General Privacy Policy

General information and contact details

This policy was last updated on 01 April, 2025

This General Privacy Policy covers GB Group Plc and our wholly owned subsidiaries ("GBG", "we", "us" or "our"). and details how we collect and process personal data through our websites (“GBG websites” or “Sites”) and our interactions with you while conducting business.

GBG’s wholly owned subsidiaries include, but is not limited to Acuant Inc, IDology Inc, Loqate Inc, GBG (Australia) Pty Ltd, Verifi Identity Services, Mastersoft Group Pty Ltd GBG (Malaysia) Sdn Bhd, GBG Singapore Pte Ltd and PT Fraud Solutions (GBG Jakarta).

Please note, this is a global privacy policy. It is recognised there is not a consistent standard for privacy across the globe but to confirm GBG complies with applicable data protection law and will review any request based on what is required for your jurisdiction. Where additional disclosure is required for a jurisdiction, please select from the side menu for additional information.

GBG is a technology company specialising in B2B (business-to-business) services, offering identity verification, fraud prevention, and location intelligence services, focusing on delivering solutions and support for other enterprises rather than individual consumers. To understand further, please see our Products and Services Privacy Policy.

GBG have offices in several countries, which are detailed here. See ‘Contact Us’ to contact a regional representative with any questions about how we use your personal data.

This privacy policy is reviewed annually, or sooner if changes to regulation or how we process personal data require it.

Scope of this General Privacy Notice

This General Privacy Notice covers the following:

Your use of GBG websites

When you visit any of our Sites or if you create an account with us, subscribe to our marketing communications, use any of our chat features, purchase our services through our Sites, download our software, use our support offerings, or email us.

Our contractual relationship with you via our business customers

When we provide Services to your organisation, and you interact with us through your employer or organisation.

Your visits to one of our offices, or participate in any of our events

When you visit one of our offices or participate or interact with us in any of our events, surveys, contests and sweepstakes, or even when you join or attend a meeting.

 

Please note, it is recognised there is not a consistent standard for privacy across the globe, but we will review any request based on what is required for your jurisdiction. Please select from the side menu to view additional jurisdictional disclosures that may apply to you.

 

 

This General Privacy Notice does not cover or address the following:

 

Our Products & Services

·     For information on how we collect and process your personal data when offering our Products & Services to our business customers, please see our Products & Services Privacy Notice.

Business Customers

·     How our business customers collect and process your personal data is governed by their own respective privacy notices.

Job applicants

·     How we collect and process job applicants, employees and/or contractors’ personal data.

Employees

·     Team Members: To obtain a copy of your Team Member Privacy Policy, see the latest version available on be/connected.

Former employees

·     Former Employees or Contractors: If you are a former employee or contractor, contact DPO@gbgplc.com.

Contractors

·     Job Applicants: We use third-party service providers during our job applicant process. If you would like to contact us, please see the privacy policy provided at the time of your application.

 

What is Personal Data?

When we use the term “personal data,” we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an individual.

This excludes aggregated or statistical data, deidentified or anonymized information, publicly available information, or any other information that may be excluded from qualifying as personal data under applicable data protection law.

As a B2B organisation, most of the personal data we collect and process pertains to the consumers interacting with our business customers who utilise our Products & Services. This data collection and processing falls under our Products & Services Privacy Notice, alongside our business customers’ own privacy policies. Please refer to their respective privacy notices for more information regarding the processing of your personal data in these contexts.

Use of Your Personal Data

How do we collect your personal data?

How we collect your personal data will depend on how you interact with us as an individual seeking our B2B solutions for identity verification, fraud prevention and location intelligence services.

