Ground Control Limited is committed to protecting your privacy during your visits to the Ground Control website and recognises its responsibility to keep the information you provide to us confidential at all times.
This Privacy Statement explains, in detail, the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe.
We appreciate the amount of information here but we want you to be fully informed about your rights as an individual, as well as how Ground Control uses your data.

We hope the following sections will answer any questions you have, but if not, please do get in touch with us on

• +44(0)1277 650697
• info@ground-control.co.uk

Information we collect
In order to fulfil our contractual obligations, we will collect the following personal information:

• your name;
• your contact details: postal address including billing and delivery addresses, telephone numbers (including mobile numbers) and e-mail address;
• your username(s) and password(s);
• your correspondence and communications with us
• Our Website and Portals are not intended for children and we do not knowingly collect data relating to children.

Uses made of the information
We use information held about you in the following ways:

• to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
• to provide you with information about other products and services we offer that are similar to those that you have already purchased or enquired about;
• to notify you about changes to our products and services;
• to manage any registered account(s) that you hold with us;
• to verify your identity;
• for crime and fraud prevention, detection and related purposes;
• to allow you to participate in interactive features of our service, when you choose to do so;
• as part of our efforts to keep our site (customer portal) safe and secure;

Legal basis for us processing customer and supplier personal data  EU GDPR Lawfulness of processing
We collect and use customers’ and suppliers’ personal data because it is necessary for the pursuit of our legitimate interests (as set out below), the purposes of complying with our duties and exercising our rights under a contract to a customer or supplier, complying with our legal obligations and obtaining consent from an individual for their information to be processed for marketing communication purposes.
Our legal bases for processing customer data, is that it will be necessary for (i) our legitimate interests (ii) performance of a contract, (iii) compliance with our legal obligations and, in certain instances, the administration of justice and (iiii) consent from the data subject specifically for marketing communication purposes
Examples of why we will process customer data:

• providing information on, and improving, existing products and services;
• lead generation and business development;
• management of new and existing customers and suppliers;
• protecting customers, suppliers or other individuals and maintaining their safety, health and welfare;
• complying with our legal and regulatory obligations;
• handling customer and third party contacts, queries, complaints or disputes;
• management of ad-hoc customer Work Requests;
• protecting us, our employees and our customers by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to us;
• effectively handling any insurance or legal claims or regulatory enforcement actions taken against us; and
• fulfilling our obligations to our customers, suppliers, shareholders and other stakeholders.

Who do we receive information from
From time to time we receive personal information from third party organisations in order to pursue and maintain the legitimate business interests of Ground Control.  In all instances when personal data is received from an external source, we ensure, check and verify that these classes of  data have been collected lawfully before processing (and that appropriate consent has been obtained) for the below pre-defined purpose(s):
Third party portals for business development purposes (tender information etc.).  We utilise these services to respond and register opportunities for tender in the performance of a contract.
External parties used by Ground Control are assessed during the onboarding process.  Information security and personal data protection metrics are considered in the onboarding process to ensure that all data we collect has been collected lawfully and fairly as we establish the responsibilities of the Data Controller and Data Processor. Security control protocols are put in place to ensure this is the case.

Credit reference agencies
Ground Control will, on occasion, utilise a credit reference agency as per our routine due diligence and supplier or customer risk management procedures during our onboarding process.
In order to process your application we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at http://www.experian.co.uk/crain/index.html

Who do we share your information with

We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

We will disclose your personal information when we are required to do so for legal or regulatory purposes or as part of legal proceedings.
We will share your personal information with selected third parties including:

• Suppliers and sub-contractors for the performance of any contract we enter into with you
• IT Service companies who support our website and other business systems
• Credit reference agencies as per routine due diligence and risk management procedures

Whenever your personal information is shared with any other parties we apply the following measures to keep your data safe and protect your privacy:

• We provide only the information they need to perform their specific services
• They may only use your data for the exact purposes we specify in our contract with them
• We work closely with them to ensure that your privacy is respected and protected at all times
• If we stop using their services, any of your data held by them will either be deleted or rendered anonymous

We may disclose your personal information to third parties in the event that (i) we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets, (ii) if Ground Control Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.

How long do we retain your data
We will not keep your personal information any longer than is necessary to fulfil your contract or to adhere to our various legal and regulatory compliance requirements and obligations.  To achieve this, Ground Control work to a minimum standard of retaining documents for a period of 7 years (plus a 90 period to cover backup of data).  These periods are reflected in our company policies on information security and data protection.  Ground Control will not store or process your personal data beyond a point that contravenes your individual rights.

For example:

Inactive Customer Accounts - if you’ve not used your account for 12 months, it will be flagged as inactive and following a further 12 months we’ll close the account and delete or anonymise the personal data associated with it.

Security & Data Storage
We will proactively take all steps necessary to ensure that your data is treated securely and in accordance with this privacy statement and our Information Security Management System policy.
Strict security procedures are followed in the storage and disclosure of your personal information.

When we request personal information on-line, we ensure that your browser encrypts it. The strongest available encryption under the industry standard technology, called SSL ("Secure Sockets Layer"), is applied. The same technology is used for personal information sent back to your browser from the Ground Control website.  All information provided to us is stored on our secure servers.

We regularly review our processes and procedures to protect your personal data from unauthorised access / use, accidental lost and/or destruction.

All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access our customer / supplier portal(s), you are responsible for keeping this password confidential.  Your password must be individually owned and you must not share it with anyone else.

By its nature, the internet is not completely secure.  Because of this, we take robust measures to ensure the protection of personal data you share with us by using strict procedures and security features to try and prevent any unauthorised access to / modification of your personal data.

Your Rights
In some instances we rely on your consent to receive information from us, particularly with our marketing messaging.  In these instances, your consent for processing will be freely given, specific, informed and through a clear affirmative action from yourself.

You have the right to ask us not to process your personal data. If we intend to use your data for additional purposes or if we intend to disclose your information to any third party for such purposes we will inform you directly and obtain your explicit consent before a change in processing occurs.  You can exercise your right at any time by contacting the Ground Control Data Protection team via email – info@ground-control.co.uk or over the phone 01277 650697.

Our portal sites may, from time to time, contain links to and from the Websites of our partner networks and affiliates. If you follow a link to any of these Websites, please note that these Websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.  Please check these policies before you submit any personal data to these Websites.
You have the right to ask what personal data that we hold about you at any time.  In addition you have the right to ask us to update and correct any out of date or incorrect personal data that we hold about you.

If you wish to exercise any of the above rights, please contact us using the contact details set out in the “Contact Us” section at the end of this policy.

You have the right to request the deletion of data where we would otherwise require consent to use it.

Access to information
You have the right to request a copy of the personal information that we hold about you and to have any inaccuracies corrected. When you request this information, we will ask for confirmation of identity before we disclose any personal information to an individual making a request for such information.

Changes to our Privacy Policy
Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

Contact Us Information
If you have any questions about this privacy policy, please contact us by either of the following means:
01277 650697 or info@ground-control.co.uk