Privacy policy

GAMA Privacy Notice ('notice')

v.5.0 effective January 28th 2022

(Updated to include (i) details of our new CRM system, Salesforce.com, and to update references to our other third party processors including providing details of additional cookies that may be dropped on your browser when you visit our website as a result of our implementation of Salesforce.com’s marketing automation solution, Pardot; (ii) references to new categories of data subjects that we may process data for, including influencers, academic collaborators and beneficiaries of corporate sponsorship; and (iii) more details about the health data that we may be required to process as a result of our obligations to report adverse events)

 

www.gamahealthcare.com

Our Business. Your Privacy.

Welcome to GAMA Healthcare’s Privacy Notice.

We know you value your privacy. And when you make an enquiry, give us feedback, apply for a job, enter a competition, view one of our ads, help promote our products or visit our website to learn more about us, you shouldn’t have to worry that we’re learning more than we need to about you, or using your personal data in ways that make you uncomfortable.

About GAMA Healthcare Ltd.

GAMA Healthcare Ltd. is part of the GAMA Corporation Ltd. (UK) group of companies. We are registered as a data controller (registration no. ZA308362) with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. This Notice is issued on behalf of our UK-based entities: GAMA Healthcare Ltd., Carell Ltd., and Aga Nanotech Ltd. (UK), and Fellows Research Centre Ltd. (UK), so when we refer to ‘GAMA’ we refer to this group of companies.

About This Notice

This notice describes how and why we collect the personal data of:

  • Website visitors
  • Candidates, Freelancers, Agency Workers, Consultants
  • Product users
  • Distribution Partners
  • Business customers or prospects
  • CompetitionParticipants (e.g.Nominators, Nominees; Entrants)
  • Influencers, promoters, academic collaborators or beneficiaries of corporate sponsorship

It describes our privacy commitment and explains how we comply with data protection law. You should read it along with any other notices we’ve provided in specific contexts, for example at a conference.

We’ll alert you to important changes to our privacy notice by posting them here or contacting you directly where appropriate. For more information please contact privacy@gamahealthcare.com.

Our Privacy Commitment

We’re committed to protecting the privacy and security of your personal data, only processing what’s necessary, and ensuring we strike the right balance between our business objectives and your privacy. We want to ensure you understand your rights and our responsibilities. We process your personal data:

  • Lawfully: Only if we can justify it on one of the GDPR’s Lawful Bases (see Lawful Bases table below).
  • Fairly and transparently: we strike the right balance between our interests and yours and we tell you what we do with your personal data.
  • For a specific purpose: we won’t use your personal data for another incompatible purpose unless the law permits or requires us to.
  • Using the least amount reasonably necessary.
  • Ensuring it is accuratecomplete and up-to-date.
  • For a limited time: Only for as long as reasonably necessary, and then we either destroy it or de-identify it so it can’t be linked back to you.
  • Securely: managing our people and designing our processes and technology to ensure end-to-end confidentiality, integrity and availability.
  • With your rights in mind: We make it easy for you to exercise your rights (see table below).
  • Within the UK/EEA: we don’t transfer your personal data outside the EEA except as permitted under Data Protection Law. We use appropriate safeguards to ensure consistent protection by third parties who support our work. Find out more in the Your Data At-a-Glance table below.
Lawful basis What this means
Consent You have given us permission, which you can withdraw at any time. We need your Explicit Consent to process sensitive data like health-related data (Special Data) or to transfer your Personal Data outside the EEA where we don’t have another basis for doing so, or for any Automated Decision Making (‘ADM’) that has significant legal or other effects unless an exception applies.
Legitimate interests To help fulfil a legitimate business objective (see the ‘We use this data to...’ column of the Your Data At-a-Glance table) after confirming we’ve only used what’s reasonably necessary and proportionate to meet that objective and struck the right balance between our interests and yours (LIA).
Contractual necessity To enter into or fulfil our contract, including to generate a quote.
Legal obligation To comply with the law (e.g. tax reporting).
Vital interests In rare instances where one of the others don’t apply but we need your personal data to protect your vital interests or those of another person. Highly unlikely.

Who can I contact with questions or complaints or to exercise my rights?

You can contact our Privacy Manager to ask questions, express concerns or exercise your rights via email to privacy@gamahealthcare.com or by phone at +44(0)20 7993 0030 . Find out more about your rights in the Your Data Rights table below. You have the right to make a complaint at any time to us or the ICO (www.ico.org.uk). We encourage you to contact us first so we can try to quickly resolve any concerns.

Read More

How do you get all of this information? Don’t you need my consent for all of this?

We get most information directly from you, for example when you fill out a form, or indirectly, for example when our recruitment agency recommends you as a candidate.

We only process your personal data where we have a ‘Lawful Basis’, like Legitimate Interests, Contractual Necessity, and Legal Obligation, and each one has stringent requirements that are as privacy-protective as Consent. See the Your Data at-a-Glance table for the Lawful Bases we rely on and the Lawful Bases table to learn what each Lawful Basis requires.

Read More

What about Third-Party Content?

Find out more about third parties we use to support our website by clicking on the ‘Manage cookie preferences’ link in the webpage footer. See the Your Data At-a-Glance table for other purposes.

We embed some third-party content on our website. To protect your privacy, we minimise what we share and prevent these third-parties from collecting personal data from you until you’ve either opted in or clicked on or shared embedded third-party content (unless the collection is strictly necessary to make our website work). For example, we have removed YouTube cookies from our embedded YouTube videos and blocked YouTube from collecting web visitor personal data unless the visitor has clicked to view content. YouTube prevents anonymous video playback, so if you click on a YouTube video, YouTube will collect data about your viewing activity, match it with other data Google has about your online activity, and transfer it outside the UK or EU, including to the US, where US intelligence authorities may access it.

You can manage what Google collects by changing your Google privacy settings. You can also enhance your online privacy by using a privacy-focused browser like Brave or Firefox, services like Ghostery and Privacy Badger and taking other steps outlined here.