We may collect personal data from the following types of sources:

  • Information you Provide directly to us: If you are visiting our Sites or if you create an account with us, subscribe to our marketing communications, participate in our contests or sweepstakes, use any of our chat features, fill out our online forms, purchase our Services, download our software, use our support offerings, email us, or participate or interact with us at any of our events, conferences, and meetings.
  • Your Employer / Company: If you interact with our Services through your organisation, we may receive your information from your employer or company (our business customers/partners) for our B2B purposes.
  • Service Providers: We may receive your information directly from our service providers acting on our behalf, like when we conduct surveys and for our marketing activities, and often share some or all of this information with us.
  • Information Providers: We may obtain information from third-party information providers to correct or supplement personal information on you we collect from our business customers or directly from you, necessary for the provision of our Services (e.g., if we need to perform a KYB check), or when using lead generators.
  • Technology Suppliers: We may also obtain information on you from our technology suppliers when providing our Services on behalf of our business customers (e.g., your device IP) to allow you to access our systems with your designated credentials and account information.

What information we collect from you, use, and why?

We may collect the following categories of personal data:

Categories of Personal Data

Detail

 

Contact Information

Full name, email address, mailing address, employer or company name, job title, phone number, communication preferences, IP address, and if a call is recorded, your voice and potentially your image, including when you share your video with us.

Enquiry Information

 

Any information you submit to us via custom messages, forms, or email, which may include name and contact information.

Account Information

Full name, employer, job title, email address, username and password, account name or other similar identifiers, profile information, account balances, payment and purchase history information, and any other information you provide to us directly or via our business customers, or other third parties (e.g., when we utilise third-party service providers to process payments on our behalf).

Survey and Contest Information

Any information you provide through our surveys, testimonials, contests, or sweepstakes, such as your name, company name, email, and any other contact information.

Event Information

Any information you provide at event registration or during our events, such as your name, company name, job title, phone number, email address, any other contact details you provide, including attendee badge information.

Technical Information

Any identifiers, including unique personal identifier, online identifier, Internet Protocol address (which may become personal data), email pixels and other analytical information about your user experience, which may be subject to the terms of our Cookie Policy in addition to this General Privacy Notice.

 

We may use your personal data for the following purposes:

  • Performing Services: Providing our services, such as when we fulfil or meet the reason for which the information was provided to us, and fulfil our contractual obligations;
  • Enabling Transactions: Otherwise facilitating or executing, directly or indirectly, a commercial transaction; Manage our organisation and its day-to-day operations, such as billing and providing technical support; Facilitate client benefits and services, including customer support through our command centre services;
  • Communicating: Communicating with you, providing you with updates and other information relating to our Services, providing information that you request, responding to comments and questions, requesting that you provide feedback about our organisation, partners, and Services, such as when we conduct surveys and collect testimonials, and otherwise providing customer support;
  • Sending Messages: Sending you personalised text messages as requested, including any push notifications (e.g., updates to our Sites or Services) and emails to enable us to communicate with you or your organisation;
  • Marketing: Marketing purposes, such as developing and providing promotional and advertising materials that may be useful, relevant, valuable, or otherwise of interest to you;
  • Personalisation: Personalising your experience on our Sites and Services, such as presenting tailored content, identifying and analysing how you may use our Site and Services; and by improving and customising our Services to address your needs and;
  • Security: Responding to trust and safety issues that may arise, while maintaining the security and integrity of our Sites, Services, technology assets and business;
  • Fraud and Incident Prevention: Detecting security incidents, preventing and protecting against malicious, deceptive, fraudulent, or illegal activity, and investigating, or providing notice of fraud, unlawful or criminal activity; and
  • Connecting Third Party Services: Process payment for our Services via our third-party service providers, which may include payment orchestration providers and payment processors;
  • Contracting Vendors: Contracting with vendors and service providers to perform services on our behalf or on their behalf, including maintaining or servicing accounts, providing customer services, processing, or fulfilling orders and transactions, verifying customer information, processing payments, providing advertising or marketing services, providing analytics;
  • Auditing Interactions: Auditing your interactions and transactions with our Sites and Services;
  • Debugging: Debugging to identify and repair errors that impair existing intended functionality in our Sites and Services, which includes testing, enhancing, updating and monitoring our Sites and Services, or diagnosing or fixing technology problems;
  • Training and Coaching: Some calls are recorded and are used to ensure GBG’s team deliver an excellent experience for our customers.
  • Transient Use: Short-term, transient use of your information;
  • Improving our Services: Administer, improve and personalise our Services;
  • Internal Research: Undertaking internal research for technological development, including conducting research and analytics on our client base and our Services;
  • Other Notified Purpose: For other purposes for which we provide specific notice at the time the information is collected;
  • Legal and Compliance Obligations: For complying with our legal obligations, including defending, protecting, or enforcing our rights or applicable contracts and agreements.

