This policy was last updated on 01 April, 2025
This General Privacy Policy covers GB Group Plc and our wholly owned subsidiaries ("GBG", "we", "us" or "our"). and details how we collect and process personal data through our websites (“GBG websites” or “Sites”) and our interactions with you while conducting business.
GBG’s wholly owned subsidiaries include, but is not limited to Acuant Inc, IDology Inc, Loqate Inc, GBG (Australia) Pty Ltd, Verifi Identity Services, Mastersoft Group Pty Ltd GBG (Malaysia) Sdn Bhd, GBG Singapore Pte Ltd and PT Fraud Solutions (GBG Jakarta).
Please note, this is a global privacy policy. It is recognised there is not a consistent standard for privacy across the globe but to confirm GBG complies with applicable data protection law and will review any request based on what is required for your jurisdiction. Where additional disclosure is required for a jurisdiction, please select from the side menu for additional information.
GBG is a technology company specialising in B2B (business-to-business) services, offering identity verification, fraud prevention, and location intelligence services, focusing on delivering solutions and support for other enterprises rather than individual consumers. To understand further, please see our Products and Services Privacy Policy.
GBG have offices in several countries, which are detailed here. See ‘Contact Us’ to contact a regional representative with any questions about how we use your personal data.
This privacy policy is reviewed annually, or sooner if changes to regulation or how we process personal data require it.
This General Privacy Notice covers the following: |
|
Your use of GBG websites |
When you visit any of our Sites or if you create an account with us, subscribe to our marketing communications, use any of our chat features, purchase our services through our Sites, download our software, use our support offerings, or email us. |
Our contractual relationship with you via our business customers |
When we provide Services to your organisation, and you interact with us through your employer or organisation. |
Your visits to one of our offices, or participate in any of our events |
When you visit one of our offices or participate or interact with us in any of our events, surveys, contests and sweepstakes, or even when you join or attend a meeting. |
Please note, it is recognised there is not a consistent standard for privacy across the globe, but we will review any request based on what is required for your jurisdiction. Please select from the side menu to view additional jurisdictional disclosures that may apply to you.
This General Privacy Notice does not cover or address the following:
|
|
Our Products & Services |
· For information on how we collect and process your personal data when offering our Products & Services to our business customers, please see our Products & Services Privacy Notice. |
Business Customers |
· How our business customers collect and process your personal data is governed by their own respective privacy notices. |
Job applicants |
· How we collect and process job applicants, employees and/or contractors’ personal data. |
Employees |
· Team Members: To obtain a copy of your Team Member Privacy Policy, see the latest version available on be/connected. |
Former employees |
· Former Employees or Contractors: If you are a former employee or contractor, contact DPO@gbgplc.com. |
Contractors |
· Job Applicants: We use third-party service providers during our job applicant process. If you would like to contact us, please see the privacy policy provided at the time of your application. |
When we use the term “personal data,” we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an individual.
This excludes aggregated or statistical data, deidentified or anonymized information, publicly available information, or any other information that may be excluded from qualifying as personal data under applicable data protection law.
As a B2B organisation, most of the personal data we collect and process pertains to the consumers interacting with our business customers who utilise our Products & Services. This data collection and processing falls under our Products & Services Privacy Notice, alongside our business customers’ own privacy policies. Please refer to their respective privacy notices for more information regarding the processing of your personal data in these contexts.
How we collect your personal data will depend on how you interact with us as an individual seeking our B2B solutions for identity verification, fraud prevention and location intelligence services.
We may collect personal data from the following types of sources:
We may collect the following categories of personal data: |
|
Categories of Personal Data |
Detail
|
Contact Information |
Full name, email address, mailing address, employer or company name, job title, phone number, communication preferences, IP address, and if a call is recorded, your voice and potentially your image, including when you share your video with us. |
Enquiry Information
|
Any information you submit to us via custom messages, forms, or email, which may include name and contact information. |
Account Information |
Full name, employer, job title, email address, username and password, account name or other similar identifiers, profile information, account balances, payment and purchase history information, and any other information you provide to us directly or via our business customers, or other third parties (e.g., when we utilise third-party service providers to process payments on our behalf). |
Survey and Contest Information |
Any information you provide through our surveys, testimonials, contests, or sweepstakes, such as your name, company name, email, and any other contact information. |
Event Information |
Any information you provide at event registration or during our events, such as your name, company name, job title, phone number, email address, any other contact details you provide, including attendee badge information. |
Technical Information |
Any identifiers, including unique personal identifier, online identifier, Internet Protocol address (which may become personal data), email pixels and other analytical information about your user experience, which may be subject to the terms of our Cookie Policy in addition to this General Privacy Notice. |
We may use your personal data for the following purposes:
Our Sites use cookies and other similar technologies like web beacons, pixels, embedded scripts, location-identifying technologies and logging technologies (collectively, “cookies”). Cookies are text files downloaded to your computer or mobile device that allow us and our cookie providers to collect certain information about your interactions with our email communications, Sites and other online services, and aim to improve your experience.
