ABOUT THIS PRIVACY POLICY. Gibb Tools Limited is dedicated to protecting the confidentiality and privacy of information entrusted to us. We comply with the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. Please read this Privacy Policy to learn about your rights, what information we collect, how we use and protect it when you visit this website or interact with us, including any data you may provide through this website.

It is important that you read this privacy policy together with any other privacy notice we may provide you when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements the other notices and is not intended to override them.

We update this privacy policy from time to time. This version was last updated on 25th June 2019.

1. Who we are?

This privacy policy applies to Gibb Tools Limited (“Gibb Tools"). This privacy policy is issued on behalf of Gibb Tools so when we mention "we", "us" or "our" in this privacy policy, we are referring to Gibb Tools which is responsible for processing your data.

Gibb Tools is the data controller and responsible for this website.

You may contact the UK Information Commissioner's Office at https://ico.org.uk/concerns/handling/ to report concerns you may have about our data handling practices.

2. Who can you contact for privacy questions or concerns?

If you have questions or comments about this Privacy Policy or how we handle personal data, please direct your correspondence to: Gibb Tools Limited care of: Clarkson Port Services, Commodity Quay, St Katharine Docks, London, E1W 1BF or email company.secretary@clarksons.co.uk. We aim to respond within 30 days from the date we receive privacy-related communications.

Under data protection law, individuals have the right to request access to information about them that we hold. To make a request for your personal data, please contact company.secretary@clarksons.co.uk.

3. How do we collect data?

We collect personal data in different ways through our website, applications or through interactions with you.

Directly. We obtain personal data directly from individuals in a variety of ways including when you provide us with a business card, complete our online forms, subscribe to our newsletters/reports, register an account, purchase or subscribe to a product or service, request marketing to be sent to you, apply for a job, attend meetings or events we host, visit our offices, provide us with feedback or contact us. We may also obtain personal data directly when, for example, we are establishing a business relationship, performing professional services through a contract or through our hosted software applications.

Additionally, through the use of cookies and similar technologies, we may automatically collect Technical Data about your equipment, browsing activity and patterns. Please see the section below on cookies and our cookie policy for more information.

Indirectly. We obtain personal data indirectly about individuals from a variety of sources, including recruitment services and our clients. We may attach personal data to our customer relationship management records to better understand and serve our business clients, subscribers and individuals, satisfy a legal obligation or pursue our legitimate interests.

• Public sources -- Personal data may be obtained from public registers (such as Companies House), news articles, sanctions lists, business intelligence services and internet searches.
• Social and professional networking sites -- If you register or login to our websites using social media (e.g., LinkedIn, Google, Facebook or Twitter) to authenticate your identity and connect your social media login information with us or if you communicate with us using such networking sites, we will collect information or content needed for the registration or login that you permitted your social media provider to share with us. That information may include your name and email address and depending on your privacy settings, additional details about you, so please review the privacy controls on the applicable service to set how much information you want shared with us.
• Business clients -- Our business clients may engage us to perform services which involve sharing personal data they control as part of that engagement. Our services may also include processing personal data under our clients' control on our hosted software applications, which may be governed by different privacy terms and policies.
• Recruitment services. We may obtain personal data about candidates from an employment agency and other parties including former employers and credit reference agencies.

4. What categories of personal data do we collect?

We may collect, use, store and transfer different types of both personal and non-personal information through our website and through direct interactions with you or from information provided through client engagement, applicants, suppliers and through other situations.

Personal data. Here is a list of personal data we commonly collect to conduct our business activities.

• Contact details (e.g. name, company name, job title, marital status, gender, work and mobile telephone numbers, billing address, delivery address, email address both professional and personal email and postal address).
• Professional details (e.g. job and career history, educational background and professional memberships).
• Family and beneficiary details for insurance and pension planning services (e.g., names and dates of birth).
• Financial information (e.g. taxes, payroll, pensions, bank details, payment card details, insolvency records).
• Transaction Data(e.g. details about payments to and from you and other details of products and services you have purchased from us).
• Technical Data (e.g. internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website).
• Profile Data (e.g. your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses).
• Usage Data (e.g. information about how you use our website, products and services).
• Marketing and Communications Data (e.g. your preferences in receiving marketing from us and your communication preferences).
• CCTV at our sites may collect images of visitors. Door logs and visitor passes may collect images and personal data such as name and email address.
• Photographs (e.g. at corporate events).

Sensitive personal data. We typically do not collect sensitive or special categories of personal data about individuals. When we do need to process sensitive personal data, it is with the consent of the individual unless it is obtained indirectly for legitimate purposes. Examples of sensitive personal data we may obtain include: 

• Dietary restrictions or access requirements when registering for in-person events that reveal religious beliefs or physical health.
• Personal identification documents that may reveal race or ethnic origin, and possibly biometric data of private individuals, beneficial owners of corporate entities, or applicants.
• Adverse information about potential or existing clients and applicants that may reveal criminal convictions or offences information.
• Information provided to us by our clients in the course of a professional engagement.
• Diversity and equal opportunity information volunteered by applicants.