Our Use of Cookies and Other Technologies

Our Sites use cookies and other similar technologies like web beacons, pixels, embedded scripts, location-identifying technologies and logging technologies (collectively, “cookies”). Cookies are text files downloaded to your computer or mobile device that allow us and our cookie providers to collect certain information about your interactions with our email communications, Sites and other online services, and aim to improve your experience.


Our Cookie Policies

Each of our GBG websites may deploy or enable different types of cookies (e.g., strictly necessary, performance, etc.). Our Sites provide individuals with full control over allowing our cookies to collect their personal data (if applicable) and make it easy for individuals to withdraw their consent through the Cookie Preference settings.  

Our Cookie Policies are available on each of our Sites.

Our legal basis for processing personal data

If you are based in a jurisdiction that requires a legal basis for us to be able to process your personal data, we process your information on the following grounds:

  • Compliance with a legal obligation.
  • For our own or our customers’ legitimate interests (subject to balancing test), such as to market to you (B2B) and perform analytics, to answer any queries you may have, to improve our products and services; to otherwise support our business, operations, and Services; and prevent and/or address violations of our terms or policies.
  • Protect your vital interests or those of another person.
  • With your consent, for example, if you join a virtual meeting and consent to us recording your voice and image.

Who will we share your personal data with and why?

  • Affiliates. We may share personal data with other companies owned or controlled by us, and other companies owned by or under common ownership as us.
  • Your Employer / Company: If you interact with our Services through your employer or company, we may disclose your personal data to your employer or company.
  • Service Providers: We grant our service providers access to personal information only to the extent needed for them to perform their functions, and we require them to protect the confidentiality and security of such information.Service providers may perform business or operational services for us or on our behalf, such as website hosting, infrastructure provisioning, IT services, analytics services, employment application-related services, cloud hosting services, payment processing services, and administrative services.
  • Survey Providers: We share personal data with companies who assist us in delivering our survey offerings and processing the responses
  • Marketing Providers: We may coordinate and share personal data with our marketing providers in order to communicate with individuals about the Services we make available.
  • Customer Service and Communication Providers: We may share personal data with companies who assist us in providing our customer services and facilitating our communications with individuals, such as call recording or submitting enquiries.
  • Business Transaction or Reorganisation: We may take part in or be involved with a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets. We may disclose personal data to a third party in connection with such corporate business transaction. Personal data may also be disclosed in the event of insolvency, bankruptcy, or receivership.
  • Legal Obligations and Rights: We may disclose personal data to third parties, such as legal advisors and law enforcement:
    • in connection with the establishment, exercise, or defence of legal claims;
    • to comply with laws or to respond to lawful requests and legal process;
    • to protect our rights and property and the rights and property of others, including to enforce our agreements and policies;
    • to detect, suppress, or prevent fraud;
    • to protect the health and safety of us and others; or
    • as otherwise required by applicable law.
  • Otherwise with Consent or Direction: We may disclose personal data about an individual to certain other third parties or publicly, at the instruction of our customer, or with the data subject’s own consent or direction. For example, with an individual’s consent or direction we may post their testimonial on our Site or other publications.

Accuracy of your personal data

As part of the account management process, GBG will on a regular basis enquire if the personal data we hold about you is correct. You can also ensure your personal data is correct by using this form.