Read More

Do you use Automated decision-making (‘ADM’)?

ADM involves a computer making a decision without human involvement that could have significant legal or other consequences for you – such as using AI to make predictions about you. We don’t currently use ADM unless it is necessary to enter into a contract with you, it’s authorised by law or you’ve given us your explicit consent. In such cases we’ll inform you and let you know how to exercise your rights.

Read More

How do you strike the right balance when you rely on Legitimate Interests?

We conduct Legitimate Interests Assessments (LIA’s) whenever we rely on Legitimate Interests and, where appropriate, Data Protection Impact Assessments (DPIAs). For example, the data we collect and analyse from your website visits is necessary for our legitimate interests (to keep our website updated and relevant and make it easier for you to navigate) or to identify businesses that may be interested in our services (prospecting for business development and lead generation). We only collect what is necessary and proportionate to our objectives, and we limit sharing. Our internal teams and external providers are all aware that they are not to re-purpose the data in ways that would be inconsistent with the original use.

Even so… it’s optional. You can object to these activities by opting out at any time. For example, click unsubscribe in our marketing emails or send us an email to privacy@gamahealthcare.com. In some cases, our legitimate interest may override yours and we will continue the activity. For example, to maintain the security of our website.

Read More

Is my personal data secure?

We’ve implemented measures to prevent your personal data from accidental loss, unauthorised use, access, alteration or disclosure. We’ve implemented safeguards to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where legally required to do so. Details of these measures are available upon request by contacting privacy@gamahealthcare.com.

Read More

What information do you have about me? Why do you need it? What do you do with it?

The information we process about you will depend on our relationship and how we interact. For example, if you are a business customer we will have business contact information and information related to the products and services we provide. If you are a candidate, we will have information related to your application. We’ve described the types of data we collect in our Categories of Personal Data tables under the Your Data At-a-Glance tabs below and explained how and why we process your personal data in particular circumstances. For example, if you are Distribution Partner, view the Distribution Partner table under the Product Users tab for details.

Read More

Do you share my information outside of GAMA?

Sometimes we need to share your information outside GAMA, for example with vendors who support us. We seek out responsible vendors and partners that take GDPR compliance and privacy seriously. We limit what they can see and do with personal data to what’s necessary and ensure that any sharing is lawful and fair. We sign legally-binding agreements to maintain a consistent level of protection.

Read More

Do you use my personal data to serve interest-based ads (‘targeted advertising’)?

We’ve embedded an Amazon tracking pixel on our website so we can retarget visitors who may be interested in our products with tailored ads about our products when they visit other websites (“retargeting”). This will only happen if you have opted into Targeting cookies in our Cookie Widget. You can always manage your preferences in the widget by clicking on the “Manage cookie preferences” link in the footer of our webpage.

We do not use Amazon pixels to target you with any ads based on sensitive personal data such as health and we do not collect or pass to Amazon identifiable information through the pixel, such as names, email addresses and telephone numbers. We do not have access to the data the pixel collects. We only receive the number of times the pixel has fired in an hour.

Amazon stores this information in its DSP dashboard and may match it with other information it has collected about you. Amazon also works with third parties to improve the relevance of its ads. Our partner, Expert Edge, uses Amazon DSP's dashboard to send you personalised ads on our behalf based on key demographics or interest groups. This helps us reach more customers on and off Amazon and measure campaign performance.

Learn more and manage your preferences with Amazon here. You can also manage ad preferences across the web using the Digital Advertising Alliance’s opt-out page and YourOnlineChoices page for your location.

Amazon may transfer your data outside the UK or EU, where it may not receive the same level of protection. For example, it may transfer your data to the US where intelligence and law enforcement agents may collect it in transit or access it from Amazon upon request and without a warrant or notice to you.

In addition, Pardot, the Marketing Automation platform provided by Salesforce.com, tracks visitor and prospect activities on our website and landing pages by setting cookies composed of a unique visitor ID on your browser. Pardot cookies do not store personally identifiable information. They are set to remember preferences (like form field values) when a visitor returns to our site.

We also use the data from the Pardot cookies to understand activities on our website and landing pages, offer a better more personalised experience for our website users, support campaigns, and conduct analytics on site performance for all users.

Read More

Do you collect sensitive information, like my health data? Aren’t there restrictions on this?

Special Data’ like health-related information or information revealing your religion, ethnicity or sexual orientation, or biometric data used to identify you requires higher levels of protection.

We may collect information about your health, diseases you may have, medicines you may be taking and adverse effects you may have experienced in order to comply with our legal or regulatory obligations to monitor safety of our products, to manage and report adverse events, to carry out prevention and investigatory activities and to carry out administrative formalities, registrations, declarations and audits. This information may also be passed on to third parties in order to allow us to manage claims, including insurance claims.

We generally do not collect other types of “Special Data”. When we do collect any type of “Special Data”, we take extra steps to ensure we meet the additional conditions required under data protection law. We take extra measures to protect all types of sensitive information, including with strict access controls.

We may only use information relating to criminal convictions where permitted by law, and where truly required and appropriate for the role. We impose strict measures to protect this information in line with DBS guidance.

Below are additional conditions we may rely on to process your Special Data along with examples:

Special Data Conditions Examples
To fulfil legal obligations and exercise specific rights in connection with workplace health and safety and employment laws. Use information about possible COVID status or exposure; to provide adjustments for candidates.
To meet workplace diversity / equal opportunities requirements Use statistics about e.g. race, ethnicity, gender reflected in our workplace to monitor and achieve workplace diversity, equal opportunity / pay under equal opportunities laws.
To establish, exercise or defend legal claims To defend ourselves against a wrongful dismissal, personal injury or discrimination claim.
To protect your vital interests or those of another person Get the help of medical professionals, your emergency contact or bystanders in a life-threatening emergency (e.g. a severe allergic reaction, heart attack).
Where you have made the information manifestly public E.g. you are the public face of an advocacy group promoting LGBT rights (sexual orientation) or a religious community association (religion) or you publicly self-identify as such.

