Privacy Policy

Problems or Questions? 
Call: +44 (0)1224 620 944
(9am to 5pm, Monday to Friday)

ABOUT THIS PRIVACY POLICY. Gibb Tools Limited is dedicated to protecting the confidentiality and privacy of information entrusted to us. We comply with the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. Please read this Privacy Policy to learn about your rights, what information we collect, how we use and protect it when you visit this website or interact with us, including any data you may provide through this website.

It is important that you read this privacy policy together with any other privacy notice we may provide you when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements the other notices and is not intended to override them.

We update this privacy policy from time to time. This version was last updated on 25th June 2019.

1. Who we are?

This privacy policy applies to Gibb Tools Limited (“Gibb Tools"). This privacy policy is issued on behalf of Gibb Tools so when we mention "we", "us" or "our" in this privacy policy, we are referring to Gibb Tools which is responsible for processing your data.

Gibb Tools is the data controller and responsible for this website.

You may contact the UK Information Commissioner's Office at to report concerns you may have about our data handling practices.

2. Who can you contact for privacy questions or concerns?

If you have questions or comments about this Privacy Policy or how we handle personal data, please direct your correspondence to: Gibb Tools Limited care of: Clarkson Port Services, Commodity Quay, St Katharine Docks, London, E1W 1BF or email We aim to respond within 30 days from the date we receive privacy-related communications.

Under data protection law, individuals have the right to request access to information about them that we hold. To make a request for your personal data, please contact

3. How do we collect data?

We collect personal data in different ways through our website, applications or through interactions with you.

Directly. We obtain personal data directly from individuals in a variety of ways including when you provide us with a business card, complete our online forms, subscribe to our newsletters/reports, register an account, purchase or subscribe to a product or service, request marketing to be sent to you, apply for a job, attend meetings or events we host, visit our offices, provide us with feedback or contact us. We may also obtain personal data directly when, for example, we are establishing a business relationship, performing professional services through a contract or through our hosted software applications.

Additionally, through the use of cookies and similar technologies, we may automatically collect Technical Data about your equipment, browsing activity and patterns. Please see the section below on cookies and our cookie policy for more information.

Indirectly. We obtain personal data indirectly about individuals from a variety of sources, including recruitment services and our clients. We may attach personal data to our customer relationship management records to better understand and serve our business clients, subscribers and individuals, satisfy a legal obligation or pursue our legitimate interests.

4. What categories of personal data do we collect?

We may collect, use, store and transfer different types of both personal and non-personal information through our website and through direct interactions with you or from information provided through client engagement, applicants, suppliers and through other situations.

Personal data. Here is a list of personal data we commonly collect to conduct our business activities.

Sensitive personal data. We typically do not collect sensitive or special categories of personal data about individuals. When we do need to process sensitive personal data, it is with the consent of the individual unless it is obtained indirectly for legitimate purposes. Examples of sensitive personal data we may obtain include: 

Child data. Although we do not intentionally collect information from individuals under 13 years of age, we may occasionally receive details about children attending performances and other events we host with their parents or guardians (e.g., hospitality, sporting events).

Location-based data. We may process geographical locations you enter when seeking an office near you.

We also collect, use and share non-personal information such as statistical data for any purpose. This non-personal information may be derived from your personal data but is not considered personal data by the law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature.

If we combine any non-personal information with your personal data so that you can be identified from it, we will treat the combined data as personal data which will be used and protected in accordance with this privacy policy.

5. What happens if you fail to provide personal data to us?

If you fail to provide personal data that we need to perform a contract with you or by law, then we may not be able to provide you with the product or service the contract relates to. We will notify you when this is the case.

6. What lawful reasons do we have for processing personal data and why do we need it?

We will use your personal data only where we have a lawful basis for doing so. We process your personal data for a number of purposes. The lawful basis for processing your personal data will depend on the purpose for which it was obtained. The table below sets out the purposes for which we may process your personal data and the relevant lawful basis/bases that allow for that processing:

Purpose of Processing

Type(s) of Data

Our Lawful Basis for Processing

Managing our relationship with you and the provision of other services to you

Identity Data

Contact Data

Professional Details

Profile Data

Necessary to comply with a legal obligation

To perform a contract with you

Administration purposes and the protection of our business and the website - e.g. troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data

Identity Data

Contact Data

Technical Data

Necessary for our legitimate interests* - in running our business, the provision of administration and IT services, network security and fraud prevention and for business reorganisations or group restructuring exercises

Necessary to comply with a legal obligation

To register you as a new customer/user

Identity Data

Contact Data

To perform a contract with you

Processing and delivery of your order for products or services including managing payments and charges and recovering outstanding payments

Identity Data

Contact Data

Financial Data

Transaction Data

Marketing and Communications Data

To perform a contract with you

Necessary for legitimate interests* in recovering debts due to us

Marketing and promotions:

Sending you marketing and training communications

Asking you to complete a survey or leave a review

To deliver relevant website content and measure or understand the effectiveness of the website

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

To make suggestions and recommendations to you about goods or services that may be of interest to you

Identity Data

Contact Data

Profile Data

Usage Data

Marketing and Communications Data

Technical Data


Necessary for our legitimate interests* (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy

Necessary for our legitimate interests* (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

Necessary for our legitimate interests* (to develop our products/services and grow our business)

Complying with legal and regulatory obligations relating to countering money laundering, terrorist financing, fraud, sanctions evasion and other forms of financial crime.

Identity Data

Contact Data

Necessary to comply with a legal obligation

*Legitimate interests means our legitimate interests in conducting and managing our business where these interests are not overridden by your fundamental rights, interests and freedoms.

We will only process your personal data for the purpose(s) for which we collected it. If we do need to use your personal data for a new purpose, we will notify you of this and explain the lawful basis we will be relying on.

Please be aware that we may process your personal data without your knowledge or consent where this is required or permitted by law.

7. Do we share personal data with third parties?

We may occasionally share personal data with trusted third parties to help us deliver efficient and quality services. These recipients are contractually bound to safeguard the data we entrust to them. We may engage with several or all of the following categories of recipients:

8. Do we link to other websites?

Our websites may contain links to other sites, including sites maintained by affiliates of Gibb Tools that are not governed by this Privacy Policy. Please review the destination websites' privacy policies before submitting personal data on those sites. Whilst we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other sites.

9. Do we use cookies?

Our websites may use cookies. Where cookies are used, a statement will be sent to your browser explaining the use of cookies. To learn more, please refer to our Cookie Policy.

10. Do we transfer your personal data outside the European Economic Area?

We store personal data on servers located in the European Economic Area (EEA). We may transfer personal data to non EEA affiliates of Gibb Tools and reputable third party organisations situated inside or outside the EEA when we have a business reason to engage these organisations. Each organisation is required to safeguard personal data in accordance with our contractual obligations and data protection legislation.

11. How long do we retain personal data?

We will not keep your personal data longer than is necessary for the purpose for which we use it. Unless a different time frame applies as a result of business need or specific legal, regulatory or contractual requirements, where we retain personal data in accordance with these uses, we retain personal data for eight years. We will dispose of personal data in a secure manner when we no longer need it.

In some circumstances we may anonymise your personal data (so that it can no longer identify you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

12. What are your data protection rights?

By law you have certain additional privacy rights. These are to:

13. What about personal data security?

We have put appropriate technical and organisational security policies and procedures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration or destruction. We aim to ensure that access to your personal data is limited only to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information. We may apply pseudonymisation, de-identification and anonymisation techniques in efforts to further protect personal data.

If you have access to parts of our websites or use our services, you remain responsible for keeping your user ID and password confidential. Please be aware that the transmission of data via the Internet is not completely secure. Whilst we do our best to try to protect the security of your personal data, we cannot ensure or guarantee the security of your data transmitted to our site; any transmission is at your own risk.

14. What about opting out from marketing?

You can opt out of receiving marketing communications by following the opt-out or unsubscribe links on any marketing message sent to you or by contacting us at any time.