GB Group Plc (‘GBG’) Website Privacy Policy

GB Group Plc (‘GBG’) Website Privacy Policy
GB Group Plc (‘GBG’) take the protection and security of your personal information very seriously and this policy sets out our responsibilities under The General Data Protection Regulation 2016 (‘GDPR’) and other applicable laws in England and Wales relating to the processing and security of personal information.

This policy explains to you how GBG uses and secures your personal information whilst you are using the GBG website www.gbgplc.com or when you enter into a contract with GBG to provide services to your organisation.

GBG are global specialists in identity intelligence we have customers located in over 70 countries. GBG uses data under licence to support our customers with their business needs, such as locating people, identity verification, reducing fraud and marketing solutions.

GBG has offices in 24 locations; our registered head office is located within the United Kingdom.

GB Group Plc
The Foundation
Herons Way
Chester Business Park
Chester
United Kingdom
CH4 9GB

Company Registration Number: 02415211

Our Data Protection Officer is Kate Lewis, please contact Kate if you have any questions about how your personal information is used by GBG, compliance@gbgplc.com or 01244 657277.

GBG review our Privacy Policy on an annual basis, sooner if changes to regulation require or GBG changes the way it processes personal information.

This policy was last updated on 26th February 2018.

 

Use of your data

This section explains how GBG use your data – please see individual sections below for more details.

Collection of data

Browsing our website: When you browse our website www.gbgplc.com, we will collect the Internet Protocol (IP) address of the PC you are using, this data is anonymous and we cannot identify you at this point. We collect this data so that we can identify where customers are dropping out of the website and to identify areas of improvement to make the experience more engaging for our customers.
We use Cookies on our website so please see the Cookies section for more information.

Requesting a brochure: When you request a brochure from us, we will collect the following information from you:

  • Email address (so that we can send the brochure to you)
  • The name of your organisation (so that we can identify which sectors are showing the most interest in our products/services)
  • Your IP address will no longer be anonymous and we will be able to identify you

Requesting a call back: When you request a brochure from us, we will collect the following data from you:

  • Your name (so that we contact the right individual)
  • Your contact telephone number (so that we contact the right individual)
  • Your reason for contact (this is so that we can direct your call back to the right team who will respond to you directly)
  • Your IP address will no longer be anonymous and we will be able to identify you

Requesting further information from us: Where you request further information from us by completing a form on our websites in relation to our products and services, your details will be added to our marketing database to receive marketing from GBG relevant to the products and services you have an interest in. We will collect the following data from you:

  • Your name (so that we market to the right individual)
  • Email address (so that we send the marketing to right place)
  • The marketing preferences indicated by yourself, such as your areas of interest and how you want to be marketed.
  • Your IP address will no longer be anonymous and we will be able to identify you

You have the right to object to marketing
You can object to receive marketing from GBG, by clicking the unsubscribe link contained in the email you have received.

Conference and Events: As a global organisation, GBG attends worldwide events and have marketing team members located around the world. GBG will obtain from the event organiser a delegate list of all attendees who have consented to their personal data being shared with GBG.

Entering into an agreement with GBG: When your organisation enters into an agreement with GBG to provide products and services, we will collect additional information, which is necessary for

  • The performance of the contract we have with your organisation such as billing information
  • Providing service updates related to the product/service GBG are providing to you

All personal data we collect is held electronically within our Customer Relationship Management system (CRM) which is located in the United Kingdom.

Why do we collect data

GBG process personal information for its own legitimate business purposes, which include the following:

  • Where the processing enables GBG to enhance, modify, personalise or otherwise improve our products, services and communications for the benefit of our customers.
  • To better understand how individuals interact with our websites
  • To enhance the security of our network and information systems
  • To determine the effectiveness of our promotional campaigns

Marketing and your data

As stated above we use a third party service provider Act-On to manage our email marketing solution. When you receive an email from GBG it will include an unsubscribe link which you can click if you wish to unsubscribe from our marketing lists. We will then add your email address to our suppression list, which will ensure you do not receive any further marketing from GBG.

Please be assured we do not sell your personal data to third party companies for marketing purposes.

3rd party sharing and why?

GB Group Plc (‘GBG’) will share your information with third party service partners, who are acting on behalf of GBG as our data processor, the details are below of whom GBG will share your personal information with and why:

Act-On Software Inc. Provide GBG with an email marketing solution, which delivers marketing emails on our behalf. We share the following personal data with Act-On Software Inc.

  • When you are browsing our website Act-On capture the anonymous IP address
  • At the point that you enter all of the required personal data relating to a brochure request, contact information for marketing, Act-On will receive all of the personal information you provide via the website.

