This Privacy Notice explains how Open International (company registration no. 5716519) and Open GI Limited (company registration no. 1519547) of Buckholt Drive, Warndon, Worcester, WR4 9SR (Open GI) use your personal information, which you provide to us. Open GI protects the personal information that you provide to us and is committed to complying with all relevant Data Protection Laws.
We are a data processor for the processing of our customers’ data, but we also act as a data controller in relation to information that we gather from job applicants and our own staff.
We are established in the United Kingdom and registered with the UK Information Commissioners Office (ICO).
We comply with the UK Data Protection Act 2018 (which incorporates the UK-GDPR), the EU General Data Protection Regulation (GDPR), and any other relevant data privacy laws.
If you have any queries regarding this Privacy Notice, you should first contact our Data Protection Officer via email: firstname.lastname@example.org. If you do not receive a reply within two working days, please telephone us on UK +44 (0)1905 754455 and request to speak to our Data Protection Officer.
Visitors to our website
- Customers and potential customers
Customers and potential customers may contact us through our website using the Contact Us forms or buttons. When you do this, you will be asked to provide your business contact details such as your email address and telephone number. You will also be asked to consent to our using your information. This information will then be passed either to our marketing or sales teams to contact you to assist you with your enquiry.
In the course of assisting you with your enquiry, we may ask for your consent to use your details for further purposes such as marketing. When we do this, you will be clearly advised and your specific consent will be required before we can use your information for any follow-up purpose. By default, no consent is assumed.
- Direct marketing or sharing relevant business news
We do not send marketing material to members of the public (B to C). Our Marketing Team may send product relevant marketing material or product news to our business customers or potential business customers (B to B) under the lawful basis of our legitimate interests. In all cases, you are provided with a link to this privacy notice and a clear means of opting out from this material.
- Job applicants
On our UK website you may apply for a position in our organisation – Visit our Careers page.
If you decide to do this, then you will be required to submit your personal details including previous employment experience and qualifications. This information is used for the specific purpose of assessing your suitability for a position in our business and you will be required to consent to the use of your personal data for this purpose. If you do not consent to our processing your data for this purpose, then our ability to consider your application may be limited. We will only ask for the minimal amount of data required to assess your suitability for a chosen role. We may retain your information for longer periods for matching to future roles if you instruct us to do so.
Clients of our customers
As part of the service that we provide to our customers, we are required to process or store the personal data (which may contain criminal convictions data) of clients of our customers, e.g., policyholders. All this information is processed strictly in accordance with the instructions of our customers, whom are data controllers, and is stored securely on servers located within the United Kingdom. Open GI manages and supports its UK-based infrastructure and we do not subcontract this out, whether UK based or not.
Sharing your information
We will only share your information with parties that you have agreed we can share it with. There are, however, certain scenarios where we may have to share your data with other parties where this is required to comply with applicable laws and government or regulatory bodies’ lawful requests for information. Examples of these scenarios are:
- For legal reasons, we may be required to share your data with law enforcement agencies, governments, etc. This may be as part of an investigation, or it may be as part of service such as fraud prevention.
- Where your data may be required to protect against harm to the rights of property or person as permitted by law.
- Where your data may be required to prevent or protect serious physical harm to an individual.
- If Open GI is involved in an acquisition, a merger, sale of assets, or liquidation.
In order to provide the services that we offer as efficiently as possible, the Open GI Group may use third parties to perform certain functions and in doing so, they may process customer data or personal data under our instruction. In all cases, Open GI maintains full control of the data it is processing and has entered into a contract with each of the third parties to regulate their use of the data and to ensure compliance with all relevant legislation. Please see our List of Third Party Processors.
Open GI works very hard to ensure the protection of your information against unauthorised access, alteration, destruction, disclosure or use. In order to ensure the level of security your information deserves, Open GI will:
- Ensure that any data that moves across an untrusted network (such as the Internet), will be encrypted using strong methods. Unfortunately, the transmission of information via the internet cannot be guaranteed due to the scale and nature of it. We will do our best to protect your personal data but cannot guarantee the security of your data whilst in transit to our site(s). Any transmission to us is at your own risk. Once we have received your information, we use strict procedures and security measures to protect it against unauthorised access or disclosure as reasonably as we can.
- Ensure that all our staff who may come into contact with your data or the systems that process your data have sufficient knowledge and training to handle it in a confidential and secure manner.
- Ensure that we have appropriate policies and procedures in place which instructs our staff on how to handle your data securely.
