Our website address is: https://gkepm.com

At Graham Kirton Limited (GK), we are serious about protecting your privacy and personal data. We aim to comply with all relevant UK privacy laws across policy, process, training and documentation. It is our intention that you will only receive communications from us that you have requested, or we deem of ‘legitimate interest’ to you, your company or for a specific purpose related to the services we provide.

This privacy policy will inform you as to how we look after your personal data when you visit our website or use any of our services; and tells you about your privacy rights and how the law protects you.

Who we are

Graham Kirton Limited is a limited company incorporated in England and Wales and is a “controller” and responsible for your personal data, and is referred to as “we”, “us”, or “our” in this privacy policy. We are registered with the Information Commissioner’s Office.

If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact us using the details set out below.

Full name of legal entity:	Graham Kirton Limited
Email Address:	[email protected]
Postal address:	24 Holborn Viaduct, London UK, EC1A 2BN
Telephone number:	+44 (0)203 855 5828
ICO Reference	ZA787074

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data processing issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

How we use Cookies

We use cookies to improve your experience when you visit our website. A cookie is a small file of letters and numbers that we put on your computer if you agree. These cookies allow us to distinguish you from other users of our website, which helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

You can configure your browser not to accept cookies. Disabling cookies in your browser will not prevent you from accessing the site, however, it may limit your access for certain features. The information collected by cookies is non-personal and allows us to statistically monitor how people are using our website.

What data we collect from you on gkepm.com

DATA	SOURCE	COMMENTS
Are you a human or a bot?	Cookies	We need this information to protect gkepm.com from cyber-attacks.
Click behaviour	Cookies
Page views	Cookies
IP region and country	Cookies	We cannot see your exact IP address.
Repeat visits	Cookies	Only if you haven’t deleted cookies since your last visit
Your email address	Forms
Your company	Forms
Your role	Forms
Cookie data linked to your contact record	Forms
Email deliveries	Marketing emails	To know that we have the right contact details, we need to know whether an email has been successfully delivered.
Email opens	Marketing emails
Email clicks	Marketing emails
Email bounces	Marketing emails
Email unsubscribes	Marketing emails	We will no longer contact you with marketing communications once you have unsubscribed.

Other data considerations

GK collects data to operate effectively and provide you the best experiences with our products. You provide some of this data directly, such as when you create support log, administer your organisation’s account, submit a query to us, register for an GK event, or contact us for information.

We will only collect basic information from you that is relevant to the matter that we are dealing with. In particular we may collect the following information from you which is defined as ‘personal data’:

• Personal details (name, address, email, phone number);
• Business activities of the person/company whose details we are processing.

We do not collect any ‘special categories’ of personal data about you (this include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

It is important that the personal data we hold about you is accurate, relevant to the relationship between us, and current. Please keep us informed if your personal data changes during your relationship with us.

How we use your data

We use your data to better serve you and your company in the most appropriate way necessary for the performance of the contact and/or contract between us.

With your permission, we will communicate with you occasionally by direct email or group mailing. We may also check in by phone from time to time. Occasionally we may even send a good, old fashioned letter.

We prefer to only email business email addresses, unless you have provided another, and will only contact you if:

1. You have asked us to;
2. You have agreed to be on our database; or
3. We genuinely believe you have a legitimate need for our services, and we deem this to represent a legitimate interest in line with the ICO’s guidance.

GK will use the personal information you provide in order to: keep you aware of any of the below business areas we provide; ensure information and registration to GK events are communicated with you; to contact you for any relevant additional information; to respond to any communication you have sent us.

GK Services

GK are in the business of providing services related to Enterprise Performance Management (EPM). From time to time this also includes Business Intelligence (BI) or data management related services. These services relate to, but are subject to change, Oracle EPM in all forms, whether that be known as Hyperion, Cloud EPM or another term.

GK Support

The GK Support Centre (including GK Managed Services) provides a range of managed services including the EPM solutions, the GK value-add software or any related service that would be outlined in a support contract relevant to each contracted customer. In addition, the GK Support Centre will respond to and assist any support query, and ensure that the person is directed to the most relevant solution option.

GK EPM Software and Demonstrations

GK provides services which involve Oracle Corporation applications. These include but are not limited to: Oracle EPM Planning, Oracle Financial Consolidation and Close, Oracle Profitability and Cost Management, Oracle Account Reconciliation, Oracle Narrative Reporting and Oracle Analytics Cloud. From time to time, and specifically for support purposes or the generation of demonstrations, your details may be required to be shared with Oracle Corporation. This is only done within the context of servicing the contract in place / demonstration request, and as defined in the ‘Who we share your data with’ paragraph below, will not be used by them for any purpose other than this.

GK Solutions

GK provide a variety of solutions that may be of relevance to you or your business. These range from tax related queries through sustainability, regulatory reporting or similar, but are all within the bounds of a legitimate business interest.

If at any point you decide you would prefer us not to contact you, let us know and we won’t.

We may also use your personal data for:

• Administering any contracts/accounts;
• Processing bank/credit card details in order to obtain payment;
• Market research;
• Our own internal marketing; and
• Credit reference checks (where appropriate).

We will only use your data where we’re allowed to by law, e.g. carrying out an agreement we have with you, fulfilling a legal obligation, because we have a legitimate business interest or where you agree to it.

GK believe the legitimate interest reasons we have to communicate with you include:

• Enabling you to access the GK Support portal and possibly other systems (i.e. our website)
• To communicate with you about our services, support, software and solutions
• To raise awareness directly to you of any industry specific information. For example, software patches or roadmap information
• To respond to your request for information

We do not use your data for automated decision making or profiling.

Who we share your data with

Where your data is shared, i.e. for a conference/seminar or similar, we require all third parties to respect the security of your personal data and to treat it in accordance with our policies and the law.

We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions and contractual agreement with you.

• Service providers, acting as processors, who provide IT and system administration services,
• Professional advisers, acting as processors or joint controllers, including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services,
• HM Revenue & Customs, regulators and other authorities, acting as processors or joint controllers, who require reporting or processing activities in certain circumstances.

We never share your data with third parties for marketing purposes or transfer your personal data outside the European Economic Area (EEA).

How we keep your data secure

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

The personal and company related data we have is maintained in one or more of our three primary systems:

• CRM system – for up to date contact details
• GK Support system – for the provision of managed services support communication
• Accounts system – for billing related communication

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long we keep your data

Unless you request otherwise, we will securely hold your data for a minimum period of seven years following our last contact. From time to time we may ask you if the data is still relevant, and if you wish to remain contactable by us.

Even if we have deleted your personal information it may persist on back-up or archival media for legal, tax or regulatory purposes

Your rights

If you would like us to correct, restrict, move or remove your data within or from our database entirely, let us know and we shall action and confirm what has been actioned. You also have the right to object to our use of your personal information including where we use it for our legitimate business interests.

If you would like to view any or all of the data we may hold on you, please ask us. We aim to comply with all data requests within 30 days. Occasionally it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you further information in relation to your request to speed up our response.

Updated December 2022