Digital solutions privacy notice - Moata

We may collect, use and store the following types of personal information (for our own purposes) as part of the digital solutions we provide:

• Personal identification: Name, job title, company
• Contact information: Email
• Moata and related digital solutions usage (collected using cookies and similar technologies): Identification numbers, location, IP address, cookies and similar technologies, device ID, pages visited and solutions used, language used. See our Online tracking technologies privacy notice for further information about cookies and other similar technologies that we use
• Account login information: Login ID, other information used to access and/or secure our digital solutions
• Any other information that you volunteer: Feedback, opinions, information provided in comments, support requests or other conversations (eg Moata Community and Moata Support)

Below is a non-exhaustive overview of the categories of personal information that we may process on behalf of one or more of our clients. This information will depend upon each client’s need and the purpose of their specific project. You should direct your privacy enquiries, including any requests to exercise your privacy and data protection rights, to our client directly.

• Personal identification: Name, title, gender, nationality
• Contact information: Email, phone number, address
• Moata and related digital solutions usage (collected using cookies and similar technologies): Identification numbers, location, IP address, cookies and similar technologies, device ID, websites visited, language used
• Account login information: Login ID, other information used to access and/or secure our digital solutions
• Property or asset information: Land or property ownership information, photographs and/or footage of your property as part of surveys or other client project related activities, details of other property owners
• Project related information: Surveyor qualifications, registrations and experience, work tasks, project labour costs, project progress and assessment
• Any other information that you volunteer: Feedback, opinions, information provided in survey and questionnaire responses, emails and letters or other conversations

Most of the personal and non-personal information that is processed in our digital solutions is provided to us by our clients and/or third parties. For example, in the Moata Land Management digital solution, clients usually instruct us to collect information about landowners and their land from sources such as the relevant authorities (eg HM Land Registry in the UK), third party surveyors, third party information verification services (eg LexisNexis TraceIQ in the UK), and responses to landowner questionnaires or surveys. 

In general, we process personal information in our digital solutions to provide our services to our clients under their instruction and in accordance with the lawful basis that they have deemed applicable.

Where we process your personal information for our own purposes, we will process personal information as part of providing our digital solutions in our legitimate interest to manage our relationship with our clients, promote our services to our clients, and to develop and improve our services and digital solutions. We may also need to process personal information to fulfil legal or regulatory requirements associated with these purposes. Some of the grounds for processing may overlap and there may be several grounds which justify our use of personal information.

Manage our relationship with our clients:

• Business relationship / account management
• Project management and support
• Project invoicing
• Responding to queries and other communications

Promote our services to our clients and prospective clients:

• Send promotional communication via email, post, and social media
• Analyse usage of our digital solutions to identify enhancements or other digital solutions that may be of interest

Compliance with legal obligations arising out of the appointment process: Disclosing personal information to government institutions or supervisory authorities as applicable in all countries in which Mott MacDonald operates, such as record-keeping and reporting obligations, compliance with government inspections and other requests from government or other public authorities, responding to legal processes such as subpoenas, pursuing legal rights and remedies, and managing any complaints or claims

Responding to any legal claims: Establishing, exercising, or defending our legal position

Where we process your personal information on behalf our client(s), we are instructed to collate and analyse personal information to meet their purpose(s). For example, our Moata Land Management digital solution is used by clients to:

• collate and store publicly available information about the land and the legal landowners;
• access information about the surveyors on the project and organise/manage planned surveys;
• create and send landowners communications, surveys, questionnaires, letters, etc; and
• analyse the information collected and produce reports for various purposes.

Where we process your personal information on behald of our client(s), we will only share your personal information with our client and any third parties that the client authorises. 

Personal information processed for our own purposes and during our business activities may be shared, used, handled and otherwise made available to Mott MacDonald entities, service providers, and third parties when it is necessary and proportionate to do so. We may share, provide access to, and transfer your personal information:

Within Mott MacDonald as appropriate to provide our services and to effectively maintain our business.

Our third party services providers who help us communicate with you and deliver our programmes, products, information and services, support our technology systems and infrastructure, or manage access to our work premises and facilities.

An acquiring company if the structure of our business changes. For example, if we merge, combine or divest a part of our business, then we may need to transfer your personal information to the relevant third party or restructured organisation.

Regulatory authorities or law enforcement agencies if we need to comply with their request for information, such as where an investigation is being carried out.

