Global Digital Group
Company Registration Number: [Company Number]
Registered Office: [Address]

1. INTRODUCTION

Global Digital Group ("we", "us", "our", or "the Company") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your personal information when you interact with our digital businesses and services.

As a UK public company, we are subject to the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable privacy laws. This policy applies to all companies within our group structure.

Data Controller Information:

• Company Name: Global Digital Group plc

• Registration Number: [Company Number]

• Registered Address: [Full Address]

• Contact Email: [Contact Email]

2. SCOPE AND APPLICATION

This Privacy Policy applies to:

• All websites, mobile applications, and digital platforms operated by our group companies

• All services provided by our subsidiaries and affiliated businesses

• All customer, user, employee, and stakeholder interactions

• All data processing activities conducted by or on behalf of our group

3. INFORMATION WE COLLECT

3.1 Personal Data Categories

We collect and process the following categories of personal data:

Identity Data:

• Full name

• Date of birth

• Gender

• Photographs

• Government-issued identification numbers

Contact Data:

• Postal address

• Email address

• Telephone numbers

• Social media handles

Financial Data:

• Bank account details

• Payment card information

• Transaction history

• Credit scores and financial assessments

• Billing and invoicing information

Technical Data:

• IP addresses

• Device identifiers and information

• Browser type and version

• Operating system

• Login data and credentials

• Cookies and tracking technologies

• Usage data and analytics

Profile Data:

• Preferences and interests

• Account settings

• Marketing preferences

• Purchase history

• Service usage patterns

Communications Data:

• Email correspondence

• Chat logs and support tickets

• Phone call recordings

• Social media interactions

• Survey responses

Special Categories of Personal Data: We may process special categories of personal data only where we have a lawful basis and additional condition for processing, including:

• Health information (for employee benefits or accessibility requirements)

• Biometric data (for security purposes)

• Criminal conviction data (for employment screening where legally required)

3.2 Sources of Personal Data

We collect personal data from:

• Direct interactions with you

• Automated technologies and interactions

• Third-party sources including:

  • Business partners and service providers

  • Publicly available sources

  • Data brokers and marketing agencies

  • Social media platforms

  • Credit reference agencies

4. HOW WE USE YOUR PERSONAL DATA

4.1 Lawful Bases for Processing

We process your personal data under the following lawful bases:

Consent: Where you have given clear, informed consent for specific processing activities.

Contract: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.

Legal Obligation: Where processing is necessary for compliance with legal obligations.

Vital Interests: Where processing is necessary to protect your vital interests or those of another person.

Public Task: Where processing is necessary for the performance of a task carried out in the public interest.

Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

4.2 Purposes of Processing

We use your personal data for the following purposes:

Service Delivery:

• Providing our digital services and products

• Managing customer accounts and relationships

• Processing transactions and payments

• Delivering customer support

Business Operations:

• Managing our business operations

• Conducting market research and analysis

• Improving our services and user experience

• Developing new products and services

Legal and Compliance:

• Complying with legal and regulatory requirements

• Preventing fraud and criminal activity

• Protecting our rights and interests

• Resolving disputes and enforcing agreements

Marketing and Communications:

• Sending marketing communications (with consent)

• Conducting surveys and feedback collection

• Managing events and promotions

• Building customer profiles and insights

Employment and HR:

• Recruitment and selection processes

• Employee management and administration

• Performance management and development

• Compliance with employment law

5. SHARING YOUR PERSONAL DATA

5.1 Categories of Recipients

We may share your personal data with:

Group Companies: Other companies within the Global Digital Group for business administration, shared services, and consolidated reporting.

Service Providers: Third-party vendors who provide services on our behalf, including:

• IT and technology providers

• Payment processors

• Marketing and advertising agencies

• Professional advisors (lawyers, accountants, auditors)

• Outsourced business functions

Legal and Regulatory Bodies: Where required by law or regulation, including:

• Courts and tribunals

• Regulatory authorities

• Law enforcement agencies

• Tax authorities

Business Partners: Joint venture partners, strategic alliances, and business collaborators under appropriate data sharing agreements.

Third Parties in Business Transactions: In the event of a merger, acquisition, or sale of business assets.

5.2 International Transfers

We may transfer your personal data outside the UK to:

• Group companies in other jurisdictions

• Service providers located internationally

• Cloud storage and computing services

All international transfers are protected by appropriate safeguards including:

• Adequacy decisions by the UK authorities

• Standard Contractual Clauses

• Binding Corporate Rules

• Other legally recognized transfer mechanisms

6. DATA RETENTION

6.1 Retention Periods

We retain personal data for different periods depending on:

• The purpose for which it was collected

• Legal and regulatory requirements

• Business needs and legitimate interests

• The type of data and its sensitivity

General Retention Periods:

• Customer data: 7 years after account closure

• Financial records: 7 years after transaction completion

• Marketing data: Until consent is withdrawn or 3 years of inactivity

• Employee records: 7 years after employment termination

• Legal documents: As required by applicable law

6.2 Disposal of Data

When retention periods expire, we securely delete or anonymize personal data using industry-standard methods and procedures.

