Privacy policy

 

1. Introduction

1.1         Gresham Technologies plc is a leading software and services company that specialises in providing real-time data integrity and control solutions. As an essential part of our business, we collect and manage data relating to our clients, visitors (to our Website or to our premises) and other contacts.

1.2         This policy sets out the basis upon which we, as a data controller, collect and process data from or about you and how we use it. Where we are acting as a data processor, the processing is governed by the terms of the agreement between the data controller and us.

1.3         If you have any questions or queries regarding our use of your data, please contact the Data Protection team at dataprotection@greshamtech.com or you can write to the Data Protection team at Gresham Technologies plc, Aldermary House, 10-15 Queen Street, London, EC4N 1TX.

1.4         We may update this policy from time to time by publishing a new version on our Website. You should check this page occasionally to ensure you are happy with any changes to this policy.

 

2. Information you give us

2.1         Information you give us

As a visitor to our Website, you do not have to submit any personal information in order to use it. This Website only collects personal information that is specifically and voluntarily provided by visitors, for example if you wish to register for an event, sign up for a newsletter, gain access to specific content, submit an enquiry or ask us to contact you.

You may also correspond with us by email, telephone or other means, or in person, as a result of which we may collect your information.

The information we collect may consist of name, job title, telephone number, company address and email address, as well as your business interests and preferences. We may also store and maintain any content you provide on our Website (e.g. blogs, forums, social media applications and other services we may provide). If you attend our premises in person, we may also collect practical details such as arrival time, departure time and car registration details (if relevant)

If you are applying for a job via our Website recruitment portal, we may ask you for additional information related to your education and qualifications, employment history, personal contact details, salary details and work permissions. Further personal details relevant to your potential employment or engaged with us (e.g. date of birth, bank account details and identity information) may subsequently be required, which will be notified to you on request.

2.2         Information collected automatically

Our Website uses cookies and other technology to collect information automatically about your usage of our Website. Information collected includes your IP address, geographic location, browser type and language, pages accessed, access times and other tracking data. You can find more information on this and options for rejecting cookies in our Cookie Policy. If you previously provided your personal information, our Website will use cookies to recognize you from your prior visit(s) and the information collected automatically will be related to you.

CCTV systems are installed in some of our premises. These collect images and videos at certain entrances or exits of our premises.

2.3         Information for marketing

We may also collect contact information about business contacts who are employed by (or otherwise represent) organizations that we may wish to market our products and services to. This information may have been provided to us directly by yourself (for example, via our Website, if you attended one of our events, by giving your business card to one of our employees, or by replying to one of our emails). We may also have obtained this information via third parties including LinkedIn Sales Navigator and business contact data providers. Information collected may include name, job title, telephone number, company address and email address. We will also keep records of any marketing activity and correspondence.

2.4         Information relating to shareholders

As a publicly listed company, we process personal data of our shareholders. This may include name, address, data of birth, telephone number, email address, financial information, details of any share transfers. We will also keep records of any enquiries and correspondence we may have with you. This information may have been provided to us directly or to Equiniti, our share registrars, who manage the shareholder register on our behalf. Further information pertaining to processing of shareholder details can be found on Equiniti’s website at https://privacy.equiniti.com.

2.5         Information relating to our employees and job applicants

We operate a separate, employment-related data protection policy which sets out the information, use and other details regarding our processing activities for employee and job applicant data. A copy of this policy is made available to all staff and job applicants.

 

3. How we use your information

3.1        We will use the information collected for the purpose for which it has been provided to or collected by us, which may be:

(a)          to provide products and services to our clients;

(b)          to provide you with information regarding our products and services and other marketing communications or news or invitations that may be of interest to you or your organization;

(c)          to contact you for your views or a survey as part of market research;

(d)          to administer our shareholder register;

(e)          to conduct human resource administration including dealing with applications for vacancies, assessing suitability, eligibility and/or fitness to work;

(f)           to manage and ensure the security of our premises;

(g)          generally, to administer our relationship with you and respond to your queries or feedback;

(h)          generally, to administer, improve and develop our business.

