Data Controller – MAGIC (UK) Ltd

This statement provides you with information about how we use and manage the personal data we hold about you, including how we share it within MAGIC (UK) Ltd’s group of companies and non-MAGIC (UK) Ltd organisations, and how we maintain confidentiality.

Personal data is information about a living, identifiable individual. Therefore, your personal data is any information that can be attributed to you personally, including your name, date of birth and address. So as long as you can be identified from that information, it becomes your personal data.

Organisations that use your personal data must do so in line with the provisions of the Data Protection Act 2016 and from the 25th May 2018 the General Data Protection Regulation. The Act and Regulations apply to personal data held in both electronic and physical media.

An example of the types of personal data that MAGIC (UK) Ltd uses are:

· Name

· Address 

· Date of Birth

· Contact information ie telephone number

· Details of diagnosis and medication

· Special requirements

· Photograph use preferences

· Racial or Ethnic Origin

· Religious or other beliefs of a similar nature

· Offences, criminal proceedings, outcomes and sentences

· Education and training details

· Employment details

· Financial details

We may need to keep records about the services used and special requirements that you have received as one of our service users. This helps ensure that you receive the best possible advice and support from us and that full information is readily available.

We also keep records relating to staff, for the purpose of appointments or removals, pay, discipline, work arrangements or other personnel matters. This is to ensure that employment at MAGIC (UK) Ltd is managed to a high standard and that staff are provided with the information and training required to carry out their role.

We may use personal data for the following purposes:

· To prepare statistics on MAGIC (UK) Ltd’s performance

· Reporting outcomes of investment to local authorities

· To plan and manage MAGIC (UK) Ltd’s services

· Help maintain the Health and Safety of service users and staff

· To teach and train professionals and MAGIC (UK) Ltd employees

This helps you because:

Accurate and up to date information assists us in providing service users with the right services and support

Full information is readily available if you use multiple services on offer from MAGIC (UK) Ltd

Accurate and up to date information assits us in providing staff with the information and training required to carry out their role within MAGIC (UK) Ltd

All of the personal data that we collect and us is handled in accordance with the Data Protection Act principals. These state that:

· We must satisfy lawful conditions in order to use personal data. (these conditions include, but are not limited to, obtaining consent from the individual to use their personal data; and/or needing the personal data to protect someone from serious harm; and/or using the personal data in order to exercise one of our statutory duties)

· We must let individuals know why we are using their personal data. This statement helps us do that.

· We must use the personal data in a manner compatible with that purpose

· We must only use the personal data that is relevant to the purpose; ie not obtain or use more than we need to.

· We must keep your personal data accurate and up-to-date.

· We must not keep your personal data for longer than is necessary.

· We must use in line with your Data Protection rights; for example, the right to obtain a copy of the personal data we hold about you.

· We must keep your personal data safe and secure.

· We must only transfer your personal data outside of the European Economic Area if we have ensured that adequate safeguards are in place.

Organisations that process personal data must register as a ‘Data Controller’, and notify the Information Commissioner (ICO) why they need to process the data.

We share data with a range of organisations. We will always endeavour to share the minimum amount of personal data required, even anonymising data where possible. However, there will be some instances where personal data will need to be shared with other organisations for the purpose of supporting our service users.

We may share personal data with the following organisations for the purpose of delivering or improving our services, or where there is a legal requirement for us to do so:

· Health authorities

· NHS organisations

· Child and Adult safeguarding services

· Social Services

· Education services

· Local Authorities

· Police

· Third parties responsible for managing direct payment processes

All our records are destroyed in accordance with MAGIC (UK) Ltd’s retention schedule, which sets out the appropriate length of time each type of MAGIC (UK) Ltd records is retained. We do not keep your records for longer than necessary.

All records are destroyed confidentially once their retention period has been met and MAGIC (UK) Ltd has made the decision that the records are no longer required.

We are committed to securing your personal information from unauthorised access. We secure personal data you provide on computer systems in a controlled, secure environment. Where third party cloud systems are used for the purpose of data sharing within MAGIC (UK) Ltd or for archiving and system back ups for example, MAGIC (UK) Ltd has ensured that these third parties comply with the provisions of the Data Protection Act 2016 and from 25th May 2018 the General Data Protection Regulation (GDPR). We also train our staff and have policies and procedures in place so that everyone working in MAGIC (UK) Ltd is aware of the high standards we expect them to adhere to when handling your personal data.

For your benefit, we may also need to share information with non-MAGIC UK) Ltd group organisations, such as social services, occupational health professionals or other private or NHS healthcare organisations. This information is only routinely shred with data processors with whom we have written contracts to undertake work for us. These non-MAGIC (UK) Ltd organisations are not allowed to use the data for their own purposes.

Where there is no written contract we will not disclose any health information to third parties without your explicit consent, unless there are exceptional circumstances, such as when the health and safety of others is at risk or where the law requires it.

