Welcome to GMP Software Ltd’s privacy notice, we are committed to protecting and respecting your privacy.

Please read our privacy notice carefully: Please read our privacy notice carefully to make sure that you understand what our privacy notice tells you, and if you have any questions please contact us using the details set out below.


Our privacy notice was last updated on 23rd May 2018. We may update this notice at any time, for example to make sure that we continue to collect, use and store your personal information fairly, securely and in accordance with data protection law in the UK.  If we decide to materially change this notice, the changes will be posted on our website so that you are always informed of the latest version. We suggest that you regularly revisit this update section to make sure that you keep up-to-date with any changes we make.


Personal data, or personal information, means any information about you from which you can be identified.


Our privacy notice applies when:

  • you visit our website using any device, including your mobile phone; and
  • you order products or services from us.


Our privacy notice:

  • explains how we collect, use and store personal data about you; and
  • tells you about your privacy rights and how the law protects you.

Our privacy notice is set out in a layered format so that you can click through to the information you want to find using the headings set out below. You can also download a full pdf version of our notice here.


References in this privacy notice to “we”, “us” or “our” means GMP Software Ltd(registered in England and Wales with company number 04110152, GMP Software Holdings Limited (registered in England and Wales with company number 11267793) and GMP Web Design, a division of GMP Software Ltd.

References in this notice to our websites means, and

We are the “data controller”, which means that we are responsible for deciding how we hold and use personal data about you.

If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us using the details set out below.

  • Write to us at: Data Privacy Manager, The Old Library, 20 Broad Street, Ross-on-Wye, Herefordshire, HR9 7EA
  • Email us at:
  • Call us on: 01989 561030

If you are contacting us to exercise your legal rights relating to your personal data, please let us know what personal data you are contacting us about, and what you want us to do, or stop doing, with that data.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.


We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, last name, username, password, security question and answer title, date of birth and gender;
  • Contact Data includes postal addresses, billing addresses, email addresses and telephone numbers (including mobile phone numbers);
  • Financial Data includes bank account and payment card details;
  • Transaction Data includes details about payments and other details of products and services purchased from us;
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website, details of the website from which you visit us and keywords you used, the pages on our website that you visit and in what sequence, and the date and length of your visit.
  • Profile Data includes the history of our communications with you, such as your orders for our products and services, your personal interests, preferences, feedback and survey responses.
  • Usage Data includes information about how you use our websites.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.


We use different methods to collect data from and about you including through:

  • Information you give us: Personal Data may be given by you directly when you:
  • contact us by post, telephone or email.
  • Fill out a contact form on our website.
  • place an order for our products or services; [or]
  • sign up to receive emails or other marketing communications from us;
  • Information we collect about you: When you visit our website we may automatically collect Technical Data about you. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy for further details.
  • Information received from third parties or publicly available sources: We may also receive Identity Data and Contact Data from publicly available sources such as Companies House and the electoral register and Technical Data from third parties such as analytics providers, e.g. Google.


We will only use your personal information when the law allows us to: We need to have a “lawful basis” to use your Personal Data. The types of “lawful basis” that we will rely on to process your personal data are as follows:

  • To perform a contract: Where it is necessary to perform a contract we are about to enter into or have entered into with you, for example, to provide products and services to you that you have ordered;
  • It is in our legitimate interests: Where it is necessary for our legitimate interests (or those of a third party) and our interests are not overridden by the potential impact on your rights and interests.

“Legitimate Interests” means in the interests of conducting and managing our business to enable us to give you the best products and services and the best and most secure experience, for example to:

  • run our business, provide administration and IT services, network security, and to prevent fraud;
  • collect and recover money owed to us;
  • keep our records updated;
  • study how customers use our products/services;
  • develop our products/services and grow our business; and
  • inform our marketing strategy and promote our business.

We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we use your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

You can obtain further information about how we assess our legitimate interests against any potential impact on you by contacting us.

  • To comply with a legal obligation: Where we need to comply with a legal or regulatory obligation, for example, in a legal action.
  • Where we have your consent: We will require your prior consent to use Contact Data to send you electronic direct marketing (such as email or text).

We may have more than one lawful basis to use your personal data depending on the specific purpose for which we are going to use that data. Please contact us if you need details about the specific ground we are relying on to process your personal data.

We will only use your personal data for the purposes for which we collected it: We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is related to the original purpose. If we need to use your personal data for an unrelated purpose, we will let you know and will explain the legal basis which allows us to do so.

Direct Marketing – your choices:

How to Opt-in: You will only receive electronic marketing communications from us (such as emails and texts) if you have requested information from us, for example, by signing-up to our newsletter, or if you have specifically opted-in to receive details about our products, services, events, activities, promotions and special offers which we feel may be of interest to you when we have given you the choice to do so, for example, when you order products or services from us.

If you wish to be contacted for these purposes please make sure that you tick the appropriate box or boxes when you are given the option to do so, otherwise we will assume that you do not want to be contacted.

We will not pass your information onto third parties for marketing purposes before getting your express consent to do so.

How to Opt-out: Your participation in our marketing activities is voluntary. If you ever want to change your preferences regarding our use of your personal information for marketing purposes, or opt-out altogether from receiving further marketing information, you can use the opt-out or unsubscribe links in any marketing message we send you or you can contact us at any time. Where you opt-out of receiving marketing communications from us, we may continue to use your personal data for the other purposes we have explained in the “HOW WE USE YOUR PERSONAL DATA” section of this notice.


We will only share your personal data with the following third parties or in the following circumstances:

  • To our service providers and suppliers: So that we can make certain services and products available to you we may need to share your personal data with some of our service providers and suppliers, for example such as IT companies to:
  • provide website hosting services:
  • manage and analyse our network status and the responsiveness of our services
  • To other third parties: we may also share your personal data with the following third parties or in the following circumstances:
  • On a business purchase, sale, transfer or merger: we may disclose your personal data to third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them, in which case we may disclose your personal data to such other businesses. If a change happens to our business, then the new owners may only use your personal data in the same way as set out in this privacy notice.
  • To our professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
  • To HM Revenue & Customs, regulators and other authorities who require reporting of processing activities in certain circumstances.
  • To comply with or enforce applicable laws or regulations: We may disclose personal data about you to third parties to comply with or enforce applicable laws and regulations. For example where:
  • a complaint arises concerning your use of our website, products or services;
  • we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person.

Safeguarding your personal data when we share it with other people: We require our suppliers, service providers and other third parties to respect the security of your personal data and to treat it in accordance with the law.

We do not allow our suppliers and service providers to use your personal data for their own purposes or pass your personal data to anyone else without our written consent.  We only permit our suppliers and service providers to use your personal data to provide services to us and you, and for no other purpose, and in accordance with our written instructions.

Third party links, advertisers, sponsors and ad-servers: Our website may contain links to other sites that are not covered by this privacy notice and where privacy practices may be different from ours. We do not own or operate these sites. You should consult the privacy policies on such third party sites before submitting any personal information, as we are not responsible for, and have no control over, the manner in which such sites collect, use, disclose, or otherwise process your personal data.


We do not transfer your personal data outside the European Economic Area (EEA).


Unfortunately, the transmission of information via the Internet is not completely secure, however, please be assured that we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.


We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting obligations and requirements.

By law we have to keep certain basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.

Personal data about our customers sales history will normally be kept for three years and (subject to the above) all personal data about our customers will be destroyed once our contract is concluded.

In some circumstances you can ask us to delete your data: see Your legal rights below for further information.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.