GB Group Plc Products and Services Privacy Notice

Last Updated: 8/13/2020

General information and contact details

GBG Group plc and its subsidiary, Loqate Inc., ("GBG", "we", "us" or "our") take the protection and security of your personal data very seriously. This privacy notice sets out the personal information we collect and process about you through our products and services, the purposes of the processing and how you can exercise your privacy rights.

You may be reading this notice because of a link provided by one of our third party data suppliers, one of our customers, or you simply want more information on processing in relation to our products and services.

Where Loqate Inc. collects personal information from you directly, for example, through our website or because you have applied for a job with us, or for information specifically related to Loqate Inc., please see our Loqate US Website Privacy Notice. For information specifically related to GBG Group Plc, please see our Global Website, and choose the applicable Privacy Notice contained in the footer that applies to your specific jurisdiction . You may also scroll down to the bottom of this notice to find direct hyperlinks to the various policies.

Please note that our customers and data suppliers have a separate relationship with you, or will have a lawful reason for processing your data. They are separately required to provide you with information (e.g. through their own privacy notice) about how they collect and process your data.

We have offices in 19 locations, and our registered head office is located within the United Kingdom at:

GB Group Plc
he Foundation
Herons Way
Chester Business Park
Chester
United Kingdom
CH4 9GB

Our Company Registration Number is: 02415211

If you have any questions about how we use your personal data, please contact our Data Protection Officer by email at DPO@gbgplc.com or call + 44 (0) 1244 657277.

We review this privacy notice on an annual basis, sooner if changes to regulation require it or we change the way we process personal data.

This privacy notice covers information in relation to the products and services that we offer globally.

What do we do?

GBG is a global technology organization. Typically, customers use our technology so they can verify the information that you give to them about yourself. We do this by matching third party reference data (which we receive from data suppliers) against the data you give about yourself to our customers. For example:

• You would like to open up a bank account
• In order to open up a bank account for you, the bank (our customer) needs to verify you are who you say you are. This is for a number of reasons, such as the banks to compliance with anti-money laundering regulations and for fraud prevention purposes.
• The bank will then collect personal data from you and passes this to GBG’s technology to process (via our products and services).
• As part of this processing, we may match the data you provided against third party data (from our data suppliers), such as data belonging to Credit Reference Agencies or public sources, such as the voters register.
• We pass a result back to the bank (our customer) on whether we could match your input data against the third party data from our suppliers.
• Our customer can then decide how they will respond to you, e.g. open your bank account, decline your request etc.

More examples are included in the table below describing why we collect your personal data.

What personal data do we collect and why?

The personal information that we may collect about you broadly falls into the following categories:

Category	Examples
Basic information	Name/Address
Attribute	Telephone/Email/Date of Birth
Device	IP, Geocode, DeviceID
Criminal	Convictions data
Financial	Home Ownership, County Court Judgments, Insolvency
Social	Social Networks
Image	Photo on a passport or driving licence

 

Why we collect your personal data depends on the services we provide.

GBG Service	Description of services / why we collect this personal data
Location Intelligence	Address Capture & Verification – we can capture and verify your address globally. Our service aims to create the best, quickest experience when you order online, whilst ensuring the company you are engaging with has everything they need to fulfil your request. For example, it is much quicker for you to enter a postcode and be presented with a list of addresses to select from, as opposed to entering the full address when you are filling out your shipping information at checkout on an online site. There is also the option where the company you are engaging with can verify if you have provided a valid email address or phone number so they can get in touch with you if needed. Some of our customers also take Geocodes, which is a unique identifier for your address, so the delivery company can easily find you to deliver the item you have ordered. Data Cleansing – we are all busy people and it’s often difficult to remember and very time consuming to contact all businesses we engage with if any of our details or preferences change. It is in the best intersts of the business to keep your data up-to-date, which is where we come in. We can help them identify if your details are no longer valid, for example you may have moved, and dependent upon what choices you have made (e.g. providing your new address to one of our data suppliers), we can provide them with your new address. Another example is if someone in your household has passed away, if our customer asks, we can let them know of the deceased's passing, so that our customer can stop seding mail or trying to contact the deceased, which we know can be upsetting.
Identity	Identity & Age Verification – we can capture and verify your identity globally, making it easier for you to transact online. What this includes depends on the organization you are engaging with. For example, we can verify the authenticity of your identity documents or check if you are over a particular age if you want to access a service which has age restrictions. Our customers do this because many of them must meet regulatory requirements and prevent fraud, so we help them to meet their requirements, with you in our mind, to make things as simple and easy as possible. Employee Onboarding – if you are trying to get a job or volunteer, organizations must complete checks on you to ensure they meet their regulatory or moral obligations. For example, we can offer criminal record checks to help ensure known criminals do not interact with your child, or confirm whether a delivery driver has a valid driving licence. Identity Intelligence & Tracing – this is used for law enforcement, asset reunification and debt collection to identify and locate individuals. Where a company has minimal or old information on you, there may be a need to contact you. For example, our product has helped assist police in locating victims who have called for help.
Fraud & Compliance Management	We help our Customers reduce fraud which benefits you by helping to ensure that your identity is protected, you receive goods and services you order, and you get better pricing by avoiding wasted costs that usually get passed onto consumers. With each online order companies must make a decision whether to ship or decline the order. For example, Mary Christmas placed a large food order on the last shipping day before Christmas. Her name triggered fraud indicators: due to her name and timing, the retailer would have normally declined the order. However, the retailer used our service to determine that Mary Christmas was a legitimate customer. Mary Christmas's goods were dispatched and she/her family got to enjoy a lovely Christmas lunch.