(i)           generally, to comply with our statutory and regulatory obligations;

(j)           generally, to enforce our legal rights.

3.2        Information collected automatically from the Website will be used to ensure the Website is well managed and easy to use, and to help us understand the products and services that you are or may be interested in.

 

4. Lawful basis for processing

4.1        The lawful basis for processing your information varies according to the purpose for which we have it and includes the following:

(a)          you have given consent;

(b)          the activity is within our legitimate interest as a business-to-business provider of software products and services as we engage with, offer and/or provide products and services to current and prospective clients and personnel;

(c)          the processing is necessary to comply with a legal obligation to which we are subject.

 

5. Disclosure of your information

5.1         We may share your information to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.

5.2         We use both internal computer systems and third party computer systems to hold information that you provide or that we collect. Our internal computer systems are based in the UK. The third party systems that we use include cloud-based IT platforms and providers of support or specialist products/services that may be based and/or process and/or store information in the UK or elsewhere including outside of the EEA. Both our internal systems and our third party computer systems are access controlled such that only our authorized personnel are able to access the information. Our authorized personnel may be based in any of our global locations.

5.3         We may share your information with our insurers and professional advisers or other service providers insofar as reasonably necessary for the purposes of insurances, risk management, professional advice and operational necessity.

5.4         In addition to the third party system referred to above, we engage suppliers and/or subcontractors from time to time to assist us with our business processes and practices, which may include providers of human resources services, marketing consultants, IT consultants. We may share your information with any of these suppliers and/or subcontractors as reasonably necessary for the purposes and on the legal bases set out above.

5.5         We may also be obliged to disclose information under certain laws or by order of court or other competent regulatory body or may be permitted to disclose it under applicable data protection laws.

 

6. Information security and retention

6.1         We are committed to ensuring the security of the information that is entrusted to us and we will take appropriate technical and organisational precautions to secure your information and to prevent the loss, misuse or alteration of your information. We maintain an information security framework which seeks to protect the availability, confidentiality and integrity of all information assets.

6.2         We will keep your information no longer than is necessary for the purpose for which it was collected. However, we may retain your information where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. Typically, we will retain information for a minimum of six years. However, this depends on a number of factors including the type of data, the purpose for which we hold it and our regulatory and legal obligations attached to this.

 

7. Your rights

7.1         The rights that you have under data protection law are summarized below. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

7.2         Your principal rights under data protection law are:

Right to access

 

You have the right to ask us for a copy of any personal data that we hold about you. This is known as a “Subject Access Request”. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.

Right to rectification

You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed. Please let us know if the personal information that we hold about you needs to be corrected or updated.

Right to be forgotten

You have the right to the erasure of your personal data without undue delay.

Right to restrict processing

You have the right to restrict the processing of your personal data.

Right to object to processing

You have the right to object to the continued use of your data for any purpose for which the lawful basis is our or a third party’s legitimate interests unless there are demonstrable overriding legitimate interests.

Right to object to direct marketing

You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

Right to data portability

To the extent that the legal basis for our processing of your personal data is (i) consent or (ii) that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

Right to complain

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

Right to withdraw consent

To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

 

7.3         The rights set out above do not apply in all circumstances and are subject to certain exclusions.

7.4         You may exercise any of your rights in relation to your personal data by contacting our Data Protection team at Aldermary House, 10-15 Queen Street, London EC4N 1TX or by email at dataprotection@greshamtech.com.

 

8. Our details

8.1         This Website is owned and operated by Gresham Technologies plc.

8.2         We are registered in England and Wales under registration number 01072032 and our registered office is at Aldermary House, 10-15 Queen Street, London EC4N 1TX.

8.3         You can contact us:

(a)          by post, to the postal address given above;

(b)          using our Website contact form; or

(c)          by email using the email address published on our Website from time to time. For questions or comments regarding this Privacy Notice, please use dataprotection@greshamtech.com.