This Privacy Notice (the “Notice”) sets out how we, Global Regulatory Services Limited (“GRS”, “we”, “us”, “our”) process the personal data of individuals (“you”, “your”) who contact us or who use our websites and services. If you have any questions about this Notice, please contact us by email GRS@globalregulatoryservices.com
Identity of the Data Controller and Contact Details
“Data controllers” are the people or organisations that determine the purposes for which, and the manner in which, any Personal Data is processed, and make independent decisions in relation to the Personal Data and/or who/which otherwise control that Personal Data.
Telephone: +44 (0)1223 750638
Post: Milton Hall, Ely Road, Milton, Cambridgeshire CB24 6WZ, United Kingdom
What personal data do we process?
We may process the following personal data:
- Information provided by you. You may give us information about you by, for example, filling in forms such as the contact form on our website, subscribing to services, such as email updates, making applications in respect of job postings, corresponding with us by e-mail, phone or otherwise. This information may include your name, email address, phone number, information about your query and similar information.
- Information about others. You may also provide to us personal data relating to third parties, such as people who you work with, or your referees. Information about third parties should only be provided if you have demonstrable permission to do so or if the information is available in the public domain.
- Information about your device. With regard to each visit to our website we may collect technical information about your device such as IP address, operating system, browser, time zone setting, and page interaction information.
- Information from third party sources. This may include information about you received from credit reference agencies, our service providers and other third parties.
Generally, you are under no obligation to provide this information, but without it, we may be unable to provide you with some of our Website content and services. It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us.
How we use your personal data and our legal basis
We will only process personal data, in accordance with applicable law, for the following purposes:
- responding to your queries, requests and other communications, for example, if you apply for a job or you send us a query about our website;
- providing the Website and related services;
- enabling suppliers and service providers to carry out certain functions on our behalf in order to provide the Website and related services, including webhosting, data storage, identity verification, technical, logistical and other functions, as applicable;
- sending you personalised marketing communications as permitted by law or as requested by you. If you would like to unsubscribe please email us GRS@globalregulatoryservices.com;
- ensuring the security of our business and preventing and detecting fraud;
- administering our business, including complaints resolution, troubleshooting of our website, data analysis, defending legal claims, quality control, staff training, testing of new features, research, statistical and survey purposes;
- developing and improving our Website and related services;
- complying with applicable law, including in response to a lawful request from a court or regulatory body.
The legal basis for our processing of personal data for the purposes described above will typically include:
- processing necessary to fulfil a contract that we have in place with you;
- your consent, such as processing for the purposes of marketing;
- processing necessary for our or a third party’s legitimate interests, which is carried out on the basis of our legitimate interests to ensure that our Website and related services are properly provided, ensure the security of our business and the proper administration of our business;
- processing necessary for compliance with a legal obligation to which we are subject;
- any other applicable legal ground from time to time.
If you choose to submit your personal data to us, we will use this data to contact you with newsletters, marketing or promotional materials and other information about the exciting things Global Regulatory Services Limited is doing in Regulatory Affairs and Quality Compliance. You will be able to opt-out of our messages through every communication. If you opt out of receiving these communications, we will still contact you if necessary in relation to any work we are doing with you.
Disclosure of personal data
There are circumstances where we may wish to disclose or are compelled to disclose your personal data to third parties. These scenarios include disclosure to:
- our parent companies or associated offices;
- our suppliers and service providers to facilitate the provision of the Website, related services, including IT consultants, webhosting providers, recruitment services providers, identity verification partners (in order to verify your identity against public databases), solicitors, accountants, consultants and similar third parties;
- public authorities, such as law enforcement agencies, courts and other public bodies where we are required by law to do so; and
- other third parties where you have provided your consent.
International transfer of your personal data
We may transfer your personal data to a third party in countries outside the country in which it was originally collected for further processing in accordance with the purposes set out above. Where this is the case, we will ensure that appropriate transfer mechanisms, such as the EU Commission approved Standard Contractual Clauses, are in place to ensure an adequate level of data protection.
