Privacy Policy T&Cs:

Updated: 29 Feb 2024
1. Introduction
GP Strategic Ltd and its affiliates, subsidiaries and related entities (“Greyprism”, “we, “our”) is committed to protecting the privacy and security of the personal data we collect about end customers and users of our services (“you/your”).
The purpose of this privacy notice is to explain what personal data we collect about you when you use or interact with us via our website (https://www.greyprism.com). When we do this, we are the data controller.
Please read this privacy notice carefully as it provides important information about how we handle your personal information and your rights. If you have any questions about any aspect of this privacy notice you can contact us using the information provided below or by emailing us at enquires@greyprism.com.
2. What is personal data?
‘Personal data’ is any information from which you can be identified, either directly or indirectly. For example, your name or an online identifier.
‘Special category personal data’ is more sensitive personal data and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying someone, data concerning physical or mental health or data concerning someone’s sex life or sexual orientation.
3. Personal data we collect
We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are also subject to the EU General Data Protection Regulation (EU GDPR) in relation to services we offer to individuals and our wider operations in the European Economic Area (EEA). The personal data we collect includes:
Your first name, last name, phone number, email address, organisation and any information contained within your correspondence with us.
Where you enquire about or apply for a role with us please see our Job Applicant Privacy Notice for more information regarding how we process your information for recruitment purposes.
4. How we collect your personal data
We collect most of this personal data directly from you—in person, by email and/or via our website. We generally collect this information through our contact form. However, in limited circumstances we may also collect information from third parties who you have given your consent to.
5. Purposes for which we use your personal data and the lawful basis
When providing services to you, we may use your personal data for the following purposes and on the following lawful bases:
Purpose
Lawful Basis for Processing
Responding to your correspondence
It is in our legitimate interest to respond to enquiries made via our website, by email or any other means.
To provide our services to you as a client
It will be necessary to process your personal data to provide our services to you as a client. Where we do so, it will be on the basis of it being necessary for the performance of a contract.
To contact you, for example;
To advise you of news and industry updates;
To provide you with newsletters, information of relevant content or features of the website to help you make the most of our services and for related marketing purposes. We will only do so if you have submitted your contact details to us for these purposes or otherwise provided your consent.
Depending on the format, content and audience of our messages, our direct marketing will be carried out either in our legitimate interests to inform you of updates, events and information we believe you would be interested in or with your consent.
To improve our website and the overall website visitor and user experience as well as notifying you of any changes to our services and/or the site.
It is in our legitimate interests to ensure your experience using our website and services is optimised and to inform you about potential changes to these services.
To obtain valuable user insights via cookies on our website.
Cookies on our website will only be set with your consent.
Where personal data is processed because it is necessary for the performance of a contract to which you are a party, we will be unable to provide our services without the required information.
6. Sharing your personal data
For some business activities we share your personal data with our carefully selected vendors and third-party service providers, for instance, to store data on our behalf. Where we contract with third party service providers, we ensure that we have entered into appropriate contractual terms to protect the Personal Data we share.
Your personal data may also be shared with third parties in the course of providing our services. In these instances the recipients of your personal data, along with any other required information, will be made available to you.
7. International Transfers
When we collect your personal data, it may be processed outside the UK. This is because the organisations we use to provide our services to you are located in other countries.
We have taken appropriate steps to ensure that where personal data processed outside the UK, it has an essentially equivalent level of protection as it has within the UK. We do this by ensuring that:
Your personal data is only processed in a country which the Secretary of State has confirmed has an adequate level of protection (an adequacy regulation); or
We enter into either International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses (SCCs) (with the UK Addendum) with the receiving organisations and ensure that supplementary measures are also applied, where necessary.
8. How long we keep your personal data
We will retain your personal data for as long as is necessary to provide you with our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints and claims.
At the end of the retention period, your personal data will be securely deleted or anonymised.
9. Security of your personal data
We have implemented appropriate technical and organisational measures to safeguard your personal data and protect it from accidental or unlawful destruction, loss or alteration and from unauthorised disclosure or access.
In addition to the technical and organisational measures we have put in place, there are a number of simple things you can do to in order to further protect your personal information, such as;
Never share a One Time Passcode (OTP).
Never enter your details after clicking on a link in an email or text message.
Always send confidential information by encrypted email where possible this reduces the risk of interception.
If you’re logged into any online service do not leave your computer unattended.
Close down your internet browser once you’ve logged off.
Never download software or let anyone log on to your computer or devices remotely, during or after a cold call.
Secure Online Services
You can easily identify secure websites by looking at the address in the top of your browser which will begin https:// rather than http://.
10. Your rights
You have certain rights in relation to the processing of your personal data, including to:
Request access to your personal data (commonly known as a “Subject Access Request”). This enables you to receive a copy of the personal data we hold about you.
Request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. If you object to us using your personal data for marketing purposes we will stop sending you marketing material.
Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal data to another party (data portability).
Automated decision-making. You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making.
Right to withdraw consent
In the circumstances where you may have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we are permitted by law to do so.
How to exercise your rights
You will not usually need to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. If you wish to exercise your rights, please contact us at enquires@greyprism.com.
11. How to complain
You have the right to lodge a complaint with the supervisory authority, if you believe we are infringing the UK data protection laws or you are concerned about the way in which we are handling your personal data. The supervisory authority in the UK is the Information Commissioner’s Office who can be contacted online at:
Contact us | ICO
Or by telephone on 0303 123 1113
12. How to contact us
If you wish to contact us in relation to this privacy notice or if you wish to exercise any of your rights outlined above, then please address your correspondence to, marked for the attention of the Data Protection Officer:
86-90 Paul Street, London, England, United Kingdom, EC2A 4NE
Alternatively, you can email us at enquires@greyprism.com