Introduction

This is the privacy policy of Grosvenor Technology Limited (“we”). We are legally required to provide you with certain information because we process your personal data. Grosvenor Technology Ltd is committed to being transparent about how it collects and uses that data to meet its data protection obligations. This policy (together with our terms of use and any other documents referred to on it) sets out the basis on which any personal data we collect regarding you, or that you provide to us, will be processed by us.

This privacy policy applies to the personal data that is collected via this 1) website, 2) events, 3) third parties and 4) the process of selling our product and services.

This privacy policy does not cover the personal data collected and processed on our clocks or terminals when used to verify the identity and clock on and clock off an employee of a company.

You should refer to the Privacy Policy of your Employers to understand how your personal data is processed with these devices.

If you have a questions and they are not answered by this Privacy Policy please contact privacy@grosvenortechnology.com, we will try to answer your questions.

How we process personal data is regulated by UK law, and the UK Regulator is the Information Commissioner’s Office know at the ICO, https://ico.org.uk/. We have built a glossary of terms which can be found at the end of the document to help you understand their meaning, where possible we use the definition in the legislation. To understand how to secure your personal data we have written a section called You and your Personal Data, keeping it safe.

This privacy policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage, it is only for Grosvenor Technology Limited UK, if you are in the US please use https://gtclocks.com/contact/privacy-policy/.

We have a Data Protection Officer and they can be contacted on privacy@grosvenortechnology.com

Purposes of processing personal data

Grosvenor Technology Ltd Limited, Unit S, Fulcrum Business Centre, Vantage Way, Poole BH12 4NU – Company No 02412554 (“we”, “us” or “our”) are the Data Controller, we determine the purposes and means of the processing of your personal data. You are called the user (“you” or “your”) or the Data Subject. You will often see the term Data Subject used, it means the person who the personal data belongs too and describes.

This website is for prospects, customers, and enabling the sales process. Once a sale has been made there will be additional personal data collected to enable the sales and support process of the products as part of the contract. Ex-customers if they respond positively to our contact will not be deleted (as per the retention schedule).

To be clear the way the personal data can be collected by us, is 1) during the pre-sales, 2) sales, and 3) after-sales stages of purchase of products and/or services offered by us; 4) from correspondence with you, your organisation, your organisation’s contractors subcontractors or representatives; or 5) through meetings, whether general or sales or other such visits to your organisation premises and 6) registering on this website.

At some events we may scan your badge so transferring a copy of your personal data to us, this is part of the pre-sales activity.

The following table explains the purposes we process personal data for, the types of Data Subject, the types of personal data, the lawful basis and our retention period.

