I’m an individual and have a question about my data

We currently receive enquiries from individuals that our customers have been interacting with, so we thought it would be helpful to expand on the role we play, and whether we'll be able to manage your request for information.

Many car rental companies use our ID verification service, which helps them to identify you when hiring a car. The car rental companies determine the result of these checks by using their own ‘risk scorecard’ and this decides if you pass or fail. GBG does not create or hold an identity score for you. If the car rental company says they are unable to find you on GBG’s system, you need to speak to them to see if you can use any other form of identification. They should have discussed with you the option of providing paper documents as an alternative method to verify your identity.

If you're not having success with your local branch, then please contact their customer service line.

Why can’t GBG help?

The service is encrypted, so GBG have no visibility of the data our customers input or the response they receive. As mentioned above, each customer defines their own risk scorecard, this is not something GBG have visibility of, nor can we influence it.

A common occurrence we have been made aware of by individuals trying to rent a car but being told they’ve failed the ID check is they have a very small data footprint, e.g.:

  • They don't have credit cards/loans, etc.
  • They're not on the Open Register. You might know the Open Register by its old name “Edited Electoral Roll”, which many individuals have chosen to opt out of, so your name/address won't appear in the public list.

It’s important to note that GBG is not a Credit Reference Agency. Our customers complete an ID check that does access information held by Credit Reference Agencies such as Experian and Equifax. This check does not leave a footprint and will not impact your credit rating. To understand what data a Credit Reference Agency holds on you, you must contact them directly. More information can be found here.

It's likely you've engaged with one of our customers. You should be able to identify who by the company name after GB Group, which is on the soft footprint on your credit report. Sometimes the company has a number of trading names, so may choose to use their registered company to complete the search.

This can be displayed as:
GB Group - (name of company who conducted search) e.g. “GB Group – ABC Company”.

If you don’t believe you've had any dealings with the company named, or one of their subsidiaries, you'll need to contact them directly in order to notify them you haven't transacted with them, and to inform them someone may have used your details fraudulently. They will have a department set up to deal with this type of query.

Alternatively, you can contact the credit report provider to request the removal of the search.

Why does GBG show on my credit report?

GBG plc offers an electronic identity verification service to organisations who wish to verify the identity of individuals as part of a customer registration process.

Our terms and conditions with these organisations stipulate they must have informed those individuals on whom searches are conducted. This is usually held within the company’s Terms & Conditions of trade that an individual would normally agree to as part of the sign up process.

The searches are conducted at the request of our customers in respect of a service transaction, or proposed transactions, and are purely for the purpose of verifying your identity and not a credit check. This is a requirement placed on many organisations who need to comply with legislation pertaining to Anti Money Laundering (AML) regulations. 

These searches do not have an impact on your credit file and would not be seen by a company performing a credit check.

Why can't GBG help?

The service is encrypted, so GBG have no visibility of the data our customers input or the response they receive. Each customer has defined their own risk scorecard, they decide what checks (data) to search against, and then make a decision about you based on the results returned.  This is not something GBG have visibility of, nor can we influence it.

One of our customers who you have been engaging with will have carried out a check as part of a recent transaction, e.g. mobile phone contract change, internet purchase, opening of an online account, gaming, financial transactions, hotel bookings, etc. This check is to ensure the bank details you provide are valid, to allow the smooth set-up of any arrangement you may have with them.

Our terms and conditions stipulate our customer must have informed you they were conducting a search and what would happen.

No money will be taken as this will remain as a pending payment.

This payment will be removed by the bank within 5-7 working days from when it first appeared on your account.

Why can’t GBG help?

The service is encrypted, so GBG have no visibility of which customer carried out an ID check against you through our identity verification service. 

There are many reasons you may have received a call for another individual, for example:

  • There was a keying error when the information was entered by our Customer/Data Partner
  • It could have been deliberately entered incorrectly by another individual
  • The number could have previously belonged to another individual
  • An individual may have provided contact details belonging to their partner or another family member

Click here to securely log a request for GBG to arrange for this incorrect data to be removed.

GBG is more than happy to consider a right to be forgotten, and you can submit your request via phone or in writing. We have 30 days to respond.

It’s worth highlighting, GBG hold limited information where we are a Data Processor, so it’s likely we will need to pass your request onto our Customer or our Data Partner. Before submitting a request, please read the section on this page about GBG as a Processor to understand the role GBG play.

The right to erasure is not absolute and only applies in a number of circumstances:

  • We no longer need your data
  • You consented to the use of your data, but have now withdrawn consent
  • You have objected to the use of your data, and your interests outweigh those of GBG
  • Where you believe we have collected or used your data unlawfully
  • We have a legal obligation to erase your data
  • The data was collected from you as a child from an online service

More information on this right can be found on the ICO’s website, here.