GBG can assure you that we have taken all technical and organisational measures necessary to protect the personal information, which Act-On may access.

Price Waterhouse Coopers: provide GBG with our Customer Relationship Management (CRM) system and they may access the live system for technical support. GBG can assure you that we have taken all technical and organisational measures necessary to protect the personal information, which Price Waterhouse Coopers may access.

Brace Digital: Provide development and technical support of our website www.gbgplc.com this means they may be able to access the personal data contained on the website. GBG can assure you that we have taken all technical and organisational measures necessary to protect the personal data, which Brace Digital may access.

 

Accuracy and Retention

This section explains how GBG maintains the accuracy of your data and how long we hold your data for – please see individual sections below for more details.

Data Accuracy

As part of the account management process GBG will, on a regular basis enquire if the personal data we hold about you is correct. You can also ensure your personal data is correct by:

  • Contacting GBG at compliance@gbgplc.com
  • Alternatively, if your organisation has an agreement with GBG for the provision of services, you can contact your GBG account manager who will ensure they update your record on our CRM system.

Data Retention

Where we have collected your personal data for marketing purposes we will retain your personal data for as long as you remain subscribed to our mailing lists or until the time when you inform us that you no longer wish to receive marketing from us.

For account management purposes, we will retain the personal data for as long as we have the relationship with your organisation. If GBG no longer has a relationship with your organisation then we will only keep the relevant information such as invoices for audit purposes 6 years after the relationship with GBG has ended.

Once GBG are informed, you are no longer the contact we need to liaise with, or your leave your organisation, we will remove your details from our system.

 

Transfers and Security

This section explains why GBG may transfer your data outside of the EEA.  This section also covers how GBG secures your data – please see individual sections below for more details.

Data Transfers

As a global organisation, we have sales teams located all over the world, it will be necessary for your personal data to be transferred to them for account management activities and for marketing purposes. GBG will take all technical and organisational measures to ensure the security of your personal data when processed outside of the EEA.

Data Security

IS027001 Certification
GBG is a global specialist in identity data intelligence for some of the largest organisations in the World, GBG aims to set the highest standards of Information security and in so doing so has developed an Information Security Management System (ISMS) to meet the requirements of the ISO27001:2013 standard. The aim of which is to protect the Confidentiality, Integrity and Availability of GBG and client held information resources and assets, thus safeguarding GBG and its clients from unauthorised access, compromise and or disclosure of data.

PCI-DSS Certification
Some of the services we provide are PCI compliant. Being compliant with PCI DSS means that we are doing our very best to keep our customers valuable information safe and secure and out of the hands of people who could use that data in a fraudulent way. PCI ensure technical and operational strengths to raise the bar on our security.

Cyber Essentials Certification
In addition to the above, we have services that are Cyber Essentials accredited, this helps prevent the vast majority of cyber-attacks. Having a Cyber Essentials badge enables us to:

  • Protect our organisation against common cyber threats
  • Demonstrate our commitment to information security

GDPR and your Rights

GBG are processing your personal data, we do this for our Commercial Benefit and for the benefit of the organisation, you are representing.

As an individual, you may have certain rights under the GDPR regarding the use of your personal data, these are:

  • The right to object – you can object to GBG processing your personal data at any time. Email compliance@gbgplc.com to object.
  • The right to be forgotten – you can request that GBG remove your personal data from our systems
  • The right to access your personal data – You have a right to know what personal data GBG hold on you and for what purpose we are processing your personal data this is known as a Data Subject Access Request (DSAR). These requests must be made in writing by either email or letter with photographic identification to confirm your identity.

You can send these requests to compliance@gbgplc.com or by post to the address noted below. If GBG are unable to comply with your request, GBG will provide you with an explanation:

Privacy & Data Compliance Team
GB Group Plc
The Foundation
Herons Way
Chester Business Park
Chester
United Kingdom
CH4 9GB

 

How to complain

We appreciate that at GBG we do not always get things right and it is regrettable for us as an organisation when we receive a complaint. We take all complaints seriously and can assure you we will do our best to deliver a satisfactory outcome. If you do wish to complain about how your personal information is used by GBG then please write to us at:

Privacy & Data Compliance Team
GB Group Plc
The foundation
Herons Way
Chester Business Park
Chester
United Kingdom
CH4 9GB

Alternatively, you can email us at compliance@gbgplc.com

GBG will investigate and respond within 10 working days, this allows us time to investigate your complaint thoroughly.

 

Supervisory Authority Details

Where you believe that GBG have not taken our responsibilities with your personal data seriously, you have the right to complain to the Supervisory Authority. Their details are:

Information Commissioners office Wycliffe House
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone number: 0303 123 113 or 01625 545 745

Email: casework@ico.org.uk