Under EU data protection laws, personal information may only be used where one of the following applies:
• you have consented to the use
• we use it to achieve a legitimate interest, and our reasons for using it outweigh any prejudice to your data protection rights
• it is necessary to enter into or perform a contract with you
• we need to use it to comply with our legal obligations
• the use is necessary for us to protect your vital interests (or another person’s)
• we need to use it to perform a task in the public interest.
Generally, we will process data on one of the first two grounds listed above. If we are processing on the basis of consent, you will be presented with an opportunity to consent at the point where we collect your data. You may withdraw your consent at any time through the data preference centre (see further details below. If we are processing on the basis of our need to achieve a legitimate interest, the nature of that interest is set out below.
GForces uses Amazon Web Services, Inc. as its cloud platform provider. All data processed by GForces is stored on Amazon’s web servers in Ireland.
GForces' wholly owned subsidiaries, GForces Web Management FZ LLC (UAE) and GForces Vietnam Web Management Company Limited (Vietnam) provide various support and development services for GForces. In order to provide those services, it is sometimes necessary for the subsidiaries to access the personal data collected by GForces as outlined below, as well as personal data collected on behalf of our customers through the provision of our software services. When our subsidiaries access personal data, it never leaves the EEA as part of the process. The data is accessed and processed via secure VPN access points.
If you visit our website
When someone visits www.gforces.co.uk we use a third party service, Google Analytics, to collect standard internet log information (your IP address, browser, and type of device) and details of visitor behaviour patterns (where you joined our site from, the path you take through our site and where you leave). We do this for the legitimate business purpose of monitoring the number of visitors to the various parts of the site and engagement levels, which in turn enables us to make improvements. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
In addition to this, we use another third party service, Lead Forensics Limited, to track activity on the website and provide us with information on the IP address of the requesting computer, the date and duration of the user’s visit, and the web pages which the user visits. The Lead Forensics tool uses IP tracking for identifying businesses and is not the same as cookies. The Lead Forensics tracking code only provides information that is readily available in the public domain. It does not, and cannot, provide individual, personal or sensitive data regarding who has visited our website. It provides information on what companies have visited our website by identifying them from their IP address. This data may be used by us to contact the business about their experience or for marketing purposes. We do this for the legitimate business purpose of monitoring the visitors to the various parts of the site and engagement levels, which in turn enables us to understand which businesses are looking at GForces technology.
If you contact us via social media
We use a third-party provider, Hootsuite, to manage our social media interactions.
If you send us a private or direct message via social media, this will be received by Hootsuite. Your social media user name and message (including any personal information you choose to include in it) and will be stored by Hootsuite for three months, and used by GForces for the legitimate business purposes of monitoring our reputation levels and social media engagement (and taking steps to improve this) and responding to any queries raised in the message. It will not be shared with any other organisations.
If you call our contact numbers
When you call GForces’ contact numbers we collect Calling Line Identification (CLI) information (which means we store the number you are calling from). We use this information for legitimate business purposes, i.e. to help improve the efficiency and effectiveness of our services. This information is stored for a maximum of 45 days within GForces NetDirector Call Manager Software.
If you email us
Any email sent to us, including any attachments, may be monitored by us for cybersecurity reasons. Email blocking software may also be used. GForces has a legitimate business interest in using your email address, and any personal data included in your message, to resolve and respond to any issues raised. Your email will be handled in line with our policies, depending on the nature of your enquiry.
We use a third party provider, ZenDesk, to supply and support our Customer Support system, which handles enquiries sent to a support inbox (e.g. email@example.com) This data is stored by ZenDesk in the EEA and sometimes the US. If the data is stored in the US it is done so under the EU-US privacy shield framework (which provides protections for an individual’s personal data when it is transferred from the EU to the US). The data is stored indefinitely by Zendesk. Your email may be shared within GForces so that your enquiry may be dealt with.
Emails sent to named individuals within GForces (e.g. firstname.lastname@example.org) will be stored on our systems indefinitely for the legitimate business purpose of resolving your enquiry and then checking how enquiries have been dealt with, but will not be processed for any other purposes. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
If you use our enquiry form
When you submit information via our enquiry form, we collect your name, email address and telephone number. We need to collect this for the legitimate business purpose of processing your enquiry (we collect both email and telephone contact details in case we cannot reach you using one of these).
