GRC Policies
Privacy Policy
- This Privacy Policy sets out how we handle the personal data of our customers, suppliers, end users and other third parties.Who is responsible for data protection and data security?Maintaining appropriate standards of data protection and data security is a collective task undertaken by GRC and all its staff. GRC has overall responsibility for ensuring that all personal information is collected, processed and stored in compliance with the requirements of applicable data protection laws, namely the Data Protection Act 1998, the Privacy Communications (EC Directive) Regulations 2003 (as revised), the Data Protection Directive (1995/46/EC) and the EU General Data Protection Regulation (2016/679) (“GDPR”), together the “Data Protection Laws”.
The Senior Commercial Manager of GRC has been appointed as the Data Protection Officer with day-to-day responsibility for data processing and data security.
Types of personal data collected directly
‘Personal Information’ is any information relating to an identified or identifiable individual (or ‘data subject’). Such information we collect depends on the products and services used or subscribed to. Such data includes, but is not limited to, the following:
- Name, title, address, telephone numbers, email address, country of residence, user name, passwords, company name, job title;
- Results of any credit background checks;
- Location data;
- Log files;
- Any debit or credit card information, bank account details including sort code and account number, and any payment history;
- Direct mailer lists; and
- Credit reference checks.
Types of personal data collected via use of the website (“Cookies”)
We use cookies and other similar technologies to collect data when the following sites are visited www.grcltd.net. Cookies are files that store information on a computer hard drive or browser, including IP addresses, that allows GRC to recognise when an individual has visited our site before. Further information about the types of cookies we use and how we use them can be found on our website.
How we use personal information
In some circumstances, the Data Protection Laws dictate that a data subject’s prior consent is required before processing of the Personal Information is permitted. Please refer to the Consent section below for further details.
We may collect, use and disclose personal information in order to:
- Respond to any customer or partner enquiries;
- Provide our services;
- For our business purposes, such as carrying out analytical market research (sometimes using anonymised information), audits, to develop new products or make product recommendations, enhancing our Site or apps, improving our services and products, to identify user trends, gauging customer satisfaction and providing customer service;
- Evaluate the use of our Site, products and services and understand browsing habits and trends;
- In complying with a legal obligation; and
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Who we share Personal Information with
We may share and/or process Personal Information with:
- other third parties where consent to such disclosure has been provided;
- our service providers to facilitate delivery of products and services, and for the processing of certain functions;
- to a third party in the event of any reorganisation, merger, sale, joint venture, assignment or transfer of all or part of the GRC business;
- government or legal bodies, law enforcement agencies or public authorities when we are compelled to disclose in order to comply with any Data Protection Laws.
Such third parties are not authorised to use Personal Information in any way other than is required for them to undertake their obligations and further, they are bound under contractual obligations entered in to with GRC to implement appropriate measures to protect such data.
Where we store Personal Information
Most Personal Information collected and processed during the use of any of our products or services is stored on servers located in the European Economic Area (“EEA”). Information may be transferred to our other offices and/or to third parties, which may be situated outside the EEA (for example in the country of the local service provider delivering the telecommunications services to end-customer premises) and may be processed by staff operating outside the EEA. Such transfer and processing are done in accordance with internationally recognised standards on information security, namely ISO 27001:2013, or via express individual consent, or where the transfer is necessary for one of the other reasons set out in the GDPR such as:
- the performance of a contract between us and you;
- reasons of public interest;
- to establish, exercise or defend legal claims, or to protect your vital interests where you may be physically or legally incapable of doing so; and
- in some limited cases, for our legitimate interest.
Marketing
We may send you by post or email details of products, services, special offers, promotions and other information that we think may be of interest to you. Third parties may also, working on our behalf, market to you via telephone, email and/or direct mail. From time to time we may also contact you for customer research purposes. You can unsubscribe from such communications at any time, by the unsubscribe link found at the bottom of every marketing email.
Consent
Personal Information can only be processed on the basis of one or more of the lawful bases set out in the Data Protection Laws, one of which includes consent. Consent is obtained if the data subject concerned has indicated his or her agreement clearly either by a statement or positive action to the processing. Express consent is usually required for processing sensitive Personal Information, for example, racial or ethnic origin, political opinions, genetic or biometric data, sexual orientation.
GRC obtains such consent by notification at time information collected, through an ‘opt-in’ option to receive marketing materials at all points of data capture. To comply with the Data Protection Laws, GRC is required to evidence that consent was captured at the necessary time and must maintain records of all such consents and withdrawals.
Data subjects must be easily able to withdraw their consent at any time and withdrawal will be promptly implemented by GRC following receipt by it of any such written request (please see ‘Data subjects’ rights’ section below for further information).
Retention
We may retain certain Personal Information for any residual aspect of the purposes set out above, or to comply with accounting tax rules and regulations, the specific retention requirements of which differ. In all circumstances, however, Personal Information will not be retained longer than is necessary in relation to the purpose for which such data is processed.
Certain customer, supplier or end-user account information will be held for 6 years from the end of any contract with us, to ensure we comply with our legal and regulatory obligations (even if the services are no longer being provided).
We also retain Personal Information to comply with accounting tax rules and regulations, the specific retention requirements of which differ.
We will keep any contact information for a reasonable period of time after a contract has ended, in case the data subject chooses to use our services or products again. In such event and unless the data subject has opted out of marketing, we may contact them about our services or products during this time.