Each of our GBG websites may deploy or enable different types of cookies (e.g., strictly necessary, performance, etc.). Our Sites provide individuals with full control over allowing our cookies to collect their personal data (if applicable) and make it easy for individuals to withdraw their consent through the Cookie Preference settings.
Our Cookie Policies are available on each of our Sites.
If you are based in a jurisdiction that requires a legal basis for us to be able to process your personal data, we process your information on the following grounds:
As part of the account management process, GBG will on a regular basis enquire if the personal data we hold about you is correct. You can also ensure your personal data is correct by using this form.
Alternatively, if your organisation has an agreement with GBG for the provision of Services, you can contact your GBG account manager, who will ensure they update your record on our CRM system.
We may retain personal data as required or permitted by applicable laws and regulations. Specifically, we retain information for our legitimate interests and essential business purposes (e.g., to provide, maintain and improve our Services, to comply with legal obligations, to exercise our legal rights and remedies, etc.).
Purpose |
Retention |
Additional Information |
Marketing |
Until you unsubscribe |
You can opt-out at any time by clicking the unsubscribe link in the email or contacting DPO@gbgplc.com |
Prospecting |
6 months |
You have been identified as a ‘lead’. If there is no interaction, we will delete this record after 6 months. |
Account Management |
For the duration of our relationship + legal time period. |
We will retain the personal data for as long as we have the relationship with your organisation. If GBG no longer has a relationship with your organisation, then we will only keep the relevant information, such as invoices, for audit purposes for 6 years (or for as long as we reasonably deem necessary to fulfil our legal obligations or to exercise, defend or establish our rights). |
Visitor Information |
90 days |
To maintain an audit trail of visitor activity. |
Guest Wi-Fi Logs |
12 months |
We monitor access to our internet, and log traffic information such as the IP address, sites visited, times and dates, log on times and log off times. |
CCTV |
Up to 90 days |
Closed-circuit television (CCTV) operates both inside and outside our Chester, Kuala Lumpur, London, Melbourne, Canberra, Sydney, Turkey, and Worcester offices.
Generally, recordings will be retained for up to 30 calendar days, after which they will be deleted. Imagery required for investigative or evidential purposes may be retained beyond 30 days and is securely disposed of upon completion/conclusion of the purpose for which it was retained. Offices within a PCI DSS scope must retain CCTV footage for 90 days in order to comply with PCIDSS requirements. |
Once GBG is informed you are no longer the contact we need to liaise with, or you leave your organisation, we will remove your details from our systems.
Your personal data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country.
Our group companies, business customers and third party service providers and partners operate around the world. This means that when we collect your personal data, we may process it in any of these countries.
However, we have taken appropriate safeguards to require that your personal data will remain protected in accordance with this privacy notice.
Where appropriate, these include implementing the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Agreement for international data transfers between our group companies, which require all group companies to protect UK and EEA personal data in accordance with UK and European Union data protection law.
We have implemented similar appropriate safeguards with our data suppliers, customers and third party providers and partners.
We do not knowingly collect or solicit personal information from minors under the age of sixteen (16) via our Sites or during the course of doing business as we are a B2B organisation.
If you become aware that a child has provided personal information to us without permission, please Contact Us so we can promptly delete their information.
We do not sell, nor do we have actual knowledge that we sell personal information of consumers under 16 years of age or that we share personal information of consumers under 16 years for cross-context behavioural advertising.
Our Services may include links to third-party websites, plug-ins and applications. This General Privacy Notice does not apply to, and we are not responsible for, any personal information practices of third-party websites and online services or the practices of other third parties, including our business customers. To learn about the personal information practices of third parties, please visit their respective policies.
Your privacy rights vary depending on where you are based in the world. GBG will fulfil all data subjects’ rights requests in line with applicable data protection law.
If you are a resident of the United States, please refer to our US Privacy Addendum.
