About GDPR and Multi Me

Data protection laws have changed. Here's what GDPR means for Multi Me and you.

On 25th May 2018, the General Data Protection Regulation (GDPR) came into effect across the European Union. This regulation enhances the rights of individuals in the EU regarding their personal data and imposes stricter rules on organisations that process such data.

Here’s what the new law means:

• Enhanced Rights: Individuals have greater control over their personal data.

• Stricter Rules: More stringent requirements for organisations that handle personal data.

• Covers All Records: Applies to both paper-based and digital records.

How Multi Me Complies with GDPR

At MULTI-ME Ltd., we’ve always prioritised giving users control over their information. We fully support the new GDPR law, which fosters transparency and provides individuals with more control over their personal data.

Multi Me is GDPR compliant:
We’ve always taken privacy and data security seriously. We don’t use or sell personal data, and because of our strong existing privacy practices, we’ve only needed to make a few changes to comply with GDPR. Visit the Changes We Have Made section for more details.

While the new law requires data processing contracts to include specific provisions, we encourage you to review our updated Data Protection & Privacy Policy. It provides in-depth details about how we protect and handle data and should answer any questions you may have.

Responsibilities Under GDPR

Our Customers’ GDPR Responsibilities:
Our customers (schools, colleges, care providers, local authorities, etc.) act as Data Controllers for the information they store on Multi Me. As Data Controllers, they are responsible for determining what data is stored, how it’s used, and when it’s deleted.

At Multi Me, we, along with our third-party partners like Amazon Web Services (AWS), act as Data Processors. This means that we handle data based on instructions from our customers and cannot use or share it without their consent.

As a customer, you have specific duties under GDPR. These include creating and maintaining a privacy policy that explains how personal data is stored, why it’s stored, and how long it’s retained. You can find further guidance on the Information Commissioner’s Office (ICO) website.

Your Duties as a Data Controller:

• Ensure you understand your GDPR responsibilities.

• Write and maintain a privacy policy for the data you collect.

• Be transparent about your data processing practices.

Our Privacy Policy and Terms & Conditions provide the information you need to meet your obligations.

Key Facts for Individuals Whose Data Is Stored on Multi Me:

1. Data Controllers (our customers) decide what data is stored, how it’s used, and when it’s deleted. Multi Me only processes data based on their instructions.

2. We never use customer data for marketing or any purpose outside of fulfilling customer requests or maintaining our services.

3. Data sharing is only done if our customers instruct us to, such as transferring data to another provider (e.g., a new school). Although we use subcontractors to process some data (see Third-Party Providers), we hold them accountable and restrict their data usage.

Useful Links

• A Guide to GDPR and Using Multi Me

• Pupil Consent Form for Schools and Colleges

• Your Rights under the GDPR (ICO)

• The UK Information Commissioner’s Office (ICO)

Contacting Us

If your data is stored on Multi Me and you have a question, please contact the organisation responsible for adding your data (school, provider, carer, etc.). They can forward your query to us if needed.

For any other enquiries, you can reach us at:

MULTI-ME Ltd
2 Bittam Wood Cottages,
Woodend Lane,
Nailsworth, Gloucestershire, GL6 0RH
Email: privacy@multime.com