OUR PRIVACY PROMISE
Welcome to GMP Software Ltd’s privacy notice, we are committed to protecting and respecting your privacy.
Please read our privacy notice carefully: Please read our privacy notice carefully to make sure that you understand what our privacy notice tells you, and if you have any questions please contact us using the details set out below.
CHANGES TO OUR PRIVACY NOTICE
Our privacy notice was last updated on 23rd May 2018. We may update this notice at any time, for example to make sure that we continue to collect, use and store your personal information fairly, securely and in accordance with data protection law in the UK. If we decide to materially change this notice, the changes will be posted on our website so that you are always informed of the latest version. We suggest that you regularly revisit this update section to make sure that you keep up-to-date with any changes we make.
WHAT IS PERSONAL DATA?
Personal data, or personal information, means any information about you from which you can be identified.
WHEN DOES OUR PRIVACY NOTICE APPLY?
Our privacy notice applies when:
• you visit our website using any device, including your mobile phone; and
• you order products or services from us.
WHAT DOES OUR PRIVACY NOTICE TELL YOU?
Our privacy notice:
• explains how we collect, use and store personal data about you; and
• tells you about your privacy rights and how the law protects you.
Our privacy notice is set out in a layered format so that you can click through to the information you want to find using the headings set out below. You can also download a full pdf version of our notice here.
1. WHO WE ARE AND HOW TO CONTACT US
2. THE PERSONAL DATA WE COLLECT ABOUT YOU
3. HOW YOUR PERSONAL DATA IS COLLECTED
4. HOW WE USE YOUR PERSONAL DATA
5. WHO WE SHARE YOUR PERSONAL DATA WITH
6. TRANSFERS OF YOUR PERSONAL DATA OUTSIDE THE UK
7. HOW WE KEEP YOUR PERSONAL DATA SECURE
8. HOW LONG WE KEEP YOUR PERSONAL DATA
9. YOUR LEGAL RIGHTS
[sta_anchor id=”contact-details” /]WHO WE ARE AND HOW TO CONTACT US
References in this privacy notice to “we”, “us” or “our” means GMP Software Ltd(registered in England and Wales with company number 04110152, GMP Software Holdings Limited (registered in England and Wales with company number 11267793) and GMP Web Design, a division of GMP Software Ltd.
References in this notice to our websites means http://www.gmpsoftware.co.uk, http://www.fieldstrike.eu and http://www.gmp-webdesign.co.uk.
We are the “data controller”, which means that we are responsible for deciding how we hold and use personal data about you.
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us using the details set out below.
• Write to us at: Data Privacy Manager, The Old Library, 20 Broad Street, Ross-on-Wye, Herefordshire, HR9 7EA
• Email us at: firstname.lastname@example.org
• Call us on: 01989 561030
If you are contacting us to exercise your legal rights relating to your personal data, please let us know what personal data you are contacting us about, and what you want us to do, or stop doing, with that data.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
[sta_anchor id=”personal-data-we-collect” /]THE PERSONAL DATA WE COLLECT ABOUT YOU
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
• Identity Data includes first name, last name, username, password, security question and answer title, date of birth and gender;
• Contact Data includes postal addresses, billing addresses, email addresses and telephone numbers (including mobile phone numbers);
• Financial Data includes bank account and payment card details;
• Transaction Data includes details about payments and other details of products and services purchased from us;
• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website, details of the website from which you visit us and keywords you used, the pages on our website that you visit and in what sequence, and the date and length of your visit.
• Profile Data includes the history of our communications with you, such as your orders for our products and services, your personal interests, preferences, feedback and survey responses.
• Usage Data includes information about how you use our websites.
• Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
[sta_anchor id=”how-data-is-collected” /]HOW YOUR PERSONAL DATA IS COLLECTED
We use different methods to collect data from and about you including through:
• Information you give us: Personal Data may be given by you directly when you:
• contact us by post, telephone or email.
• Fill out a contact form on our website.
• place an order for our products or services; or
• sign up to receive emails or other marketing communications from us;
• Information received from third parties or publicly available sources: We may also receive Identity Data and Contact Data from publicly available sources such as Companies House and the electoral register and Technical Data from third parties such as analytics providers, e.g. Google.
[sta_anchor id=”how-we-use-data” /]WHEN WE WILL USE YOUR PERSONAL DATA
We will only use your personal information when the law allows us to: We need to have a “lawful basis” to use your Personal Data. The types of “lawful basis” that we will rely on to process your personal data are as follows:
• To perform a contract: Where it is necessary to perform a contract we are about to enter into or have entered into with you, for example, to provide products and services to you that you have ordered;
• It is in our legitimate interests: Where it is necessary for our legitimate interests (or those of a third party) and our interests are not overridden by the potential impact on your rights and interests.
“Legitimate Interests” means in the interests of conducting and managing our business to enable us to give you the best products and services and the best and most secure experience, for example to:
• run our business, provide administration and IT services, network security, and to prevent fraud;
• collect and recover money owed to us;
• keep our records updated;
• study how customers use our products/services;
• develop our products/services and grow our business; and
• inform our marketing strategy and promote our business.
