GDPR Company Statement
In May 2018, the EU General Data Protection Regulation (GDPR) replaces the existing 1995 EU Data Protection Directive
(European Directive 95/46/EC).
Gosling Creative Ltd (Gosling) aims to comply with the applicable Gosling regulations as a data processor and controller. Working alongside its employees, clients and their employees and suppliers it will comply when the legislation takes effect on 25th May 2018.
Collecting your Personal Information
We will obtain personal data about you, including but not limited to:
• your name, email, postal address, telephone number(s) i.e. your contact details, whenever you complete an online form or make a telephone enquiry;
• in general, all data required by Gosling to offer you its products or services within the scope of and on the basis of the agreement concluded between Gosling and you/your employer.
We collect and store information when you visit our website and, this may include using cookies and similar technologies to monitor site performance and build a profile of our users. When you interact with our services we may identify, for example:
• how many times you visit;
• what pages you go to within our website(s);
• your IP address;
• the originating domain name of your internet provider;
• identity of your browser or device.
Cookies do lots of different jobs, like helping us understand how our website is being used, letting you navigate between pages efficiently, remembering your preferences, and generally improving your browsing experience. Cookies can also help ensure marketing you see online is more relevant to you and your interests.
You can set your browser to block or disable cookies (see the ‘Help’ menu of your browser to see how), but doing this will mean certain personalised features of our websites can’t be provided to and other parts may also not work properly.
Use of your Personal Information
We use your personal information for the following purposes:
• to facilitate the provision of products and services you or your employer
• to help us identify you and any accounts you or your employer hold with us;
• undertaking credit checks (with your specific permission on each
• research, statistical analysis and behavioural analysis;
• customer profiling and analysing your preferences;
• fraud prevention and detection;
• billing and order fulfillment;
• improving our services.
Disclosure of your Personal Information
Gosling does not and will not sell, rent, or trade your personal information. We only forward your personal data to third parties;
(i) in cases specified in these conditions,
(ii) in accordance with the agreement concluded with you or your employer, and
(iii) in the cases specified below:
• to third parties that process your personal data on our behalf (e.g.,
• to third parties that supply products or services to you on our
behalf within the context of your use of agreement with Gosling, e.g., suppliers
• to third parties that perform creditworthiness checks or record
payment behavior on our behalf (with your specific permission on
• to public authorities, courts, police authorities, and judicial services that request the data from us or when we are required to do so by law.
• to any third party to which we assign our rights and obligations.
Processing of Third Party Personal Information
Where instructed Gosling will process personal data as per the terms of the Data Agreement / Terms of Engagement as defined by the Data Controller and agreed by Gosling.
Access to your Personal Information
You have the right to request access to any personal data we may hold about you and, to ascertain the accuracy of that information.
To apply for
a ‘Subject Access Request’, an individual must:
• make the request in writing to Timothy Gosling, Gosling Creative Ltd, Old Batford Mill, Lower Luton Rd, Harpenden, Hertfordshire, AL5 5BZ
• supply information to prove who they are to eliminate the risk of unauthorised disclosure;
• supply appropriate information to help us locate the required
We allow you to challenge the data that we hold about you and, where
appropriate, you may have the data erased or rectified/amended.
If your employer has an agreement who Gosling has a responsibility
to process your data, we request that you first discuss this with your
We may reject requests that are unreasonably repetitive, require
disproportionate technical effort (for example, developing a new system
or fundamentally changing an existing practice), risk the privacy of
others, or would be extremely impractical (for instance, requests
concerning information residing on backup systems).
Security of your Personal Information
Gosling strictly protects the security of your personal information and honors choices for its intended use. We carefully protect your data from loss, misuse, unauthorized access or disclosure, alteration, or destruction. Your personal information is never shared outside the company without your permission, except under the conditions explained above. Inside the company, data is stored on secure servers that are housed in controlled environments to protect against the loss, misuse, or alteration of your information.
All countries in the European Economic Area (EEA), which includes the
UK, have similar standards of legal protection for your personal information.
We may run your accounts and provide other services from centres outside the EEA (such as the USA and India) that do not have a
similar standard of data protection laws to the UK. We shall take all measures that could reasonably be required to ensure that your personal data is processed in accordance with applicable legislation. Gosling will only store your personal data for as long as is necessary for fulfilling the purpose for which the data was collected and for meeting legal, regulatory and/or internal requirements.
Data Retention and Deletion
Gosling aims to keep data on file for a period of 7 years unless otherwise stipulated that it is necessary for compliance with a legal obligation to which the controller is subject, or is necessary for the purpose of legitimate interests pursued by the controller. Data would be hard erased after this time unless the subject of the data requests otherwise or has been engaged with during this time and data on them is necessary for archiving purposes in the public interest.
Data subjects have the right to request personal data on them in a portable format. Data subjects must request by letter stipulating what data they would like to access, and this will be processed within 30 working days. We would send confirmation of this either by email or letter (whichever is most appropriate). If data has been deleted, erased, or otherwise irretrievable the subject will also be informed of this. Subjects of data have the right to be forgotten and erased from records upon request. Subjects must request their data be deleted by letter stipulating what data they would like erased and this will be processed within 30 working days. We would send confirmation of this either by email or letter.
Gosling aims to deliver great service. We want to gain the trust of our employees and data subjects and aspire to treat data collected on them with integrity and respect. We would continue to improve and change operations where necessary to comply with the new legislation. Internally Gosling reviews the systems in place and aims to improve them continuously. This statement aims to outline Gosling’s GDPR strategy and policies surrounding data control and processing.