GB Group Plc (‘GBG’) Website Privacy Policy

Terms and privacy GB Group Plc (‘GBG’) Website Privacy Policy

GB Group Plc (‘GBG’) Website Privacy Policy
GB Group Plc (‘GBG’) take the protection and security of your personal information very seriously and this policy sets out our responsibilities under The General Data Protection Regulation 2016 (‘GDPR’) and other applicable laws in England and Wales relating to the processing and security of personal information.

This policy explains to you how GBG uses and secures your personal information whilst you are using the GBG website or when you enter into a contract with GBG to provide services to your organisation.

GBG are global specialists in identity intelligence we have customers located in over 70 countries. GBG uses data under licence to support our customers with their business needs, such as locating people, identity verification, reducing fraud and marketing solutions.

GBG has offices in 24 locations; our registered head office is located within the United Kingdom.

GB Group Plc
The Foundation
Herons Way
Chester Business Park
United Kingdom

Company Registration Number: 02415211

Our Data Protection Officer is Kate Lewis, please contact Kate if you have any questions about how your personal information is used by GBG, or 01244 657277.

GBG review our Privacy Policy on an annual basis, sooner if changes to regulation require or GBG changes the way it processes personal information.

This policy was last updated on 26th February 2018.

Why do we collect personal information?

GBG process personal information for its own legitimate business purposes, which include the following:

  • Where the processing enables GBG to enhance, modify, personalise or otherwise improve our products, services and communications for the benefit of our customers.
  • To better understand how individuals interact with our websites.
  • To enhance the security of our network and information systems.
  • To determine the effectiveness of our promotional campaigns.

What personal information do GBG collect?

Browsing our website: When you browse our website, we will collect the Internet Protocol (IP) address of the PC you are using, this data is anonymous and we cannot identify you at this point. We collect this data so that we can identify where customers are dropping out of the website and to identify areas of improvement to make the experience more engaging for our customers.

We use Cookies on our website so please see the Cookies section for more information.

Requesting a brochure: When you request a brochure from us, we will collect the following information from you:

  • Email address (so that we can send the brochure to you)
  • The name of your organisation (so that we can identify which sectors are showing the most interest in our products/services)
  • Your IP address will no longer be anonymous and we will be able to identify you

Requesting a call back: when you request a call back from us, we will collect the following information from you:

  • Your name (so that we contact the right individual)
  • Your contact telephone number (so that we contact the right individual)
  • Your reason for contact (this is so that we can direct your call back to the right team who will respond to you directly)
  • Your IP address will no longer be anonymous and we will be able to identify you

Requesting further information from us: Where you request further information from us by completing a form on our websites in relation to our products and services, your details will be added to our marketing database to receive marketing from GBG relevant to the products and services you have an interest in. We will collect the following information from you:

  • Your name (so that we market to the right individual)
  • Email address (so that we send the marketing to right place)
  • The marketing preferences indicated by yourself, such as your areas of interest and how you want to be
  • Your IP address will no longer be anonymous and we will be able to identify you

You have the right to object to marketing: can object to receive marketing from GBG, by clicking the unsubscribe link contained in the email you have received.

Conference and Events: As a global organisation, GBG attends worldwide events and have marketing team members located around the world. GBG will obtain from the event organiser a delegate list of all attendees who have consented to their personal information being shared with GBG.

Entering into an agreement with GBG: When your organisation enters into an agreement with GBG to provide products and services, we will collect additional information, which is necessary for

  • The performance of the contract we have with your organisation such as billing information
  • Providing service updates related to the product/service GBG are providing to you

All personal information we collect is held electronically within our Customer Relationship Management system (CRM) which is located in the United Kingdom.


Who will we share your personal information with and why?

GB Group Plc (‘GBG’) will share your information with third party service partners, who are acting on behalf of GBG as our data processor, the details are below of whom GBG will share your personal information with and why:

Act-On Software Inc. provide GBG with an email marketing solution, which delivers marketing emails on our behalf. We share the following personal information with Act-On Software Inc.:

  • When you are browsing our website Act-On capture the anonymous IP address
  • At the point that you enter all of the required personal information relating to a brochure request, contact information for marketing, Act-On will receive all of the personal information you provide via the

GBG can assure you that we have taken all technical and organisational measures necessary to protect the personal information, which Act-On may access.