These non-MAGIC (UK) ltd organisations may include, but are not restricted to: social services, education services, local authorities and the Police

We do not sell, rent or lease customer lists to third parties. From time to time we may contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, your unique personally identifiable information (e-mail, name, address, telephone number) is not transferred to the third party. In addition, we may share data with trusted partners to help us perform statistical analysis, send you email, postal mail and/or questionnaires. All such third parties are prohibited from using your personal information except to provide these services to MAGIC (UK) Ltd, and they are required to maintain the confidentiality of your information.

MAGIC (UK) Ltd uses the following third-party organisations/providers to assist in the delivery of IT services:

Microsoft Office, Onedrive, Teams

Go Daddy




Ipecs One


Note: This list is not exhaustive of all third party organisations used by MAGIC (UK) Ltd. Information may sometimes be shared with system suppliers for the purpose of maintenance. If new or alternative providers are used, their compliance with relevant legislation and the general terms of this statement will be confirmed before entering into contract with them.

Information about your computer hardware and software is automatically collected. This information can include your IP address, browser type, domain names, access times and referring website addresses. This information is used or the operation of the service, to maintain the quality and provide general statistics regarding the use o the MAGIC (UK) Ltd web sites.

Our website will not disclose your personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on MAGIC (UK) ltd or it’s sites; (b) protect and defend the rights or property of MAGIC )UK) Ltd; and (c) act under exigent circumstances to protect the personal safety of users of MAGIC (UK) Ltd or the public.

Please keep in mind that if you directly disclose personally identifiable information or personally sensitive data through message boards or social media controlled by or operated on behalf of MAGIC (UK) ltd, this information may be collected and used by others.

We encourage you to review the privacy statements of websites you choose to link to from our site so that you can understand how those websites collect, use and share your information. MAGIC (UK) Ltd is not responsible for the privacy statements or other content on websites outside the MAGIC (UK) Ltd group websites. Therefore we cannot be responsible for the protection and privacy of any information which you provide while visiting such sites.

MAGIC (UK) Ltd websites use electronic forms. These forms enable you to give us feedback about the website, to feedback about specific activities MAGIC (UK) Ltd is involved in; to feedback as part of a formal consultation; to take part in fundraising activities or giving; to register for an event or activity; to register interest as a member or volunteer.

Where we are asking for personal information we will always ask you to acknowledge acceptance and understanding of this fair collection/privacy notice before the electronic form can be submitted.

MAGIC (UK) Ltd may also use your personally identifiable information to inform you of other products and services available from MAGIC (UK) Ltd and its affiliates. MAGIC (UK) Ltd may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.

MAGIC (UK) Ltd keeps track of the website and pages our customers visit in order to determine which of our services are the most popular. This data is used to deliver customised content to customers whose behaviour indicates that they are interested in a particular subject area. You have the right to refuse/withdraw consent to direct marketing at any time.

As is common practice with almost all professional websites, MAGIC (UK) Ltd’s website uses cookies, which are tiny files that are downloaded to your computer, to improve your online experience. Please see MAGIC (UK) Ltd’s Cookie Policy for further information regarding the cookies used on MAGIC (UK) Ltd websites

All calls to and from MAGIC (UK) Ltd are recorded for training and monitoring purposes. These recordings will be used to, amongst other uses, help identify training needs for staff, ensure accurate and complete information is provided to service users and family and to help protect service users and staff.

You have the right to refuse/withdraw consent to information sharing at any time. The possible consequences will be fully explained to you and could include delays or an inability for MAGIC (UK) Ltd to provide some or all of its services to you.

Individuals have the right to be informed about the collection and use of their personal data.

The public can request to see all the data that MAGIC (UK) Ltd holds about them or someone they have a legal responsibility for. MAGIC (UK) Ltd Subject Access Procedure is published on the website.

If a data subject identifies that information we hold about them is incorrect MAGIC (UK) Ltd must investigate and if the law allows correct the error. 

A data subject can request that we delete records we hold about them. 

When a subject requests that we rectify or delete records we hold about them we are obliged to cease processing the record. 

A data subject can request that we ask that we transfer their personal data records to another data controller in a machine-readable form.

A data subject can object to MAGIC (UK) Ltd processing their personal data and we could be obliged to do this.

Under the Data Protection Act and from 25th May 2018 the General Data Protection Regulation a person may request access to information (with some exemptions) that is held about them by an organisation. This is known as the Right of Subject Access. If you require access to your records you must make a written request to MAGIC (UK) Ltd:

Subject Access Request 


Bradbury House

View Road

Cliffe Woods



MAGIC (UK) Ltd can only provide access to information it holds. For example to see the records held by other organisations supporting MAGIC (UK) Ltd or its service users you may have to contact them directly for the part of information held by them.

Changes to this statement

MAGIC (UK) Ltd will occasionally update this statement of privacy to reflect company and customer feedback. MAGIC (UK) Ltd encourages you to periodically review this statement to be informed of how MAGI (UK) Ltd is protecting your information.