HiveMTD Privacy Policy

HiveMTD Privacy Policy  (Revised on 01 June 2025)

Thank you for taking the time to read our privacy notice. We hope it answers your  questions, but if you need more information, please contact us at legal@hivemtd.com or  any local email address listed in Section 16. 

We understand that your privacy and the security of your personal data are important to  you, they’re important to us too. We design our business strategies, products, services,  websites, and apps with your privacy in mind. 

This privacy notice explains how we handle your personal data. It applies to you if you are: Someone who visits our websites 

  • A customer who has ordered or requested a product or service from us (including  trials) 
  • A user of our products or services (including trials) 
  • An employee, customer, or supplier of one of our customers who use our products  or services 
  • A vendor or an employee of a vendor providing services to us 
  • Someone whose personal data we’ve collected as described in Section 3,  including for marketing purposes (“Prospects”) 

Depending on where you live, additional regional information may apply to you. Please  check Section 16 for details on how we handle personal data in your area. 

We may update this privacy notice from time to time and will post the new versions on  our websites.

How to Use This Privacy Notice 

We encourage you to read this entire privacy notice, but we understand some sections  may be more relevant to you. To make it easier, we’ve divided it into sections. You can  click on any section to find the information that interests you most. 

1. Definitions 

In this privacy notice, certain words have specific meanings: 

  • Solutions: Our software products, features, services, and applications, including  any trials. 
  • Websites: hivemtd.com, mmcaservices.com, any linked pages, and any other  websites we control. 
  • You or your: The person reading this notice or anyone whose personal data we  process. 
  • We, us, our, MMCA Services, or HiveMTD: MM Consulting & Accounting Ltd and  its group companies (the Group). Depending on where you are, different  companies in our group may handle your personal data. You can find a list of these  companies on our website. 

2. How to Contact Us 

We have a Chief Data Protection Officer (DPO) and local privacy experts to help with any  privacy-related questions or requests. You can contact our local privacy experts or DPOs  using the details provided in Section 16 of this notice. If you’re unsure, please email us at  legal@hivemtd.com

3. Providing Us with Someone Else’s Personal Data 

If you give us personal data about someone else, you need to make sure you’re allowed  to share it and comply with any legal obligations. This might include explaining to them  why you’re giving us their data and what we’ll do with it and getting their consent if  required by law. We also recommend asking them to read this privacy notice. 

4. When We Collect Personal Data 

We may collect personal data about you or others, either directly or indirectly, as allowed  by law. We collect your personal data when: 

  1. You interact with us directly: This could be through our websites, Solutions,  forms (even if you don’t complete them), surveys, competitions, social media, or  when you contact us by phone, email, chat, fax, or mail. 
  2. You use our Websites and Solutions: We may collect data using cookies or  similar technologies (see our Cookie Policy for details).
  3. You or your organization provide services to us: We may collect basic personal  data about you, mainly professional contact details. 
  4. Third parties provide us with your personal data: This can happen when: We work with a business partner who knows you. 
  • Someone who uses our Solutions gives us your data. 
  • You use our Solutions that require us to get your data from a third party you’ve  authorized. 
  • You’re an employee of one of our customers, and your employer provides your  contact details. 
  • We receive data from government agencies, credit reporting agencies,  marketing companies, or social media platforms. 
  1. We acquire another company: If we buy a business that had a relationship with  you. 
  2. You participate in our events: When you attend seminars, training, or other  events we organize, either virtually or in person. 

5. What Personal Data We Collect 

We collect the following types of personal data: 

  1. Contact Information: Name, address (business or personal), email address,  phone number. 
  2. Billing and Payment Information: Payment details, amounts, dates, transaction  history, bank details, tax data, user details, identification documents. 
  3. Online Usage Data: Services you’ve viewed or searched for, response times,  errors, time spent on pages, interactions (like clicks and scrolling), username, IP  address, browsing history, passwords, device type, time zone, browser type,  social media profile info, device ID, location data, operating system. 
  4. Communication Preferences: Marketing preferences, interests, preferred  contact methods, consent records, business information like company name and  number of employees. 
  5. Organization Details: Workplace, job title, and work contact information. 
  6. Physical Access Data: Details of visits to our premises, CCTV images or  recordings, car registration data, event registration data, dietary requirements,  access needs, photos taken at our events. 
  7. Voice Recordings: When you contact us by phone or other voice platforms. 
  8. Correspondence: Any personal data you provide when contacting us (e.g.,  support requests, questions). 
  9. Data from Using Our Solutions: If you or your organization use our Solutions, we  may collect: 
  • MMCA Services IDs: Email address, password, phone number. HivePayroll, HiveMTD, and Accounting Products: Business details, contact  info, business type, registration info, payment details, transaction data, 

invoices, expenses, VAT details, payroll information, usernames, product IDs,  and data from integrations or added features. 

