they can request MMAAS Ltd or the third-party service providers to refrain from sending the aforementioned marketing messages.

Cookie policy

Cookie is considered a small piece of file that needs permission while placing in the hard drive of your computer. After your confirmation, the cookie will be placed in your computer and allow assessing the web traffic. It also ensures how much time you spend on a specific website. Cookie will help you to get response from web application as a specific individual. This web application contributes in formation of its operations by considering your choices and preferences. We utilise traffic log cookies for identifying the web pages that are used. This contributes in analysing presented information in the concerned page so that the content can be modified according to the customer demands. The data is deleted from the system after doing its statistical analysis. Majorly a cookie helps in finding better websites. This is being done by identifying which pages are necessary and which one is not. Based on your demand, you can ask to stop all browser cookies and set alert for assessing cookies. It must be noted that if you disagree to accept cookies then some of the pages may not accessible or may not perform appropriately.

Change of Purpose

We ensure that we will be using your personal data only for the sole purpose for which it was collected. In case we use for some other purpose we will ensure that the reason is compatible with the original purpose of collection. In case you are eager to have an explanation as to in which manner the processing of the new purpose is not compatible to the original purpose, please feel free to contact us.

5. Disclosure of information

In accordance with the purposes set out in the table in the paragraph 4 above, we are bound to disclose your personal information with the parties mentioned below.

  • As per the information provided in the Glossary, the consideration of the External third Parties.
  • These third parties contribute in the events that of the parts of our business operations, that of sales, our existing business assets or transfer. In addition to this approach, another alternative approach might be the merger with another business to acquire some other business. As per the guidelines of this privacy note, in case of any changes occur in to our business, and then the new owners might use such personal data in a similar manner. This use of the personal data has been laid out in the privacy notice.

The third parties are required to respect and consider the security of your personal data and use them as per the guidelines of the law. We prevent and do not allow our third-party service providers to use your personal data for their own benefits and purposes. We strictly permit to use them in order to process your personal data as per our instructions and with respect to specific business purposes.

6. International transfer

Since most of our external third parties are not included in the European Economic Area (“EEA”), procedures and practices will involve a transfer of data outside the EEA this includes the processing of your personal data. In case of transfer of the personal data outside the EEA, some measures have been undertaken to safeguard the information effectively.

  • We may transfer your personal data to those countries only that have undertaken and can ensure an appropriate level of security related to the data. This protection needs to be in accordance with the protection measures as per the European Commission. Visit “European Commission: Adequacy of the protection of personal data in non-EU countries “ for detailed information.
  • In case of involving providers in US, we transfer data only to those that are part of the Privacy Shield. This ensures the providence of adequate protection to the personal data by the service providers as that provided in Europe and the US. Visit “European Commission: EU-US Privacy Shield” for further details.

In case of any further queries and information in relation to specific mechanism used by us with respect to the transfer of your personal data out of the EEA, please feel free to contact us.

7. Information (Data) Security

In order to prevent the accidental loss of your personal data, we have undertaken certain effective security measures. They are only allowed to process the “your personal data” on our permission and instructions as well as subjected to a duty of confidentiality. We have also laid down some guidelines and procedures for the inspection of any suspected breach of personal data. Moreover, we will also notify you of any such breach of personal data if occurred and any regulator of a breach in case we are legally liable to do so. In case you think that any or certain part of the procedure undertaken by us is not secure, please contact us .

8. Retention of data

We will be retaining your personal data as long as it is required to serve the purpose of its collection. This also includes the purposes of satisfying of any legal, reporting or accounting requirements related to it.

9. Legal rights of the customers

In a specific event, customers retain certain rights that comply with the laws of private data protection in the UK.


  • Request for accessing private information
  • Request for modifying private information
  • Request for erasing private information
  • Objection for personal information processing
  • Request for restricting the processing of personal information
  • Request for transferring personal information
  • Right of consent withdrawal


In case, the customers wish to perform the exercise of one or more aforementioned rights, calling the customer support helpline or by emailing us on Customers do not need to make any fiscal payment to retrieve their personal information. However, in case of unfounded, excessive or repetitive requests, a reasonable fee can be charged from the customers. The company also retains the right to deny compliance to the clients’ requests in undesirable circumstances.


