Personal information is information that could identify you. Under applicable law, we have to have a valid reason to use this personal information. The information is collected in a number of ways, which will be described below. You have rights with respect to the personal information, which will be described below in further detail.
Categories of Personal information
When you interact with our Site we may gather personal information including:
- your name, date of birth, gender, your social security or national insurance number, your company’s name, your employee number, your email address, your address information, and other contact info
- information that you provide to us regarding your family or marital status
- data revealing racial or ethnic origin or religious or philosophical beliefs as part of our provision of service to you
- questions, queries or feedback you leave, including your email address if you contact us
- your email address and subscription preferences when you sign up to our email alerts (including opt out to the extent permitted)
- how you use our emails – for example whether you open them and which links you click on
- your Internet Protocol (IP) address, online user identification profile, browsing behavior (including visits, pages viewed, clicks, time spent), details of which version of web browser you used, and your views of our digital advertisements when browsing other sites
- your log in credentials, such as your user name, when you access a restricted content section
- organisation details, job title, and phone numbers
- precise and historical location data when utilized as part of your use of our software or services. Various technologies are used to determine location including, IP address, MAC address, GPS, devices, as well as by information on nearby devises such as cell towers and Wi-Fi access points.
- Photographs or images uploaded to our Site as part of the provision of our software or services used by you
- account details, registration information (including meal preferences and emergency contact information), user preferences, course details, support ticket information, support documentation and attachments, communication history, and survey information.
- we collect payment information for purchases through third parties (see the section titled “What we do with your data” for more information)
This information is collected from you during your interaction with the website and direct communications with MRI. We may also receive information about you from our vendors and partners who are authorised to share such information with us. If you wish to receive a list of which vendor or partner has provided us information about you, please do so here.
Why we need your data
The personal information that you provide to MRI, may be stored, processed, and used by MRI and its affiliates for the following purposes: (a) to provide information about our company, products and/or services, including updates, notifications, and details of any offers or promotions, a better shopping cart experience, and order completion; (b) to assist us in improving our products, services or the content of this Site; (c) to contact you to participate in a market research survey, so that we can gauge customer satisfaction and develop better products; (d) for our own internal marketing and research purposes; (e) to promote user groups; (f) to make this Site or service easier to use by eliminating the need for you to repeatedly enter the same information or by customising this Site or service to your particular interests or preferences; (g) to analyse information for trends and statistics; (h) to fulfill your request for information; (i) to provide services to you and your organisation, which you have contracted for with us; and (j) MRI deems reasonably necessary to comply with applicable law, enforce/protect our rights, privacy, safety and the rights, privacy, safety of other users. We may also provide this information to an agent acting on MRI’s behalf in connection with the activities described above, if permitted under law.
Lawful Basis for Using the Data
We have a number of legal basis for processing personal information, based on the particular for which the personal information was provided. Primarily, the legal basis is consent. Your continued use of the Site provides consent for such processing. Your consent may be revoked at any time, subject to applicable provisions of the law.
Additional lawful bases for processing are:
The legitimate basis for processing personal information in relation to site security is our legitimate interests, and the legitimate interests of our users, as well as ensuring the security and integrity of our Sites.
The legitimate basis for processing personal information with respect to the Site is our legitimate interest of providing the website and ancillary services, conducting marketing activities, building and maintaining prospect and customer relationships (including You), improving the website and its content, but only to the extent that our legitimate interest is not overridden by the user’s fundamental rights and freedoms and data protection interests.
The legal basis for processing your personal information with respect to portions of our Site which are restricted by user credentials is that the processing is necessary for the performance of a contract to which the data subject is a participant.
The legal basis for processing your personal information when you apply for a job at an MRI company is that which relates to processing necessary to perform a contract or to take steps at your request, before entering a contract. Some of the information you provide during a job application is regulated by law and therefore those portions of personal information is processed under the legal basis of MRI complying with our legal obligations. Where criminal and background information is processed in relation to a job application, we rely on the legal basis of performing a public task as well as protecting our legitimate interests.
How long do we keep your data
If you are an employee or customer of a client of MRI’s, accessing portions of the Sites which are restricted by user credentials, then your data will be kept until the earlier of: (i) twelve months following the end of the contractual relationship with the client or MRI; (ii) twelve months following the date on which the user or client removes the personal information; or (iii) a verified erasure request, which is not subject to an exception for not erasing the data. For all personal information not related to employment or providing contracted services to your organisation, we will retain until two (2) years following the latest date of activity.