  • HR Products: Business details, contact info, images, payroll info, appraisals,  absences, holidays, disciplinary records, job and salary history, emergency  contacts, bank information, and data from integrations or added features. 
  • Zucodu: Background checks, beneficiary details, education and skills,  employment information, family and financial information, government IDs,  recordings, travel and expenses, feedback, insurance details, marital status,  memberships, user account info, workplace welfare, and data from  integrations or added features. 
  • Enterprise Resource Planning and Automation: Company names,  registration numbers, addresses, bank details, contact info, payroll info,  employee details, authentication details, inventory, orders, warehouse  information, and data from integrations or added features. 

6. Why We Process Your Personal Data 

We process your personal data for the following reasons: 

  1. To Provide Our Services (Solutions) 
  • Set Up and Manage Your Account: To establish you as a customer, provide  the Solutions you’ve requested or purchased, and send you updates or  service-related messages. 
  • Billing and Payments: To handle billing, payments, and manage our  relationship with you. 
  • Customer Service and Support: To help with troubleshooting, support  requests, or any issues you may have. 
  • Create and Manage MMCA Services IDs: To give you access to our Solutions  through unique user IDs. 
  1. To Improve and Secure Our Solutions 
  • Enhance User Experience: To monitor, measure, and improve our content,  websites, and Solutions. 
  • Security and Testing: To test and improve the security and performance of  our websites and services. 
  • Research and Development: To develop new products and improve existing  ones. 
  • Analyze Usage: To understand how our websites and Solutions are used, so  we can make them better. 
  1. To Communicate and Market to You 
  • Surveys and Feedback: To conduct customer research and get your opinions  on our services. 
  • Newsletters and Marketing Communications: To send you information  about our business, products, and offers that may interest you (with your  consent). 
  • Event Management: To organize events you may attend and contact you  afterward for feedback.
  1. To Operate Our Business 
  • Due Diligence: To perform necessary checks for business purposes. Legal Compliance: To comply with legal or regulatory obligations, including  responding to law enforcement or regulatory requests. 
  • Protect Legal Rights: To detect, prevent, or investigate illegal activities, and  to establish or defend legal rights. 
  • Business Planning: To manage and deliver our global business strategies. Staff Training: To train our employees and improve their performance. Business Transactions: To manage any potential sale, purchase,  restructuring, or merging of our business. 
  1. To Perform Analytics and Digital Advertising 
  • Targeted Advertising: To deliver relevant ads and marketing campaigns  based on your use of our websites and Solutions. 
  • Location-Based Services: To provide content relevant to your location (with  your consent). 
  • Ad Effectiveness: To ensure our advertisements are effective and relevant to  users. 

7. Profiling and Automated Decision-Making 

We may use your personal data to understand your interests and preferences, allowing  us to offer better services and more relevant communications. This might involve  analyzing your interactions with our websites and Solutions to predict what you might be  interested in. We do not make any automated decisions that have significant or legal  effects on you. 

Please note that we may update this privacy notice from time to time. Any changes will  be posted on our websites. If you have any questions or need more information, feel free  to contact us at legal@hivemtd.com

8. Artificial Intelligence and Machine Learning 

We are committed to innovation and continuously look for new ways to improve our  Solutions. Using Artificial Intelligence (AI) and Machine Learning (ML) helps us enhance  our services by offering new features and automating tasks like processing invoices  automatically. 

What is Machine Learning (ML)? 

ML is a type of AI that uses data and algorithms to recognize patterns, similar to how  humans learn. It allows systems to learn and improve from experience without being  explicitly programmed. ML models are programs trained to identify patterns in data  they’ve never seen before. 

How We Use ML 

We use ML in some of our Solutions and may process personal data listed in Section 5(9),  “Data from Using Our Solutions,” to deliver these ML-powered services. Personal data is  generally used for: 

1. Building and Continuously Training ML Models

We create and train ML models using data, including personal data, so they can  perform specific tasks. For example, to automate invoice processing, we build an ML  model that recognizes specific data fields in invoices. We train it on many invoices so  it learns where the fields are located and what they usually contain. We continually  update and train the model with new invoices to ensure its accuracy. 

