Privacy Policy - GPA Education Ltd – Payroll and HR Marketing, events, products, and Service

Introduction

Global Payroll Association (“GPA”, "we", "us" or "our") is committed to protecting your privacy and the personal data entrusted to us in line with data protection laws and regulation applicable to the United Kingdom, including the UK General Data Protection Regulation (GDPR), Data Protection Act 2018 (DPA) and EU GDPR.

To reassure you that we take our obligations to protect your personal data seriously, this Privacy Notice and Cookie Policy sets out the ways in which we process, share, retain and protect your information, alongside your rights as the data subject, and how you can raise a complaint if you feel we have not treated your personal data responsibly.

This Privacy Notice and Cookie Policy applies if you use or access any of our products and services, including but not limited to: communicating with us by phone or in writing including telephone, email, SMS, post, push notification, or via third party digital platforms (including websites or social media platforms).

Terms and definitions within this Notice:

“Controller” is defined as the organisation making the decision as to how the information is processed and for what purpose.

"Customer" refers to an individual who has contracted / registered on the GPA website.

“Joint Controller” is defined as two or more controllers who collectively decide how the information is processed and for what purpose.

"Marketing" is defined as the promotion and/or selling of goods and services via methods such as: advertising, events, surveys, special offers and promotions. This is not an exhaustive list and may change over time.

“gpa.net” is the website and application operated by GPA to supply GPA products to customers.

“Personal Data” is any information that alone, or in combination with other information, can directly/indirectly identify an individual. This also consists of “special categories of information” which, due to its personal nature, requires further protection when processed.

Processing", “Processed'' and/or “Process” means any action undertaken on the personal data, by manual or automated means, including but not limited to collecting, recording, organising, storing, changing, accessing, using and disclosing.

“Processor” is the organisation undertaking the processing on behalf of the Controller.

“Third party partners” are third parties who have entered into a partnership with GPA. These partners have been selected based on their relevance to GPA customers.

Personal Data

Personal Data is any information relating to an individual who can be identified directly or indirectly, often by name, customer number, location, an online identifier or other factors specific to their identity.

Personal Data may include “special category data” such as Personal Data relating to racial or ethnic origin, political opinions, religious beliefs, membership of a trade union, physical or mental health, and criminal records and allegations. Whilst the primary purpose of our Processing of your Personal Data does not include special categories of Personal Data, where any special categories of Personal Data are processed, we will at all times ensure we have a valid lawful basis for Processing. 

Information disclosed to us, by you, during communications with us will be retained automatically as part of your correspondence and may as a result include special categories of Personal Data. Further protection and safeguards are placed upon the special category data we process.  When we collect Personal Data from you we will indicate whether it is mandatory or voluntary (asterisks are used to identify mandatory fields).

Types of data we may process on you includes, but is not limited to:

  • Personal details

Name, address, email address, telephone number;

  • Order details

Delivery address(es), order and delivery times, contact information, complaint / enquiry information,

  • Payment details

We never store your payment details in full, we only store an encrypted token that represents your payment card;

  • Account details

Identification, purchase history and trends, account activity, log in details; and

  • Online Activity Details

Details of your operating system, browser software, IP (Internet Protocol) address and Uniform Resource Locator (URL), including the date and time of your visit.

  • Supplier details

Name, contact details, business information and/or payment details of suppliers may be stored on our systems, or on third party systems, for the purpose of providing a service, access and fulfilling contractual obligations.

 

Purposes of Processing

We gather information from you through, for example, the use of our websites, apps, products or services. This includes tailoring the information we share with you to ensure that it is relevant, useful, timely and non-intrusive.  The information we process may be done so for a number of purposes and these are detailed, non-exhaustively, under the Lawful Basis of Processing.  The lawful basis we rely upon to process your Personal Data may differ for each Processing activity. Dependent upon the purpose for Processing.

 

Third party sources

Information about you may also be provided to us indirectly by:

‘Trusted Sources’:

  • Financial Institutions;
  • Third-party services or suppliers;
  • Social media and other third party online platforms/services such as Facebook.

 

Sharing your information

GPA may share Personal Data or engage with third parties, for example, to meet legal obligations, fulfil contractual terms, or promote our products and services. Whenever we use or disclose your information, we put in place measures to keep it secure, and make sure it is protected as far as is reasonably possible. 