Click here to view our contact details.

GBG is more than happy to consider a right to object to/restrict processing, and you can submit your request via phone or in writing. We have 30 days to respond.

It’s worth highlighting, GBG hold limited information where we are a Data Processor, so it’s likely we will need to pass your request onto our Customer or Data Partner. Before submitting a request, please read the section on this page about GBG as a Processor to understand the role GBG play.

More information on this right can be found on the ICO’s website, here.

Click here to view our contact details.

GBG does not process data based on consent. 

GBG does not share data with or from third parties based on consent as we do not believe this to be a viable, lawful means of doing so.

If you believe another organisation is processing data based on consent, please contact them directly.

GBG largely operates as a Data Processor on behalf of our Customers or Data Partners, so your request to transfer your data must be made to the Data Controller who will assess your request, and where appropriate facilitate this for you.

GBG largely operates as a Data Processor on behalf of our Customers or Data Partners, which means we don't gather the data directly, nor are we able to update it. 

What this means in practice, is that we check data we hold for our Data Partners, and if it's incorrect, we're happy to pass the message on to them. However, you still need to contact the company you are dealing with to correct their database.

It’s worth highlighting, we don't always have visibility of what data is held, for example Customer data is encrypted in our ID verification service so we can't see what record was input or the result returned. For our Data Partners, we do hold some data locally, with the majority of data held by the Data Partner, which means we have no visibility of what they hold.

If we do hold data on behalf of our Customers or Data Partners, we are unable to update or change it in any way as we're not the Data Controller, but we can suppress the incorrect data so we don’t share this incorrect record again. The reason why we can’t change it is if the Data Partner didn't update the record or changed it, then GBG’s update process would be overwritten in the new file provided by the Data Partner.

When challenging the accuracy of your data that you want corrected. You should:

  • State clearly what you believe is inaccurate or incomplete
  • Explain how the organisation should correct it
  • Where available, provide evidence of the inaccuracies

More information on this right can be found on the ICO’s website, here.

Click here to view our contact details.

Before submitting a subject access request, please read the section on this page about GBG as a Data Processor, to understand if you should submit this to us or to one of our customers.

Submitting a Subject Access Request

GBG has 30 days to respond from receipt of your request. For more information on time limits, the ICO has some guidance here.

Please include:

  • Your name and contact details
  • Any information to identify or distinguish you from other people with the same name
  • Any details or relevant dates that will help identify what you want

Please send your request to:

Data Protection Officer
GB Group PLC
The Foundation
Heronsway
Chester
CH4 9GB

Or, email us.

Please read the relevant FAQ before submitting a request to understand if it's something we can help you with, plus they will provide guidance on timing.

Other requests to exercise your rights can also be made via phone or in writing.

Please write to:

Data Protection Officer
GB Group PLC
The Foundation
Heronsway
Chester
CH4 9GB

Or call us on 0161 909 6713, or email us.

Under the General Data Protection Regulation (GDPR), you may have heard of the term “Data Controller” and “Data Processor”. A Data Processor operates on the instructions of the Data Controller, which is predominately GBG’s role in relation to our products/services.

Responding to an individual’s rights is the responsibility of the Data Controller, which is typically GBG’s Customer, and in some cases, GBG’s Data Partner. 

A Data Partner is an organisation who gathers data about you, for the benefit of third parties, for example a Credit Reference Agency.

GBG as a Processor

GBG does not determine the purposes for which, or the manner in which personal data is processed. This is determined by two parties: GBG’s Data Partner and GBG’s Customer.

GBG does not have any overall control over the ‘why’ and the ‘how’ of a data processing activity. We operate under the instructions of our Customer/Data Partner.

The collection of the personal data at the point of capture and the legal basis for doing so is the responsibility of our Customer/Data Partner. 

GBG has no power to influence the collection of personal data or the purpose of any subsequent processing – these decisions are made by our Customers/Data Partners. This information should be made available to you in a transparent manner, for example in their Fair Processing Notice/Privacy Policy.

If GBG receive a subject access request, this will be passed to the Data Controller (Customer/Data Partner) as we do not have full visibility at an individual level of the evidence in relation to data collection.

GBG as a Controller

GBG is a Business to Business organisation, which means we have limited dealings directly with individuals. The data we hold as a controller is gathered during the course of our business activity, for example:

  • You may have enquired via our website or through a GBG team member
  • You may have applied for a role with GBG
  • You may be employed by one of our customers or suppliers
  • You may have shares in GB Group PLC

For full information on this, please see our Privacy Policy.