GBA Services Ltd (GBA) is committed to ensuring that all data including personal data of Employees, clients and suppliers is held securely. Data will not be processed/used for any other purpose other than for GBA to provide logistics solutions or for your company to provide services to GBA.
This policy outlines how personal data is processed by GBA in accordance with the EU General Data Protection Regulations (GDPR) 2018.
GBA is the data controller which means that we are responsible for your company data collected by us and we are obliged to keep this secure and process it fairly and lawfully.
1.Who are GBA Services?
GBA Services – referred to as GBA within this document is made up of all GBA Depots across the UK and Europe which include the entities below:
GBA Services Ltd of 429 Moss Lane, Hesketh Bank, Lancashire, United Kingdom PR4 6XJ
GBA Austria Speditions GmbH. Mauthfeld 13, A-6380 St. Johann in Tirol, Austria
GBA Logistics Germany GmbH, Ernst-Abbe-Straße 6, 28816 Stuhr, Bremen, Germany
GBA Logistics Portugal, Rua dos Girassóis Lt3, R/C Esq, 2870 314 Montijo, Lisbon, Portugal
GBA Services Europe Sp. z o o, Stara Iwiczna ,Ul.Nowa 23, 05-500 Piaseczno Poland
2.Data we collect and the purpose of Processing
As an important contact of GBA we will collect, retain and use details about your business for us to develop and provide logistics solutions.
These details are stored securely on our servers concerning:
Contact details: Names, Business Addresses, Phone Numbers, Email Addresses
Business bank account information
Your image may be recorded on CCTV if you visit our sites
3.How do we collect your data?
GBA will only collect your data in the interests of providing logistics solutions or if you are providing a service for GBA.
When you make an enquiry on our website or by telephone or social media
On opening an account as a Customer or Supplier
Details of your interactions with us -For example, we record telephone conversations and we collect notes from our conversations with you about job updates, service feedback or comments you make.
4.When and why would GBA share personal data?
GBA takes all reasonable steps to keep your information confidential and will minimize disclosure of your personal information to anyone outside GBA.
However, for GBA to provide logistics solutions or for you to provide services to GBA disclosure of personal information may be necessary to complete business transactions with third parties such as:
Security agencies; Police or Government agencies. (QUANGOS)
Border and customs agencies.
Port handling agents e.g. at airports and seaports.
We may also require personal information including name, contact number of customer or supplier employees so they are able to access 3rd party sites for delivery, collection or maintenance purposes.
5.Security of personal data
We know how much data security matters to all our associates. We will treat your data with the greatest care and take all appropriate steps to protect it.
Personal data is held on GBA’s secure servers. This data can only be accessed by authorized personnel via secure personal passwords.
We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.
In the very unlikely event that this data is breached there is a data breach process which is designed to ascertain how information was obtained, what information was revealed, to whom and when.
Depending on the nature of the breach and the likelihood of your personal data being shared you will be informed.
Understanding or amending your data
You have many rights regarding your personal data, including seeing what data GBA hold about you personally, and updating your information.
If you wish to know, click this link my data. Or you could make a written request to our Data Protection Officer (DPO) in one of the following ways:
Email Data Protection Officer: email@example.com
Data Protection Officer, GBA Services Ltd, 429 Moss Lane, Hesketh Bank, Lancashire, PR4 6XJ
GBA will not charge a fee for processing these requests and will aim to provide you with the information within 1 month of the request. GBA cannot release information to you where it contains the personal data about a third party.
Right to erasure ('right to be forgotten')
GBA will only collect personal data from their associates that is necessary for the purposes of their approved services. However, there may be some circumstances where details may need to be deleted if requested:
Upon termination of contracted services, where data is no longer necessary in relation to the purpose for which they were collected.
Contacts withdraws consent or objects to validity of the information held,
data is processed unlawfully, e.g. shared without consent to a third party for marketing purposes
Processing erasure requests
In the event of an erasure request GBA will investigate to ensure that the request is:
Genuine -is not malicious or fraudulent
Requested by an authorized source i.e. the person that initially provided the information,
e.g. a manager of a person responsible for an operative whose job role includes fulfilling logistics services on behalf of GBA.
GBA will also investigate to identify other sources where the data has been shared and to inform you. This is subject to cost and available technology.
GBA’s right to object to erasure
Where it is necessary to retain data for legitimate reasons, such as legal requirements the company has a right to object to erasure as some of your information may be necessary for tax, legal reporting and auditing obligations and customer product recall procedures.
Requests for erasure should be requested by clicking remove my data or by contacting GBA in the following ways:
By post: DPO, GBA Services Ltd, 429 Moss Lane, Hesketh Bank, Lancashire, PR4 6XJ
Whenever we collect or process personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected – for GBA to provide logistics solutions or for your company to provided services to GBA.
At the end of that retention period, your data will either be deleted, encrypted or anonymized (so that it can be used in a non-identifiable way) if used for statistical analysis and business planning.
Expired data will be retained for 6 years as it may be necessary to supply this data for legitimate reasons, such as tax, legal reporting, auditing obligations. In the case of certain services such as GDP, we will keep it for 10 years to comply with Pharmaceutical product recall procedures.
7.Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113.
Or go online to (opens in a new window; please note we can't be responsible for the content of external websites).