Alternatively, if your organisation has an agreement with GBG for the provision of Services, you can contact your GBG account manager, who will ensure they update your record on our CRM system.

Data Retention

How long do we retain your personal data for and why?

We may retain personal data as required or permitted by applicable laws and regulations. Specifically, we retain information for our legitimate interests and essential business purposes (e.g., to provide, maintain and improve our Services, to comply with legal obligations, to exercise our legal rights and remedies, etc.).

 

Purpose

Retention

Additional Information

Marketing

Until you unsubscribe

You can opt-out at any time by clicking the unsubscribe link in the email or contacting DPO@gbgplc.com

Prospecting

6 months

You have been identified as a ‘lead’. If there is no interaction, we will delete this record after 6 months.

Account Management

For the duration of our relationship + legal time period.

We will retain the personal data for as long as we have the relationship with your organisation. If GBG no longer has a relationship with your organisation, then we will only keep the relevant information, such as invoices, for audit purposes for 6 years (or for as long as we reasonably deem necessary to fulfil our legal obligations or to exercise, defend or establish our rights).

Visitor Information

90 days

To maintain an audit trail of visitor activity.

Guest Wi-Fi Logs

12 months

We monitor access to our internet, and log traffic information such as the IP address, sites visited, times and dates, log on times and log off times.

CCTV

Up to 90 days

Closed-circuit television (CCTV) operates both inside and outside our Chester, Kuala Lumpur, London, Melbourne, Canberra, Sydney, Turkey, and Worcester offices.

 

Generally, recordings will be retained for up to 30 calendar days, after which they will be deleted. Imagery required for investigative or evidential purposes may be retained beyond 30 days and is securely disposed of upon completion/conclusion of the purpose for which it was retained. Offices within a PCI DSS scope must retain CCTV footage for 90 days in order to comply with PCIDSS requirements.

 

Once GBG is informed you are no longer the contact we need to liaise with, or you leave your organisation, we will remove your details from our systems.

Cross Border Transfers

Your personal data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country.

Our group companies, business customers and third party service providers and partners operate around the world. This means that when we collect your personal data, we may process it in any of these countries.

However, we have taken appropriate safeguards to require that your personal data will remain protected in accordance with this privacy notice.

Where appropriate, these include implementing the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Agreement for international data transfers between our group companies, which require all group companies to protect UK and EEA personal data in accordance with UK and European Union data protection law.

We have implemented similar appropriate safeguards with our data suppliers, customers and third party providers and partners.

Children's Personal Information

We do not knowingly collect or solicit personal information from minors under the age of sixteen (16) via our Sites or during the course of doing business as we are a B2B organisation.

If you become aware that a child has provided personal information to us without permission, please Contact Us so we can promptly delete their information.

We do not sell, nor do we have actual knowledge that we sell personal information of consumers under 16 years of age or that we share personal information of consumers under 16 years for cross-context behavioural advertising.

Links to Third-Party Websites or Services

Our Services may include links to third-party websites, plug-ins and applications. This General Privacy Notice does not apply to, and we are not responsible for, any personal information practices of third-party websites and online services or the practices of other third parties, including our business customers. To learn about the personal information practices of third parties, please visit their respective policies.

Links to Third-Party Websites or Services

Your privacy rights vary depending on where you are based in the world. GBG will fulfil all data subjects’ rights requests in line with applicable data protection law.

If you are a resident of the United States, please refer to our US Privacy Addendum.