If we transfer personal data to private organisations abroad, such as our suppliers and service providers, we will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate technical, organisation, contractual or other lawful means. You may contact us for a copy of such safeguards in these circumstances.
Retention of personal data
Generally, we will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for and for up to seven (7) years afterwards (for purposes related to Revenue requirements) or otherwise permitted by applicable laws. We may also retain your information during the period of time needed to complete our legitimate business operations, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Sale of Organisation
Situations may arise where it is necessary to transfer information (including your Personal Data) to a third party in the event of a sale, merger, liquidation, receivership or transfer of all or substantially all of the assets of our organisation provided that the third party agrees to adhere to the terms of the Data Protection and Privacy Notice and provided that the third party only uses your Personal Data for the purposes that you provided it to us. The Personal Data transferred will be limited to that which is absolutely necessary. Where possible, you will be notified in the event of any such transfer and you will be afforded an opportunity to opt-out.
Security of personal data
We follow strict security procedures in the storage and disclosure of your Personal Data, and to protect it against accidental loss, destruction or damage. We take appropriate security measures to prevent unlawful or unauthorised processing of Personal Data, and to prevent the accidental loss of, or damage to, Personal Data. The data you provide to us is protected using modern encryption, intrusion prevention, and account access techniques as appropriate and required. We have put in place procedures and technologies to maintain the security of all Personal Data from the point of collection to the point of destruction. We maintain data security by protecting the confidentiality, integrity and availability of the Personal Data, defined as follows:
- Confidentiality means that only people who are authorised to use the Personal Data can access it.
- Integrity means that Personal Data should be accurate and suitable for the purpose for which it is processed.
- Availability means that authorised users should be able to access the Personal Data if they need it for authorised purposes.
Data subject rights
Under certain circumstances, by law you have the following rights in relation to your personal data:
- Right to make a subject access request (SAR). Data subjects may request in writing copies of their personal data. However, compliance with such requests is subject to certain limitations and exemptions and the rights of other individuals. You may also be required to submit a proof of your identity, where applicable.
- Right to rectification. Data subjects may request that we rectify any inaccurate or incomplete personal data.
- Right to withdraw consent. Data subjects may at any time withdraw their consent to the processing of their personal data carried out by us on the basis of their previous consent. Such withdrawal will not affect the lawfulness of processing based on such previous consent.
- Right to object to processing including profiling. We will comply with valid objection requests unless we have a compelling overriding legitimate ground for the continuation of our processing or we have another lawful reason to refuse such request. We will comply with each valid opt-out request in relation to marketing communications.
- Rights in relation to automated decisions about you. Where we make a decision about you based solely on automated processing which significantly affects you, you will have you the right to contest the decision, express your point of view and obtain human intervention.
- Right to erasure. Data subjects may request that we erase their personal data. We will comply, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for keeping the personal data, such as, our business record retention obligations that we have to comply with.
- Restriction. Data subjects may request that we restrict our processing of their personal data in various circumstances. We will comply, unless there is a lawful reason for not doing so, such as, a legal obligation to continue processing your personal data in a certain way.
- Right to data portability. In certain circumstances, data subjects may request the controller to provide a copy of their personal data in a structured, commonly used and machine-readable format and have it transferred to another provider of the same or similar services. We do not consider that this right applies to our Website. However, to the extent it does, we will comply with such transfer request. Please note that a transfer to another provider does not imply erasure of the data subject’s personal data which may still be retained for legitimate and lawful purposes.
- Right to lodge a complaint at any time to a data protection supervisory authority in relation to any issues related to our processing of your Personal Data. As our organisation is located in England and we conduct our data processing here, we are regulated for data protection purposes by the Data Protection Commissioner.
You can contact the Data Protection Commissioner as follows:
Information Commissioner’s Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
Updates and changes to this policy
We update this policy sometimes. If we make important changes, like how we use your personal information, we'll let you know by email or on our website. If you don't agree to the changes, then you can always stop using our services, request we delete your data and stop giving us any more personal information.
Questions, comments, requests and complaints regarding this Policy and the information we hold are welcome and should be addressed to us at GRS@globalregulatoryservices.com or +44 (0)1223 750638.
10 November 2022