Read More

What happens if you can’t get this personal data?

If we can’t process this personal data, or if it’s inaccurate, it will be difficult to optimise your website experience. If we need it for our contract with you, we won’t be able to fulfil your order. And if we aren’t able to learn more about potential business customers, we may contact people with no interest in our products and services, while missing others who would be interested.

Read More

What happens if I enter a competition or promotion?

We limit the personal data we request to what’s strictly necessary for the competition, using a privacy-focused online form builder (JotForm) to collect it. We rely on the Contractual Necessity lawful basis to collect Nomination information and verify eligibility and adherence to Terms and Conditions. We rely on Legitimate Interests to detect fraud or the use of bots or other technologies to fraudulently circumvent the Nomination limits or conditions and to protect the security of our website. Only GAMA personnel and processors with a need-to-know can access it. We have a legitimate interest in publishing the names and images of winners on our website, on social media channels like Facebook, and in other publicity, but winners may opt-out via email. We delete the information when it’s no longer necessary within 1 year from the close of competition.

Read More

You have various rights with respect to your personal data:

Right What this means
Access Receive a copy of the personal data we hold about you and confirm we’re lawfully processing it by making a Data Subject Access Request (DSAR). It’s free of charge unless your request is clearly unfounded or excessive.
Rectification Ask us to update, complete or correct your personal data at any time if you detect an inaccuracy. In fact, we encourage you to do so.
Portability Get any personal data you’ve given us in electronic form on the basis of Consent (or Contractual Necessity) in a common machine-readable format. We can also transfer it to a third party if you ask.
Erasure Ask us to delete or remove personal data where there is no good reason or Lawful Basis for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to Objection. We are allowed to refuse in certain circumstances. Find out more, here.
Objection Object to any processing we do based on Legitimate Interests. You also have the right to object where we are processing your personal data in certain circumstances.
Automated processing Not to be subject to ADM that has significant legal or other affects.
Restriction Suspend the processing of some of your personal data, for example if you want us to establish its accuracy or the reason for processing it.
Withdrawal of consent Withdraw consent at any time and we will stop processing it unless we have another legitimate basis for doing so in law. Where we rely on your consent we also explain how you can easily withdraw it.

 

We will need to confirm your identity and your right to access the information or exercise any of your other rights. This is to prevent personal data being disclosed to anyone who has no right to receive it. You can find out more about your rights by visiting the Information Commissioner’s Office website.

We want to learn what brings you to our website, what products, services and information interest you, how you engage with our content, what worked… and what didn’t. But we also want to respect your privacy and your choices. Right now, we only collect what we need to help us get a general understanding of how our visitors engage with our website and to make it a more personalised experience for you. We make it easy for you to manage your preferences using OneTrust, our privacy platform.

We don’t process a lot of personal data about our website visitors. As we continue to develop our site, we’ll let you know if our cookies change and make sure you’re okay with this. Note that our services are not intended for children and we do not knowingly collect data relating to children. Find detail about our website data collection and manage your preferences using our OneTrust Cookie Widget.

When you... We use this data to... We get it from... We rely on (Lawful Basis) We share it with... It's stored in... We keep it for this amount of time...
Set your cookie preferences Cookies & other technologies to remember your preferences and collect proof of consent. The selections you make (opt-in or out). Legitimate Interest OneTrust UK See our cookie widget
Visit our site from Australia IP Address (to detect you are in Australia) to direct you to the correct site where information approved for Australian audiences is found. Your router Legal obligation IP Stack We don't store it. We don't store it.

Get full details in our OneTrust Cookie Widget. Click on the ‘Manage cookie preferences’ link in the webpage footer.

Categories of Personal Data (Website Visitors):

Category of Data Details
IP address Internet Protocol address.
Browser Data Browser types and version.
OS Operating System and platform.
Device ID Device ID, MAC address.
Location Location – we generalise location to country-level or region.
Time Zone Time zone setting.
Cookies & other technologies We use a cookie widget on our website powered by OneTrust which details the cookies we use and allows website visitors to manage their preferences. Manage your preferences and find out more at any time by clicking on the ‘Manage cookie preferences’ link in the webpage footer.
Web analytics

Standard internet log information and visitor behaviour patterns obtained using Google Analytics and Hotjar. We get aggregated statistics of

  • pages visited
  • time on page
  • interactions / clicks and related information
  • traffic and exits
  • the page that referred you to our site and we use Hotjar to get anonymised session recordings, heat maps, and other information.

 

We process personal data to support our talent management activities, from advertising positions and seeking out potential candidates, to screening your application, to creating a shortlist, to convening you for an interview, reviewing your fit, making an offer, negotiating the contract and welcoming you to GAMA. Over the course of these activities we also aim to satisfy any special needs you may require.

When you... We use this data to... We get it from... We rely on (Lawful Basis) We share it with... We keep it for this amount of time...
See one of our job adverts or are contacted by a recruiter Application; Social Media; photo; internet search: see privacy notices of the recruiters you engage with. Impressions Work Product Statistics (number applied, length of campaign, etc.): to measure campaign effectiveness. MaxAd; LinkedIn.

MaxAd advertises jobs on the major job boards, job aggregator sites & social media.

It also proactively searches its own CV database & major job boards, specialist sites & social media (incl. Total Jobs, Job Site, CV Library, Monster, Reed, Indeed, LinkedIn) to find potential matches.

MaxAd can see all the Impressions with the job ad but generates anonymised statistics & metrics to share with GAMA to ensure campaign success.

Legitimate Interests MaxAd 6 months from the end of the recruitment phase.
Apply for a position Application; Social Media; photo; internet search: to get an overall sense of you as a candidate. MaxAd; LinkedIn.

You have either given your Personal Data to MaxAd directly by uploading your CV or MaxAd received it indirectly from the above sources. Or you apply through GAMA’s website using our processor Natural HR’s widget.

