This Policy contains important information about your personal rights to privacy. Please read it carefully to understand how we use your personal information.
The provision of your personal information to us is voluntary. However, without providing us with your personal information, your use of our services or your interaction with us may be impaired. For example, you may be unable to order one of our products.
a. When you give it to us directly.
For example, personal information that you submit through our website purchasing a product or using our contact details to communicate with us.
b. When we obtain it indirectly.
For example, your personal information may be shared with us by third parties including third party service providers, analytics providers and search information providers. To the extent we have not done so already, we will notify you when we receive personal information about you from them and tell you how and why we intend to use that personal information.
c. When it is available publicly
Your personal information may be available to us from external publicly available sources. For example, depending on your privacy settings for social media services, we may access information from those accounts or services, if for example you interacted with us via Facebook or Twitter.
d. When you visit our website
When you visit our website, we automatically collect the following types of personal information:
In general, we may combine your personal information from these different sources set out in a-d above for the purposes set out in this Policy.
We may collect, store and otherwise process the following kinds of personal information:
and/ or any other personal information which we obtain as per paragraph 1.
Do we process special categories of data?
The EU General Data Protection Regulation (“GDPR”) recognises certain categories of personal information as sensitive and therefore requiring more protection, for example information about your health, ethnicity and actual or alleged criminal offences.
In certain situations, we may collect and/or use these special categories of data. We will only process these special categories of data if there is a valid reason for doing so and where the GDPR allows us to do so.
Your personal information, however provided to us, will be used for the purposes specified in this Policy. In particular, we may use your personal information:
The GDPR requires us to rely on one or more lawful bases to use your personal information. We consider the grounds listed below to be relevant:
The GDPR allows us to collect and process your personal information if it is reasonably necessary to achieve our or others’ legitimate interests (as long as that processing is fair, balanced and does not unduly impact your rights as an individual).
In broad terms, our “legitimate interests” means the interests of running Gordon Associates as an IT software developer; for example communicating with you so that we can tailor our products to your requirements.
When we process your personal information to achieve such legitimate interests, we consider and balance any potential impact on you (both positive and negative), and on your rights under data protection laws. We will not use your personal information for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
We may use your contact details to provide you with information about our work, events, services and/ or products which we consider may be of interest to you (for example, about products you previously used, or updates about new products we have developed which are relevant to you or your organisation).
Where we do this via email, SMS or telephone, we will not do so without your prior consent (unless allowed to do so via applicable law).
Where you have provided us with your consent previously but no longer wish to be contacted by us, please let us know at marketing@GordonAssociates.co.uk.
You can opt out of receiving emails from us at any time by clicking the “unsubscribe” link at the bottom of any marketing emails we send you.
When we process children’s personal information, where required we will not do so without their consent or, where required, the consent of a parent/ guardian. We will always have in place appropriate safeguards to ensure that children’s personal information is handled with due care
In general, unless still required in connection with the purpose(s) for which it was collected and/or processed, we remove your personal information from our records six years after the date it was collected. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you validly exercise your right of erasure (please see Section 11 below), we will remove it from our records at the relevant time .
If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to comply with your request and avoid sending you unwanted materials in the future.
We do not share, sell or rent your personal information to third parties for marketing purposes. However, in general we may disclose your personal information to selected third parties in order to achieve the purposes set out in this Policy.
These parties may include (but are not limited to ):
In particular, we reserve the right to disclose your personal information to third parties:
Gordon Associates is committed to keeping your personal information safe and secure and we have appropriate and proportionate security policies and organisational and technical measures in place to help protect your information.
Your personal information is only accessible by appropriately trained staff, volunteers and contractors, and stored on secure servers which have features to prevent unauthorised access.
Given that we are a UK-based organisation, we will normally only transfer your personal information within the UK or European Economic Area (“EEA”), where all countries have the same level of data protection law as under the GDPR.
However, because we may use agencies and/or suppliers to process personal information on our behalf, it is possible that personal information we collect from you will be transferred to and stored in a location outside the EEA).
Please note that some countries outside of the EEA have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals. Where your personal information is transferred, stored and/or otherwise processed outside the EEA in a country that does not offer an equivalent standard of protection to the EEA, we will take all reasonable steps necessary to ensure that the recipient implements appropriate safeguards (such as by entering into standard contractual clauses authorised by the European Commission) designed to protect your personal information and to ensure that your personal information is treated securely and in accordance with this Policy. If you have any questions about the transfer of your personal information, please contact us using the details below.
Unfortunately, no transmission of your personal information over the internet can be guaranteed to be 100% secure – however, once we have received your personal information, we will use strict procedures and security features to try and prevent unauthorised access.
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for marketing or fundraising purposes or to unsubscribe from our email list at any time. You also have the following rights:
Rights related to automated decision-making – you have the right not to be subject to a decision based solely on automated processing of your personal information which produces legal or similarly significant effects on you, unless such a decision (i) is necessary to enter into/perform a contract between you and us/another organisation; (ii) is authorised by EU or Member State law to which we are subject (as long as that law offers you sufficient protection); or (iii) is based on your explicit consent.Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you contact us using the details in paragraph 14 below.
We encourage you to raise any concerns or complaints you have about our data processing by contacting us using the details provided in paragraph 14 below. You are further entitled to make a complaint to the Information Commissioner’s Office – www.ico.org.uk. For further information on how to exercise this right, please contact us using the details below
We may update this Policy from time to time. We will notify you of significant changes by contacting you directly where reasonably possible for us to do so and by placing an update Policy on our website. This Policy was last updated on 24 May 2018.
We link our website directly to other sites. This Policy does not cover external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any external websites you visit via links on our website.
Please let us know if you have any questions or concerns about this Policy or about the way in which we process your personal information by contacting us at the channels below. Please ask for / mark messages for the attention of our Information Security Officer, Gordon Harrison.
Telephone: 01242 529820
Post: Gordon Associates, Suite G1, Montpellier House, Montpellier Drive, Cheltenham, Glos. GL50 1TY