For the purposes of the General Data Protection Regulation (the “Directive”) and the Data Protection Act 2018 (“the “Act”) the data controller is Gorilla Accounting (“Gorilla Accounting” “we,” “us,” “our”), Ground Floor, Unit B Lostock Office Park, Lynstock Way, Lostock, Bolton, BL6 4SG.
Any queries or concerns relating to Gorilla Accounting, this policy or this website can be addressed in writing to our registered office or via email to email@example.com.
Gorilla Accounting is registered with the Information Commissioner as a Data Controller under registration number ZA091838.
We take the privacy of our clients and visitors to this site seriously. We therefore will seek to only use any information provided for the following legitimate purposes:-
- Answer your enquiry including contacting you to assess the services you require
- Improve this website to improve the service offered to you and others.
- Provide you with any information that is required by you.
- As appropriate enter into a contract with you for the provision of services.
We do not share the information with any third party unless you have provided your consent to allow us to do so. For example in the event that it is necessary to answer your enquiry we may seek your consent to pass on some or all of the information provided. We take active steps to ensure that such third parties will not contact you directly without your consent.
If you email a query to us then the email address supplied will be used solely to answer the enquiry and will not be used for any other purpose without your direct consent (e.g. if you subscribe to one of our services using the same email address then we will use that email address for the purposes of providing and/or discussing the services).
Collection of data
We may collect and process the following data about you:
- Your name
- Your organisations name
- Your position
- Your email address
- Your business address
- Your contact telephone number
- Details of your online visit such as but not limited to web server statistics, traffic data, location data and details of the web pages and resources that you access. Please note that details of your online visit will be anonymised and cannot be used to identify you as an individual (see our Cookies Usage Policy below).
The above list is not exhaustive and further information may be collected from time to time.
In accordance with the Directive we will only seek information which is relevant, will keep the information confidential and will never keep the information for longer than is necessary.
Such information may be collected by:
- Entering details on an online form
- Entering details on an online survey
- You contacting us directly via email, phone or post.
- Use of Internet Cookies to collect details of your online visit
Again please note that any information collected by the use of Internet Cookies does not identify any individual. It is used for the purpose of monitoring use to the site to allow us to improve the services offered.
For more information please see our Cookie Usage Policy below.
Protecting your information
All information you provide to us is stored on our secure servers and the recipient will be Gorilla Accounting. Relevant employees of Gorilla Accounting may process the information to ensure that we meet your needs and/or make improvements to our website. We have a robust data protection procedures and security safeguards in place to ensure that only relevant employees have access to your information and only to the extent to allow them to carry out what is required.
Unfortunately we cannot guarantee that the transmission of information via the internet is completely secure. We will seek to protect your personal data however any transmission is at your own risk.
Therefore if you have any concerns then please do not enter any details in our website. Once we have your information we will use our internal procedures and security to seek to prevent unauthorised access and ensure it is kept in the strictest confidence.
As a general rule our data is held on secure servers in the United Kingdom or as appropriate within the EEA. In the event that any data is temporarily stored on servers which are located outside the United Kingdom or the EEA then we have taken steps to ensure that such servers are secure to the extent required by UK GDPR.
We will use information entered by you on our website to:-
- Contact you to discuss what information, products or services you require.
- Provide you with any information, products or services requested from us.
- Where appropriate provide you with information on products and services that we feel may interest you.
- Carry out the obligations arising from any contracts that we may enter into.
- To enable us to develop and market other products and services as appropriate.
- Make improvements to our website and services to enhance the experience to you and other customers.
- Ensure that our internal record keeping is correct.
- We may contact you by email, phone, fax or mail. We also may use the information obtained to amend or customise the website according to your interests.
Your data and third parties
We will only disclose your data to third parties in the following limited circumstances:-
- If you have consented to the same, in which case we will only pass on your details to trusted third parties for the purposes you have consented to.
- Where it is necessary for that third party to provide services to Gorilla Accounting and such legitimate interest meets the three part test of the Directive (see below). For example where we use a Third Party to produce our newsletter that third party may need your contact information. Please note that under our agreements with such parties they are prohibited from using your information for any other purpose. If you suspect that they have then please contact us as a matter of urgency.
- If Gorilla Accounting or substantially all of its assets are acquired by a third party in which case personal data held about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your data to comply with any legal obligations. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Our site may, from time to time, contain links to and from the websites of our clients and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you enter any personal data to these websites.
Use of legitimate interest as a right to process your information
Under the directive there are various reasons why we may process your information. One of the most commonly used is where we have a “legitimate interest” to process such information. “Legitimate interest” can cover a wide range of circumstances and consequently before we rely on it we will ensure that our intended use matches the following three part test as specified in the directive:
- Purpose test – Whilst this seems simple enough, we will ensure that there is always a reason to process your information.