2. Providing the Solution 

Personal data entered into the Solution is used by the ML model to deliver its service.  For instance, the trained ML model automatically recognizes fields in new invoices  and fills them into our Solutions. 

Our use of AI and ML is not intended to make decisions about individuals. Our goal is  to automate manual and time-consuming tasks for the benefit of our customers and  users. 

9. The MMCA Services Network 

We have created a trusted network called the MMCA Services Network to connect our  Solutions and those of our partners. The aim is to provide you with additional, innovative,  and integrated Solutions (the “MMCA Services Network Services”) to help automate your  workflows and improve your experience. To do this, data you input into our Solutions, as  listed in Section 5(9), “Data from Using Our Solutions,” may be shared with other  Solutions and platforms (collectively, the “MMCA Services Network Platform”). 

In this context, we mostly act on behalf of our customers (as a data processor under EU  and UK data protection laws). Processing personal data to provide MMCA Services  Network Services is covered by our Data Protection Agreements. 

However, we may process data in the MMCA Services Network Platform as a data  controller for the following purposes: 

  • Building and Training ML Models: As described in Section 8. 
  • Providing ML-Powered Services: As described in Section 8. 
  • Purchasing Data Sets from Third Parties: To improve the accuracy of data held  in the MMCA Services Network Platform. 
  • Research and Development: To improve our Solutions based on data processed  by the MMCA Services Network Platform. 

Any processing of personal data by us as a data controller will be carried out in  accordance with this privacy notice. 

10. Mobile Data 

We may collect personal data through mobile apps that you or your users install to  access our Websites or Solutions, or to provide services related to those apps (like  syncing information). 

These apps might be our own Solutions or provided by third parties. If you’re using a third party app, please read their privacy notice. We’re not responsible for those apps or how  they use your personal data.

Mobile apps may provide us with data related to your use of the app and our Websites or  Solutions accessed through it. We may use this data to provide and improve the app or  our own services. For example, activities within the app may be logged for review. 

You can adjust privacy settings on your mobile device, but this may affect how the app  works and interacts with our Websites and Solutions. 

11. How Long Do We Keep Personal Data? 

We keep your personal data during and after your relationship with us, as long as allowed  for legal, regulatory, fraud prevention, and legitimate business purposes, in line with our  internal policies. For more information on data retention, please contact the MMCA  Services Privacy Office at legal@hivemtd.com

12. How Is Personal Data Shared? 

Sometimes we need to share your personal data with third parties, usually because: You’ve asked us to. 

  • We’re required by law. 
  • A third party integrates with our Solution or provides a service to us or you. Here’s who we may share your data with and why: 
  • Service Providers and Agents: Companies that process data on our behalf (like  cloud storage providers, payment processors, or those who help us communicate  with you). 

Reason: To help us provide you with the Solutions and information you’ve  requested or that we think may interest you. 

  • Partners: System implementers, resellers, software vendors, and developers. Reason: To allow them to provide you with Solutions, services, and information  you’ve requested or that they believe may interest you. 
  • Other Companies in Our Group

Reason: To help provide you with Solutions and information you’ve requested or  that we think may interest you, or in case of a restructuring. 

  • Payment Facilitators: Such as banks or financial institutions. 

Reason: To help us process payments for our Solutions. 

  • Other Controllers: Like academic or research organizations. 

Reason: For research necessary for our or another organization’s legitimate  interests. We take steps to protect your data, like anonymizing it before sharing. Third Parties You Have a Relationship With: Such as social media providers or  partners. 

Reason: For marketing and targeting purposes. 

  • Legal and Regulatory Bodies: Government agencies, regulators, or law  enforcement. 

Reason: To comply with laws and regulations and to protect our business. In Case of Business Transactions: If we sell or buy any business or assets. Reason: In the context of an acquisition, sale, or restructuring. 

When we share data with third parties providing services to us or you, we have  agreements in place to ensure your data is protected and used only for agreed purposes,  in accordance with applicable laws.

13. Do We Use Cookies and Similar Technologies? 

Yes, our Websites and Solutions may use cookies and similar technologies. These help  us: 

  • Verify information from your device to ensure our services are used correctly and  to troubleshoot issues. 
  • Obtain information about technical errors or problems with our Websites and  Solutions. 
  • Comply with legal or regulatory obligations. 
  • Understand how you use our Websites and Solutions. 
  • Collect statistical information about the operating system and environment from  which you access our Solutions. 