Price Waterhouse Coopers: provide GBG with our Customer Relationship Management (CRM) system and they may access the live system for technical support. GBG can assure you that we have taken all technical and organisational measures necessary to protect the personal information, which Price Waterhouse Coppers may access.e development and technical support of our website this means they may be able to access the personal information contained on the website. GBG can assure you that we have taken all technical and organisational measures necessary to protect the personal information, which the Contact Agency may access.

Marketing and the use of your personal information.

As stated above we use a third party service provider Act-On to manage our email marketing solution. When you receive an email from GBG it will include an unsubscribe link which you can click if you wish to unsubscribe from our marketing lists. We will then add your email address to our suppression list, which will ensure you do not receive any further marketing from GBG.

Please be assured we do not sell your personal information to third party companies for marketing purposes.

Accuracy of your personal information

As part of the account management process GBG will, on a regular basis enquire if the personal information we hold about you is correct. You can also ensure your personal information is correct by:

  • Contacting GBG at
  • Alternatively, if your organisation has an agreement with GBG for the provision of services, you can contact your GBG account manager who will ensure they update your record on our CRM


Transfers outside of the European Economic Area (EEA)

As a global organisation, we have sales teams located all over the world, it will be necessary for your personal information to be transferred to them for account management activities and for marketing purposes. GBG will take all technical and organisational measures to ensure the security of your personal data when processed outside of the EEA.


Security of your personal information

IS027001 Certification
GBG is a global specialist in identity data intelligence for some of the largest organisations in the World, GBG aims to set the highest standards of Information security and in so doing so has developed an Information Security Management System (ISMS) to meet the requirements of the ISO27001:2013 standard. The aim of which is to protect the Confidentiality, Integrity and Availability of GBG and client held information resources and assets, thus safeguarding GBG and its clients from unauthorised access, compromise and or disclosure of data.

PCI-DSS Certification
Some of the services we provide are PCI compliant. Being compliant with PCI DSS means that we are doing our very best to keep our customers valuable information safe and secure and out of the hands of people who could use that data in a fraudulent way. PCI ensure technical and operational strengths to raise the bar on our security

Cyber Essentials Certification
In addition to the above, we have services that are Cyber Essentials accredited, this helps prevent the vast majority of cyber-attacks. Having a Cyber Essentials badge enables us to:

  • Protect our organisation against common cyber threats
  • Demonstrate our commitment to information security

How long do we retain your personal information for and why?

Where we have collected your personal information for marketing purposes we will retain your personal information for as long as you remain subscribed to our mailing lists or until the time when you inform us that you no longer wish to receive marketing from us.


For account management purposes, we will retain the personal information for as long as we have the relationship with your organisation. If GBG no longer has a relationship with your organisation then we will only keep the relevant information such as invoices for audit purposes 6 years after the relationship with GBG has ended.


Once GBG are informed, you are no longer the contact we need to liaise with, or your leave your organisation, we will remove your details from our system.

Your rights under GDPR

GBG are processing your personal information, we do this for our Commercial Benefit and for the benefit of the organisation, you are representing.

As an individual, you may have certain rights under the GDPR regarding the use of your personal information, these are:

  • The right to object – you can object to GBG processing your personal information at any time. Click here to object.
  • The right to be forgotten – you can request that GBG remove your personal information from our systems
  • The right to access your personal information – You have a right to know what personal information GBG hold on you and for what purpose we are processing your personal information this is known as a Data Subject Access Request (DSAR). These requests must be made in writing by either email or letter with photographic identification to confirm your identity.

You can send these requests to or by post to the address noted below. If GBG are unable to comply with your request, GBG will provide you with an explanation:

How to complain

We appreciate that at GBG we do not always get things right and it is regrettable for us as an organisation when we receive a complaint. We take all complaints seriously and can assure you we will do our best to deliver a satisfactory outcome. If you do wish to complain about how your personal information is used by GBG then please write to us at:

Privacy & Data Compliance Team
GB Group Plc
The foundation
Herons Way
Chester Business Park
United Kingdom

Alternatively, you can email us at

GBG will investigate and respond within 10 working days, this allows us time to investigate your complaint thoroughly.

The right to lodge a complaint with the Supervisory Authority
Where you believe that GBG have not taken our responsibilities with your personal information seriously, you have the right to complain to the Supervisory Authority. Their details are:

Information Commissioners office Wycliffe House
Wycliffe House
Water Lane

Telephone number: 0303 123 113 or 01625 545 745 Email: