The purpose of this policy is to set out the responsibilities of the group in observing and upholding our position on collection, use and disclosure of personal information and is our principal external facing privacy notice. Please read this policy carefully. It may be updated from time to time, so please you check back regularly to review any changes.
The GTL group comprises of its subsidiaries and affiliates. The “controller” of your personal information (for the purposes of data protection law) will be the GTL company which collected your personal data. However, other GTL group companies may need to use your information from time to time, in accordance with the purposes set out in this Policy.
2. Policy objectives
To achieve this commitment GTL will:
- Process personal information lawfully, and share information about the processing in a concise, transparent, intelligible and easily accessible form.
- Collect personal data for a specific legitimate purpose and not process it any way that is not aligned to that purpose.
- Limit personal information to the purpose for which it is being processed.
- Take every reasonable step to keep acquired personal information accurate and up to date.
- Only keep personal data for as long as is necessary for the purpose for which it is being processed.
- Process personal information in a manner that protects the security of the personal data.
3. Delivering our objectives
People we collect information from
We collect personal information from:
- individual representatives (employees, directors, members etc) of the organisations who are our prospective and current customers (‘customers’);
- individual representatives (employees, directors, members etc) of the organisations who are our prospective and current suppliers (‘suppliers’);
- prospective, current and former shareholders in Keller Group plc;
- visitors to our websites.
Information we collect automatically
When you visit our website, our server automatically collects certain browser or device generated information, including but not limited to your:
- IP address;
- visit eg date, time and duration;
- browser type;
- operating system; and
- page visits.
Information you provide
If you are a customer or supplier, you may voluntarily provide us with personal information (normally limited to basic information, such as your name and contact details) by:
- corresponding with GTL colleagues;
- attending GTL events;
- working with GTL on contracts or other projects.
We may collect other personal information about you when carrying out due diligence checks (eg sanctions checks) on our customers and suppliers, particularly where you are a Director or company owner.
In using our websites, you may voluntarily provide personal information to us in the following ways:
- by signing up for email alerts (including those from our third party partners), newsletters or other forms of communication;
- by completing a ‘Contact us’, ‘Get assistance’, ‘Request a quote’, or similarly labelled forms;
- by registering for an event or webinar;
- by corresponding with us by phone, e-mail or otherwise using the contact details provided on our websites; or
- by applying for a job, work placement or internship online.
Typically, the personal information you give us will include your name, address, e-mail address, phone number, and any personal details required to resolve your inquiry or complaint.
Where you’re applying for a job, work placement or internship, you will be asked to provide additional information, for example, about your education, employment history, right to work, and health, and may be provided with a separate, standalone privacy notice.
Use of personal information
In the majority of cases, use or processing of your personal information will be justified on the basis that:
- you have consented to the processing (for example, where you consent to the placing of cookies on our websites, or where you proactively sign-up for a GTL email alert);
- it is necessary for us to comply with a legal requirement (for example, in relation to certain checks we are required to carry out on prospective customers or suppliers, disclosures we are required to make to tax authorities, or information we are required to keep about our shareholders); or
- it is in our legitimate interests, subject to your interests and fundamental rights. For example, we have a legitimate commercial interest in building good relations with our customers by maintaining customer relationship management databases and contacting our customers from time to time.
We use the personal information we collect to:
- win customer contracts, and then communicate with our customers during their delivery;
- appoint and work with our suppliers;
- allot shares, maintain a register of members, and communicate with those members (through reports, meetings etc)
- improve our websites based on how you and other users interact with them;
- customise or personalise our websites to users’ needs (for example, by showing content or language which is relevant to your geographic location);
- correspond with website users to resolve their queries or complaints;
- manage recruitment, a work placement or internship, including considering applications and making offers;
- provide you with any services you request; and
- send you marketing communications (including newsletters), where it is lawful for us to do so.
Disclosure of personal information and international transfers
We are a group with divisions, businesses and offices throughout the world, so it will be necessary, from time to time, for us to pass your information between different locations internationally. A full list of our locations is available here: http://www.gtlint.com/contact-us.
We may also appoint third party service providers (who will operate under our instructions) to help us provide information or services to you (for example, suppliers of customer relationship management or marketing solutions), or to manage and improve the websites. These third parties may also need access to your information.
We may share your personal information with third parties if we, or substantially all of our or the relevant affiliated company’s assets are acquired by a third party. In this case, personal information held by us about our users may be one of the transferred assets.
We will also respond to requests for information where required by to do so by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on us.
Marketing alerts and emails
We may communicate with you by email to tell you about our products and services, for example, via an email alert or newsletter. If you wish to opt-out of receiving marketing communications, please use the ‘unsubscribe’ link provided in our emails, or contact us directly and we will stop sending you them.
We take the security of the information we collect seriously. We use data storage and security techniques to protect your personal information from unauthorised access, improper use or disclosure, unauthorised modification or unlawful destruction or accidental loss. GTL colleagues and contractors are subject to strict confidentiality obligations.
However, in relation to our websites, it is important to remember that no website can be 100% secure and we cannot be held responsible for unauthorised or unintended access that is beyond our control.
Retention of your information
Generally, we only keep personal information for as long as required to fulfil the purposes for which it was collected. We may keep it longer in some circumstances, for instance, where we’re required to do so to meet legal, tax and accounting requirements. Or so that we have an accurate record of your dealings with us in the event of any complaints or challenges.
Where we have kept your personal information to provide you with marketing material on our products and services, we will only store it as long as you do not opt out of receiving such material from us.
We maintain a data retention policy which we apply to records in our care. If your personal information is no longer required, we will securely delete it.
Our websites may contain links to third party sites. Since we do not control, and are not responsible for the privacy practices of those websites, we encourage you to review them. This policy applies solely to personal information collected by our websites.
Under EU data protection laws, you may have some or all of the following rights in respect of your personal information to:
- get a copy of your personal information together with information about how that personal information is processed;
- rectify inaccurate personal information (including the right to complete incomplete personal information) ;
- erase your personal information (in limited circumstances, where it is no longer necessary in relation to the purposes for which it was collected or processed);
- restrict processing of your personal information where:
– the accuracy of the personal information is contested;
– the processing is unlawful but you object to the erasure of the personal information;
– we no longer require the personal information but it is still required for the establishment, exercise or in defense of a legal claim;
- challenge processing which we have justified on the basis of a legitimate interest (as opposed to your consent, or to perform a contract with you);
- prevent us from sending you direct marketing;
- withdraw your consent to our processing of your personal information (where that processing is based on your consent);
- object to decisions which are based solely on automated processing or profiling; and
- obtain, or see a copy of the appropriate safeguards under which your personal information is transferred to a third country or international organisation.
In addition to the above, you have the right to lodge a complaint with your local supervisory authority for data protection.
In relation to all of these rights, please contact us using the details below. We may request proof of identity and we reserve the right to charge a fee where permitted by law, for instance if your request is unfounded or excessive. We aim to respond to your requests within all applicable timeframes.
This policy applies to all legal entities which GTL group wholly owns, has a majority stake in or overall operational control of. As well as applying to our interactions with customers, suppliers and business partners, it also applies to all information collected over www.gtlint.com and other websites we operate. It applies to anyone whose personal information is processed by GTL, but not GTL colleagues.
For the purposes of data protection (including the General Data Protection Regulation), the GTL entity that you primarily do business with will be the ‘primary controller’ of your personal data. For example, if you are a supplier, this would be the GTL entity you provide services. If you are a website visitor, it would be the GTL entity operating that website.
The Company Secretary provides oversight of this policy.
6. Contact information
If you have any questions in relation to this policy or you wish to exercise any of your rights, please contact GTL Legal team