You can find more details in our specific cookie policies. The cookie policy for  hivemtd.com can be found on our website. For Solutions that use cookies, a policy will  be available within the Solution, usually in the Help Centre. 

If you follow a link from our Website or Solutions to another site, our privacy notice  doesn’t apply there. We’re not responsible for how other sites handle your personal data.  Please read the privacy information of any third-party sites you visit. 

14. What Data Privacy Rights Do You Have? 

Data privacy rights vary by region. Please refer to Section 16 below, which covers data  privacy rights specific to your location. 

15. How is Your Personal Data Kept Secure? 

We take appropriate technical and organizational measures to protect your personal data  from unauthorized access, use, loss, destruction, or damage. 

While we strive to protect your data, we can’t guarantee its security during transmission  over the internet or similar networks. If we’ve given you (or you’ve chosen) a password to  access certain areas of our Websites or Solutions, please keep it safe. Choose a strong  password, don’t reuse old ones, and don’t share it with unauthorized people. 

If you believe your personal data has been compromised in connection with our Websites  or Solutions, please contact us at legal@hivemtd.com

16. If You Are Based in the United Kingdom or the Republic of Ireland Key Data Protection Laws 

  • United Kingdom: UK General Data Protection Regulation (UK GDPR), Data  Protection Act 2018, and the Privacy and Electronic Communications  Regulations. 
  • Republic of Ireland: General Data Protection Regulation (GDPR), Data Protection  Act 2018, and the European Communities (Electronic Communications Networks  and Services) (Privacy and Electronic Communications) Regulations 2011. 

Controllers and Processors 

This privacy notice describes how we process your personal data as a “data controller”  under UK and Irish law. A data controller decides how and why your data is processed. 

Depending on where you are, a different MMCA Services company may be the data  controller. You can find a list of our companies by region on our website. 

Sometimes we process personal data on behalf of someone else (like our customers or  partners). In those cases, we’re a “data processor,” and we use your data according to the  controller’s instructions, including the terms of the product or service you’re using and  our Data Processing Agreement. 

If we’re processing your data as a data processor, you should also read the privacy notice  of the data controller (e.g., your employer or service provider). 

Your Data Protection Rights 

If you’re in the UK or the Republic of Ireland, you have the following rights: Right to Be Informed: About how we process your personal data. Right of Access: To obtain a copy of your personal data. 

  • Right to Rectification or Erasure: To correct or delete your data, or restrict how  it’s processed. 
  • Right to Object: To processing your data for certain purposes, like direct  marketing or when processing is based on our legitimate interests. 
  • Right to Data Portability: To have your data transferred to you or another company  in a structured, commonly used format. 
  • Right to Withdraw Consent: If processing is based on consent, you can withdraw  it, subject to legal or contractual restrictions. 
  • Right Against Automated Decision-Making: To object to decisions made solely  by automated means, including profiling. 
  • Right to Complain: To the data protection authority in your location. In the UK,  this is the Information Commissioner’s Office (ICO). 

Please note that some rights may be limited by legal restrictions. We’ll explain any  limitations when responding to your request. 

If you believe we hold incorrect personal data about you, or if your information changes,  please let us know so we can update our records. 

To exercise your data protection rights, please contact us at legal@hivemtd.com

If you don’t want us to use your personal data as described, we may not be able to provide  you with full access to our Websites or Solutions. 

International Transfer of Personal Data 

Personal data in the EU and UK is protected by data protection laws, but other countries  may not offer the same level of protection. The European Commission has a list of  countries considered to provide adequate data protection (“Adequate countries”). 

Our Websites and some Solutions may be hosted outside the EEA or UK, meaning we  might transfer your data to countries without an EU or UK adequacy decision. We may  also use service providers outside the EEA or UK. 

We take steps to ensure appropriate measures are in place to protect your data when it’s  transferred internationally, in accordance with data protection laws. This may include  using the European Commission’s Standard Contractual Clauses or the UK’s  International Data Transfer Agreement.

For more information on international data transfers, please contact  legal@hivemtd.com

How Can You Contact Us? 

If you have any questions about this privacy notice or wish to exercise your data privacy  rights, please contact our Chief Data Protection Officer by emailing  legal@hivemtd.com

Thank you for reading the HiveMTD Privacy Policy! This is end of the document.