GPS may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 4 November 2020.
This policy does not apply to our processing of our own employee information, which is covered by a separate policy.
GPS’ contact details for all matters regarding your personal information are: firstname.lastname@example.org.
What personal information we collect
We may collect the following information about you:
- Name and job title
- Contact information including email address
- Demographic information such as postcode, preferences and interests
- Other information that may be relevant to our relationship with you or your employer.
We may collect the information described above when you visit our site or when we interact with you in some other manner. We may also collect other relevant personal information about you appropriate to the circumstances, for example if you apply to us for a job or in the course of forming and maintaining a business relationship with you or your employer.
We also receive payment transaction data and other financial information from your payment services providers when those providers contract with us for processing services. In such cases, as explained above, we act as the processor but not the controller of the processing of your personal information.
Where we are the controller, we generally obtain personal information directly from you, but in some cases we may obtain it from third parties.
What we do with your information
We process your personal information for the following purposes:
- to communicate with you;
- creating and maintaining customer relationships;
- to provide our services;
- to understand your or your employer’s needs;
- to providing a better service;
- for security and to check your identity;
- for training
- internal record keeping;
- developing and improving our products and services;
- sending you emails about new products, special offers or other information, which we think you may find interesting (provided that you have provided your consent to such use);
- contacting you for market research purposes, by email, phone, fax or mail (provided that you have provided your consent to such use);
- customising our website according to your interests;
- informing you of changes relating to our business;
- making changes to our business, including its structure or organisation;
- administering surveys, loyalty programmes, contests and events;
- to comply with our legal or regulatory obligations or with good practice in our industry;
- account management, quality control, website and system administration and security, disaster recovery and fraud prevention.
If you are or work for a client, further details about how we use your personal information may be set out in our client agreement.
We may also provide you with additional notices specifying certain uses we wish to make of your personal information when we collect personal information from you.
Legal Basis for our use of your Personal Information
Depending on the purpose, the legal basis for processing your information is either that it’s necessary:
- to perform a contract to which you are party or take steps at your request before entering into a contract; and/or
- to comply with our legal obligations; and/or
- for our legitimate interests or those of a third party, which are not overridden by your interests or fundamental rights and freedoms,
or that we have obtained your specific, informed, unambiguous consent.
Our legitimate interests and those of relevant third parties include the operation and development of the applicable businesses, including, direct marketing and maintaining security and integrity.
Disclosing your information
We may disclose your personal information to:
- our affiliates, including our subsidiaries in other countries, such as Australia and Singapore;
- your employer or other people you work with or for;
- our service providers, sub-contractors and agents;
- anyone to whom we may transfer any part of our business, rights, obligations or assets or our shares;
- credit reference agencies
- providers of due diligence and checking services; and
- fraud prevention agencies.
We may transfer your personal information to any of the persons named above, or within GPS, outside the EEA.
Where we do so we will ensure that your information is transferred subject to adequate safeguards. For that purpose, we have in place approved EU contract clauses with our subsidiaries in countries outside the EEA which do not have an adequacy decision. Personal data that we transfer outside the EEA to such countries will be transferred either under such clauses or under other GDPR compliant safeguards.
A copy of the relevant safeguards is available from email@example.com
Storage of your information
We store your personal information for as long as is necessary for the purpose of processing, based on business needs, legal and regulatory requirements. This will depend on the purpose, product or service, the country in which the relevant GPS company or contracted company is located and the applicable local or regulatory requirements. In relation to the purposes described above, the periods are as follows:
- Retention periods for records are determined based on type of record, the nature of the activity, product or service, the country in which the relevant GPS company is located and the applicable local legal or regulatory requirements. We normally keep information relevant to contracts for six years from the end of the contract when the time limit for claims has expired (unless a claim is made and the information is required for the claim).
- Where we process your personal information and it does not relate to a contract, we will retain it for three years since our last communication from you.
- We may on exception retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies or regulators. This is intended to make sure that GPS will be able to produce records of evidence, if they’re needed.
The retention periods described above are subject to any legal or regulatory requirement to retain the information for a different minimum or maximum period and subject to change from time to time.
You have certain rights that you can exercise under certain circumstances in relation to your personal information that we are processing, as follows:
- where we are processing on the basis of your consent (see legal basis above), you can withdraw consent: we will then stop that processing unless we have another legal basis to continue;
- you can:
- opt out of receiving our marketing communications at any time.
- request access to your personal information;
- request rectification or erasure;
- request restriction of the processing;
- object to our processing; and
- in some cases, request that we transfer your information to another service provider.
Where GPS is processing your personal information as a processor, we will refer you to our client, being the relevant controller, for assistance with the request where it is possible for us to obtain that information.
To exercise these rights, please contact us via email at firstname.lastname@example.org. You can also lodge a complaint with a supervisory authority.
How we use “cookies”
A cookie is a small file, which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
The cookies we use are:
Universal Analytics (Google)
|These cookies help us to distinguish visitors to our site|
|__utmc||This cookie is to help us understand when our visitors leave our pages/site.|
|__utma||This cookie helps us to distinguish users and understand if they have returned to our site.|
|__utmz||This cookie helps us to understand how you came to our site.|
|__hstc||This cookie helps us to track timestamps (first visit/last visit/this visit) and how many times person has visited our page.
|Hubspotutk||This cookie is used to keep track of a visitor’s identity and then it is passed to HubSpot on form submission and used when deduplicating contacts.|
|__hssc||This cookie keeps track of sessions and helps hubspot to determine if it should increment the session number and timestamps in other cookies. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.|
|__hssrc||Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session|
|__ Cookielaw||This cookie stores the visitor’s cookie consent state for this domain.|
How do I change my cookie settings?
You can change your cookie preferences at any time by clicking on the ‘C’ icon. You can then adjust the available sliders to ‘On’ or ‘Off’, then clicking ‘Save and close’. You may need to refresh your page for your settings to take effect.
Alternatively, most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.
Find out how to manage cookies on popular browsers:
To find information relating to other browsers, visit the browser developer's website.
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
Links to other websites