GBG (The Data Controller) will assess an individual’s right in relation to their request “To Be Forgotten” and if upheld personal data will be suppressed from our Products & Services. The GBG Suppression List will also be used where an individual has requested restriction or processing or rectification, so that in the event further personal data is passed to GBG to process from a new data supplier, then we can honour your initial request to cover new data sources.
We appreciate this could be confusing, therefore we have documented the approach we apply below, so we can be as transparent with you as possible.
Before we explain further, it’s important to highlight GBG only share your personal data with organisations (our customers) who have a relationship with you or where they have a lawful reason. Our customer use of our Products & Services includes the tracing of individuals, verification and/or validation of the identity of individuals for the purposes of, but not limited to, anti-money laundering regulations, national security, crime prevention and detection, anti-fraud processes, asset recovery and asset reunification.
GBG have developed these Products and Services to make it easy for organisations to access your information where they have a lawful reason for doing so. We always match it to personal data they provide for you, therefore can assure you, we do not offer list generation services or sell your data for marketing purposes. More information can be found in GBG’s Products and Services Privacy Policy (linked if document is electronic, If not, please visit www.gbgplc.com and access the Products & Services Privacy Policy via the link at the bottom of the page).
GBG source your personal data from data suppliers. These organisations typically provide it to a number of companies other than GBG, so it is also best to ensure your data is suppressed at source.
It is important to note GBG, the Data Supplier and GBG’s Customers are separate independent Data Controllers. This means GBG cannot control or influence how they choose to respond if you have or do make a data subject rights request to them.
GBG will action the suppression as quickly as possible, although it can take up to one month for your personal details to no longer be available for customers to access due to the data build process used.
GBG’s Suppression List will match based on Name & Postcode, with additional attributes that we are aware of, such as Landline/Mobile/Email/Date of Birth also recorded. This will be an exact match, so if Kathryn Jones is recorded and we receive a Kate Jones at the same address, we would then only introduce Kate Jones to the database, as there is no way for us to determine Kathryn and Kate are the same person.
If you wish to add other forenames to the Suppression List by which you are known, then we must be notified. These must be similar or there must be other evidence (such as a passport or driving licence to prove your identity) so we are confident it is for the same person, e.g. Kathryn could be Kate, Katy, Katie, Kat, Kath or Kathy, or your name may be Alison Kathryn, but you are known by your middle name.
In these circumstances please complete our webform https://www.gbgplc.com/contact/general-enquiry/individual-data-enquiry/ or email compliance@gbgplc.com with the specific requirement for us to action.
We sometimes receive requests from individuals with only an email address. Without further information (name and address), we are unable to add this to GBG’s Suppression List.
GBG’s Suppression List is applied to the following data GBG host. This includes:
PEPs & Sanctions – this data refers to Politically exposed persons (PEPs) and sanctioned individuals. Regulated businesses legally must run PEPs and sanctions checks as part of their due diligence when onboarding individuals to comply with KYC and AML requirements.
Sanctions are measures put in place to restrict the activities of individuals or countries. Governments and international organizations maintain and publish these lists, which are used to identify and protect entities against individuals engaged in illegal activities.
A PEP is someone who is seen as being at a higher than average risk of money-laundering resulting from bribery or corruption due to them holding a high profile position, or proximity to someone in a political position. This could include individuals who are governmental and parliamentary positions, high ranking members of the armed forces and members of high-level judicial bodies.
GBG has no control over the data presented when an organisation screens against PEPs & Sanctions, therefore cannot suppress this data.
GBG operate a model of continuous improvement as part of our privacy management programme, so where we feel we can make further enhancements, we will.