We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we use your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
You can obtain further information about how we assess our legitimate interests against any potential impact on you by contacting us
• To comply with a legal obligation: Where we need to comply with a legal or regulatory obligation, for example, in a legal action.
• Where we have your consent: We will require your prior consent to use Contact Data to send you electronic direct marketing (such as email or text).
We may have more than one lawful basis to use your personal data depending on the specific purpose for which we are going to use that data. Please contact us if you need details about the specific ground we are relying on to process your personal data.
We will only use your personal data for the purposes for which we collected it: We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is related to the original purpose. If we need to use your personal data for an unrelated purpose, we will let you know and will explain the legal basis which allows us to do so.
Direct Marketing – your choices:
How to Opt-in: You will only receive electronic marketing communications from us (such as emails and texts) if you have requested information from us, for example, by signing-up to our newsletter, or if you have specifically opted-in to receive details about our products, services, events, activities, promotions and special offers which we feel may be of interest to you when we have given you the choice to do so, for example, when you order products or services from us.
If you wish to be contacted for these purposes please make sure that you tick the appropriate box or boxes when you are given the option to do so, otherwise we will assume that you do not want to be contacted.
We will not pass your information onto third parties for marketing purposes before getting your express consent to do so.
How to Opt-out: Your participation in our marketing activities is voluntary. If you ever want to change your preferences regarding our use of your personal information for marketing purposes, or opt-out altogether from receiving further marketing information, you can use the opt-out or unsubscribe links in any marketing message we send you or you can contact us at any time. Where you opt-out of receiving marketing communications from us, we may continue to use your personal data for the other purposes we have explained in the “HOW WE USE YOUR PERSONAL DATA” section of this notice.
[sta_anchor id=”share” /]WHO WE SHARE YOUR PERSONAL DATA WITH
We will only share your personal data with the following third parties or in the following circumstances:
• To our service providers and suppliers: So that we can make certain services and products available to you we may need to share your personal data with some of our service providers and suppliers, for example such as IT companies to:
• provide website hosting services:
• manage and analyse our network status and the responsiveness of our services
• To other third parties: we may also share your personal data with the following third parties or in the following circumstances:
• On a business purchase, sale, transfer or merger: we may disclose your personal data to third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them, in which case we may disclose your personal data to such other businesses. If a change happens to our business, then the new owners may only use your personal data in the same way as set out in this privacy notice.
• To our professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
• To HM Revenue & Customs, regulators and other authorities who require reporting of processing activities in certain circumstances.
• To comply with or enforce applicable laws or regulations: We may disclose personal data about you to third parties to comply with or enforce applicable laws and regulations. For example where:
• a complaint arises concerning your use of our website, products or services;
• we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person.
Safeguarding your personal data when we share it with other people: We require our suppliers, service providers and other third parties to respect the security of your personal data and to treat it in accordance with the law.
We do not allow our suppliers and service providers to use your personal data for their own purposes or pass your personal data to anyone else without our written consent. We only permit our suppliers and service providers to use your personal data to provide services to us and you, and for no other purpose, and in accordance with our written instructions.
Third party links, advertisers, sponsors and ad-servers: Our website may contain links to other sites that are not covered by this privacy notice and where privacy practices may be different from ours. We do not own or operate these sites. You should consult the privacy policies on such third party sites before submitting any personal information, as we are not responsible for, and have no control over, the manner in which such sites collect, use, disclose, or otherwise process your personal data.
[sta_anchor id=”transfers” /]TRANSFERS OF YOUR PERSONAL DATA OUTSIDE THE UK
We do not transfer your personal data outside the European Economic Area (EEA).
[sta_anchor id=”secure” /]HOW WE KEEP YOUR PERSONAL DATA SECURE
Unfortunately, the transmission of information via the Internet is not completely secure, however, please be assured that we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
[sta_anchor id=”keep” /]HOW LONG WE KEEP YOUR PERSONAL DATA
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting obligations and requirements.
By law we have to keep certain basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
Personal data about our customers sales history will normally be kept for three years and (subject to the above) all personal data about our customers will be destroyed once our contract is concluded.
In some circumstances you can ask us to delete your data: see Your legal rights below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
[sta_anchor id=”legal-rights” /]YOUR LEGAL RIGHTS
Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:
You have the right to:
Request access to your personal data (known as a “data subject access request”): This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you: This enables you to have any incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data: This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to use it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to us using it (see below), where we may have used your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to use of your personal data: You can object where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to using your personal data on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are using your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to use your information which override your rights and freedoms.
Request restriction of processing of your personal data: This enables you to ask us to suspend the use of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party: We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract.
Withdraw consent: You can withdraw your consent at any time where we are relying on consent to use your personal data. However, this will not affect the lawfulness of any use carried out before you withdraw your consent.
How to exercise your rights: If you wish to exercise any of the rights set out above, please contact us
No fee usually required: You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you: We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond: We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.