- Necessity test – We will only process your information when this is necessary to meet the reason identified in the purpose test.
- Balancing test – We will not process in the event that your personal rights or reasonable expectations are more important than our reason. For example you have a reasonable expectation that we will not share your information with any third party. Consequently your information will only be shared when you would expect us to and/or with your consent. You would expect us to use a case management system to track an enquiry to ensure we provide you with a service so we may do this. However you would not expect us to pass your information to a third party marketing team so we will not do this.
It is important to note that you do have rights which may affect our ability to rely upon “legitimate interest” to process your information. These are listed in the “Your Rights” section below.
Retention of information
Under the terms of the Directive we will only retain information for as long as is necessary to allow us to carry out the matters listed in the information usage section.
The exact time period of retention will vary dependant on usage. For example should you request a call back then we will only keep your information to allow us to make contact with you. Should it be clear that no further contact is required then we will delete all personal information held.
However there may be occurrences when information is held for a longer period of time such as if you become a client.
It is important to note that you do have rights which may affect our ability to retain your information. These are listed in the “Your Rights” section below.
Under the Directive you have a number of rights which you may enforce at any time. Such rights and how they apply in respect of this privacy notice are as follows:
- You have the right to be informed – This privacy notice confirms how we collect and use data.
- You have the right of access – If you wish to know what data we hold on you then you may make a request using the contact details above.
- You have the right of rectification – You can contact us to request that we rectify any information we hold on you should you believe that such personal data is inaccurate. Please note that we have the right to consider and respond to such a request, this includes refusing to process a request if we deem there to be grounds to do so.
- You have the right of erasure – You can contact us to request that we erase some or all the information we hold. Please note that we have the right to consider and respond to such a request, this includes refusing to process a request if we deem there to be grounds to do so.
- You have the right to restrict our use of your information – You can contact us to request that we do not process your information either in full or in part. Please note that this is not the same as requesting that we delete your information.
- You have the right to data portability – In limited circumstances you have the right for us to provide you with your data in a format that can be moved to another computer this. This right only applies to information that you have provided to us which we are processing with your consent or to deliver a contract. It also only applies to information which is processed electronically.
- You have the right to object – When you have provided your consent to direct marketing then you can remove such consent at any point either by contacting us or by clicking the appropriate unsubscribe link. You can also object to us processing your data in other ways. However please note that we have the right to consider and respond to such a request, this includes refusing to process a request if we deem there to be grounds to do so.
- You have certain rights in respect of automated processes – If a decision is made as a consequence of an automated process then you have certain rights. At present Gorilla Accounting does not use automated processes exclusively to make decisions and consequently such rights are not applicable. However should you believe that we have made a decision based exclusively on an automated process then please contact us and we will review.
Please note that we will only seek to obtain sufficient information from you for the purposes detailed in the information usage section. However we recognise your rights above to restrict, object or request the erasure of any information held. Whilst the GDPR allows us to refuse to process such requests in certain circumstances, it does not require us to consider all the consequences of processing a request. For example your request to restrict the use of your information may result in us being unable to provide you with a service you have sought. Therefore we would suggest that you consider all consequences of asserting a right and we would be more than happy to discuss any concerns that you may have.
Nothing in this policy should be construed as seeking to limit or remove your statutory rights. Should you have any concerns in this regard please seek appropriate independent legal advice.
Changes to this Notice
Again should you have any concerns or wish to exert a right then please do not hesitate to contact Craig Whelan on 0330 024 0406.
Should you be dissatisfied with how we use your information then you have the right to complain the Information Commissioners Office (“ICO”). Details are available at https://ico.org.uk/concerns/
What are cookies?
Cookies are small text files which are stored on your computer when you visit certain pages. There are two main types of cookies. Cookies generated by this site known as first party cookies and cookies generated in conjunction with other sites known as third party cookies.
The main thing to remember is that cookies do not contain personal or sensitive information. All information that is collected is anonymised when analysed.
What cookies does this site have?
In respect of this site, where enabled, our first party cookies allow us to monitor site usage and recognise when you have returned to the site. This is important because it allows us to keep track of unique visitors to the site. It also enables us to ensure that our site is as user friendly as possible, for example if several customers are visiting six pages to visit a page that is linked on the first page then we can take steps to ensure the first page link is prominent.
In respect of third party cookies the main cookies will relate to Google Analytics. These cookies are used by nearly every website and again serve to monitor visitor information such as browser used, visitor numbers and whether a visit is as a result of a marketing initiative.
What if I don’t wish to enable cookies?
If you subsequently decide that you do not wish for this site to collect information then you can disable cookies on your browser settings.
You are free to disable cookies at any point, however please note that by doing so that some parts of the site may stop functioning correctly.