Your rights may include:
Please keep in mind that dependent upon the applicable law, some of these rights are subject to an internal assessment that one of the grounds thereunder is satisfied.
Please use our webform, or send via phone or post using the information provided in our “Contact Us” section of this General Privacy Notice.
You are not required to pay any charge for exercising your rights. We usually have one calendar month to respond, but this may vary depending on your location (for example, if you are in the US we have 45 days depending on your state of residence). If we are unable to comply with your request, we will provide you with an explanation.
Verification. Due to the confidential nature of your personal information, we may ask you to provide proof of identity when exercising the above rights to verify your identity, in accordance with applicable data privacy laws. This can be done by providing a copy of a valid identity document issued by the authorised body where you are a resident and is exercised for the purpose of ensuring that the individual making the rights request is in fact who they claim to be.
Authorised Agents. As defined in the applicable privacy law, you may use an authorised agent to exercise your rights on your behalf. If you are making any of the requests above through an authorised agent, we will request written authorisation from you and will seek to verify you as described above or we will accept a legal Power of Attorney. To make a request using an authorised agent, have your agent use our webform and upload documentation demonstrating authorisation from you.
Complaints and Appeals. If you are a resident of a jurisdiction that allows you to appeal a decision we have made in connection with your attempt to assert a right under applicable Data Protection Laws, you may file an appeal of our decision by contacting us at DPO@gbgplc.com. Please ensure you provide us with the postal address in which you reside, accompanied with details for the basis of your appeal.
Your jurisdiction may allow you to file a complaint regarding any concerns with the result of your appeal request.
In jurisdictions where consent is required:
Your consent is deemed expressed when communicated electronically, or through unequivocal indications of your agreement (i.e., implied consent, if permitted). Furthermore, by receiving and accepting our General Privacy Notice and Cookie Policy and not objecting to it, you implicitly consent to the processing of your personal data.
Your consent can be revoked at any time without affecting your past actions. To withdraw your consent, please contact us through the methods and procedures described in our General Privacy Notice.
If you have any questions or requests in connection with this General Privacy Policy, please use this form or send an email to DPO@gbgplc.com. Alternatively, enquiries may be made to:
Jurisdiction |
Phone |
Address |
UK
Head Office for GB Group plc
Company Registration Number: 02415211 |
+44 (0) 1244 657277 |
Privacy Team GBG |
EEA /Swiss (EEA Representative) |
+34 (0) 935 451 156 |
Privacy Team GBG |
US |
1(833) 383-0085 |
Privacy Team GBG IDology 2300 Windy Ridge Pkwy SE United States |
Australia, New Zealand and APAC countries |
+61 (0) 3 8595 1500 |
Head of Privacy, APAC |
This U.S. Privacy Addendum was last updated on 01 April, 2025
This section has supplementary information on how we collect, use, disclose, and otherwise process personal information,, either online or offline, in accordance with applicable U.S. state privacy laws and regulations that are currently in effect (collectively, the “US Privacy Laws”). This U.S. Privacy Addendum may be periodically revised and updated as new state data protection laws go into effect.
The following is a list of categories of personal information we may have collected and disclosed for a business purpose to third parties (as defined by the CCPA).
Categories of Personal Information |
Sources of Personal Information |
Business Purpose for Collection |
Has the Personal Information been Disclosed to Third Parties? |
Identifiers such as your real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, social security number or other similar identifiers. |
You, your devices, or your organisation, including other users of our Services from your organisation. |
Performing Services; Enabling Transactions; Communicating; Sending Messages; Marketing; Personalization; Legal and Compliance Obligations; Security; Fraud and Incident Prevention; Connecting Third Party Services; Contracting Vendors; Facilitating Payments; Auditing Interactions; Debugging; Transient Use; Improving Our Services; Other Notified Purposes; Internal Research; and/or Quality Assurance
|
Yes, this may be disclosed to our (1) Marketing or Analytics Providers, but only with your opt-in consent; or (2) our payment processors.
The purpose for such disclosure is to either to: (1) enable our Marketing or Analytics Providers to communicate with you about our Services; or (2) process payment |
Categories of Personal Information in Cal. Civ. Code Section 1798.80(e), such as bank account number, credit card number, debit card number, insurance policy number. |
You, or your organisation. |
Enabling Transactions; Security; Fraud and Incident Prevention; Connecting Third Party Services; Facilitating Payments; Transient Use; Other Notified Purposes; |
Yes, this may be disclosed to our payment processors.
