At GOSS we are committed to ensuring your privacy and making sure the data and information we collect about you is obtained in a compliant manner and used and protected in line with data protection law. This notice details and explains exactly how we collect personal information from you, how we use it, and how we ensure it is protected. This notice applies to anybody who is a...
- Visitor to GOSS websites (including demosites)
- Recipient of GOSS sales and marketing content
- Current and former GOSS clients
- Potential GOSS clients
- Current and former GOSS employees
- GOSS job applicants
- GOSS suppliers and partners
- General public
GOSS Interactive Ltd ("GOSS") is a public limited company registered in the United Kingdom, under the company number, 3553908. Our registered office is at 24 Darklake View, Plymouth, PL6 7TL. GOSS is the controller and responsible for the personal data you provide us with. We are registered with the Information Commissioner's Office (ICO) as data controllers under registration number, Z5344639.
For matters about privacy and how we use your personal data, please be sure to get in contact with our Privacy Team. Alternatively, to contact us about more generic enquiries, contact details are available on our contact page. You also have the right to make a complaint to the ICO about us at any time. We would however, appreciate the chance to resolve your concerns with you by raising them with our Privacy Team.
The data GOSS collect about you
Personal data, or personal information, relates to any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). GOSS may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data - This includes first name, last name, maiden name, email address, username (or similar identifier), marital status, title, date of birth and gender.
- Contact Data - This includes billing address, delivery address, email address and telephone numbers.
- Financial Data - This includes bank account and payment card details.
- Transaction Data - This includes details about payments to and from you, including details of products and services you have purchased from us.
- Technical Data - This includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Profile Data - This includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data - This includes information about how you use our website, products and services.
- Marketing and Communications Data - This includes your preferences in receiving marketing from us and our third parties and your communication preferences.
GOSS also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, GOSS may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if GOSS combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, GOSS treat the combined data as personal data which will be used in accordance with this privacy notice.
Failing to provide your personal data
Where GOSS need to collect personal data by law, or under the terms of a contract GOSS have with you and you fail to provide that data when requested, GOSS may not be able to perform the contract we have or are trying to enter into with you, i.e. to provide you with goods or services. In this case, GOSS may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
Collecting data about you via GOSS websites and demosites
Some parts of the GOSS website may require visitors to register and log in prior to viewing certain pages. Registered users of the GOSS website (www.gossinteractive.com) will be able to opt in/out of GOSS correspondence via their User Preference page on the website. The GOSS website also uses a single session cookie, JSESSIONID. This cookie holds a unique ID, used to identify your browsing session while you interact with the site. It expires when your browsing session ends.
Furthermore, GOSS also use Google Analytics cookies to track visitor usage of our website and demosites including the number of visitors and their user journeys. This information helps us understand the interests of our site users and improve our sites accordingly. If you would like to opt out of being tracked by Google Analytics across all websites you can do so here. In relation to GOSS Demosites, any personal data collected via GOSS Demosites is only used for the purpose of a sales demo. GOSS Demosite users will be able to contact the GOSS sales team to remove their user information from demosites.
As part of our marketing automation and analysis, GOSS also use Pardot cookies. Pardot uses first party cookies for tracking purposes and sets third party cookies for redundancy. These cookies do not store personally identifying information, they store only unique identifiers. The visitor cookie is composed of a unique visitor ID and the unique identifier for your account. For example, the cookie name "visitor_id12345" stores the visitor value "1010101010", and "12345" is the account identifier. This cookie is set for all visitors to the GOSS website by the Pardot tracking code.
Using your data for sales and marketing
The following section of this notice, details exactly how GOSS uses or collect your data in relation to the sales and marketing activities GOSS take part in. Using Cloud CRM software, GOSS are able to manage the contact details of clients (current and former), potential clients and suppliers. In relation to email marketing, GOSS gather statistics across all marketing emails sent through the third-party Pardot system in order to track metrics such as the number of email opens and clicks. This helps us to monitor and improve the content of the communications GOSS send you. For more information regarding Pardot please visit this page.