MaxAd uses Vacancy Filler as its processor for uploading CVs.

For other data, GAMA only gets access to what MaxAd shares with us. See ‘Vetting’, below.

Contractual Necessity MaxAd. We give MaxAd access to GAMA’s Job Board accounts to do its search, post our job ad; deal with applications & monitor campaign success.

Vacancy Filler (to upload CVs)

HR staff can access all applications. Hiring managers can only access those for their own vacancies when HR staff share it through Natural HR or the Recruitment Site, or via PDF.

6 months from the end of the recruitment phase.
Reviewing your Application Application; Social Media; photo; internet search; references: to get an overall sense of your as a candidate MaxAd; LinkedIn; You.

GAMA HR staff may access your profile in our Job Board accounts searching name, industry, employer, etc. Your privacy settings determine what we see, but it’s generally only your profile. Note that LinkedIn profiles usually include your photo.

Natural HR: stores personnel data but also has a widget for candidates to securely upload their applications when they apply directly through our website.

Contractual Necessity MaxAd (who will vet job ad responses).

Natural HR (the processor that operates our HR database).

6 months
Are being vetted for a position Name; Contact; Application; Social Media; Photo; Correspondence: to advance your application. MaxAd: MaxAd reviews potential matches to find the applications that are the best fit & triages them based on requirements for the role.

MaxAd contacts promising potential matches to ask more detailed questions as part of the vetting process. Creates a shortened list to give to GAMA for review.

GAMA creates a Natural HR candidate profile (if not already created) to administer the recruitment process & documentation.

Contractual Necessity MaxAd shares with GAMA.

Natural HR for administering applications & process.

6 months
Attend an interview Name; Contact; Application; Work Product (MaxAd & GAMA – interview notes); Reasonable Adjustments: to ask you questions, get a sense of ‘fit’ and get additional information. GAMA reviews the applications internally to create an Interview List - from MaxAd, Recruitment Manager & Hiring Manager.

Directly from you (for Reasonable Adjustments + correspondence + answers to interview questions).

Second interview with Managing Director.

Contractual Necessity. Legal Obligation (employment law) + Art. 9(2)(b), GDPR + Sch. I, Pt. 1(1), DPA 2018 for Special Data Natural HR for administering applications & process & capturing notes. 6 months
Undergo an assessment Name; Contact; test date; test result; Interview (Assessor): to confirm you have the skills, knowledge or qualities for the role. We send you a link from the assessment provider (Skills Arena) via email & you do the test directly with them. We assess your grammar & numerical reasoning. Candidates for more senior roles also do a psychometric test (Hogan Assessment) administered by Syzygy + interview with assessor. Contractual Necessity. Natural HR for administering applications & process & capturing notes 6 months
Undergo reference & background checks Referee Contact; Application; Referee Correspondence. You. Contractual Necessity. Natural HR for administering applications & process & capturing notes 6 months
Receive an offer Name; Contact; Application; DBS Check results (clear or not); Offer Letter with Compensation, Benefits, etc; Correspondence: to make you a conditional offer and answer questions, negotiate some aspects of the offer. A conditional offer will be made for a role that requires a successful DBS check (e.g. Sales).

We offer you the job & negotiate the details. We ask you to fulfil any additional pre-conditions & verify your information.

Contractual Necessity. Legal Obligation (DBS) Natural HR for administering applications & process & capturing notes 6 months. DBS check: report result & code are logged and original (if we receive it) is disposed of promptly.
Don’t receive an offer Application We inform you that you have not been selected. We retain your Application long enough to defend against legal action. Legal Obligation. Contractual Necessity. Legitimate Interests for job bank Natural HR (processor) 3 months for all (in case of complaint).

Job bank: up to 12 months in case a new position arises, though you can object.

Undergo Right to Work due diligence Right to Work: to confirm you are legally entitled to work with us. You. References. Background check services. Legal Obligation Natural HR; Background Check services Up to 3 months if no pass.

For duration of employment + retention period if successful.

Make it official Employment details. Declarations / Acknowledgments You (signature). HR. Contractual Necessity Natural HR For duration of employment + retention period.

Categories of Personal Data (Candidates, Freelancers & Agency Workers & Interns):

Category of Data Details
Acknowledgments Signed acknowledgments of key documents (e.g. this notice, the Data Privacy Charter, the Health and Safety Policy). These are usually tracked through our HR platform – Natural HR.
Agency Contract Name and Contact. Agency name. Key terms (rate, hours of work, payment details).
Application Work history, cover letter, LinkedIn profile, profile on recruitment sites, test results, interview notes, references, samples of work (if provided) and other information relevant to your application.
Bank Bank account and transaction details.
CCTV CCTV footage both inside the premises and at the entrances / exits and immediate surroundings, where applicable.
Claims / Expenses Claims for business and travel expenses with supporting documents
Company ID ID badge, employee ID number, photograph.
Company Name Freelancer or consultant’s company name.
Compensation Your rate (hourly, daily, deliverable).
Consultancy Contract Project proposal, scope of work, deliverables, rate, start / end dates (duration), Name and Contact of individual(s) who will do the work, company name, consultant’s title, etc.
Contact Postal address, email address and telephone numbers, next-of-kin name.
Correspondence Emails, letters, text messages.
COVID-Related COVID-related data, e.g. temperature checks, symptom questionnaires, reports of possible exposure, contact tracing info (if on premises).
Departure Reason for departure (e.g. term ended; contract / project cancelled etc.). Conditions of departure (if any), e.g. non-disclosure agreement.
Emergency contact Next-of-kin or other individuals you would like us to contact in the event of an emergency if you provide them. It is your responsibility to inform them of the purpose for the information and bring this notice to their attention.
Entry/Exit Key fob records of entry/exit to the premises. People: for employees entering and exiting using. Parking: for entry/exist to the parking for parking pass holders
Feedback Feedback anyone shares with GAMA that may relate to you or your role, or feedback that you share.
Health & Safety Health-related Special Data, e.g. self-assessment and any adjustments requested, accident logs for Health and Safety (kept in the Accident Book and Treatment Record where it occurred), Health and Safety Committee decisions relating to you specifically or an incident involving you (e.g. injury).
Invoices Invoices, day / hourly / project rates, VAT number, billing information, Bank Data, remittances for freelancer in Company Name or own name (as applicable), or in Agency name for Agency Workers.
Name First name, last name
Performance Metrics / KPIs attributable to you, your team or your project (e.g. sales numbers, website content clicks / downloads, complaints resolved), company distinctions or awards attributable to you or your team.
Photo(s) Image(s) of an Individual or group of Individuals.
Reasonable Adjustments Special Data about e.g. religious or philosophical beliefs, race / ethnicity, sexual orientation information or Health-Related Special Data (e.g. disabilities, allergies) if you provide it when making a request for a reasonable adjustment under the Equality Act 2010. Our Lawful Basis is Legal Obligation (Art. 691)(c), GDPR) and the condition we rely on to process Special Data is the employer’s obligation in employment law (Art. 9(2)(b), DPA 2018, Sch. I, Part 1(1), DPA 2018).
Social Media

