Privacy Notice

Data Processing Notice (“Notice”)

Who are we?

We are GSD Solutions (Guernsey) Limited (“GSD”, “we”, “us” “our”) . We offer practical, commercial enhancements to business processes, project management services and outsourced senior level support to companies. (“consultancy support”). We also help develop teams with our tailored and interactive training courses (“Training”).

Why have we taken the time to write this Notice?

We are committed to keeping personal data safe. Not just because the Law tells us to but because we think it's the right thing to do.

This Notice is designed to tell you about the information GSD collects from you when:

• you use our website: gsdsolutions.gg (the “Site”)); or

• when we are engaged directly to carry out consultancy support or training services; or

• we receive or gain access to your personal data when we help another company with training or when providing consultancy support services.

What are the core principles we follow when dealing with personal data?

We are committed to looking after any personal data that we encounter. We do this by complying with the following core principles:

• Lawfulness, fairness and transparency

• Purposes limitation

• Minimisation

• Accuracy

• Storage limitation

• Confidentiality and integrity

• Accountability

What personal data do we collect?

When we decide what personal data we collect and use (i.e. when we are Controller), we may use your personal data when:

• You use our website;

• We provide training directly through GSD;

• We provide specialist consultancy support to you or the business you work for.

When another party decides what personal data they are going to collect and subsequently share with us (i.e. when we are a processor), we may process your personal data when we:

• run courses for the GTA , CLT International (“CLT”), The Learning Company (“TLC”) or any other training providers;

• provide generalist consultancy project support or other support to companies.

In instances where we are a processor, you should also review the privacy notice of the companies that have engaged GSD to understand what personal data is being collected, used and shared by them and your rights. We have included links to these privacy notices to assist you. These links are provided for your convenience only and should not be taken as an endorsement by GSD. We do not control the content or links that appear on these third party sites and are not responsible for their content. Browsing and interaction on any other website, including websites which have a link from our website, is subject to that website's own terms and policies.

Further information on each of these areas is outlined below.

When you use our website:

Submitting a Contact us request: If you submit a query through our “contact us” section on our website, an email is sent to the Managing Director of GSD. Your email will then be stored in accordance with our retention periods. We use Postmark to facilitate this section of the website. As part of this process, any information that you enter into the contact us section will be stored by Postmark for 45 days, prior to being deleted. This party is based in the USA.

We expect the level of personal data entered into this form to be very limited (i.e. business email and type of course required). By using this query form, you consent to your personal data being processed in this manner. You may remove this consent at any time by emailing: Vicky@gsdsolutions.gg.

Using our website: When you use our website (gsdsolutions.gg), we use non-personal identification information (“cookies”) whenever you interact with our Site. The cookie contains an encrypted session ID required for the functioning of the Site. We do not use any other form of cookies.

When we provide training:

When we are engaged directly by a company to run in house training, we may receive some or all of the following personal data:

• names and contact details of attendees and the party organising the training;

• roles/gradings/titles of the attendees and parties organising the training;

• information about the challenges attendees might be facing or the skills they want to learn;

• any other information attendees decide to share with us or our tutors;

• any special category data you chose to share with us verbally or in writing (i.e. if you are ill, need adjustments, or to defer due to your or another parties health).

When we are engaged by the GTA, CLT, TLC or other providers we do not usually collect personal data directly, and instead receive some or all of the above and below personal data directly from these parties:

• Assignments answers to facilitate completion of the course;

• Your examination submissions;

• Information about other courses you have attended;

• Your geographical location.

Our legal basis for collecting this personal data is a combination of contract and legitimate interest. Our legitimate interest for collecting is to help us tailor and provide effective training so that delegates get the best learning experience. 

For courses we run directly, we retain personal data related to training only for as long as needed, which is usually less than 2 years after the course.

For courses run for other providers, we delete all personal data within 1 year of the completion of the training. Please refer to the specific privacy policy of TLC, GTA or CLT for information about their ongoing retention periods for your personal data.

When we provide specialist or generalist consultancy support to you or the business you work for:

Our specialist and general consultancy services cover a wide range of activities, but the core level of personal data doesn’t really change. Throughout these engagement, to allow us to provide our services effectively, we come into contact with the following core personal data:

• Names;

• Contact details;

• People's roles and titles;

• People's working hours and availability;

• People’s thoughts and opinions (personal, about work, about people, about life generally);

• Any special category data you choose to share with us (i.e. that you are ill and need to defer a meeting).

In addition to this core data, depending on the engagement we are engaged to carry out, we may also have access to:

• Salary, benefits, other financial information;

• Other personal data that is shared with us to allow us to complete our work.

Finally, where we assist with subject access requests or personal data breaches, we may have access to a wide range of personal data. When we carry out this type of work, we do so under the instruction of another company and work hard to ensure that we comply with their privacy notices and data protection policies. The personal data that we have access to in this process could include all personal data held by the relevant company.

For most engagements, we use our client's operating and IT system to work from, limiting the level of personal data held on our operating systems.

GSD’s legal basis for collecting this personal data is contract (i.e. to allow us to carry out the engagement) and personal data is retained for as long as required by the contract we entered into with these parties. Where this is under our control, this is usually either deleted / access is suspended at the completion of a contract or retained for up to 7 years (or longer were required by our clients).

Special Category Data

In some cases, we may also collect and use special category personal data. Such information will be used only for the purpose of carrying out our services. We work hard to ensure any special category data is processed in a way that minimises the risk of a data breach or harm to the individual.

Who do we share your personal data with?

Given the size and operation of the business, we do not share your personal data routinely, however the following people may have limited access to your personal data from time to time:

• Our outsourced administrative consultant;

• Our outsourced IT provider;

• Our outsourced accounting and tax advisors;

• Our website development team.

Automated Processing

We do not use any automated means to process personal data.

Data security

We have put in place security measures to mitigate the risk of your personal data being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those parties, agents, contractors and other third parties who have a business need to know. These parties will only process your personal data on our instructions and we ensure they are subject to a duty of confidentiality.

We do not allow our third-party service providers to use your personal data for their own purposes.

We may be compelled by law to disclose personal data we hold about you to a third party and have limited control over how that personal data is protected by that party.

We have put in place procedures to deal with any suspected data breaches and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Your rights in connection with personal information

You have the following rights under the Data Protection (Bailiwick of Guernsey) Law, 2017:

• Right to data portability: right to request the transfer of your personal information to another party.

• Right of access to your personal information (i.e. "subject access request"). This enables you to receive a copy of the personal information GSD hold about you.

• Right to object to processing of your personal data: i.e. where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes or if data were being processed on grounds of public interest or for historical or scientific purposes.

• Right to rectification of the personal data: This enables you to have any incomplete or inaccurate personal data we hold about you corrected.

• Right to erasure of your personal data: This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.

• Right to restriction of processing of your personal data: This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.

• Right to be notified of rectification, erasure and restrictions.

• Right not to be subject to decisions based on automated processing.

If you want to exercise any of these right, please contact vicky@gsdsolutions.gg.

Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact vicky@gsdsolutions.gg.

Your right to complain

If you have a complaint about how we have handled or processed your personal data, we would prefer it if you contact us directly in the first instance (vicky@gsdsolutions.gg), however you can also contact the Office of the Data Protection Authority ("ODPA") directly at the following address:

Block A 
Lefebvre Court 
Lefebvre Street 
St Peter Port 
GY1 2JP.

You can also make a complaint via their website:

Changes to this privacy notice

We may update this Privacy Notice at any time, and we will publish any new versions of it on our website. We may also notify you in other ways from time to time about the processing of your personal data. This Privacy Notice was last updated on 27 June 2024.