Your rights may include:

  • The right to access/know your personal data – You have a right to know what personal data we hold on you and for what purpose we are processing your personal information.
  • The right to data portability – you can request that the personal data you have provided to us be ported to another organisation or be provided to you (to the extent technically feasible) in a readily useable format that allows you to transmit it yourself.
  • The right to opt-out of sale of your personal data – you have the right to stop us from “selling” your personal information to third parties. However, please note that GBG does not sell or share any of the categories of personal information, and we have not sold or shared any of your personal information in the past twelve (12) months.
  • The right to withdraw consent – you can withdraw consent at any time.
  • The right to erasure/delete – you can request that we remove your personal data from our systems
  • The right to restrict processing – you can request that GBG only process your personal data for the purposes you specify or limit processing of your sensitive personal data.
  • The right to rectification/correction – you have the right to ask us to rectify/correct any information you believe is inaccurate. You may also have the right to ask us to complete information you think is incomplete.
  • The right to object to processing – you have the right to object to processing if we are able to process your information because the processing is in our legitimate interests.
  • The right to obtain information upon request on the balancing test we have carried out when determining we are able to rely on legitimate interest as our lawful basis for processing your personal information.
  • The right to No Discrimination – You have the right not to receive discriminatory or retaliatory treatment for exercising your privacy rights.
  • The right to complain if you think we’ve mishandled your personal information.

 

Please keep in mind that dependent upon the applicable law, some of these rights are subject to an internal assessment that one of the grounds thereunder is satisfied.

How to Make a Privacy Rights Request

Please use our webform, or send via phone or post using the information provided in our “Contact Us” section of this General Privacy Notice.

You are not required to pay any charge for exercising your rights. We usually have one calendar month to respond, but this may vary depending on your location (for example, if you are in the US we have 45 days depending on your state of residence). If we are unable to comply with your request, we will provide you with an explanation.

Verification. Due to the confidential nature of your personal information, we may ask you to provide proof of identity when exercising the above rights to verify your identity, in accordance with applicable data privacy laws. This can be done by providing a copy of a valid identity document issued by the authorised body where you are a resident and is exercised for the purpose of ensuring that the individual making the rights request is in fact who they claim to be.

 

Authorised Agents. As defined in the applicable privacy law, you may use an authorised agent to exercise your rights on your behalf. If you are making any of the requests above through an authorised agent, we will request written authorisation from you and will seek to verify you as described above or we will accept a legal Power of Attorney. To make a request using an authorised agent, have your agent use our webform and upload documentation demonstrating authorisation from you.

 

Complaints and Appeals. If you are a resident of a jurisdiction that allows you to appeal a decision we have made in connection with your attempt to assert a right under applicable Data Protection Laws, you may file an appeal of our decision by contacting us at DPO@gbgplc.com. Please ensure you provide us with the postal address in which you reside, accompanied with details for the basis of your appeal.

Your jurisdiction may allow you to file a complaint regarding any concerns with the result of your appeal request.

  • For the UK Regulator, click here 
  • For other data protection authorities in the EU, click here
  • US residents whose states have enacted an applicable privacy law may file a complaint with their corresponding state’s Attorney General or dedicated Agency if they have concerns about the result of the appeal.
  • For Australia, Office of the Australian Information Commissioner, click here 
  • For New Zealand, Office of the Privacy Commissioner, click here 

Consent

In jurisdictions where consent is required:

Your consent is deemed expressed when communicated electronically, or through unequivocal indications of your agreement (i.e., implied consent, if permitted). Furthermore, by receiving and accepting our General Privacy Notice and Cookie Policy and not objecting to it, you implicitly consent to the processing of your personal data.

Your consent can be revoked at any time without affecting your past actions. To withdraw your consent, please contact us through the methods and procedures described in our General Privacy Notice.

Contact us

If you have any questions or requests in connection with this General Privacy Policy, please use this form or send an email to DPO@gbgplc.com. Alternatively, enquiries may be made to:

 

Jurisdiction

Phone

Address

UK

 

Head Office for GB Group plc

 

Company Registration Number: 02415211

+44 (0) 1244 657277

Privacy Team

GBG
The Foundation
Herons Way
Chester Business Park
Chester
CH4 9GB
United Kingdom

EEA /Swiss

(EEA Representative)