Purpose Data Subject Data Types Lawful Basis Retention Period
Keep you informed of our Products and Services (marketing) Prospect Personal and Contact Details Consent 6 months after last positive response
Keep you informed of our Products and Services(marketing) Customer Personal and Contact Details Consent 6 months after last positive response and your company has a contract with us
Keep you informed of our Products and Services (marketing) Ex-Customer Personal and Contact Details Consent 6 months after last positive response and your company no longer has a contract with us
Invitations to marketing events and product launches or updates Prospect Personal and Contact Details Consent 6 months after last positive response
Invitations to marketing events and product launches or updates Customer Personal and Contact Details Consent 6 months after last positive response and your company has a contract with us
Invitations to marketing events and product launches or updates Ex-Customer Personal and Contact Details Consent 6 months after last positive response and your company no longer has a contract with us
Support for Products and Services under contract Customer Personal and Contact Details Contract 6 months after last positive response and your company has a contract with us
Create and manage user accounts on the website Prospect Account details Legitimate interests 6 months after last positive response
Create and manage user accounts on the website Customer Account details Legitimate interests 6 months after last positive response and your company has a contract with us
Create and manage user accounts on the website Ex-Customer Account details Legitimate interests 6 months after last positive response and your company no longer has a contract with us
Deliver our products or services Customer Personal and Contact Details Contract 6 months after last positive response and your company has a contract with us
Improve our products and services Prospect Personal and Contact Details Consent 6 months after last positive response
Improve our products and services Customer Personal and Contact Details Contract 6 months after last positive response and your company has a contract with us
Improve our products and services Ex-Customer Personal and Contact Details Consent 6 months after last positive response and your company no longer has a contract with us
Send administrative information Prospect Personal and Contact Details Legitimate interests 6 months after last positive response and your company no longer has a contract with us
Send administrative information Customer Personal and Contact Details Contract 6 months after last positive response and your company has a contract with us
Send administrative information Ex-Customer Personal and Contact Details Legitimate interests 6 months after last positive response and your company no longer has a contract with us
Produce and send invoice Customer Personal, Contact Details, and Product details Contract 7 years after last positive response and your company has a contract with us
Invoice debt collection Customer Personal, Contact Details Product details Contract 7 years after last positive response and your company has a contract with us
Respond to inquiries and support questions Prospect Personal and Contact Details Consent 6 months after last positive response
Respond to inquiries and support questions Customer Personal and Contact Details Contract 6 months after last positive response and your company has a contract with us
Respond to inquiries and support questions Ex-Customer Personal and Contact Details Consent 6 months after last positive response and your company no longer has a contract with us
Request user feedback to improve user experience Prospect Personal, Contact,  and Account Details Legitimate interests 6 months after last positive response
Request user feedback to improve user experience Customer Personal, Contact,  and Account Details Legitimate interests 6 months after last positive response and your company has a contract with us
Request user feedback to improve user experience Ex-Customer Personal and Contact Details Legitimate interests 6 months after last positive response and your company no longer has a contract with us
Post customer testimonials Customer Personal, Contact,  and Account Details Contract 6 months after last positive response and your company no longer has a contract with us
Enforce the terms, conditions and policies of the website Prospect Personal, Contact,  and Account Details Legitimate interests 6 months after last positive response
Enforce the terms, conditions and policies of the website Customer Personal, Contact,  and Account Details Legitimate interests 6 months after last positive response and your company has a contract with us
Enforce the terms, conditions and policies of the website Ex-Customer Personal, Contact,  and Account Details Legitimate interests 6 months after last positive response and your company no longer has a contract with us
Respond to legal requests Prospect Personal, Contact,  and Account Details Legal obligation 6 months after last positive response
Respond to legal requests Customer Personal, Contact,  and Account Details Legal obligation 6 months after last positive response and your company has a contract with us
Respond to legal requests Ex-Customer Personal, Contact,  and Account Details Legal obligation 6 months after last positive response and your company no longer has a contract with us
Respond to legal requests from the Financial Authorities, Customer Personal, Contact,  and  Product details Legal obligation 7 years after purchase as per standard UK accounting requirements
Respond to legal requests from the Financial Authorities Ex-Customer Personal, Contact,  and Account Details Legal obligation 7 years after purchase as per standard UK accounting requirements
Prevent cybercrime and secure your personal data Prospect Personal, Contact,  and Account Details Legal obligation 6 months after last positive response
Prevent cybercrime and secure your personal data Customer Personal, Contact,  and Account Details Legal obligation 6 months after last positive response and your company has a contract with us
Prevent cybercrime and secure your personal data Ex-Customer Personal, Contact,  and Account Details Legal obligation 6 months after last positive response and your company no longer has a contract with us

A positive response is defined one of these 1) you respond to an email, text or call, 2) attendance at an event, 3) purchase of product, and 4) log on to you user account

Personal Data Processed

The following personal data type are processed by us, the first three within our 1) web platform, 2) Microsoft  365, 3) Salesforce and the last is on 4) our Financial Systems:

Type of Personal Data Explanation
Personal details Title, Full Name, Company, role in organisation.
Contact details Mobile number, email address, address (company), country of residence, contact preferences.
Account details User name, unique user ID, password, that are unique to you using the website.
Product details Details of products and services purchased, including company  identifier and monthly (as per the contract).

We process no special types of personal data.

Managing personal data

We do not transfer your personal data to any other third parties. We have Data Processors, processing the data on our written instructions and they are located in the Western Europe if you are non US based customer. US based customer are billed from the US. We transfer personal data under an SCC to Mailchimp located in the US to send out emails.

Personal data is stored in the UK & Western Europe across web servers, email servers Microsoft  365, and a CRM system, Salesforce.com.

We work very closely with our American colleagues located in the US, if they process the personal data it is transferred under an SCC (Standard Contractual Clause) between the two companies.

Only staff who need to process your personal data have access to it.

We may use any aggregated data derived from or incorporating your Personal Data after you update, but not in a manner that would identify you personally. Once the retention period expires, Personal Data shall be deleted, but not this aggregated data.

The right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after the expiration of the retention period.

All aspects of processing personal data is within an ISO27001 framework and we have been certified.

Data transfer and storage

Depending on your location, data transfers may involve transferring and storing your information in a country other than your own. Our servers are located in the UK & Western Europe.

The rights and freedoms of users.