What do we do with your data
We have offices all over the world, which work together to provide top of the line services to our customers. As such, some of your personal information may be transferred to MRI’s employees and agents overseas. Each MRI office and MRI employee are required to meet the same security standards as the other offices and employees. All transfers of personal information overseas shall be done after assurance of meeting such security standards and in accordance with applicable laws related to such transfer. A full list of postal addresses for MRI can be found here. For more information on the lawful basis for the transfer of Personal Data, please see the Lawful Basis for Transferring your Data section below.
Lawful Basis for Transferring your Data
As a participating organization in the EU-US Department of Commerce’s Data Privacy Framework (“EU DPF”), the UK Extension to the EU-US Data Privacy Framework (“UK DPF”), and/or the Swiss-US Data Privacy Framework (“Swiss DPF”) (collectively, “DPF”), MRI is committed to complying with the DPF Principles of: notice; choice; accountability for onward transfer; security; data integrity and purpose limitation; access; and recourse, enforcement and liability. Individual complaints brought under the DPF Principles may be filed with JAMS via this link. MRI’s Data Privacy Framework Program Policy can be found here.
While MRI does adhere to the DPF established between the U.S. Department of Commerce and the European Commission with respect to personal information that is transferred from the European Economic Area to the United States, MRI does not rely on the DPF alone for adequacy of its transfer. Transfer of personal information to third countries is based on the appropriate standard contractual clauses issued by the European Commission. MRI has also entered into Standard Contractual Clauses and the relevant UK Addendum with each of its affiliated companies by way of an intracompany agreement.
Bulletin Boards and Chat Rooms
From time to time, portions of this Site may allow you to post information which other visitors to this Site will be able to access (such as on a “bulletin board” or during an interactive “chat” with other visitors). In the event that you choose to post information in this context, it becomes generally available to the public, and we have no ability to control or limit its use by visitors to our site. By posting the information on this Site you are providing MRI and its affiliates the right to use the information in connection with the operation of MRI’s business. Therefore, we encourage you not to post any information you consider private or sensitive on this Site.
MRI’s Site, software and services do not target, and are not structured to attract, children under the age of 13. MRI does not collect any registration information from users who indicate they are under the age of 13. If MRI discovers personal information from a child, MRI will eliminate that data. We will not share the personal information of any person who we know is under the age of 16 without express, valid authorisation.
Security of Information
To protect the privacy of personal information provided by you, MRI employs reasonable and adequate security measures, including industry-standard controls such as physical access controls, Internet firewalls, intrusion detection, and network monitoring. Additionally, only authorised administrators and staff have access to systems containing such information. We urge you to take every precaution to protect your personal information when you are on the Internet. Change your passwords often, use a combination of letters and numbers, and make sure you use a secure browser.
What are your rights?
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on your country of residency/citizenship and our reason for processing your information. Please note that this is a comprehensive list of all rights that might apply and not a guarantee that all rights do apply to you under applicable law.
- Your right of access. You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.
- Your right to rectification. You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure. You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing. You have the right to ask us to restrict the processing of your information in certain circumstances.
- Your right to object to processing. You have the right to remove your consent to processing or object to processing if we are able to process your information because the process forms part of our public tasks or is in our legitimate interests. In some circumstances, you may not be able to fully experience the feature of this Site or services that require processing of personal information in the performance. Such restriction is based directly upon the relation between the processing of personal information and the value provided to the data subject by the personal information.
- Your right to data portability. This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated
You are not required to pay any charge for exercising your rights. Please know that we may need additional information in order to verify the legitimacy of your request, verify your identity, or accurately match the personal information to the party to whom it belongs. In such cases, we will contact you for additional details (if you have provided your contact information). In order for us to effectuate your requests in a timely manner, you will need to provide such additional information promptly. Information provided to us for the purposes of exercising one of your rights will only be used to carry out your request under your rights.
Unless otherwise stated, MRI is the controller for the personal information we collect and process through the Sites. There are many ways you can contact us, including by phone, email, and post. Full contact details can be seen here.
If you wish to exercise your rights or raise a concern, please contact us:
By submitting a form online
UK Registered Office:
9 King Street,
MRI Global Headquarters:
28925 Fountain Parkway
Solon, OH 44139
There may be an MRI office closer to your location. A full list of postal addresses for MRI can be found here.
+44 (0)20 3861 7100
+1 800 321 8770
There may be an MRI phone number within your country code. A full list of postal addresses for MRI can be found here.
Alternative privacy policies
Effective Date: 15 September 2023