Our legal basis for processing personal data

GBG’s need for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

However, please rest assured that we will normally collect personal information where the processing is in our legitimate interests and such collection will not intentionally override your data protection interests or fundamental rights and freedoms. These interests include our legitimate business interests which can provide a societal benefit, such as preventing fraud, crime prevention and detection and try to ensure that only individuals who should have access to services or perform in a particular role are able to do so.

If you have questions about or need further information concerning the basis on which we collect and use your personal information, please contact us using the contact details provided below.

Whom will we collect your personal data from and whom will we share it with and why?

As explained above under What do we do, we receive personal data about you from our customers and data suppliers. We also send your personal data to our customers and data suppliers in order to provide our products and services. Here we set out further details about our customers, suppliers and other categories of recipients.

GBG Customers

We offer our products services to public and private organisations worldwide. These include:

Sector	Examples
Financial Services	Banks, insurance providers
eCommerce	Retail (online shopping), online commerce platforms
Gaming	Online gaming
Consumer Directories	Travel and leisure, media
Public Sector	Law enforcement, local government, education bodies
Utilities	Gas, electricity, water suppliers and switching/price comparison sites

 

GBG Data Suppliers

We work with a number of data suppliers. These include:

Data Supplier	Further information
Government / Public Authorities	These bodies include authorities that provide driving licence information, passport information, citizen identification number, social security number, deceased records, criminal record information, insolvency records (publicly available) or sanctions lists (publicly available).
Regulated Financial Services Organisations / Firms	These entities collect information about your financial status, but this data can also be used to help organizations like us verify your identity by confirming you are who you say you are, and confirm where you live, or whether you have lived at an address. These entities include credit reference agencies (CRAs), which are also known as credit bureaus or consumer reporting agencies. There are 3 CRAs in the US: Equifax, Experian and TransUnion.
Other Regulated Organisations / Firms	These entities provide personal data which can help verify your number or contact you. For example you have made a choice whether or not your landline is included in the public telephone directory.
Commercial Organisations	These entities provide your contact details, such as name, address, telephone number or email address, which we can then use to meet the request you have made to one of our Customers. For example, a business may provide us with the address you used at check out in order to have our technology verify that the address you provided them with is accurate to ensure that your goods are shipped to your location.
Publicly available data, collected by a third party organisation or GBG	These entities provide information about insolvency records, property information, sanction lists, PEPs information, social media / convention online information / deep web / dark web, income index or family situation.
Location data	These entities provide information about geocodes, co-ordinates, postcodes or zipcodes.

 

We may also disclose your personal data to the following categories of recipients:

• to our group companies, third party services providers and partners who provide data processing services to us, or who otherwise process personal information for purposes that are described in this privacy notice;
• to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
• to a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger, acquisition, restructuring or insolvency of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this privacy notice.

How long do we retain your data for in our Products and Services?

We retain personal information we collect from our customers and data suppliers where we have an ongoing legitimate business need to do so (for example, to provide our customers with a service you have requested or for our customers to comply with applicable legal requirements, such as anti-money laundering).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

If you have questions about or need further information concerning how long we keep your personal data for, please contact us using the contact details provided below.

Cross Border Transfers

Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different than the laws of your country.

Our group companies, data suppliers, customers and third party service providers operate around the world. This means that when we collect your personal information we may process it in any of these countries.

However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this privacy notice.

How to contact us if you're not happy

We appreciate that at GBG we may not always get things right and it is regrettable for us as an organisation when we receive a complaint. We take all complaints seriously and can assure you we will do our best to deliver a satisfactory outcome. If you do wish to complain about how your personal data is used by GBG then please write to us at:

Privacy & Data Compliance Team
GB Group Plc
The Foundation
Herons Way
Chester Business Park
Chester
CH4 9GB
United Kingdom

Alternatively, you can email us at compliance@gbgplc.com.

GBG will investigate and aim to respond within 10 working days. This allows us time to investigate your complaint thoroughly.

Your privacy rights

Your rights privacy rights may vary depending on the jurisdiction in which you reside. For more information on your privacy rights, please see your applicable privacy notice located on our GBG Global Website, or please click directly on the hyperlink below that corresponds to your region below:

For GBG Group Plc:

• United Kingdom and Europe
• Australia and New Zealand
• Asia-Pacific

For Loqate Inc.:

• United States
• United Kingdom and Europe
• Germany

Should you believe that none of these policies apply to you, please do not hesitate to contact us directly at compliance@gbgplc.com.