You have a set of rights and freedoms under 2018 UK Data Protection Act these are:

Rights and Freedom How to exercise this right
Right of access by the data subject Contact privacy@grosvenortechnology.com with SAR in the subject line and you will be sent instructions.
Right to rectification Contact privacy@grosvenortechnology.com with RECTIFICATION in the subject line and you will be sent instructions.
Right to erasure Contact privacy@grosvenortechnology.com with ERASURE in the subject line and you will be sent instructions.
Right to restriction of processing Contact privacy@grosvenortechnology.com with RESTRICTION in the subject line and you will be sent instructions
Right to data portability Contact privacy@grosvenortechnology.com with PORTABILITY in the subject line and you will be sent instructions
Withdrawal of consent Where consent is the lawful basis you can withdraw your consent via your account settings or contact privacy@grosvenortechnology.com with CONSENT in the subject line and you will be sent instructions

You have a right to complain about our data processing to the local country Supervisory Authority and they are the ICO and can be found here : https://ico.org.uk/

Once you have made a request and identified yourself we have one month to respond, or request more time if we do not in addition to complaining to the ICO you have the right to a judicial remedy through the UK courts.

Privacy of children

We do not knowingly collect any Personal Data from children under the age of 13. If you are under the age of 13, please do not submit any Personal Data through our Website.

Newsletters

In compliance with the legislation, all e-mails sent from us will clearly state who the e-mail is from and provide clear information on how to contact the sender and unsubscribe. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails or by contacting us. However, you will continue to receive essential product and

Information security

We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We maintain administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of Personal Data in its control and custody. However, no data transmission over the Internet or wireless network can be guaranteed, especially free Wi-Fi. Therefore, while we strive to protect your Personal Data, you acknowledge that (i) there are security and privacy limitations of the Internet which are beyond our control and (ii) any such information and data may be viewed or tampered with in transit by a third-party, despite best efforts.

Personal Data Breach

In the event we become aware that the security of the Grosvenor Technology Website has been compromised or users Personal Data has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a personal data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law. When we do notify you, we will send you an email.

Legal disclosure

We will disclose any data we collect, use or receive if required or permitted by law, such as to comply with a subpoena, or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. In the event we go through a business transition, such as a merger or acquisition by another company, or sale of all or a portion of its assets, your user account, and Personal Data will be among the assets transferred.

Changes and amendments to this privacy policy

We may update this Privacy Policy from time to time in our discretion and will notify you of any material changes to the way in which we treat Personal Data. We may also provide notice to you in other ways in our discretion, such as through contact information you have provided. Any updated version of this Privacy Policy will be effective immediately upon the posting of the revised Privacy Policy unless otherwise specified. However, we will not, without your informing of the legal basis, add a new purpose or use your Personal Data in a manner materially different than what was stated at the time our Personal Data was collected.

Acceptance of this policy

You acknowledge that you have read this Policy and agree to all its terms and conditions. By this website you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorized to use or access this Grosvenor Technology Website and its Services.

Contacting us

If you would like to contact us to understand more about this Policy or wish to contact us concerning any matter relating to individual rights and your Personal Information, you may send an email to privacy@grosvenortechnology.com .

Web Cookies and Tracking

The organisation website [www.Grosvenortechnology.com] uses cookies to better the users’ experience while visiting the website and remember preferences. As required by legislation, we use a cookie control preference system, this allows the user to give permission to use cookies, or not (deny use), and allow saving of cookies on their computer or device.

Cookies are small files saved to the user’s computer’s browser and hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored and faster experience within this website.

Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors or use the cookie control system if available upon their first visit.

All browsers have help text like this for Googles chrome https://support.google.com/chrome/answer/95647?hl=en-GB&co=GENIE.Platform%3DDesktop  which also explains how to delete cookies from your device.

Similar page for Microsoft edge can be found here: https://support.microsoft.com/en-us/search?query=enable%20cookies%20in%20edge and Mozilla Firefox here https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox .

To enable or disable cookies – with Google Accounts https://support.google.com/accounts/answer/61416?hl=en

To block or allow cookies in Microsoft https://support.microsoft.com/en-gb/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d

To enable and disable cookies that websites use to track your preferences in Firefox]https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop?redirectslug=enable-and-disable-cookies-website-preferences&redirectlocale=en-US

For Safari web settings on your iPhone, iPad, and iPod touch [Safari] https://support.apple.com/en-gb/HT201265

To get a Google Analytics Opt-Out Browser Add-On https://tools.google.com/dlpage/gaoptout

For general information about cookies and how to disable them, please visit https://www.allaboutcookies.org/

Mobile devices are now allowing more user control of apps monitoring cookies and other app use, we suggest you run the latest operating systems and enable them to stop monitoring of you internet usage.