The form automatically creates a digital file for you in our Customer Relationship Manager (CRM) software, which is provided and hosted by a third party, Enable Technologies. Enable Technologies may access this data from time to time with GForces’ permission for fault investigation and resolution purposes. The digital file is stored indefinitely. We may use the data to contact you in the future where we have a legitimate interest in doing so (but you may ask for it to be deleted in accordance with the section below on your rights to manage your personal information).
If you use our LiveChat service
We use a third party provider, ZenDesk, to supply and support our LiveChat service, If you use the LiveChat service we will collect your name and email address if you provide this and any other personal information that you volunteer to us. This is used for the legitimate business purpose of handling customer enquiries in real time and then following up. The data is stored by ZenDesk in the EEA and sometimes the US. If the data is stored in the US it is done so under the EU-US privacy shield framework (which provides protections for an individual’s personal data when it is transferred from the EU to the US). The data is stored indefinitely by Zendesk. If you are new to GForces the personal data you include in your chat may also be used to create a digital file for you in our Customer Relationship Manager (CRM) software (see the section above for further information on data held on our CRM system).
If you work for a customer
Our customers provide us with names and contact details (email addresses and phone numbers) of people within their business who are involved in managing GForces products.
These details are stored within our NetDirector system for the legitimate business purpose of allowing access to our products. They are retained in the system until the customer chooses to delete them. At the end of the contract with the customer, GForces will delete the data from the NetDirector system.
The details are also stored indefinitely on our CRM system (see above) and used for the following legitimate business purposes:
If we contact you as part of an email campaign going to all our contacts, we may use a third party e-mail campaign provider. If the provider is based in the US, we will ensure that they are part of the EU-US privacy shield framework.
If you apply for a role at GForces
If you apply for a role listed on our Careers page you will be asked to provide your name, email address, postal address and telephone number. You will also be asked to upload a CV (we cannot be sure what information you will provide to us but it is likely to contain personal information). All information the you provide to us will processed by ourselves and our sub processors, Act Talent (Recruitment Agent) and People HR (HR Management System) for the legitimate business purposes of processing your application and fulfilling roles advertised. GForces will hold this data for a period of 1 year if your application was unsuccessful and use it to contact you in its legitimate interest if any other suitable roles come up, however for successful applicants this data will form part of your HR record which will be held for a period of 6 Years after your employment with GForces ends (for legitimate business purposes connected with your employment).
If you make a complaint to us
When we receive a complaint from a person we make up a digital file containing the details of the complaint and store it on our system. The file normally contains the identity of the complainant (together with any contact details provided) and any other individuals involved in the complaint.
We will only use the personal information we collect for legitimate business purposes, i.e. processing the complaint and checking on the level of service we provide.
We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for three years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Under data privacy laws, you have the rights to:
Our online data preference centre helps you to exercise the rights that data privacy laws give you and control your personal information. It contains five separate forms, as set out below.
• See your data
You can ask to see any personal information that we hold (known as a “subject access request”) by submitting the form on the “See your data” tab. Alternatively you may make a subject access request in writing, addressing it to our Data Protection Officer at the address provided below.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
• Transfer your data
By completing the form on the “transfer your data” tab, you can ask us to provide your data to a third party. Again, this request may be made in writing to the Data Protection Officer.
• Delete your data
You can ask us to delete the information we hold about you or restrict our use of your data by completing the form on the “delete or restrict your data” tab (or by writing to the Data Protection Officer).
• Change your data
If we do hold information about you, you can also ask us to correct any mistakes by completing the form on the “Change your data” tab. Alternatively you may contact the Data Protection Officer at the address below.
• Marketing Preferences
On the “marketing preferences” tab, you can tell us how you would like us to send you marketing information, or ask us to stop marketing to you entirely. Just complete the form, or contact the Data Protection Officer at the address below.
Any data collected through the data preference centre is stored indefinitely so that we are able to demonstrate our compliance with data privacy laws.
Other than as outlined above (for example where we use third party service providers or where our wholly owned subsidiaries access personal data from overseas), we will not usually disclose personal data. However we may disclose your information to third parties in the following circumstances:
if we are under a legal or regulatory obligation to do so;
if we believe you are or may be a threat to safety, security, property, our rights or the rights of others; or
in a merger, acquisition, change of control, joint venture or other business combination involving GForces.
GForces tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
Any complaints should be addressed to the Data Protection Officer using the contact details below. If we fail to resolve your complaint to your satisfaction, you have the right to contact the UK Information Commissioner. For further information on how to do that, please go to the following webpage: https://ico.org.uk/concerns.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of GForces’ collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.
FAO Data Protection Officer
G-Forces Web Management Ltd
Corbin Business Park