Furthermore, and in line with data protection law, GOSS will only send email marketing content to you in accordance with your marketing content preferences or if you have shown a legitimate interest in the goods and services GOSS have to offer. Through the GOSS website, you will have the option to register to receive marketing emails from us. Any registered users will be able to opt in/out of GOSS communications via their GOSS website user preference page. To access or set up your marketing preferences please register or login. GOSS may also use a third-party supplier to conduct marketing campaigns on our behalf. If this is the case, an appropriate confidential and/or data processing agreement would be in-place to protect your personal data.
In relation to the online and physical events GOSS host and attend, there may also be a requirement to handle personal data. For webinars GOSS uses Microsoft Teams. Usernames, email address, etc and any video recording of the meetings will be retained in accordance to GOSS retention policy. All recordings of meetings are accompanied by a notice to attendees that a recording is taking place. For more information regarding Microsoft Teams please refer to their website. Any video recordings or photograph taken at the event may be used for sales and marketing collateral.
At events organised by GOSS, information will be recorded about the attendees for the purpose of event administration (for example, dietary preferences, accessibility requirements, feedback, etc). Any photographs taken at the event may be used for sales and marketing collateral. In relation to events organised by a third-party, which GOSS are in attendance at, GOSS may purchase data from the event organisers in order to contact event visitors and registered users about GOSS goods and services that may be of interest. GOSS will inform the recipients of such correspondence about the source from which their contact details were obtained.
Your data as a GOSS client
GOSS processes current client contact details for the purpose of project work, support, invoicing, business continuity plan, and various client administration tasks in order to fulfil its contractual obligations. This information will be retained in accordance with our data retention schedule. Please note that this retention policy does not apply to any personal data GOSS may be processing on behalf of its clients as a data processor. GOSS will follow instructions provided by its clients regarding the processing of that personal data. Access to former client contact details, stored across various task or project management systems, will be disabled but not deleted for the purpose of maintaining record of project delivery and audit purposes.
In addition to using Jira project tracking software to manage project works, GOSS also uses this software to facilitate discussion of our product roadmap and request new features (Product Suggestion Project). GOSS is relying on legitimate interest to process clients' information for the Product Suggestion Project in order to understand how to improve our products and services. Clients will be able to opt-out from this product suggestion project by contacting the GOSS Support team. User information associated with any submitted suggestions, comments or votes will still be displayed post opt-out for the purpose of maintaining record and validity of the submission. Opting out from the Product Suggestion Project will not automatically remove the user from accessing Jira for the purpose of GOSS contractual obligation to deliver and support various client related projects.
GOSS uses Microsoft Teams to facilitate online client meetings. Usernames, email address, etc and any video recording of the meetings will be retained in accordance to GOSS retention policy. All recordings of meetings are accompanied by a notice to attendees that a recording is taking place. For more information regarding Microsoft Teams please refer to their website. GOSS may also use video recordings when providing online training, or meetings. Such recordings will be stored in accordance to our data retention schedule. When requested, GOSS may provide a copy of the recording to a client's organisations (that are involved in the training or meetings) for their audit and backup purposes.
GOSS may involve service providers that act on behalf and under instructions from GOSS to support its infrastructure and services. GOSS will ensure sufficient and appropriate security and service contracts are in place to protect your personal information and to follow any contractual obligations specified by our clients in relations to sub-contracting.
GOSS also use Slack to facilitate discussion and support amongst current clients and potential clients. Personal data such as username and email address are visible to other Slack users. For more information please refer to the Slack website, or to de-activate your user Slack account please visit this page. GOSS also integrates Slack with Atlassian JIRA, for more information on this please visit this page.
Please refer to Sales and Marketing section of this privacy notice for any other communications outside of the GOSS contractual obligations.
Your data as a GOSS job applicant or employee
GOSS will only use the information an applicant has provided for the purpose of progressing their job application or to fulfil our legal or regulatory requirements as necessary. The information the applicant provided throughout the recruitment process will be used to assess their suitability for employment at GOSS. For unsuccessful applications, GOSS will retain the application files in accordance with the GOSS retention schedule. GOSS may also ask the applicant permission to contact them should any further suitable vacancies arise. Interview notes and test results (as applicable) will be stored by GOSS in accordance with the GOSS retention schedule.
