GPP-Digi Ltd Privacy Notice

Who We Are

GPP-Digi Ltd gather and process your personal information in accordance with this privacy notice and in compliance with the relevant data protection Regulation and laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.

GPP-Digi Ltd’s registered office is at Rochester House, Ferry Road, Goxhill, North Lincolnshire, DN19 7LA and we are a company registered in England and Wales under company number 09545264. We are registered on the Information Commissioner's Office Register; registration number ZA447798, and act as the data controller when processing your data. Our designated Data Protection Officer is Tracy Muir, who can be contacted at the company address above or via:

Information That We Collect

GPP-Digi Ltd processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.

The personal data that we collect from is:

  • Name
  • Personal or Business Email
  • Personal or Business/Mobile Telephone Number

We collect information in the below ways:

Online forms, orders, requests for information, tender submission requests, legal documents, via telephone and face-to-face.

How We Use Your Personal Data

GPP-Digi Ltd takes your privacy very seriously and will never disclose, share or sell your data without your consent; unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time.

The purposes and reasons for processing your personal data are detailed below:

  • We collect and/or store your personal data:
    • in responding to requests for information, questions, enquiries, tender submission requests, etc.
    • in the performance of a contract or to provide our services
    • and the personal data of your staff when delivering our online systems to you as a client
    • as part of our legal obligation for business accounting and tax purposes
  • We may occasionally send you marketing information where we have assessed that it is beneficial to you as a customer and in our interests. Such information will be non-intrusive and is processed on the grounds of legitimate interests

Your Rights

You have the right to access any personal information that GPP-Digi Ltd processes about you and to request information about:

  • What personal data we hold about you
  • The purposes of the processing
  • The categories of personal data concerned
  • The recipients to whom the personal data has/will be disclosed
  • How long we intend to store your personal data for
  • If we did not collect the data directly from you, information about the source

If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.

You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.

If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.

Sharing and Disclosing Your Personal Information

We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. GPP-Digi Ltd uses third-parties to provide the below services and business functions; however, all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.

Third Parties:

The Gill Payne Partnership Ltd

The Gill Payne Partnership Ltd is a joint owner of GPP-Digi Ltd and all the administrative functions and some data uploading functions for GPP-Digi Ltd are carried out by them therefore, they will have access to the personal data identified above in order to enable GPP-Digi Ltd to deliver its contracts, products and services to our clients.

For more information about The Gill Payne Partnership Ltd, please read their Privacy Notice here: 

Digital Spotlight Ltd

Digital Spotlight Ltd is a joint owner of GPP-Digi Ltd and all the programming, coding, data up-loading and some marketing functions for GPP-Digi Ltd are carried out by them therefore, they will have access to the personal data identified above in order to enable GPP-Digi Ltd to deliver its contracts, products and services to our clients.

For more information about Digital Spotlight Ltd, please read their Privacy Notice here:

UKFast.Net Limited

We use UKFast.Net Limited to provide the secure server solutions required by GPP-Digi Ltd to be able to deliver our products and services securely to our clients.

For more information about UKFast.Net Limited, please read their Privacy Notice here:

Citrix Systems Inc. (ShareFile)

We make use of the Citrix ShareFile system to transfer confidential and sensitive information via encrypted emails and secure file transfer. To enable this to happen, we may have to add minimal personal information to our Client address book on ShareFile such as a name and email. The data is stored on their European servers.

For more information about Citrix and ShareFile, please read their privacy notice at:

Gosschalks Solicitors

We use Gosschalks Solicitors to provide legal and contractual services to GPP-Digi Ltd business operations.

For more information about Gosschalks Solicitors, please read their Privacy Notice here:

Smailes Goldie Group

We use Smailes Goldie Group to provide accounting and business services to GPP-Digi Ltd.

For more information about Smailes Goldie Group, please read their Privacy Notice here:

Towergate Insurance

We use Towergate Insurance to source and arrange our corporate insurance requirements.

For more information about Towergate Insurance, please read their Privacy Notice here:

Safeguarding Measures

GPP-Digi Ltd takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including:

  • SSL, TLS, encryptions, pseudonymisation, restricted access, IT authentication, firewalls, anti-virus/malware protection.

Transfers Outside the EU

Personal data in the European Union is protected by the General Data Protection Regulation (GDPR) but some other countries may not necessarily have the same high standard of protection for your personal data.

GPP-Digi Ltd transfers personal data outside of the EU for the below purposes:

  • To enable contracts, products and services of GPP-Digi Ltd to be delivered and only transfer personal data to those clients outside the EU and not to any third-parties other than with the expressed instruction of a client

Where we transfer personal information for the above reasons, we utilise the below safeguarding measures and mechanisms to ensure that your personal data is always safe and secure:

  • Secure (encrypted) File Transfer.

Consequences of Not Providing Your Data

You are not obligated to provide your personal information to GPP-Digi Ltd, however, as this information is required for us to provide you with our services and products, we will not be able to offer some/all our services without it.

Legitimate Interests

As noted in the ‘How We Use Your Personal Data’ section of this notice, we occasionally process your personal information under the legitimate interests’ legal basis. Where this is the case, we have carried out a thorough Legitimate Interests’ Assessment (LIA) to ensure that we have weighed your interests and any risk posed to you against our own interests; ensuring that they are proportionate and appropriate.

We use the legitimate interests’ legal basis for processing when sending you marketing or new product information related only to products and services identified as possibly matching your business type and which we believe will be of interest and benefit to your company, and have identified that our interests are the need to inform your company of related and appropriate products and/or services other than general customer relationship management.

How Long We Keep Your Data

GPP-Digi Ltd only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed.

Some personal data may be processed for shorter or longer periods and these are identified within our Data Retention.

Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.

Special Categories Data

Owing to the worldwide distribution of our products and services that we offer, GPP-Digi Ltd sometimes needs to process sensitive personal information (known as special category data) about you, this might include your country location or nationality so that we can identify your working week and know when we can and cannot contact you, which may of course identify indirectly a religious background. Where we collect such information, we will only request and process the minimum necessary for the specified purpose and identify a compliant legal basis for doing so.

Lodging A Complaint

GPP-Digi Ltd only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority.

GPP-Digi Ltd

Data Protection Officer: Tracy Muir
Rochester House, Ferry Road, Goxhill, DN19 7LA
Tel: 0044 (0)1469 533907


Information Commissioner’s Office

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Fax: 01625 524 510

Website Complaint Submission:

Cookie Notice

A ‘cookie’ is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. When you visit a site that uses cookies for the first time, a cookie is downloaded onto your computer/mobile device so that the next time you visit that site, your device will remember useful information such as items added in the shopping cart, visited pages or logging in options.

Cookies are widely used in order to make websites work, or to work more efficiently, and our site relies on cookies to optimise user experience and for features and services to function properly.

Most web browsers allow some control to restrict or block cookies through the browser settings, however if you disable cookies you may find this affects your ability to use certain parts of our website or services. For more information about cookies visit: