Groundsure Privacy Policy May 2024
This Privacy Policy aims to give you information on how Groundsure Limited collects and processes your personal information through your use of Our Website (as defined below), including any data you may provide through Our Website when purchasing one of our products and services (“Our Products and Services”).
- About us
Groundsure Limited (referred to as “Groundsure’’, “we”, “us” or “our”), is a company registered in England and Wales under company number 3421028 and whose registered office is at Nile House, Nile Street, Brighton, England, BN1 1HW.
We will only collect and process Personal Data (as defined below) in ways that are described within this Privacy Policy and in a way which is consistent with our obligations and your rights. Groundsure is committed to the protection of privacy in accordance with Data Protection Laws (as defined below).
2. Definitions and Interpretations
In this Privacy Policy, the following words shall have the following meanings:
“Cookie Policy” means the cookie policy set out in https://www.groundsure.com/groundsure-cookie-policy/.
“Data Controller”, “Data Processor”, “Personal Data”, “processing”, and “data subject” shall have the meanings given to the terms “controller” “processor”, “personal data”, processing” and “data subject” respectively in Article 4 of the UK GDPR.
“Data Protection Laws” means any law, enactment, regulation or order concerning the processing of data relating to an individual in the UK including the UK GDPR and Data Protection Act 2018.
“Our Website’’ means https://www.groundsure.com.
“UK GDPR” means UK General Data Protection Regulation.
“You”, “Your” means the user of Our Products and Services.
3. What does this Policy cover?
This Privacy Policy gives you information on how Groundsure collects and processes your Personal Data through your use of Our Website, including any data you provide to us when purchasing Our Products and Services.
4. Who is the Data Controller of my Personal Data?
Unless we notify you otherwise, Groundsure is the Data Controller of your Personal Data as it is the entity that alone or jointly determines how or why your Personal Data is being processed.
5. What is Personal Data and how do we collect it?
Depending on your use of Our Website, we may collect some or all of the following categories of Personal Data:
- Identity Data: includes first name, last name, middle name, username (or similar identifier), company name and job title.
- Contact Data: includes email address, telephone number, and postal address.
- Financial Data: includes bank account and payment card details.
- Technical Data: includes IP address, login data, web browser type and version, time zone, location and operating system.
- Profile Data: includes your username and password, notification settings and preferences.
- Usage Data: includes URL information about how you access and use Our Website and Our, Products and Services.
- Marketing Data: includes your preferences in receiving marketing communications from us.
You are not obliged to provide Personal Data to us, however, please be advised that in many cases, if the Personal Data we request is not provided, we may not be able to supply Our Products and Services.
We use different methods to collect Personal Data from and about you, including:
A. Collection directly from you
Most of the Personal Data we process about you comes directly from you. You may give us your name and contact details when filling in forms or corresponding with us by email, phone, mail, in person or otherwise including when you:
- subscribe to Our Products and Services or email alerts;
- buy or express an interest in Our Products and Services (including attending an event);
- use our platform by logging into our system; and
- contact us about a prospective employee or contractor of Groundsure.
B. Automatic collection
We automatically collect Technical Data when you use Our Website, for example: IP address, log-in data, browser type, time zone setting, location and plug-in types when you interact with Our Website.
We also collect data through cookies. Please see our Cookie Policy for further information and details.
C. Collection from other sources
We may collect information about you from third parties and public sources (such as public databases and social media websites). This is to ensure we have accurate, up-to-date or necessary information for us to communicate with you or to provide the best possible service.
The types of information we may collect include Identity Data and Contact Data.
6. The purposes and legal basis for the collection, usage, and disclosure of your Personal Data
We have set out below a description of all the ways we plan to use your Personal Data and which legal basis we rely on to do so. We have also identified what our legitimate interests are, where appropriate.
Legal basis | Purpose |
Necessary for the compliance with a legal obligation to which we are subject. | Complying with legal requirements. |
Necessary for the performance of a contract to which you are a party. | Managing and fulfilling our contractual obligations with you. |
Ensuring the proper functioning of our business operations. | Operating and managing our business operations and/or improving Our Products and Services and event experience. |
Justified on the basis of our legitimate interest in ensuring that we can conduct and increase our business. | Marketing or communicating information to you related to Our Products and Services, unless you have objected to such processing, as further described in Section 7. We may also share Personal Data with our affiliates for this purpose, as further described in Section 9 below. |
Justified on the basis of our legitimate interest in ensuring we can conduct and increase our business and those of our business partners. | Sharing Personal Data with selected partners (including sponsors), as further described in Section 9 below. |
Ensuring network and information security. | Monitoring your use of our systems (including using technical tools to automatically monitor the use of our website and any apps and tools you use). |
Making sure that you receive an excellent user experience. | Improving the security and functioning of our website, networks and information. |
Justified on the basis of our legitimate interest in ensuring the proper functioning of our business operations. | Undertaking data analytics, i.e. applying analytics to business operations and data to describe, predict and improve business performance within Groundsure and/or to provide a better user experience, (more details on how we run analytics on our website can be found in our Cookie Policy. |
7. Marketing
We use marketing communications to keep you up to date with Our Products and Services, including those we think may be of interest to you.
A. Do we send targeted emails?
We send targeted electronic direct marketing to business contacts at our clients or other companies with whom we want to develop or maintain a business relationship in accordance with applicable marketing laws. Our electronic direct marketing typically includes web beacons, cookies, and similar technologies that allow us to know whether you open, read, or delete the message, and links you may click. When you click a link in an electronic direct marketing message, we will also use a cookie to log what pages you view and what content you download from our websites, even if you are not registered at or signed into our site. Please see our Cookie Policy for further details.
B. Do we maintain Customer Relationship Management databases?
Like most companies, we use customer relationship management (“CRM’’) database technology to manage and track our marketing efforts. Our CRM databases include Personal Data belonging to business contacts at our clients and other companies with whom we already have a business relationship or want to develop one. The Personal Data used for these purposes includes relevant business information such as contact data, publicly available information (e.g. board membership, published articles, press releases, your public posts on social media sites if relevant for business purposes), your responses to targeted electronic direct marketing (including web activity following links from our emails), website activity of registered users of our website and other business information included by our professionals based on their personal interactions with you.
C. Do we combine and analyse Personal Data?
We may combine data from publicly available sources, and our email, website, and personal interactions with you (this includes information collected across our different websites such as our careers and corporate sites). We combine this data to assess your experience with us and to perform the other activities described throughout this Privacy Policy.
D. Opt-Out: What are your rights regarding marketing communications?
You may elect to opt out of receiving direct marketing communication and/or the disclosure of your Personal Data for the purpose of direct marketing by:
- using any unsubscribe facility contained in email communications that you receive from us; or
- contacting us at marketing@groundsure.com.
8. What about sensitive data?
The term “sensitive data” refers to the various categories of Personal Data including racial or ethnic origin, political opinions, religious, philosophical or other similar beliefs, membership of a trade union, physical or mental health, biometric or genetic data, sexual life or orientation, or criminal convictions and offences (including information about suspected criminal activities).
We do not generally seek to collect sensitive data (also known as special categories of personal data) from individuals, and we request that you please do not submit sensitive data to us. In the limited cases where we do seek to collect such data, we will do this in accordance with Data Protection Laws and/or ask for your consent.
9. Will we share your Personal Data with third parties?
We may share Personal Data with the following categories of recipients:
- Our third-party service providers, including our affiliated companies, IT service providers, marketing automation, solutions and analytics providers, marketing agencies, professional advisors, and
- Our selected partners, representatives and sponsors, for example, we may share attendee lists with event sponsors so that they can better plan their sponsorship to enhance attendee experience and, where applicable, to choose invitees to private briefings, meetings or dinners, or we may make available contact details to create marketing opportunities in certain industries and markets.