- Ensuring that we minimise access to your information to only the minimal staff and systems that need it in order to perform the service we are offering you.
- Any information that we receive from you will be stored depending on the service, but in all cases, it will be within the UK in secure data centres with multiple layers of technical and organisational controls.
- As part of our service to you, we employ the services of professional ethical hackers to test our systems for vulnerabilities which allows us to better protect your information. Don’t worry though, these are friendly hackers with whom we have very strict contractual and non-disclosure agreements.
In line with privacy regulations, we will not drop non-essential cookies onto your system without your prior consent. Whilst acceptance of all cookies does help us to improve our website (and do not collect any personally identifiable information), you are not forced to accept these, and our website will function perfectly OK without doing so.
Information we hold about you
You have the right to ask us for a copy of the personal information we hold on you via a “data subject access request”. You have the right to have any inaccuracies corrected or removed, or to instruct us to cease processing your data if no longer relevant, or if there are no other legal or contractual obligations for us to do so. There is no fee for this. However, subsequent copies of such information within an unreasonably short period may be chargeable.
To request a copy of the personal data that we hold on you please contact our Group Data Protection Officer using one of the methods below:
By post: The Data Protection Officer, Open GI Limited, Buckholt Drive, Warndon, Worcester, WR4 9SR.
By email: email@example.com
Please do not send us personal or sensitive data over and above the minimum requirements (such as your name and contact details) via fax or email without prior notification and agreement, or unless explicitly requested.
Please note that unless specifically instructed, your information will be sent using the same format as that of the request. i.e., if the request was received via email, the information will normally be sent back to you via secure email unless you explicitly request otherwise. Your information will be returned within one (1) month, and in a secure manner. No information will be released, and the clock will not start until your identity has been confirmed.
If the data you need sight of is specific, it would help us to respond in a faster time if you were to identify exactly what data or which particular area you are looking for. For example, all personal data we hold on you about your marketing preferences, or all data you have given us in relation to careers at Open GI.
Please be aware that some exceptions exist in data privacy laws. This means that some data may not be able to be shared with you. A fairly obvious example would be any data that identifies another individual apart from yourself. Other exceptions exist such as management forecasting, information on legal proceedings, and several others. We will engage with our internal and external legal teams at all times to ensure the information we provide you (or cannot provide you) is fair and lawful. You can of course dispute what we provide and are within your rights to complain to the Information Commissioner (The ICO) if you feel you have been treated unfairly or in an unlawful manner. However, we encourage you to discuss any concerns with us in the first instance. Contact our DPO for this.
All data we collect from you here and subsequently process will be done so within the United Kingdom. If it becomes necessary to process data outside the UK, we ensure that the relevant third party processing the data undertakes to provide at least an equivalent level of protection that we would provide to you, and we will make it clear to you that this will take place. If you are sending us your data from outside of the UK, please satisfy yourself first that we have adequate security controls in place. Contact us first before sending if you are unsure. By default, we do not expect or request personal data belonging to non-UK residents.
The European Commission has granted the United Kingdom an adequacy decision allowing the free movement of personal data between the EU and the UK.
We hold your data only for as long as is necessary for specified purpose. Open GI has an internal Data Retention Policy which sets a framework to ensure we are not storing data that we no longer need.
Some of the information we collect via our website is submitted to us by electronic mail. Our policy states that we retain all emails for a 7-year period after which time they are automatically deleted.
If you choose to exercise your right to erasure (also known as the right to be forgotten), we will need to retain some basic information in a suppress list in order to avoid sending you unwanted material or correspondence at a later date.
- What is a cookie?
A ‘cookie’ is a piece of information that gets stored on the device you are browsing from. They can record how you move around a website so that when you revisit it can present tailored options based on the information stored about your last visit. Cookies can also be used to analyse traffic and for advertising and marketing purposes. In most cases, cookies are not intrusive but are there to make the page work better either directly (such as essential cookies), or indirectly (such as performance (analytics) cookies to assist web designers in making the site easier to use).
Some cookies could be considered intrusive if they collect personal data or otherwise identify you as an individual and further use this data. Open GI do not use such cookies on this website.
- What types of cookie are there?
At the highest level, cookies can be considered to be either:
Essential or Strictly Necessary: These cookies are essential for the proper operation of a web site. Without these cookies, the website will not perform correctly. Consent is not required for essential cookies, although they should still be listed in a cookie notice. Please see the ‘Cookies we use‘ section for any cookies we consider to be essential.
