Privacy Policy

IDscan Website Privacy Policy

General information and contact details

This policy explains to you how your data is processed by GB group plc (GBG) whilst you are using the IDscan website

For information on how your personal data is processed when you enter into a contract with GBG to provide services to your organisation, you visit one of our offices, or you apply for a job, please visit the GBG Website Privacy Policy.

GBG is the Data Controller of any data processed as set out below. GBG have offices in 22 locations, and our registered head office is located within the United Kingdom.

GB Group Plc
The Foundation
Herons Way
Chester Business Park
United Kingdom

Company Registration Number: 02415211.

If you have any questions about how your personal data is used by GBG, please contact our Data Protection Officer by email at or call 01244 657277.

GBG review our Privacy Policy on an annual basis, or sooner if changes to regulation require it or GBG change the way we process personal data.

This Privacy Policy was last updated on 15 August 2019.


What personal data do GBG collect and why?

 Visitors to our website

Each time you access content on the site, data becomes temporarily stored that may allow identification.
The following data is collected by our website:

  • Date, time and location of access
  • IP address and web logs
  • Host name of the accessing computer
  • Website from which the website was accessed
  • Websites that are accessed through the website
  • Visited page(s) on our website
  • Information about the browser type and version used
  • Device operating system


We use Google Analytics to measure how users interact with our website in order to understand which parts of our sites are doing well, how people arrive at our site and so on. We use this information to improve our website. Google will not associate your IP address with any other data held by it. You can learn more about Google Analytics here.


We use various types of cookies in order to identify and track users and to store information about your preferences. The cookies we use on this website include Google Analytics, Hotjar, Incapsula and Hubspot. Users may currently disable non-essential cookies via their browser, but if you decide not to accept all of the cookies, some parts of the site might not work properly. You can read more about how we use cookies in our central GBG Cookie Policy here.

Search facility

The search facility on our website does not collect any personal data. Search queries and results are logged anonymously to help us improve the website and search functionality, but we do not have the ability to identify individuals.  

 Purpose and legal basis for processing

We collect this information to help us improve the experience of our website, maintain the security and integrity of the website, and identify any technical errors requiring attention. We rely on legitimate interests as our lawful basis for processing under Article 6(1)(f) of the General Data Protection Regulation (GDPR), subject to a balancing test to ensure our interests are not overridden by yours.


Contacting us

 Website forms

If you contact us via our Get In Touch or Request a Demo form, we will collect your name, email address, organisation, phone and any other personal data you include in the body of the message.

If you require either Enterprise Support or Scannet Support you will be redirected to the relevant sections on our GBG and Scannet websites. To understand how your data is processed on those sites please see the relevant privacy policies here and here.

Social media

If you contact us through one of our GBG social media accounts by either a publicly visible message or a private direct message, this will be handled by our Communications Team. You will be asked to send your enquiry to the relevant team and provided with their email address.

We do not track individuals on social media and the analytics data we receive is not at a granular level. We do not scrape data from LinkedIn. GBG uses Sales Navigator to process personal data within LinkedIn. Obtaining personal data from LinkedIn by any other method is against the terms and conditions of LinkedIn and against GBG policy.


We use Office 365 encryption (TLS/SSL, IPSec, AES) and Mimecast to encrypt and protect email traffic. In addition, email filtering software is currently in place to monitor all incoming and outgoing emails for inappropriate or malicious content, spam, and unencrypted proprietary and/or personal data.

Purpose and legal basis for processing

We require the personal data provided to us via our contact forms, emails or social media messages to enable us to process your request and reply to any queries we receive. This equally helps us to enhance the services we provide, which we believe also benefits our customers. The legal basis we rely on to process your personal data is Article 6(1)(f) of the GDPR, which allows us to process personal data for our legitimate interests subject to a balancing test to ensure our interests are not overridden by yours.


Who will we share your personal data with and why?

The following third party service partner acts on behalf of GBG as our data processor:

 HubSpot Inc.: provides GBG with an email marketing automation solution, which delivers marketing emails on our behalf. We share the following personal data with HubSpot:

  • When you are browsing our website, HubSpot capture the anonymous IP address.
  • At the point that you enter all of the required personal data relating to a free trial, demo, brochure request, or contact information for marketing, HubSpot will receive all of the personal data you provide via the website.

Learn more about Hubspot here.

In order to improve the experience of our website, maintain the security and integrity of the website, or identify any technical errors, your personal data may be shared with a supplier, contractor, or entities belonging to GBG. Where this is the case, GBG can assure you that we will take all technical and organisational measures necessary to protect your personal data.

In some circumstances, we are legally obliged to share information. For example under a court order. In the event we are legally required to share personal data we will always ensure we have a lawful basis for this sharing and document our decision.


Marketing and use of your personal data

Where you have consented to receive marketing from GBG we will only market to you via the channel you have consented to (such as email, telephone etc.). As stated above, we use a third party service provider, HubSpot, to manage our email marketing solution.

When you receive an email from GBG it will include an unsubscribe link, which you can click on if you wish to unsubscribe from our marketing lists. We will then add your email address to our suppression list, which will ensure you do not receive any further marketing from GBG.

We will not share your personal data with any third parties for the purposes of direct marketing.


How long do we retain your personal data for and why?

Where you have asked us to get in touch, we will store your data until we no longer have a legitimate business purpose for keeping it, and in any event, for no longer than 6 months.

Messages received on social media containing personal data are deleted within one week.


Data security

GBG take the protection and security of your personal data very seriously as required under the GDPR, the UK Data Protection Act 2018, and other applicable laws in England and Wales relating to the processing and security of personal data.


Your rights under the GDPR

As an individual, you have rights under the GDPR regarding the use of your personal data, these are:

  • The right to withdraw consent – you can withdraw consent at any time.
  • The right to erasure – you can request that GBG remove your personal data from our systems.
  • The right to restrict processing – you can request that GBG only process your personal data for the purposes you specify.
  • The right to data portability – you can request that the personal data you have provided to GBG be ported to another organisation.
  • The right to access your personal data – You have a right to know what personal data GBG hold on you and for what purpose we are processing your personal data. This is known as a Subject Access Request (SAR).
  • The right to rectification – you have the right to ask us to rectify any personal data you believe is inaccurate. You also have the right to ask us to complete personal data you think is incomplete.
  • The right to object to processing – you have the right to object to processing if we are able to process your personal data because the processing is in our legitimate interests.
  • The right to obtain information upon request on the balancing test we have carried out when determining we are able to rely on legitimate interest as our lawful basis for processing your personal data.

If you have previously agreed to us using your personal data for marketing purposes, you may change your mind at any time by emailing

For all other requests, please email or write to us at:

Privacy & Data Compliance Team
GB Group Plc
The Foundation
Herons Way
Chester Business Park
United Kingdom

You can also make your request in person or call 01244 657277.

You are not required to pay any charge for exercising your rights. We have one calendar month to respond to you. If GBG are unable to comply with your request, we will provide you with an explanation.


Your right to lodge a complaint with the Supervisory Authority

Where you believe that GBG has not taken our responsibilities with your personal data seriously, you have the right to complain to the UK Supervisory Authority. Its details are:

Information Commissioner’s Office
Wycliffe House
Water Lane
SK9 5AF.

Telephone numbers: 0303 123 113 or 01625 545 745.