Munday and Cramer

Cookies & Privacy Policy


Cookies Policy

To make this site work properly, we sometimes place small data files called cookies on your device. Most big websites do this too.

What are cookies?

A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.

How do we use cookies?

A number of our pages use cookies to remember:

  • Your display preferences, such as contrast colour settings or font size
  • If you have already replied to a survey pop-up that asks you if the content was helpful or not (so you won’t be asked again)
  • If you have agreed (or not) to our use of cookies on this site
  • Also, some videos which may be embedded in our pages may use a cookie to anonymously gather statistics on how you got there and what videos you visited.

Enabling these cookies is not strictly necessary for the website to work but it will provide you with a better browsing experience. You can delete or block these cookies, but if you do that some features of this site may not work as intended.

The cookie-related information is not used to identify you personally and the pattern data is fully under our control. These cookies are not used for any purpose other than those described here.

How to control cookies

You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.


General Data Protection Regulation Policy Statement

Munday + Cramer have enacted their full GDPR policyThe General Data Protection Regulation (GDPR) is being implemented by EU and comes into force from 25th May 2018. The new regulation is designed to ensure that the ever-increasing volume of data held by all businesses is collected, held and secured lawfully, in line with some quite simple principles.

Any organically developed process (i.e. data management) requires checks and balances from time to time, and we are all aware of the big news articles where large corporations have been exposed trading private data – which has resulted in some instances with loss of security or unwanted intrusion.

Munday + Cramer only ever collects, stores and uses client (or business to business) data with the data owner’s full knowledge and consent. We never pass private data to any third party unless it is for legitimate and expressly or contractually agreed purposes. This has always been our policy, and despite the slightly more complex requirements of GDPR will remain the core of how we operate for you.

In simple terms we have developed our operating systems and procedures to ensure your data is kept in a secure and consistent location, within a secure database on our business server. Both of these technologies have multi-layer security with unique passwords to control who can access and at what level.

In developing the client relationship management (CRM) module of our database we have removed the need for satellite lists, copies or versions of client data (e.g. spreadsheets) so unintentional duplication or publication of your data is reduced to a reasonable minimum. We can provide you with access to your data – please contact our data protection officer dpo@mcessex.co.uk for further details.

We will shortly be asking you to confirm you are happy for us to hold your data for the express purposes of doing business with you. GDPR regulations require us to establish ‘positive opt-in’ with you, although we appreciate like us you have been bombarded with a shower of emails asking you to do so. We are taking a more proportionate approach, wherein we will contact current/live clients first, then those for who we hold data but are not currently working with. Our standard operating terms and conditions, service level agreements or professional services agreements with you will be amended accordingly. To make sure we correctly give you genuine choice and control we will track your preferred options, and in any case where we have not established clear preference we will ask you formally to confirm your ‘opt-in’ choice when we next do business or meet with you.

Third parties will rely on your consent to hold/share data. These include suppliers of goods or services we arrange for you, Local Authorities or other public bodies involved in projects etc. When we ask for your consent to share your details we act ONLY in a processing capacity. We will never make decisions about how we control your data (e.g. for our marketing purposes) without securing your written and express consent to do so. We do not engage in any sort of blanket marketing activities, unless we are marketing to you. We do not sell or offer your data to any third party, and we never will.

As with all businesses our professionalism and effectiveness relies on our staff being aware, trained and competent to manage the day-to-day application of data management and security. To this end, our staff are receiving in-house training in the appropriate management of client data, we have reinforced this in our employment contracts and staff handbooks. As an ISO certified business we have also amended our guidance documents and procedures to ensure client data is gathered, stored and managed in full compliance with GDPR. We have an operational statement/checklist based on statutory or government advice in this area and as part of our suite of ISO9001 management documents is resides under M06 [document control & records] and is on a 12 month review cycle to make sure we keep up to date with the further inevitable changes in legislation and that we track consent requests in line with GDPR.

Munday + Cramer may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from the 25th May 2018.

Key Principles

What data do we hold?

  • Business or private address, telephone numbers, email addresses.
  • Images of your property and/or works we have carried out for you.

What consent do we have?

  • To date, you have consented through our terms & conditions of engagement, or a professional services agreement we have issued to you.
  • In future we will require your separate permission to hold and use such data.

How do we store the data?

  • We store your data in a bespoke and secure database, situated on our business server.
  • Our database is developed and managed using latest Microsoft ™ technology and security, and incorporates several levels of password protected access.

How do we use the data?

  • We only use your data as part of our express or contractual activities with you, most of which you will be fully aware of as they include investigations, procurement of goods or services on your behalf.
  • If we ever use your data for marketing purposes (e.g. the name of your business or property) we will always seek your formal approval first.

Can you access your data?

  • YES! We can give you access to key aspects of your data. Either email dpo@mcessex.co.uk or write to The Data Protection Officer, 39 Knight Street, South Woodham Ferrers, Chelmsford, Essex, CM3 5ZL