Profiles, posts, handles, likes, articles, other activity; your personal blogs or website if:

  • We’re connected to you on LinkedIn or other social media channels or
  • You share your social media URL / handle or web address(es) or
  • It’s been brought to our attention (e.g. in the context of a workplace bullying complaint). You can generally control what and how you share and with whom in your social media settings.
  • Technical / IT Details of your corporate IT and network access and usage – Internet protocol (IP) address, browser activity, username and credentials (login data), access logs, remote login details, device ID for mobile devices, corporate mobile device usage data, software application usage (e.g. documents you have created, edited, uploaded to Dropbox plus metadata from document uploads, edits: time and date, document type, title, last modified date and created by details), e-signatures.
    Training Records Training logs: proof of attendance (e.g. e-learning modules for privacy, security, H&S), completion / non-completion and pass/fail details or grades for mandatory training (e.g. GDPR training).
    Voice recordings For example, in a training video if you provide voice over.
    Work Product __GAMA work product generated by or attributable to you__: Internal and external communications with other employees, customers, prospects; documents, content or work product you create or edit that is or can reasonably be associated with you in relation to your tasks (diaries, address books, other documents of any description, external storage, files, mobile phones or computers) of any kind relating to the Company’s business. Contributions to or Impressions of Company Social Media, website, or other communications or media activity attributable to you (e.g. creating, sharing or liking a post from our X (Twitter) account using your own Social Media profile).

    We mostly sell our products and services to businesses or organisations who either use the products themselves (e.g. hospitals and surgeries) or to other resellers who then sell to other organisations or directly to product users. We have Distribution Partners across Europe and in other parts of the world. They may engage in their own research (lead generation) to identify potential customers. We instruct them to collect only the personal data required to fulfil these objectives and to ensure any processing is consistent with Data Protection Law. We also engage in lead generation activities to identify Prospects who may become Business Customers. We also hold promotions and competitions for consumers, where they have a chance to win cash prizes or products and we collect and use only what we need for this purpose.

    We are legally required to monitor and report any issues with our products (e.g. adverse reactions), so even where we do not have a direct relationship with a Product User, a Product User may contact us with a complaint or concern and we will need to capture that personal data for regulatory compliance purposes.

    If you are a Distribution Partner, Business Customer or Prospect, we also collect a small amount of personal data about you as required to generate leads and manage our relationship.

    When you... We use this data to... We get it from... We rely on (Lawful Basis) We share it with...
    Enquire about a product or service Contact; Correspondence. You. Contractual Necessity Our processors: it’s logged in our systems. We use Salesforce.com as our CRM platform, together with the Office 365 suite and an enterprise version of Dropbox to maintain records, and SAP to manage our supplies.
    Make a complaint or register a concern Adverse Reactions; Complaints / Concerns; Contact; Correspondence: content of your complaint. You; Distribution Partners Legal Obligation Our processors: as above together with Freshdesk who manage our customer support software. Regulator: in a form that doesn’t identify you.
    Make a purchase through Amazon Contact; Name; Purchase details: to fulfil your order Amazon dashboard Contractual Necessity Amazon; our Amazon agent.
    Leave a review or publicly comment on our products Reviews; Name; Contact (if provided) Amazon; our social media sites Legitimate Interests Our processors: as above.
    Place an order for your company or organisation or to resell Purchase Details You. Contractual Necessity Our processors: as above.
    Contact us or respond to us when we contact you as a prospective Distribution Partner or Business Customer Contact; Correspondence; Social Media; conference participant list You (your business card or Correspondence); Conference Organisers; Social Media searches (e.g. LinkedIn) Legitimate Interests Salesforce.com; Office 365 (Outlook; Teams)
    Submit your sales numbers Performance You; GAMA Sales Director(s); regional sales data. Legitimate Interests Salesforce.com; Office 365; SAP.
    End or suspend our relationship Correspondence; Complaints / Concerns; Reviews You Contractual Necessity (re termination); Legitimate Interests (e.g. Reviews) Salesforce.com; Office 365 (Outlook; Teams); DropBox.
    Enter a contest or participate in a competition or special promotion Register you and administer the competition, verify eligibility and confirm you satisfy these terms (Name; Contact Data; Entry Data; Correspondence; Complaints or Concerns); detect fraud or moderate content (User Generated or Transactional Data); track and respect your privacy preferences; deliver or fulfil your prize (Bank Details; Contact Data; unless you object after we notify you, use some or all of your entry in publicity (Entry Data); where required by law, share details of winners with the Advertising Standards Authority (ASA). You directly when you enter; indirectly from your references (if you provide them), from your interactions on our website or from publicly available information like your social media feed (e.g. if we notice you have posted our content or Promotion online as we monitor our publicity or try to verify your entry). Legitimate Interests for fraud detection and social media /publicity monitoring and publicity; Contractual Necessity for content moderation, verification, competition administration, correspondence with you and prize fulfilment; Legal Obligation for regulatory disclosures to the ASA. Our internal Marketing team; our ad agency (if any, at the relevant time) and our contest administrator / sub-Processor PromoVeritas where they are assisting us with the competition and/or promotion (as appropriate) and, where required by law, the ASA.

