GMSL Privacy Policy

GMSL is committed to protecting the privacy and security of our clients’ personal information.

This privacy policy describes why and how we collect and use personal information and provides information about individuals’ rights.

Personal Information

Personal information is any information relating to an identified or identifiable living person. The policy applies to personal information provided to us, both by individuals themselves or by others. We may use personal information provided to us for any of the purposes described in this policy. When collecting and using personal information, our policy is to be transparent about why and how we process personal information.

Data protection principles

In collecting and processing personal information, we comply with data protection laws in force at the time. This requires that the personal information we hold about you must be:

  • Used lawfully, fairly and in a transparent way
  • Collected only for specified, explicit and legitimate purposes
  • Relevant and limited to the specified purposes
  • Accurate and kept up to date
  • Kept only as long as necessary for the specified purposes
  • Kept securely

Data security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees who have a business need to know. All our employees are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your personal information are set out below.

Contact details

We do not have an appointed Data Protection Officer however if you have any queries in relation to how we hold and use personal information or about this privacy policy please contact us at:

GMSL
Clarendon House
Clarendon Road
Cambridge
CB2 8FH
01223 446160
privacy@gmsl.co.uk

What personal information does GMSL collect?

Clients of our Operations Services or Software Products

GMSL only collects personal information from individuals associated with our clients where it is strictly necessary to provide services or software to the client. Personal information collected includes name, employer name, contact title, phone, email and other business contact details.

GMSL uses this personal information for: managing our relationship with our clients, billing our clients, communicating with clients as part of providing services and software, developing our services and software, providing information to clients about new services and software, and administering our systems and applications that support those services and software.

Personal information relating to clients will be retained by GMSL as defined in the client’s contract.

Users of our Software Products & Services

GMSL collects personal information from users of our software products and services in order to provide them with notifications relevant to their use of the software product or service. This includes informing users of: upcoming releases, regulatory changes, and service outages. Users may opt out of receiving such notifications at any time.

We use a third party provider to manage this communication. GMSL only uses the business email address and the user’s notification preferences, but the third party provider may capture further personal information. See https://mailchimp.com/legal/privacy/ for details of the personal information collected.

Personal information relating to users of our software products and services will be retained by GMSL until the user opts out from receiving information.

Users of our Hosted Software Products

GMSL provides user access to clients for various software products hosted and managed by us.

Our products only collect personal information from users as necessary to provide the required functionality of the product, such as providing automated communication to the user. Personal information collected includes name, employer name, and email address.

Personal information relating to users will be retained within the product data store as defined in the client’s product licence.

Business Contacts

GMSL collects personal information about business contacts (individuals associated with existing and potential GMSL clients) including name, employer name, contact title, phone, email and other business contact details. This information may be used by GMSL for administering, managing and developing our businesses and services, providing information about us and our range of services, making contact information available to GMSL users and identifying clients/contacts with similar needs.

GMSL does not pass personal information to third parties for the purpose of allowing them to market their products and services without consent from individuals to do so.

Personal information will be retained by GMSL for as long as we have, or need to keep a record of, a relationship with a business contact.

Suppliers

GMSL collects and processes personal information about our suppliers (including subcontractors and individuals associated with our suppliers and subcontractors).

GMSL uses personal information in relation to our suppliers and their staff as necessary to manage the relationship, contract, to receive services from our suppliers and, where relevant, to provide services to our clients.

Personal information relating to suppliers will be retained by GMSL for as long as is considered necessary for the purpose for which it was collected.

Visitors to our office

We have security measures in place at our offices, including CCTV and building access controls.

There are signs in our office showing that CCTV is in operation. The images captured are securely stored and only accessed on a need to know basis. CCTV recordings are automatically overwritten after 30 days (unless an issue is identified that requires investigation).

Visitors to our website

We collect some personal information from visitors to our website. When a visitor requests a web page from within our website, our servers automatically identify and log the HTTP request that is made.

Personal information collected includes the IP address of the site that may have referred you, your IP address, the web page that you may have linked to us from, the version and make of browser, the operating system platform, search words from a search engine used to find the page.

Our website issues cookies (small files of information which websites use to identify its users), however, these do not contain personal information. We do not share this data with third parties. You can disable cookies by altering the settings of your browser and the website will still function.

Your rights in connection with personal information

Under certain circumstances, the law grants you specific rights. These are summarised below. Please note that your rights may be limited and subject to restrictions in certain situations:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us using the details provided above.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights).  This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.