7. YOUR RIGHTS UNDER UK GDPR

7.1 Individual Rights

You have the following rights regarding your personal data:

Right of Access: Request access to your personal data and information about how we process it.

Right of Rectification: Request correction of inaccurate or incomplete personal data.

Right of Erasure: Request deletion of your personal data in certain circumstances.

Right to Restrict Processing: Request limitation of processing in certain circumstances.

Right to Data Portability: Request transfer of your personal data to another controller.

Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent: Withdraw consent for processing where consent is the lawful basis.

Right to Lodge a Complaint: Complain to the Information Commissioner's Office (ICO).

7.2 Exercising Your Rights

To exercise your rights, contact us using the details provided in Section 12. We will respond within one month of receiving your request.

We may need to verify your identity before processing your request. In some cases, we may charge a reasonable fee or refuse requests that are manifestly unfounded or excessive.

8. SECURITY MEASURES

8.1 Technical and Organizational Measures

We implement appropriate technical and organizational measures to protect your personal data against:

• Unauthorized access, use, or disclosure

• Accidental loss, destruction, or damage

• Unlawful processing

Technical Measures:

• Encryption of data in transit and at rest

• Access controls and authentication systems

• Regular security testing and vulnerability assessments

• Secure data centers and cloud infrastructure

• Backup and disaster recovery procedures

Organizational Measures:

• Data protection policies and procedures

• Staff training and awareness programs

• Regular security audits and reviews

• Incident response procedures

• Third-party security assessments

8.2 Data Breach Response

In the event of a personal data breach, we will:

• Assess the risk to individuals' rights and freedoms

• Notify the ICO within 72 hours where required

• Inform affected individuals without undue delay where high risk exists

• Document the breach and our response

• Take steps to mitigate the impact

9. COOKIES AND TRACKING TECHNOLOGIES

9.1 What Are Cookies

Cookies are small text files stored on your device when you visit our websites or use our applications. We use cookies and similar technologies to:

• Provide and improve our services

• Remember your preferences and settings

• Analyze website usage and performance

• Deliver personalized content and advertising

9.2 Types of Cookies We Use

Essential Cookies: Necessary for the operation of our websites and services.

Performance Cookies: Collect information about how you use our websites to help us improve them.

Functionality Cookies: Remember your preferences and provide enhanced features.

Targeting Cookies: Used to deliver relevant advertising and track advertising effectiveness.

9.3 Managing Cookies

You can control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our services.

For detailed information about our cookie practices, please see our separate Cookie Policy.

10. CHILDREN'S PRIVACY

10.1 Age Restrictions

Our services are not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13 without parental consent.

For users between 13 and 16 years of age, we may require parental consent for certain processing activities as required by applicable law.

10.2 Parental Rights

Parents and guardians have the right to:

• Access their child's personal data

• Request correction or deletion of their child's data

• Object to processing of their child's data

• Withdraw consent for processing

11. AUTOMATED DECISION-MAKING AND PROFILING

11.1 Automated Processing

We may use automated decision-making systems for:

• Credit assessments and risk evaluation

• Fraud detection and prevention

• Personalization of services and content

• Marketing and advertising optimization

11.2 Your Rights

You have the right to:

• Not be subject to automated decision-making with legal or significant effects

• Request human intervention in automated processes

• Express your point of view regarding automated decisions

• Challenge automated decisions

12. CONTACT INFORMATION

12.1 Privacy Enquiries

Email: [Contact Email]
Phone: [Phone Number]
Address: Global Digital Group plc, [Full Address]

12.2 Supervisory Authority

Information Commissioner's Office (ICO)
Website: www.ico.org.uk
Phone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

13. CHANGES TO THIS PRIVACY POLICY

13.1 Policy Updates

We may update this Privacy Policy from time to time to reflect:

• Changes in applicable laws and regulations

• New business practices and technologies

• Feedback from users and stakeholders

• Recommendations from regulators

13.2 Notification of Changes

We will notify you of significant changes to this Privacy Policy by:

• Posting updates on our website

• Sending email notifications to registered users

• Displaying prominent notices on our platforms

• Other appropriate communication methods

The updated policy will be effective from the date specified in the revised version.

14. ADDITIONAL POLICIES

14.1 Related Policies

This Privacy Policy should be read in conjunction with our other policies:

• Cookie Policy

• Terms of Service

• Data Retention Policy

• Information Security Policy

• Acceptable Use Policy

14.2 Specific Business Unit Policies

Some of our digital businesses may have additional privacy notices that provide specific information about data processing activities unique to those services. These supplementary notices should be read alongside this Privacy Policy.

15. DEFINITIONS

Data Controller: The entity that determines the purposes and means of processing personal data.

Data Processor: The entity that processes personal data on behalf of the data controller.

Data Subject: The individual to whom personal data relates.

Personal Data: Any information relating to an identified or identifiable natural person.

Processing: Any operation performed on personal data, including collection, use, storage, and deletion.

Special Categories of Personal Data: Sensitive personal data including health, biometric, genetic, religious, philosophical, political, trade union, sexual, and racial/ethnic data.

This Privacy Policy is effective as of 12 July 2025 and supersedes all previous versions.