During the job offer stage, GOSS will be required to confirm the applicant's identity, their right to work in the United Kingdom and to seek references. For this purpose, GOSS will require the following:
- Proof of identity (original documents to be provided of which GOSS will take copies)
- Declaration of any unspent convictions
- Details of the applicant's referees for GOSS to contact
- A completed health questionnaire (to establish fitness to work)
As part of making a job offer GOSS also collects personal data from third parties such as references supplied by former employers, referees, information from employment background check providers, credit reference agencies, internet searches, and information from criminal records checks permitted by law.
Information provided by the applicant as part of application for Baseline Personnel Security Standard (BPSS) and/or BS7858 Security screening (role dependent) will be passed to GOSS's agents for processing with the applicant's consent.
GOSS processes health information to ensure that it makes reasonable adjustments to the recruitment process for applicants who have a disability and to protect our employee welfare.
At the start of employment GOSS will require the submission of personal information for HR purposes such as:
- Bank details for payroll
- National Insurance number for payroll
- Copy of driving licence (including driving points) for insurance purposes
- Next of kin details (to be used when there is emergency at work)
In the case of some client projects, GOSS employees may need to take part in an enhanced security check. This will be discussed as and when requirement arise. Personal data processed for this security check may be held by GOSS, GOSS clients and/or their screening providers.
Where GOSS processes special category of personal data, it does so because it is necessary for it to carry out its obligations and exercise specific rights in relation to employment.
Your data as a GOSS supplier or partner
GOSS will only use the information you provide for the purpose of project work, support, invoicing, business continuity planning, and various supplier and or partner administrative tasks in order to fulfil our contractual obligations.
CCTV at GOSS premises
CCTV cameras are installed in GOSS premises for the purpose of crime detection, crime prevention and the safety of both the public and employees. Images captured by CCTV will not be kept for longer than necessary. GOSS will only disclose recorded images to authorised bodies who intend to use it for the purposes stated above.
In order to ensure you remain in control of your personal data, as individuals you have the following legal rights, which are held by GOSS:
- Right to obtain a copy of your personal data (data subject access request)
- Right to rectify incorrect personal data
- Right to request deletion of your personal data where it is no longer required for GOSS to retain such data
- Right to withdraw consent to processing when consent is the only basis use for collection and processing
- Right to request further processing where there is a dispute in relation to accuracy or processing of your personal data
- Right to object to your personal data being used for marketing or where processing is based on legitimate interest
If you would like to exercise any of your legal rights above, please contact the GOSS Privacy Team. Please keep in mind that there are exclusions to the rights outlined above and although GOSS will endeavour to respond to your request, there may be circumstances where we are unable to do so. If you are unsatisfied with our response or you believe that your privacy rights have been infringed you should contact the UK Information Commissioner's Office (ICO), who oversees data protection compliance in the UK.
It is important that the personal information that we hold about you is accurate and current. Please keep us informed of your personal information changes during your relationship with us.
Changing the use of your data
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another purpose and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact the GOSS Privacy team. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
International data transfers
The majority of GOSS data is stored within UK. For personal data, which is stored outside of the UK or EEA, GOSS will ensure appropriate safeguarding is in placed with the data processor. The following third-party systems we use store and process their data outside the UK:
- Slack - USA and Ireland (link to their privacy notice)
- Optimal Workshop - USA, Ireland and New Zealand (link to their privacy notice)
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purpose of which we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data we consider the amount, nature, and sensitivity of the data. Furthermore, we will assess the data's potential risk of harm from unauthorised use or its disclosure. The retention period of personal data will also be assessed against the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us. By law we are required to keep basic information about our clients (including contact, identity, financial and transaction data) for seven years after they cease being clients for tax and contractual purposes. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Links to other websites
GOSS websites may contain links to other websites. GOSS does not control those other sites and we cannot be responsible for the content of those sites, or for the protection of any information you provide to other sites (which are not governed by this privacy notice). GOSS accepts no responsibility or liability for such other websites. You should exercise caution when entering personal information online and look at the privacy statement applicable to the website in question.
Any queries in relation to your personal data or this privacy notice should be directed to the GOSS Privacy team.
Changes to this privacy notice
This privacy notice may be updated from time to time. The latest version will always appear on GOSS website.