For further information about how a social media or digital platform processes your Personal Data, including the legal basis they rely upon, please visit their privacy notice that can be found on their website/s or within their application/s.

 

Security

We know how important it is to protect and manage your Personal Data and we take the security of your Personal Data seriously, by implementing technical and organisational measures to protect its integrity and privacy.

 

Our security measures

Our websites use Secure Sockets Layer (SSL) encryption technology to protect the transfer of your information to and from our websites, our web page URLs will start with https and a padlock will be displayed in front of the URL bar to show that we always encrypt the information that you send us.

We maintain and enforce physical, electronic, and procedural safeguards in connection with the collection, storage and disclosure of your Personal Data. However, whilst we take appropriate technical and organisational measures to ensure the protection of your Personal Data, we cannot guarantee the security of all Personal Data that you transfer over the internet to us in every circumstance, for example, if we suffer a sophisticated cyber-attack.

Our security procedures mean that we may occasionally request proof of identity before we disclose Personal Data to you, including in relation to a request by you for the information we hold on you (a subject access request).

 

Protecting your password

It is important to keep your password secure to prevent fraudulent use of your account. Never disclose your password to anyone else, and especially to anyone who requests it from you by telephone or email; we'll never do this. You should avoid using the same password for other websites, because if their systems are hacked, the hackers will also be able to access your account.

Avoid using common terms for your password such as "password" or "123456"; hackers know the most popular passwords and will try to access accounts using these. Instead, try to use a combination of letters and numbers that means something to you so it's easy to remember but difficult to guess. 

 

Personal security and identity fraud

Using public WiFi networks can be risky, and hackers may try to capture your online transactions and Personal Data. You should only connect to networks that you trust. If you use a shared computer, make sure that you log out once you have finished using a website or application.

 

Retention

We retain your Personal Data only for as long as is necessary to support the purposes laid out in the "Lawful basis of processing" section, for our business interests and/or to comply with our legal, regulatory and contractual obligations.

 

Lodging a complaint

If you are not satisfied with our use of your Personal Data or our response to any request made by you in relation to your Personal Data, you have a right to make a complaint to the Information Commissioner at:

Information Commissioner’s Office 
Wycliffe House
Water Lane
Wilmslow 
Cheshire
SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545745 (national rate) Email: casework@ico.org.uk

The ICO currently recommends you contact them within 3 months of your last contact with us and advises you to contact them once the company's complaints process has been exhausted.

 

Cookie and App Consent Policy

When you visit an GPA website (gpa.net) or use one of our related apps, we apply our own and third-party cookies and similar technologies (for example, pixels, SDKs and tracking URLs) to identify your device, personalise and improve your customer experience and, where appropriate, serve you relevant advertisements.

What are Cookies?

Cookies (or similar such as SDKs) are small files that are placed on your computer, mobile phone, tablet or other device when visiting a website or application. Cookies and SDKs assist in the performance and end user experience by remembering preferences and choices, identifying traffic and remembering your selections, such as the items you place in your basket.

We have two main categories of cookies: essential and non-essential.

We have enabled Google Analytics Data Collection, these features enable us to make use of data from users who have chosen to allow Google to associate their web and app browsing history with their Google account in order to personalise the ads we may show in Google Search and Display Advertising. This helps us provide more relevant messaging to our users. This also provides us with demographic and interest information at an aggregate level that helps us to understand our users better.

 

Social media extensions

These technologies allow you to share what you've been doing on our websites on social media, such as Facebook and Twitter. For example, by clicking the 'Facebook Like' icons that may appear on our

product pages. Although we enable these tools to be displayed on our websites so that you may interact with them, if you choose to do so, they are not within our control.

If you post, comment, indicate interest, or share personal data, including photographs, to any public forum, social network, blog, or other such forum, please be aware that any personal data you submit can be read, viewed, collected, or used by other users of these forums, and could be used to contact you, send you unsolicited messages, or for purposes that neither you nor GPA have control over. GPA is not responsible for the personal data you choose to submit in this manner.

 

Updates to the Privacy Notice and Cookie and App Consent Policy

We may review and amend the contents of this Privacy Notice and Cookie and App Consent Policy from time to time, therefore, we recommend you check it regularly.

If you have questions regarding the contents of this Policy, or wish to exercise any of your rights described within, you can contact our Data Protection Officer by email or by post:

Email: privacy@gpa.net

Post: Data Protection Officer, Global Payroll Alliance