Email Mailing List and Marketing Messages

The organisation utilises both email and an EMS (email marketing service) to provide information to customers and contacts, in addition to providing specialised marketing materials about projects. Email details are collected, processed, managed and stored in accordance with the regulations above.

Media Files and Downloads

Any downloadable documents, files or media made available on this website are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available users are advised to verify their authenticity using third-party anti-virus software or similar applications.

External Website Links and Third Parties

The organisation looks to only include safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links. We do not own and therefore cannot verify the authenticity of externally linked contents. Web users should note they only click on external links at their own risk.

Glossary of Terms

Definitions (Where possible the definitions are taken from the legislation)

Term Definition
Biometric Data ‘Biometric data’ means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data.
Data Controller ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.Grosvenor Technology Limited is the Data Controller.
Data Processor ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Data Subject Data subject’; an identifiable natural person is one who can be identified, directly or indirectly. It has to be a living person
Personal Data ‘Personal Data’ Means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing ‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Personal Data Breach ‘Personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Restriction of Processing ‘Restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future.

 

You and your Personal Data, keeping it safe

Thank you for reading this section, we care about keeping your personal data safe and secure. In this section we would like to explain some of “facts of life” about personal data that should help you when accessing and using your personal data. We are going to try and answer some important questions for you.

To start with, what is personal data?

Personal data is any information or combination of information that can be used to identify you, and that is defined in law. It also includes not just information held now, but any information that might be held in the future and the combinations of information that can be used to identify you.

Whose data is it?

Your personal data belongs to you and you “lend” it out for processing so other people or organisations can provide products or services to you. The length of time you lend it out can be for the time whilst they provide you the product or service, other lengths of time can be defined in law, or what’s reasonable and in a very few small cases it can be until you die, for example for with the NHS or Taxman.

Why is it so important?

Your personal data has a value, a monetary value now, but a potential value in the future, if misused. For example your personal data can be used to steal your identity, and set up a bank account, or even get illegal immigrants into this country on your passport data, it can be worth many thousands of pounds. The top three ways it can be used against you are, 1) discrimination, 2) identity theft or fraud, and 3) financial loss. There are other ways your personal data can be used against you, but it all results in harm against you personally.

Personal data can be classified into types of personal data, and the impact or the risk to on you if gets misused, here is a simple table to help you:

Types of personal data Examples of the Data Risk and explanation
Personal details, Contact details, Account details Title, Full Name, Company, role in organisation Mobile number, email address, address (company), country of residence, contact preferences User name, unique user ID, password, that are unique to you using the website Low risk – it is often in the public domain and needs to be combined with other personal data to become threat, can cause distress
Personal communication data Name, email address, mobile number Low risk – it is often in the public domain and needs to be combined with other personal data to become threat, can cause distress
Personal healthcare data Health status, covering physical or mental health, medical condition, or information on the provision of health care services Very high risk – can cause discrimination
Personal racial/ethnic data Racial, ethnic or family background Very high risk – can cause discrimination, resulting in financial loss, reputational damage and distress
Personal financial data Credit card number, bank account number, card security code High risk – identity fraud, financial loss, reputational damage and distress
Personal identity data Passport, Driver’s License, Personal ID Very High risk – identity theft or fraud, financial loss, reputational damage and distress

As a result you should keep all personal data secure, but some personal data more secure than others, and be very careful giving digital copies to friends and posting it on social media. It may be easy to do, but please be careful, once it is out there it may be out there forever and could harm you for many years to come.

But what do you do in this world where everyone is asking for your personal data? Here are some ideas to protect you from a) discrimination, b) identity theft or fraud, c) financial loss and other types of harm.

Always think in the digital world that you never will be able to get it back if you post it on social media.

Don’t ever post copies of ID cards or Passports on social media, and if some company asks for this, ask why. Keep them more secure than your bank cards.

Don’t post copies of personal data on your health and any healthcare, or ethnicity on social media, unfortunately it will often be used to discriminate against you. Only give this data to people who can justify processing it.

Always update your pc smartphone or device with the latest operating system to make sure it is secure.

Try not to use free wi-fi to update any apps or key in sensitive data about yourself, unfortunately cyber criminals have been able to hack this and steal your data as you key it in on free wi-fi.

Keep your personal data safe, it’s valuable, if you don’t, how can you expect others to!