We may also share your Personal Data with public and governmental authorities if we are required to do so, or with third parties in connection with potential corporate or commercial transactions.
Before we share your Personal Data with any third parties, we take the necessary steps to ensure that your Personal Data will be given adequate protection in accordance with Data Protection Laws and our internal policies.
10. How long will your Personal Data be retained by us?
We retain Personal Data for no longer than necessary for the purpose for which it was collected including for the purpose of satisfying any legal, regulatory or reporting requirements. We maintain specific records management and retention policies and procedures so in determining how long Personal Data information will be stored, we will consider:
- the quantity, nature and sensitivity of the Personal Data;
- the purpose(s) and use of your information both now and in the future;
- our global legal, regulatory and contractual obligations; and
- what information we need to manage your relationship with us and to develop and deliver Our Products and Services.
If you wish to opt out of communications from us or withdraw your consent, your Personal Data will be deleted without undue delay.
We continually review the Personal Data we hold and delete what is no longer required.
11. Where we store your Personal Data
The Personal Data that we collect from you will be transferred, stored and processed using Amazon Web Servers (“AWS’’) which are held at a destination within the European Economic Area (“EEA”). AWS servers offer the highest level of security and are ISO 27001 compliant. If we transfer any Personal Data outside the EEA, we will take steps to make sure adequate levels of privacy protection, in line with Data Protection Laws, are in place. Groundsure maintains a data sharing agreement that complies with UK GDPR with its group of companies.
12. Data security
We maintain organisational, physical and technical security arrangements for all the Personal Data we hold. We have protocols, controls and relevant policies, procedures and guidance to maintain these arrangements taking into account the risks associated with the categories of Personal Data and the processing we undertake, including as appropriate:
- the pseudonymisation and encryption of Personal Data, where appropriate;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of personal data.
Due to the fact that transmission of information over the internet is often insecure, we do not accept responsibility for the security of information you send to or receive from us over the internet, or for any unauthorised access or use of that information by others over the internet.
Groundsure shall ensure that all personnel who access and/or process any of the Personal Data are contractually obliged to keep Personal Data confidential.
13. Which rights do you have with respect to the processing of your Personal Data?
We want to ensure you remain in control of your Personal Data. Part of this is making sure you understand your legal rights which are as follows:
- Access: the right to make a subject access request (“SAR’’) to obtain information regarding our processing of your Personal Data and access to the Personal Data which we hold about you. *
- Correction: the right to inaccurate data rectified.
- Erasure: the right to request the deletion of your Personal Data in certain circumstances.
- Restriction: the right to object to, and request that we restrict, our processing of your Personal Data in certain circumstances.
- Transfer: the right to request transfer of your Personal Data directly to a third party where this is technically feasible.
If you wish to exercise any of these rights, please contact us via the details outlined in Section 15 below.
* For us to facilitate your SAR, please ensure that you specify the type of right you wish to exercise in the subject line and that you provide all the relevant information we need to investigate your request. We may request additional information from you to verify your identity and/or understand your SAR before actioning your request. Groundsure will usually respond to SARs within one month of receipt (however this may be extended by up to two months in the case of complex and/or numerous requests, and in such cases, you shall be informed of the need for the extension);
Please bear in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner’s Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk.
14. What if you have questions or want further information?
If you have any questions regarding this Privacy Policy or if you wish to make a complaint about the way we have collected, disclosed or used your Personal Data, please contact:
- Email: info@groundsure.com
- Post: Groundsure, Nile House, Nile Street, Brighton, BN1 1HW
You have the right to lodge a complaint with the appropriate data protection supervisory authority in your country. We would, however, appreciate the chance to deal with your concerns before you approach your local supervisory authority so, please contact us as set out above in the first instance.
15. Updating our Privacy Policy
This Privacy Policy may be updated from time to time, so we recommend you review the information on Our Website on a regular basis.