When we need to share your personal information with these third parties, we use a combination of contractural, physical and technical measures to keep it secure. To protect personal information that is transferred internationally, we ensure that appropriate safeguards are in place and that your privacy and data protection rights are protected. Those safeguards will normally include data encryption, role-based access permissions, and legal agreements that facilitate the lawful cross-border transfer of personal information. Please refer to our Group policies for more information. 

Please note that we will never sell your personal information to a third party for any purpose.

We are not responsible for the privacy or information security practices of our clients, which may differ from our information security practices stated below.

We work hard to maintain and improve security measures that prevent personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Where we process your personal information for our own purposes, we limit access to personal information to individuals or organisations who have a legal right of access (for example, regulatory authorities or law enforcement agencies) or a legitimate business need to know (for example our project teams), suppliers and service providers or other third parties. Where we process your personal information on behalf our client(s), we limit access to personal information to the individuals who need it to perform their roles and the third parties approved by our client(s).

Our service providers and suppliers will only process personal information under our instructions, and we ensure that all third parties are subject to a legal duty of confidentiality. 

All Mott MacDonald People, including employees and temporary workers, are required to complete mandatory privacy and data protection training on an annual basis. This includes Moata and related digital solutions developers, account management, project teams and any other colleagues who may be required to access your personal information when carrying out their duties.

Please also see our Information security and Privacy and data protection Group policies for more information.

Where we process your personal information on behalf our client(s), we will delete your personal information in line with their instruction.

Where we process your personal information for our own purposes, we will only retain personal information for as long as reasonably necessary for the purposes set out in this notice. In certain cases (where required by law) we may need to keep your personal information for an extended period of time (for example, for financial audit, litigation or dispute purposes). If you have an account with one of our digital solutions, the retention policy for your account information can be found in the solutions documentation.

When your personal information is deleted or destroyed, we ensure that it is safely and permanently disposed of in accordance with any local legal requirements.

Where we process your personal information on behalf our client(s), who has directed you to one of our digital solutions or services, please direct your privacy enquiries, including any requests to exercise your privacy and data protection rights, to them directly. If you have an account with one of our digital solutions, our client will be identified in each project area. If you are responding to a survey or questionnaire invite, our client will be identified in the communications you receive from us. If you need any help identifying the client please contact Moata Support for support.

Where we process your personal information for our own purposes, Mott MacDonald gives you control over your personal information. We respect your rights over your personal information, which are set out below:

• Right of access to your personal information. This enables you to request a copy of your personal information and to check that we are processing it lawfully.
• Right to correct the personal information that we hold about you. This enables you to ask us to amend or update any incomplete or inaccurate personal information
• Right to request erasure of personal information about you. This enables you to ask us to delete or remove personal information where there is no valid reason for us to continue processing it.
• Right to object to the use of your personal information if you think we do not have a valid reason to process it and want us to stop processing it.
• Right to restrict further use of personal information about you. This enables you to ask us to limit or suspend the use of your personal information (for example, if you want us to confirm its accuracy or the reason why we are processing it).
• Right to transfer personal information about you to another party. You can ask us to send (or "port") your personal information to another organisation.

You can exercise these rights at any time by initiating a request via privacy@mottmac.com. There may be occasions where we need to collect personal information from you, such as your name and contact details, to verify your identity before responding to your request.

We will handle your request carefully and respond to you within any applicable statutory deadline (for example, in the UK and EEA, we will respond to you within one month from the date we receive your request and in California, we will respond to you within forty-five days from the date we receive your request). If there is a lawful reason to extend this deadline, then we will let you know as soon as possible.

If you choose to exercise any of your rights set out above, then please be assured that we are committed to treating you fairly and ensuring non-discriminatory treatment.

Please also note that the extent to which you can exercise your rights may be limited by the rights and interests of others (for example, where we are unable to delete all your personal information due to our regulatory obligations). If this is the case, we will let you know without undue delay.

If you have any questions about our digital solutions or services, please contact Moata Support for further information.

If you have questions about our processing of your personal information on behalf of a client, who has directed you to one of our digital solutions or services, please contact them directly. If you have an account with one of our digital solutions, our client will be identified in each project area. If you are responding to a survey or questionnaire invite, our client will be identified in the communications you recieve from us. If you need any help identifying the client, please contact Moata Support for further information.

Alternatively, if you have any concerns about this privacy notice, or how we have used your personal information, please contact our Privacy and Data Protection Team at privacy@mottmac.com. If you are located in Singapore, you can also contact us by calling 6293 1900. If you are a resident of California, please contact privacyamericas@mottmac.com or dial 925.469.8010.

If you are unhappy with how we have used your personal information, you can register a complaint with the data protection regulator in the country, state, or province where you are located.