+34 (0) 935 451 156

Privacy Team

GBG
Edifici El Triangle 4a planta
Placa de Catalunya
1 08002 Barcelona
Spain

US

1(833) 383-0085

Privacy Team

GBG IDology

2300 Windy Ridge Pkwy SE
Suite 1115
Atlanta, GA 30339

United States

Australia, New Zealand and APAC countries

+61 (0) 3 8595 1500

Head of Privacy, APAC
GBG
Level 4 / 360 Collins St
Melbourne
Victoria 3000
Australia

U.S. Privacy Addendum

This U.S. Privacy Addendum was last updated on 01 April, 2025

Application of U.S. Privacy Laws

This section has supplementary information on how we collect, use, disclose, and otherwise process personal information,, either online or offline, in accordance with applicable U.S. state privacy laws and regulations that are currently in effect (collectively, the “US Privacy Laws”). This U.S. Privacy Addendum may be periodically revised and updated as new state data protection laws go into effect.

Categories and sources of personal information, and purposes for collection under the CCPA:

The following is a list of categories of personal information we may have collected and disclosed for a business purpose to third parties (as defined by the CCPA).

Categories of Personal Information 

Sources of Personal Information 

Business Purpose for Collection 

Has the Personal Information been Disclosed to Third Parties?

Identifiers such as your real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, social security number or other similar identifiers.

You, your devices, or your organisation, including other users of our Services from your organisation.

Performing Services; Enabling Transactions;

Communicating; Sending Messages;

Marketing; Personalization;

Legal and Compliance Obligations;

Security; Fraud and Incident Prevention;

Connecting Third Party Services; Contracting Vendors;

Facilitating Payments;

Auditing Interactions;

Debugging;

Transient Use;

Improving Our Services;

Other Notified Purposes; Internal Research; and/or

Quality Assurance

 

Yes, this may be disclosed to our (1) Marketing or Analytics Providers, but only with your opt-in consent; or (2) our payment processors.

 

The purpose for such disclosure is to either to: (1) enable our Marketing or Analytics Providers to communicate with you about our Services; or (2) process payment

Categories of Personal Information in Cal. Civ. Code Section 1798.80(e), such as bank account number, credit card number, debit card number, insurance policy number.

You, or your organisation.

Enabling Transactions;

Security; Fraud and Incident Prevention;

Connecting Third Party Services;

Facilitating Payments;

Transient Use;

Other Notified Purposes;

Yes, this may be disclosed to our payment processors.

 

The purpose for such disclosure is to enable them to process payment.

Internet or other electronic network activity information, including browsing history, search history, interaction with an internet-based application, including non-precise geolocation data.

You, your devices, your organisation, or our third party providers such as analytics providers, internet service providers.

Communicating;

Marketing; Personalization;

Legal and Compliance Obligations;

Security; Fraud and Incident Prevention;

Improving Our Services;

Other Notified Purposes; Internal Research; and/or

Quality Assurance

 

Yes, this may be disclosed to our Marketing or Analytics Providers, but only with your opt-in consent.

 

The purpose for such disclosure is to enable our Marketing or Analytics Providers to communicate with you about our services.

Audio, electronic, visual, thermal, olfactory, or similar information, such as photographs, video recordings and voice recordings

You, only if you choose to provide us with this information.

Enabling Transactions;

Communicating; Sending Messages;

Marketing; Personalization;

Legal and Compliance Obligations;

Security; Fraud and Incident Prevention;

Connecting Third Party Services; Contracting Vendors;

Facilitating Payments;

Auditing Interactions;

Improving Our Services;

Other Notified Purposes; Internal Research; and/or

Quality Assurance

Training and monitoring

 

No

Professional or employment-related information, such as work history and prior employer.

You, or your organisation.    

Enabling Transactions;

Communicating; Sending Messages;

Marketing; Personalization;

Legal and Compliance Obligations;

Security; Fraud and Incident Prevention;

Improving Our Services;

Other Notified Purposes; Internal Research; and/or

Quality Assurance

No

Inferences drawn from any of the information listed above to create a profile about an individual to reflect the individual’s preferences, characteristics, behavior, attitudes,

You, only if you choose to provide us with your information, or our third party providers such as our analytics providers.