Protection of Personal Information
The Personal Information we collect is stored by us and/or our third party service providers on databases protected through a combination of physical and electronic access controls and integrated management systems (we are accredited to ISO 9001:2015 standards), firewall technology, encryption and other reasonable organisational, technical and administrative measures. Once the Personal Information has been received, these strict procedures and security features are in place to prevent unauthorised access.
Data subjects’ rights
All data subjects have the right to:
- control how his/her Personal Information is used by being asked to provide his/her consent to any collection or processing of the data, prior to this being permissible;
- request to review, correct, update or erase the information previously provided to us;
- request access to the information;
- request it be transferred to another person or organisation; and
- issue a complaint
All such requests should be in writing using the contact information listed below under the ‘Contact’ section. For any excessive or repeated requests, we may charge a reasonable administrative-cost fee.
Accountability
GRC has adequate resources and controls in place to ensure and document its GDPR compliance, including:
- the appointment of a DPO;
- integrating data protection into internal documents, processes and policies, and the related Cookies policy;
- providing regular GDPR training to all staff, this Privacy Policy and related policies, data protection matters such as data subject requests, consent and personal data breaches. Such training is recorded and maintained;
- testing Avanti’s privacy measures and conducting periodic reviews and audits to assess compliance, including using any such results to demonstrate compliance improvement efforts.
Changes to this Policy
Any changes made will be communicated via our main website www.grcltd.net. Changes are effective when they are posted and any customer, partner, end user or supplier acknowledges and agrees to such changes by continuing to use our products and services.
Contact – questions or complaints
Questions, comments and requests regarding this Policy are welcomed and should be addressed to: Global RadioData Communications Ltd., Wyevale Business Park, Wyevale Way, Hereford, HR4 7BS, United Kingdom or can be emailed to info@grcltd.net
Anti Slavery and Human Trafficking Policy
The Company is committed to driving out acts of modern-day slavery and human trafficking within its business and that from within its supply chains.
The Modern Slavery Act 2015 (MSA 2015) recognises the importance businesses can and should play in tackling slavery and encourages them to do more.
The Company acknowledges the provision of the MSA 2015 and will ensure transparency within its organisation and with suppliers of goods and services to the organisation. The Company is satisfied from its own due diligence that there is no evidence of any act of modern-day slavery or human trafficking within its own organisation.
Whilst the large majority of the Company’s supply chain is not at risk of slavery/human trafficking taking place, the Company nevertheless will take the relevant steps to assess and manage any risk. As part of the Company’s due diligence processes into slavery and human trafficking, the supplier approval process will incorporate a review of the controls undertaken by the supplier. Imported goods from sources outside the UK and EU are potentially more at risk of slavery/human trafficking issues. The level of management control required for these sources will be continually monitored.
The Company will not knowingly support or deal with any business involved in slavery or human trafficking.
The Company will undertake responsibility for implementing this policy statement and its objectives and reserves the right to amend this policy at any time, without notice.
Environmental and Carbon Net Zero Policy
Global RadioData Communications Limited (the ‘Organisation’) recognises the importance of and is committed to the preservation of environmental protection. We are committed to operating business responsibly and in compliance with all environmental regulations, legislation and approved codes of practice relating to the recycling of materials, by monitoring and minimising the impact of our activities.
It is the Organisations objective to operate with, and to maintain good relations with all relevant regulatory bodies as well as confirming our organisational commitment to achieving Net Zero by 2050, as is consistent with the UK Government’s commitment under the Climate Change Act.
It is the Organisations declared policy to carry out all measures reasonably practicable to facilitate the ability to continually improve environmental performance. We shall:
- Assess and regularly re-assess the environmental effects of the Organisations equipment, vehicles and operations.
- Minimise toxic emissions through the selection and use of its fleet and the source of its power requirement.
- Minimise waste by evaluating operations and ensuring they are as efficient as possible and actively promote the use of recyclable and renewable materials.
- Minimise the production of waste.
- Minimise material wastage
- Minimise energy wastage.
- Actively promote recycling both internally and amongst its customers and suppliers.
- Ensure that all contractor/sub-contractor operations are in-line with this policy, and that they are aware of their respective responsibilities in the environment.
- Source and promote a product range to minimise the environmental impact of both production and distribution
- Meet or exceed all the environmental legislation that relates to the Company and in accordance with the Governments aim to become Net Zero by 2050.
- Emissions will be reported and recorded in accordance with the published reporting standard for Carbon Reduction Plans and the GHG Reporting Protocol corporate standard4 and use the appropriate Government emission conversion factors for greenhouse gas company reporting5.
- Adhere to all relevant regulations concerning waste and environmental well-being.
- Train all employees in relevant environmental issues.
- Reduce and /or limit the production of pollutants to water, land and air. Ensure all waste is disposed of under controlled conditions when recycling and / or the re-use of the materials is not an available option.
- Control any noise emissions from operations.
- Minimise risk to the general public and employees from the Organisation operations activities.
The Organisation regularly monitors and reviews its environmental performance and this Environmental Policy Statement in order to ensure its continuing suitability, and shall implement Objectives whenever appropriate. This will be applicable to all countries and regions in which we operate.
In order to monitor our progress in meeting our environmental obligations set out in the policy, annual reviews are conducted by the management team.
We will respond positively to enquiries and suggestions from both internal and external sources.
We have a responsibility to the local community and ourselves to maintain a safe environment and to operate in a sustainable manner, and as such we will respect our legal and ethical responsibilities through the use of appropriate training and learning
Follow us on