Company expectations

We can make several specific requests to retrieve the necessary information from our customers. This can help us, as a company to retrieve and verify identity of the client. In addition to this, clients can ensure the right of accession in their personal information to access their data. We apply this intervention as a security protocol to make sure that personal information remains undisclosed to any third party who has no authorisation to retrieve it. The company can also ask for service-specific information to facilitate the delivery of service. MMAAS Ltd tries to provide the due response to all your legitimate requests. However, in some cases we may need longer than the regular 30 days service delivery. These events are applicable in case your request is significantly complex or have multiple requests involved. If such an event occurs, we will always establish proper communication with you and provide with all necessary information.

10. GDPR statement

A new standard guiding the companies as to how they can use the data as well as protect individual’s data have been set by the General Data Protection Regulation (“GDPR”). At Miranda Management and Accountancy Services, we undertake the procedures to use and hold your personal data with an utmost care. We also consider the GDPR as an opportunity to build a strong guideline and procedure to implement data protection for our clients and all our stakeholders. An update of our organisational operations and processes has been undertaken by us to meet with our commitment towards data protection. Moreover, we have also updated the engagement letters of our clients, modification of our existing policies and marketing consents to prepare for GDPR. This will be aiming to ensure we are compliant.

11. Glossary

Lawful basis

Legitimate interest is referred to the interest we take in ensuring our businesses provides a service to our clients that is of desired quality and standards. MMAAS Ltd. ensures balance and consideration of probable impact on the customers. In case of private rights, the company processes personal information to safeguard the welfare of customers. Use of personal information in miscellaneous activities is strictly prohibited by the company’s code of conduct. Clients can retrieve further data on possible assessment of their interests against potential effects. Contract performance refers to a data processing that is essential for optimum performance in a contract.


Extrinsic third parties: They are essentially the external stakeholders that use private information to provide the requested services to the customers.

Legal rights of the customers

  • Customers can access their private data as required. This practice is usually referred as Subject Access Request. This ensures that the client would receive copies of private information held by MMAAS Ltd. Furthermore, customers can also hold the company responsible in case of disparities in the information processing protocol.
  • Clients can request modification or correction of personal information that is retained by MMAAS Ltd. Clients can have any inaccurate or incomplete data submitted for alteration or correction. However, MMAAS Ltd. needs to verify the accuracy and reliability of the new information.
  • Clients can also request removal of their personal records in the case wherein they wish to discontinue the service. Customers also retain the right to ask for deletion of personal information in case of unlawful data processing. It is to be noted that MMAAS ltd may sometimes be unable to serve the request for removal for legal reasons. In such an event, these instances will be duly notified to the customers.
  • Object of data processing relies on legitimate interests of the customer or a third party. In case the client wants to object to the process of information accumulation, the issue will be dealt with in accordance with the fundamental rights and freedoms. The customer retains the right to oppose personal information processing for marketing.
  • Client can also ask to restrict the processing of their private data. MMAAS Ltd. would suspend processing of the above mentioned personal information in one of the given events.
    • If the customer wants to establish the accuracy of the data
    • If MMAAS Ltd. uses the information in an unlawful manner
    • In case the customer needs to accumulate irrelevant information to defend or impose legal claims
    • If the customer has objected to the application of information and the company needs to verify the lawful grounds
  • Customers can also request transfer of personal information to them or authorised third party. MMAAS Ltd. will offer the relevant information to any chosen source, as long as it is verified. The data would be structured in a machine-understandable format. This right is only applicable to automated data or during the formulation of a contract.
  • Clients can withdraw consent in case they feel that company is depending on consent for personal data processing. Nevertheless, it may not influence the legalisation of the processing before the withdrawal of consent by the customer. In case the client has already withdrawn consent, MMAAS Ltd may be unable to provide specific services or products.