Child data. Although we do not intentionally collect information from individuals under 13 years of age, we may occasionally receive details about children attending performances and other events we host with their parents or guardians (e.g., hospitality, sporting events).

Location-based data. We may process geographical locations you enter when seeking an office near you.

We also collect, use and share non-personal information such as statistical data for any purpose. This non-personal information may be derived from your personal data but is not considered personal data by the law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature.

If we combine any non-personal information with your personal data so that you can be identified from it, we will treat the combined data as personal data which will be used and protected in accordance with this privacy policy.

5. What happens if you fail to provide personal data to us?

If you fail to provide personal data that we need to perform a contract with you or by law, then we may not be able to provide you with the product or service the contract relates to. We will notify you when this is the case.

6. What lawful reasons do we have for processing personal data and why do we need it?

We will use your personal data only where we have a lawful basis for doing so. We process your personal data for a number of purposes. The lawful basis for processing your personal data will depend on the purpose for which it was obtained. The table below sets out the purposes for which we may process your personal data and the relevant lawful basis/bases that allow for that processing:

*Legitimate interests means our legitimate interests in conducting and managing our business where these interests are not overridden by your fundamental rights, interests and freedoms.

We will only process your personal data for the purpose(s) for which we collected it. If we do need to use your personal data for a new purpose, we will notify you of this and explain the lawful basis we will be relying on.

Please be aware that we may process your personal data without your knowledge or consent where this is required or permitted by law.

7. Do we share personal data with third parties?

We may occasionally share personal data with trusted third parties to help us deliver efficient and quality services. These recipients are contractually bound to safeguard the data we entrust to them. We may engage with several or all of the following categories of recipients:

• Parties that support us as we provide our services (e.g., providers of telecommunication systems, mailroom support, couriers, printers, IT system support, archiving services, document production services and cloud-based software services).
• Our professional advisers, including lawyers, auditors and insurers.
• A potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger/acquisition of part or all of our business or assets, or any associated rights or interests.
• Payment services providers.
• Marketing services providers.
• Law enforcement or other government and regulatory agencies (e.g., HMRC) or to other third parties as required by, and in accordance with, applicable law or regulation.
• Recruitment services providers.

8. Do we link to other websites?

Our websites may contain links to other sites, including sites maintained by affiliates of Gibb Tools that are not governed by this Privacy Policy. Please review the destination websites' privacy policies before submitting personal data on those sites. Whilst we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other sites.

9. Do we use cookies?

Our websites may use cookies. Where cookies are used, a statement will be sent to your browser explaining the use of cookies. To learn more, please refer to our Cookie Policy.

10. Do we transfer your personal data outside the European Economic Area?

We store personal data on servers located in the European Economic Area (EEA). We may transfer personal data to non EEA affiliates of Gibb Tools and reputable third party organisations situated inside or outside the EEA when we have a business reason to engage these organisations. Each organisation is required to safeguard personal data in accordance with our contractual obligations and data protection legislation.

11. How long do we retain personal data?

We will not keep your personal data longer than is necessary for the purpose for which we use it. Unless a different time frame applies as a result of business need or specific legal, regulatory or contractual requirements, where we retain personal data in accordance with these uses, we retain personal data for eight years. We will dispose of personal data in a secure manner when we no longer need it.

In some circumstances we may anonymise your personal data (so that it can no longer identify you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

12. What are your data protection rights?

By law you have certain additional privacy rights. These are to:

• be informed of how we are processing your personal data - this privacy policy serves to explain this you but please do get in touch if you have any questions;
• have your personal data corrected if it is inaccurate or incomplete;
• have your data erased (the right to be forgotten)in certain circumstances - e.g. where it is no longer needed by us the purpose for which it was collected or you have withdrawn your consent. Please note however, that in certain circumstances, we may not be able to comply with your request of erasure for legal reasons. If this is the case, we will notify you at the time you request erasure;
• restrict the use of your data in certain circumstances e.g. where you have told us the data is inaccurate and we are in the process of checking this. In such circumstances we will continue to store your data but will not process it further until we have checked and confirmed whether the data is inaccurate;
• object to the processing of your data in certain circumstances - e.g. you may object to processing of your data for direct marketing purposes;
• object to decisions being taken by automated means; and
• to withdraw your consent at any time to processing where we are relying on consent as the lawful basis - e.g. to receiving marketing communications. Please note if you withdraw your consent, we may not be able to provide certain products and services to you - We will let you know if this is the case at the time you withdraw your consent.

13. What about personal data security?

We have put appropriate technical and organisational security policies and procedures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration or destruction. We aim to ensure that access to your personal data is limited only to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information. We may apply pseudonymisation, de-identification and anonymisation techniques in efforts to further protect personal data.

If you have access to parts of our websites or use our services, you remain responsible for keeping your user ID and password confidential. Please be aware that the transmission of data via the Internet is not completely secure. Whilst we do our best to try to protect the security of your personal data, we cannot ensure or guarantee the security of your data transmitted to our site; any transmission is at your own risk.

14. What about opting out from marketing?

You can opt out of receiving marketing communications by following the opt-out or unsubscribe links on any marketing message sent to you or by contacting us at any time.