This page refers to the Majestic GDPR Compliance Statement.
As the General Data Protection Regulation (GDPR) becomes effective on 25th May 2018, many of our business partners have asked Majestic-12 Limited for information regarding its processing of data including personal data. (Unless otherwise stated, any term defined in GDPR has the same meaning in this document).
With the intention of providing that information to our business partners, we have prepared this document to assemble in one place all information regarding processing which we think will be relevant and helpful in this regard.
We in turn will require similar information from our business partners in order to satisfy ourselves that in receiving personal data from or passing personal data those business partners, we are remaining compliant with GDPR.
At Majestic-12 Limited, we are internet cartographers. We are working towards the creation of a world wide web search engine based on concepts of distributing workload in a similar fashion achieved by successful products such as “SETI@home” and “distributed.net”.
Essentially, this means that we aim to map the world wide web. To do that, we produce a “web map”, conceptually similar to the map of a railway network, showing how the information on the web is linked together. This web map is made available to our customers via a specialist search engine containing a resolution of hypertext document titles and details of the hypertext links between documents.
The privacy and security of the personal information we process is very important to us and we are fully committed to achieving compliance with GDPR.
We have taken, and are continuing to receive, extensive and detailed legal advice to enable Majestic-12 Limited to remain compliant with applicable data protection laws. Our GDPR programme is well established and we will ensure our alignment on regulatory interpretation to enable delivery of GDPR compliance protecting individuals’ personal data and their related rights and freedoms including appropriate transparency of our data processing. Where applicable, we carry out privacy impact assessments.
We are developing a search engine scalable to billions of web pages but one of the biggest challenges we face in doing this is actually getting access to so many web pages. To help us, we have created a piece of software called MJ12node. The MJ12node software can be run on otherwise idle computers and combines machines from all around the globe to crawl, collate and then send back its findings to the master server. The crawled data will then be indexed and added to our search engine.
We do not actively seek out or target personal data in carrying out our web mapping activities as described above. However, we do look at and use hyperlinks and web page titles and those hyperlinks and web page titles could incidentally contain personal data. In processing personal data in this way, we rely on “legitimate interests” as our lawful basis for that data processing. In this context, our legitimate interest is our commercial business interests in the provision and development of our services. We consider that our processing of personal data in this manner has a minimal privacy impact and our processing is very unlikely to cause unjustified harm to data subjects.
We do not seek to collect or process any special categories of personal data (which includes details about an individual’s race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership or information about health including genetic and biometric data). Nor do we collect any information about criminal convictions or offences.
We limit our collection of personal data from our customers and we only collect the personal data that is absolutely necessary.
We may collect, use, store and transfer different kinds of personal data about our customers which we have grouped together follows:
We collect this personal data from our customers via our direct interactions with them.
We have set out below, in a table format, a description of the ways we plan to use personal data belonging to our customers, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
---|---|---|
To register new customers | (a) Identity (b) Contact |
Performance of a contract with the customer |
To process and deliver customers’ orders including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us |
(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications |
(a) Performance of a contract with the customer (b) Necessary for our legitimate interests (to recover debts due to us) |
To manage our relationship with customers which will include: (a) Notifying customers about changes to our terms or privacy policy (b) Asking customers to leave a review |
(a) Identity (b) Contact (c) Profile (d) Marketing and Communications |
(a) Performance of a contract with the customer (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) |
To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | (a) Identity (b) Contact (c) Technical |
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation |
To deliver relevant website content and advertisements to customers and measure or understand the effectiveness of the advertising we serve to customers | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical |
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) |
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences | (a) Technical (b) Usage |
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
To make suggestions and recommendations to customers about goods or services that may be of interest to customers | (a) Identity (b) Contact (c) Technical (d) Usage (e) Profile |
Necessary for our legitimate interests (to develop our products/services and grow our business) |
We have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. The measures we have put in place include (but are not limited to) the following:
In addition, we limit access to customers’ personal data to those who have a business need to know. They will only process customers’ personal data on our instructions and they are subject to a duty of confidentiality. We have also put in place procedures to deal with any suspected personal data breach and will notify data subjects and any applicable regulator of a breach where we are legally required to do so.
Due to the nature of our activity and the data we process, we are not required to have, and therefore, have not appointed a data protection officer. The person with responsibility for data protection is Paul Greenshields.
We may have to share personal data with third parties in certain circumstances. Please see our privacy policy for further information about this.
Sometimes we will transfer personal data outside the European Economic Area but we will only do so where such transfer is compliant with data protection laws and the means of transfer provides adequate safeguards, for example:
Please see our privacy policy for further information about this.
Under certain circumstances, data subjects have rights under data protection laws in relation to their personal data. Those rights include the right to:
If a data subject wishes to exercise any of the rights set out above, they should contact us by email at support@majestic.com, clearly marking the correspondence as GDPR.
Could we improve this page for you? Please tell us