    Categories of Personal Data (Product Users, Business Customers & Distribution Partners):

    Category of Data Details
    Adverse Reactions Details of any adverse reactions reported in relation to one of our products. We suppress the name and contact information where possible for reporting purposes.
    Bank or Payment Details Details of any bank account where payment is to be made or instructions for alternatives (e.g. PayPal, BACs, etc.)
    Company / Organisation Name If you are a Distribution Partner operating through an incorporated entity or partnership or a Business Customer (e.g. purchasing on behalf of your hospital, surgery, commercial entity).
    Complaints / Concerns Details of your complaint or concern and how it was resolved.
    Contact Postal address, billing address, email address and telephone numbers. For Business Customers and Distribution Partners, this will generally be your professional (company) contact details.
    COVID-related COVID-related data, e.g. temperature checks, symptom questionnaires, reports of possible exposure, contact tracing information (if on premises).
    Correspondence Emails, letters, text messages.
    Distribution Partner Agreement Contract terms including key details such as Contact, Compensation/Payment, Bank Details.
    Entry Data The content of your entry to a contest or promotion.
    Invoices Invoices, day / hourly / project rates, VAT number, billing information, Bank Data, remittances in Company Name or own name (as applicable).
    Name First name, last name.
    Performance Metrics / KPIs attributable to you, your team or your project (e.g. sales).
    Purchase details Quantity and type of item ordered. Notes regarding your account (for Business Customers, Distribution Partners).
    Reviews Any reviews you leave on Amazon or social media or similar sites or that you provide directly to us (e.g. by calling customer service if you are a Product User or speaking with your Sales representative if you are a Business Customer or Distribution Partner).
    User Generated or Transactional Data Data generated from or observed from your use of and interactions with our website

    We process personal data for the purposes of evaluating a potential collaboration and/or entering into a collaboration agreement with you. Once we have entered into a collaboration with you we may share your personal data on social media channels or in external publications as agreed with you in the relevant collaboration agreement.

    When you... We use this data to... We get it from... We rely on (Lawful Basis) We share it with...
    Are being considered for an appointment as an influencer or promoter Assess your suitability to act as an influencer or promoter in respect of our products. Your public social media channels or other public websites you may have or be featured on; any preliminary discussions with you or your agent about the collaboration Legitimate Interest OPotentially, our external marketing agency; the Office 365 suite and an enterprise version of Dropbox to maintain records.
    Are appointed as an influencer or promoter To promote the content that you produce You. Contractual necessity Visitors to our website; the agreed social media channels (e.g. Facebook, X (Twitter), Instagram, LinkedIn); the Office 365 suite and an enterprise version of Dropbox to maintain records; SAP to manage payment (where paid direct and not through an intermediary).
    Are being considered for an academic collaboration Assess your suitability for collaboration in respect of our products Your publications, details of your CV as may be publicly available, recordings of any presentations that you may have previously delivered that may be publicly available; your public social media channels or other public websites you may have or be featured on; any preliminary discussions with you or your employer about the collaboration; Legitimate Interest The Office 365 suite and an enterprise version of Dropbox.
    Are appointed as an academic collaborator To promote the research that you produce You. Contractual necessity Possible external conferences; external publications; visitors to our website; the agreed social media channels (e.g. Facebook, X (Twitter), Instagram, LinkedIn); the Office 365 suite and an enterprise version of Dropbox; SAP to manage payment (where paid direct and not through an intermediary).
    Are being considered for corporate sponsorship Assess your suitability for sponsorship Your public social media channels or other public websites you may have or be featured on; any preliminary discussions with you or your employer and/or representatives about the sponsorship. Legitimate Interest Potentially, our external marketing agency; the Office 365 suite and an enterprise version of Dropbox to maintain records.
    Are the beneficiary of a corporate sponsorship To promote your activities and the fact that you are a beneficiary of corporate sponsorship from GAMA You; your social media channels or other public websites that may feature your activities Contractual necessity Visitors to our website; the agreed social media channels (e.g. Facebook, X (Twitter), Instagram, LinkedIn); the Office 365 suite and an enterprise version of Dropbox to maintain records; SAP to manage payment (where paid direct and not through an intermediary).

    Categories of Personal Data (Influencers, Academic Collaborators, Promoters, Beneficiaries of Corporate Sponsorship):

    Category of Data Details
    Bank or Payment Details Details of any bank account where payment is to be made or instructions for alternatives (e.g. PayPal, BACs, etc.)
    Company / Organisation Name If you are acting through a corporate entity or via a third party, e.g. an agent, your employer or a third party representative.
    Contact Postal address, billing address, email address and telephone numbers. Where you are acting via a third party company, this may be your professional (company) contact details.
    COVID-related COVID-related data, e.g. temperature checks, symptom questionnaires, reports of possible exposure, contact tracing information (if on premises).
    Correspondence Emails, letters, text messages.
    Collaboration Agreement Contract terms including key details such as Contact, Compensation/Payment, Bank Details.
    Social media account, photos, videos, social media posts, social media statistics Details of your social media accounts and social media posts (which may include photos or videos) and statistics.
    Professional CV details Details of where you have studied and/or worked, previous areas of focus, any awards or public recognition, research publications or conferences
    GAMA Healthcare Ltd. Cookie Notice

    January 25th, 2022

    About this Cookie Notice

    This Cookie Notice explains what cookies are, what types of cookies we set and why, and how you can manage your cookie preferences. To find out more about how we process your personal data, including data processed when you visit our website, please read our Privacy Notice.