Communicating;

Marketing; Personalization;

Legal and Compliance Obligations;

Security; Fraud and Incident Prevention;

Improving Our Services;

Other Notified Purposes; Internal Research; and/or

Quality Assurance

Yes, this may be disclosed to our Marketing Providers, but only with your opt-in consent.

 

The purpose for such disclosure is to enable our Marketing or Analytics Providers to communicate with you about our Services.

Sensitive personal information meaning personal information that reveals social security, driver’s license, state identification card, passport number, or biometric information.

You, or your organisation, including other user of our Services from your organisation.

Enabling Transactions

Security

Fraud and Incident Prevention

No

 

Please refer to the section titled “Use of your Personal Data” in our General Privacy Notice (above) for additional information on our processing that may apply to you.

1.     Categories of personal information sold in the preceding 12 months:

We do not sell any of the categories of personal information, and we have not sold any of your personal information in the past twelve (12) months.


2.     Categories of personal information shared (as defined under the CCPA) in the preceding 12 months:

Identifiers, Inferences, Internet and Other Electronic Activity information, which is shared or disclosed, as set out in the table above.


3.     Contact information for submitting requests:

Please refer to “How to Make a Privacy Rights Request” in our main General Privacy Notice by clicking here.


4.     Erasure rights of individuals:

We take measures to delete your personal information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it unless we are required by law to keep this information for a longer period.

When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrolment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.

For Data Retention, click here.


5.     Your US Privacy Rights

Residents of states that currently have US Privacy Laws in effect, may have rights to know, access, correct, delete, limit/opt-out of certain type of processing, or as otherwise set out below:

 

California residents: Right of access, correct or delete personal information, right to opt out of “sale” and “sharing” of personal information for targeted advertising, limit the use and disclosure of sensitive personal information, and non-discrimination.

Colorado, Connecticut, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Virginia, Montana, Oregon, and Texas residents: Right of access, correct or delete your personal information, right to opt out of sale of personal information and targeted advertising, right to opt out of profiling, no discrimination, right to appeal.

Utah Residents: Right of access or delete personal information, right to opt out of sale of personal information and targeted advertising, no discrimination.


6.     Nevada Privacy Notice:

This Nevada Privacy Notice supplements our U.S. Privacy Addendum and applies to Nevada residents only. We do not sell “covered information” for monetary consideration. However, Nevada Law (NRS 603A.300 et seq.) requires us to post the following:

  • Nevada consumers may opt out of the sale of “covered information” for monetary consideration to a person for that person to license or sell such information. “Covered information” means any one or more of the following items of personally identifiable information about a consumer: first and last name, home or other physical address which includes the name of a street and the name of a city or town, email address, telephone number, social security number, an identifier that allows a specific person to be contacted either physically or online, or other information maintained in combination with an identifier that makes the information personally identifiable.
  • If you are a Nevada resident who has purchased Services from us, you may submit a request to opt out of any potential future sales under Nevada Law by contacting us on our webform to submit such request. Please use “Nevada Do Not Sell” in the subject line. Note we will take reasonable steps to verify your identity and the authenticity of your request.


7.     California Shine the Light Law – Direct Marketing Lists:

California Civil Code §1798.83 (“STL”) gives California residents with who have established a business relationship with us the right to ask us to provide them with a list of certain categories of personal information that we have disclosed to certain third parties for their direct marketing purposes (during the immediately preceding calendar year) and the identity of those third parties.

This would apply where we share your personal data with third parties so they can promote their own products—for their direct marketing purposes.

 

GBG do not disclose customers’ personal information to third parties for direct marketing purposes.

In any case, if you are a California resident and would like to contact us about your rights under STL, please contact us on our webform to submit such request. Please use “CA Shine the Light” in the subject field of your request. Note we may take reasonable steps to verify your identity and the authenticity of your request.