Non-essential: Anything else that does not fall within the definition of essential cookies. Typically, these are used to analyse behaviour on a website, advertising, etc. These cookies require that the visitor actively consents to them being used and must not be ‘dropped’ onto your device without such consent.
We are required to obtain your consent for all non-essential cookies used on our website. You can block all cookies (including essential cookies) at any time by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block essential cookies you may not be able to access parts of our site because essential cookies are required to allow it to function correctly. The method of blocking cookies differs from browser to browser, so you are advised to determine the method appropriate to your device and /or browser. We cannot offer assistance or advice for this.
Cookie persistence can be either:
- Session or non-persistent cookies: these are only stored on your device during your web session and are automatically deleted when you close your browser – they usually store an anonymous session ID allowing you to browse a website without having to log in to each page.
- Persistent cookies: a persistent cookie is stored as a file on your computer and it remains there when you close your web browser until it expires (see table below). The cookie can be read by the website that created it when you visit that website again.
Cookies can also be categorised as follows:
- Performance cookies: These cookies enable us to monitor and improve the performance of our website. For example, they allow us to count visits, identify traffic sources and see which parts of the site are most popular (or the least popular). These are non-essential cookies.
- Essential cookies: These are cookies that ensure the proper functioning of the website (e.g., cookies for login or registration, language preferences, contact forms). Essential cookies would be considered as essential for the website to function correctly and as such would not require consent.
- Targeting/advertising cookies: These cookies can target audiences based on their browsing behaviour to deliver marketing material more relevant to you. These are non-essential cookies.
- Social media advertising and remarketing cookies: The LinkedIn Insight Tag and Facebook Pixel allows us to perform campaign reporting and view insights about website visitors that may come via the campaigns we run on LinkedIn or Facebook. It allows user behaviour to be tracked after they have been redirected to our website via a post or advert. With remarketing, you may see our adverts on LinkedIn or Facebook after you have visited our site. For this to happen, the Facebook Pixel and LinkedIn Insight Tag are activated when a visitor lands on a webpage, and a unique cookie is placed in their browser. Lookalike audience targeting allows us to show adverts on Facebook and LinkedIn to people who are similar to those who have already visited our website.
- Facebook opt out: https://www.facebook.com/settings?tab=ads
- LinkedIn opt out: https://www.linkedin.com/psettings/member-cookies
- Cookies we use
|Cookie name||Description||Expires after|
|Google Analytics (non-essential performance cookies). These cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website, where visitors have come to the website from, and the pages they visited on this site.||2 years
|_fbp||Facebook Pixel (non-essential performance cookie). Helps to store and track visits across websites. When the Facebook pixel is installed on a website, and the pixel uses first-party cookies, the pixel automatically saves a unique identifier to an _fbp cookie for the website domain if one does not already exist.||3 months|
|bcookie||LinkedIn (targeted/advertising cookie). Browser identifier cookie to uniquely identify devices accessing LinkedIn to detect abuse on the platform.||2 years|
|lang||LinkedIn (targeted/advertising cookie). Used to remember a user’s language setting to ensure LinkedIn.com displays in the language selected by the user in their settings.||End of session|
|lidc||LinkedIn (targeted/advertising cookie). This cookie allows visitors to ‘share’ content from our site to LinkedIn.||24 hours|
|UserMatchHistory||LinkedIn (targeted/advertising cookie). This cookie is set by LinkedIn to record advertisement analytics.||1 month|
|AnalyticsSyncHistory||LinkedIn (targeted/advertising cookie). Used to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries||1 month|
|quform_session||Essential session only cookie. This is for the contact forms on our website and are used to maintain sessions between page changes. No personal information or data is stored. The ‘Contact Us’ form functionality will not work without this cookie. We therefore consider this to be an essential cookie.||End of session|
You can also control your cookie settings through your web browser. Methods vary from browser to browser and/or device to device.
You can opt out of being tracked by Google Analytics across all websites, by going to http://tools.google.com/dlpage/gaoptout. Alternatively, some web browsers may have plug-ins that enable analytical cookies to be blocked.
Links to other websites
Our website may have links to other websites. This Privacy Notice only applies to this website. You should therefore read the privacy policies of the other websites when you are using those sites.
We may make changes to our Privacy Notice in the future. Any updates or changes will be posted on this page and will be reflected in the version date.
Page last updated: July 2022