    About cookies

    A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first party cookies. We also use third party cookies – which are cookies from a third party – for our analytics, advertising and marketing efforts.

    More specifically, we use cookies and other tracking technologies for the following purposes:

    • To make it easier for you to navigate our website;
    • To make it easier to fill out forms or log in;
    • Analyzing your use of our products, services or applications;
    • Assisting with our promotional and marketing efforts. (including behavioral advertising)

    Below is a detailed list of the cookies we use on our Website. We describe the specific purpose or function of each cookie in the Purpose column. Our Website is scanned with our cookie scanning tool regularly to maintain a list as accurate as possible. We classify cookies in the following categories:

    • Strictly Necessary Cookies
    • Performance Cookies
    • Functional Cookies
    • Targeting Cookies

    You can opt-out of each cookie category (except strictly necessary cookies) and manage your preferences by clicking on the “Manage cookie preferences” link at the bottom of our webpage. You can also access this information and our Privacy Notice through links in the cookie widget or at the bottom of our webpage. See our Privacy Notice for more detail about how we use personal data of Website Visitors, in particular regarding analytics and targeted advertising.

    Cookie List

    A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

     


    Strictly Necessary Cookies

    These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

    Host Name Details
    gamahealthcare.com OptanonConsent Description: This cookie is set by the cookie compliance solution from OneTrust. It stores information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. This enables site owners to prevent cookies in each category from being set in the users’ browser, when consent is not given. The cookie has a normal lifespan of one year, so that returning visitors to the site will have their preferences remembered. It contains no information that can identify the site visitor. Lifespan: 1 year
    gamahealthcare.com OptanonAlertBoxClosed Description: This cookie is set by websites using certain versions of the cookie law compliance solution from OneTrust. It is set after visitors have seen a cookie information notice and in some cases only when they actively close the notice down. It enables the website not to show the message more than once to a user. The cookie has a one year lifespan and contains no personal information. Lifespan: 1 year
    gamahealthcare.com eupubconsent Description: This cookie is used by the IAB Europe Transparency & Consent Framework to store the user's consent to the data collection Purposes. The cookie holds an encrypted consent string that vendors participating in the framework can read and determine the user's consent. Lifespan: 1 year
    gamahealthcare.com country_obtained Description: IPStack detects your IP address so we know whether to redirect you to another version of our website. Lifespan: 1 year
    Host Name Details
    gama.getbynder.com JSESSIONID Description: To make our website load quickly by accessing cached jQuery URLs in your browser from a previous visit to a site using the same jQuery URL. We use Cloudflare CDNJS to manage this. Adobe Typekit uses code to serve fonts. Lifespan: A session
    jotfor.ms __cfduid Description: : To capture information you provide in our JotForm forms. Jotform only processes this information on our behalf Lifespan: A month
    gama.getbynder.com bynder Description: So we can push digital content such as videos, images and downloads onto our webpages using Bynder. Lifespan: A session
    gama.getbynder.com DEFAULTLOCALE Description: So we can push digital content such as videos, images and downloads onto our webpages using Bynder. Lifespan: A session
    jotform.com __cfduid Description: To capture information you provide in our JotForm forms. Jotform only processes this information on our behalf. Lifespan: A month

    Performance Cookies

    These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

    Host Name Details
    gamahealthcare.com _gclxxxx Description: Google conversion tracking cookie. Lifespan: 3 months
    gamahealthcare.com _uetvid Description: This is a cookie utilised by Microsoft Bing Ads and is a tracking cookie. It allows us to engage with a user that has previously visited our website. Lifespan: 1 year
    gamahealthcare.com _gid Description: Used to distinguish users by Google Analytics – third-party analytics cookies: google analytics for statistical purposes. Type of data processed: IP addresses. To maximize the privacy of users / visitors, we use the “masking IP” feature, which imposes on the system the darkening of the last 8 digits of the IP address of the user / visitor before any type of processing is performed, making in fact the analyzed. Purpose: to collect information, in aggregate form, on the number of users and on how they visit our site, to process statistics. Lifespan: A day
    gamahealthcare.com _ga Description: Used to distinguish users by Google Analytics – third-party analytics cookies: google analytics for statistical purposes. Type of data processed: IP addresses. To maximize the privacy of users / visitors, we use the “masking IP” feature, which imposes on the system the darkening of the last 8 digits of the IP address of the user / visitor before any type of processing is performed, making in fact the analyzed. Purpose: to collect information, in aggregate form, on the number of users and on how they visit our site, to process statistics. Lifespan: 2 years
    gamahealthcare.com _hjIncludedInPageviewSample Description: Identifies a new user's first session on a website, indicating whether or not Hotjar's seeing this user for the first time. Lifespan: A few seconds
    gamahealthcare.com _hjFirstSeen Description: Identifies a new user's first session on a website, indicating whether or not Hotjar's seeing this user for the first time. Path:/ Secure: Http only:. Lifespan: A few seconds
    gamahealthcare.com _hjAbsoluteSessionInProgress Description: This cookie is used by HotJar to detect the first pageview session of a user. This is a True/False flag set by the cookie. Lifespan: A few seconds
    gamahealthcare.com _hjIncludedInSessionSample Description: This cookie is set to let Hotjar know whether that visitor is included in the data sampling defined by your site's daily session limit. Lifespan: A few seconds
    gamahealthcare.com _hjid Description: Hotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. Lifespan: 1 year
    Host Name Details
    script.hotjar.com _hjIncludedInSessionSample Description: We use Hotjar to record website visitor browser sessions without identifying individual users. Hotjar automatically suppresses any information you input into our forms, so it doesn't get recorded. We also suppress other information that could identify you. Lifespan: A few seconds
    script.hotjar.com _hjIncludedInPageviewSample Description: We use Hotjar to record website visitor browser sessions without identifying individual users. Hotjar automatically suppresses any information you input into our forms, so it doesn't get recorded. We also suppress other information that could identify you. Lifespan: A few seconds