The purpose for such disclosure is to enable them to process payment. |
Internet or other electronic network activity information, including browsing history, search history, interaction with an internet-based application, including non-precise geolocation data. |
You, your devices, your organisation, or our third party providers such as analytics providers, internet service providers. |
Communicating; Marketing; Personalization; Legal and Compliance Obligations; Security; Fraud and Incident Prevention; Improving Our Services; Other Notified Purposes; Internal Research; and/or Quality Assurance
|
Yes, this may be disclosed to our Marketing or Analytics Providers, but only with your opt-in consent.
The purpose for such disclosure is to enable our Marketing or Analytics Providers to communicate with you about our services. |
Audio, electronic, visual, thermal, olfactory, or similar information, such as photographs, video recordings and voice recordings |
You, only if you choose to provide us with this information. |
Enabling Transactions; Communicating; Sending Messages; Marketing; Personalization; Legal and Compliance Obligations; Security; Fraud and Incident Prevention; Connecting Third Party Services; Contracting Vendors; Facilitating Payments; Auditing Interactions; Improving Our Services; Other Notified Purposes; Internal Research; and/or Quality Assurance Training and monitoring
|
No |
Professional or employment-related information, such as work history and prior employer. |
You, or your organisation. |
Enabling Transactions; Communicating; Sending Messages; Marketing; Personalization; Legal and Compliance Obligations; Security; Fraud and Incident Prevention; Improving Our Services; Other Notified Purposes; Internal Research; and/or Quality Assurance |
No |
Inferences drawn from any of the information listed above to create a profile about an individual to reflect the individual’s preferences, characteristics, behavior, attitudes, |
You, only if you choose to provide us with your information, or our third party providers such as our analytics providers. |
Communicating; Marketing; Personalization; Legal and Compliance Obligations; Security; Fraud and Incident Prevention; Improving Our Services; Other Notified Purposes; Internal Research; and/or Quality Assurance |
Yes, this may be disclosed to our Marketing Providers, but only with your opt-in consent.
The purpose for such disclosure is to enable our Marketing or Analytics Providers to communicate with you about our Services. |
Sensitive personal information meaning personal information that reveals social security, driver’s license, state identification card, passport number, or biometric information. |
You, or your organisation, including other user of our Services from your organisation. |
Enabling Transactions Security Fraud and Incident Prevention |
No |
Please refer to the section titled “Use of your Personal Data” in our General Privacy Notice (above) for additional information on our processing that may apply to you.
We do not sell any of the categories of personal information, and we have not sold any of your personal information in the past twelve (12) months.
Identifiers, Inferences, Internet and Other Electronic Activity information, which is shared or disclosed, as set out in the table above.
Please refer to “How to Make a Privacy Rights Request” in our main General Privacy Notice by clicking here.
We take measures to delete your personal information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it unless we are required by law to keep this information for a longer period.
When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrolment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.
For Data Retention, click here.
Residents of states that currently have US Privacy Laws in effect, may have rights to know, access, correct, delete, limit/opt-out of certain type of processing, or as otherwise set out below:
California residents: Right of access, correct or delete personal information, right to opt out of “sale” and “sharing” of personal information for targeted advertising, limit the use and disclosure of sensitive personal information, and non-discrimination.
Colorado, Connecticut, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Virginia, Montana, Oregon, and Texas residents: Right of access, correct or delete your personal information, right to opt out of sale of personal information and targeted advertising, right to opt out of profiling, no discrimination, right to appeal.
Utah Residents: Right of access or delete personal information, right to opt out of sale of personal information and targeted advertising, no discrimination.
This Nevada Privacy Notice supplements our U.S. Privacy Addendum and applies to Nevada residents only. We do not sell “covered information” for monetary consideration. However, Nevada Law (NRS 603A.300 et seq.) requires us to post the following:
California Civil Code §1798.83 (“STL”) gives California residents with who have established a business relationship with us the right to ask us to provide them with a list of certain categories of personal information that we have disclosed to certain third parties for their direct marketing purposes (during the immediately preceding calendar year) and the identity of those third parties.
This would apply where we share your personal data with third parties so they can promote their own products—for their direct marketing purposes.
GBG do not disclose customers’ personal information to third parties for direct marketing purposes.
In any case, if you are a California resident and would like to contact us about your rights under STL, please contact us on our webform to submit such request. Please use “CA Shine the Light” in the subject field of your request. Note we may take reasonable steps to verify your identity and the authenticity of your request.