    Functional Cookies

    These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

    Host Name Details
    github.com _gh_sess Description: This domain is owned by Github. The main business activity is: Source code repository and collaboration platform. Lifespan: A session
    github.com logged_in Description: This domain is owned by Github. The main business activity is: Source code repository and collaboration platform. Lifespan: 1 year
    vimeo.com vuid Description: This domain is owned by Vimeo. The main business activity is: Video Hosting/Sharing. Lifespan: 2 years
    github.com _octo Description: This domain is owned by Github. The main business activity is: Source code repository and collaboration platform. Lifespan: 1 year
    youtube-nocookie.com CONSENT Description: We embed YouTube videos on our website. If you click 'yes' to watch the video, Google will receive some information about your viewing. We have enabled Extended Privacy Mode and blocked scripts to limit what cookies Google drops and stop your data from being sent to Google until you opt in. If you watch a video or opt in here, Google may transfer your personal data to the US or other countries outside the UK/EU where it will not have the same protection. Lifespan: 17 years

    Targeting Cookies

    These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

    Host Name Details
    gamahealthcare.com _gat_gtag_xxxxxxxxxxxxxxxxxxxxxxxxxxx Description: Google Analytics. Lifespan: A few seconds
    gamahealthcare.com _uetsid Description: This cookie is used by Bing to determine what ads should be shown that may be relevant to the end user perusing the site. Lifespan: A few seconds
    Host Name Details
    linkedin.com bcookie Description: This is a Microsoft MSN 1st party cookie for sharing the content of the website via social media. Lifespan: 2 years
    linkedin.com AnalyticsSyncHistory Description: This domain is owned by LinkedIn, the business networking platform. It typically acts as a third party host where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the website they are on, cookies are set regardless of whether or not the visitor has an active Linkedin profile, or agreed to their terms and conditions. For this reason it is classified as a primarily tracking/targeting domain. Lifespan: A month
    ads.linkedin.com lang Description: Used to store language preferences to serve up content in the stored language. Lifespan: A session
    youtube.com CONSENT Description: YouTube is a Google owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites. Lifespan: 17 years
    bing.com MUID Description: This cookie is widely used my Microsoft as a unique user identifier. It can be set by embedded Microsoft scripts. Widely believed to sync across many different Microsoft domains, allowing user tracking. Lifespan: 1 year
    pi.pardot.com Pardot Description: Cookie name associated with services from marketing automation and lead generation platform Pardot. Lifespan: A few seconds
    youtube.com VISITOR_INFO1_LIVE Description: This cookie is used as a unique identifier to track viewing of videos. Lifespan: 6 months
    linkedin.com lidc Description: This is a Microsoft MSN 1st party cookie that ensures the proper functioning of this website. It typically acts as a third party host where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the website they are on, cookies are set regardless of whether or not the visitor has an active Linkedin profile, or agreed to their terms and conditions. For this reason it is classified as a primarily tracking/targeting domain. Lifespan: A few seconds
    www.google.com _GRECAPTCHA Description: This domain is owned by Google Inc. Although Google is primarily known as a search engine, the company provides a diverse range of products and services. Its main source of revenue however is advertising. Google tracks users extensively both through its own products and sites, and the numerous technologies embedded into many millions of websites around the world. It uses the data gathered from most of these services to profile the interests of web users and sell advertising space to organisations based on such interest profiles as well as aligning adverts to the content on the pages where its customer's adverts appear. Path:/recaptcha. Lifespan: 6 months
    doubleclick.net test_cookie Description: This domain is owned by Doubleclick (Google). The main business activity is: Doubleclick is Googles real time bidding advertising exchange. Lifespan: A few seconds
    linkedin.com UserMatchHistory Description: This cookie is used to track visitors so that more relevant ads can be presented based on the visitor's preferences. Lifespan: A month
    doubleclick.net IDE Description: This domain is owned by Doubleclick (Google). The main business activity is: Doubleclick is Googles real time bidding advertising exchange. Lifespan: 1 year
    www.linkedin.com bscookie Description: Used by the social networking service, LinkedIn, for tracking the use of embedded services. Lifespan: 2 years
    www.linkedin.com li_gc Lifespan: 2 years
    www.linkedin.com lang Description: There are many different types of cookies associated with this name, and a more detailed look at how it is used on a particular website is generally recommended. However, in most cases it will likely be used to store language preferences, potentially to serve up content in the stored language. Lifespan: A session
    youtube.com YSC Description: YouTube is a Google owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites. Lifespan: A session
    amazon-adsystem.com ad-id Description: This domain is owned by online retailer Amazon and is used as part of its affiliate marketing programme. Lifespan: 7 months
    amazon-adsystem.com ad-privacy Description: This domain is owned by online retailer Amazon and is used as part of its affiliate marketing programme. Lifespan: 5 years
    google.com _GRECAPTCHA Description: This domain is owned by Google Inc. Although Google is primarily known as a search engine, the company provides a diverse range of products and services. Its main source of revenue however is advertising. Google tracks users extensively both through its own products and sites, and the numerous technologies embedded into many millions of websites around the world. It uses the data gathered from most of these services to profile the interests of web users and sell advertising space to organisations based on such interest profiles as well as aligning adverts to the content on the pages where its customer's adverts appear. Lifespan: 1 year

    Unknown

    We are working on obtaining more information about these cookies and will update this notice accordingly. Please check back for updates.

    Host Name Details
    gamahealthcare.com country_obtained Lifespan: 1 year
    Host Name Details
    youtube-nocookie.com CONSENT Description: This cookie carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website. Lifespan: 2 years
    myfonts.net __cf_bm Description: The __cf_bm cookie is a cookie necessary to support Cloudflare Bot Management, currently in private beta. As part of our bot management service, this cookie helps manage incoming traffic that matches criteria associated with bots. This is a CloudFoundry cookie. Lifespan: A few seconds

    Latest