Skip to main content
BOOK YOUR FREE WORKSHOP

Privacy Policy

Gysho Ltd. Privacy Policy

Effective Date: 15 May 2025
Last Reviewed: 15 May 2025
Version: 2025.1.1

Introduction

Gysho Ltd., located at Sussex Innovation Centre, Science Park Square, Brighton, East Sussex, England, BN1 9SB, is committed to protecting the privacy and security of our clients’ information.

This Privacy Policy outlines our practices regarding the collection, use, and disclosure of personal data when you use our services, and the choices you have associated with that data. This policy is aligned with our Data Protection Policy, Terms & Conditions, and all applicable UK and EU data protection laws.

Data Controller and Processor Roles

  • For Gysho-hosted services, Gysho Ltd. acts as data controller or processor as appropriate.
  • For client-hosted services, the client is typically the data controller and Gysho acts as a processor or service provider, processing personal data only on the client’s instructions.

Information Collection and Use

We collect and process the following types of data:

  • Personal Identification Information: Name, email address, telephone number, etc.
  • Contact Details: Postal address, email address, and phone numbers.
  • Payment Information: Credit/debit card details, billing address, transaction history.
  • Company Information: Business name, industry type, business size, role in the company.
  • Usage Data: Service usage data, access times, page views, IP address.

Purposes of Processing:

  • To provide, maintain, and improve our services.
  • For customer communication and support.
  • To process transactions and manage client accounts.
  • For compliance with legal obligations.
  • For internal analysis and research to improve our offerings.

For further details, please refer to our Data Protection Policy.

Legal Basis for Processing

We process personal data on the following legal grounds:

  • With your consent.
  • As necessary to enter into or perform a contract with you.
  • For compliance with our legal obligations.
  • For our legitimate interests, provided that such processing does not outweigh your rights and freedoms.
  • Special category data is processed only with explicit consent or as required by law, in accordance with Article 9 of the UK GDPR.
  • For client-hosted services, Gysho processes data only as instructed by the client.

Data Retention and Deletion

  • We retain personal data only as long as necessary for the purposes stated above or as required by law or contract.
  • For AI-related data, we retain it for only 30 days, solely for technical troubleshooting purposes, not for model training.
  • Retention periods are defined in our Data Protection Policy and/or client contract.
  • Data is securely deleted upon contract end or valid data subject request.

Data Sharing and Disclosure

  • We share personal data with Hubspot for CRM purposes, and with Azure and OpenAI only if a project requires it and is explicitly agreed upon by the customer.
  • All third-party processors are subject to written agreements and appropriate safeguards.
  • Data is not used for model training unless explicitly agreed.
  • International transfers are made only with appropriate safeguards (such as Standard Contractual Clauses) and client notification.

International Data Transfers and Data Residency

  • All production personal data is stored in client-specified Azure regions (primarily UK) unless otherwise agreed and safeguarded.
  • Data may be transferred outside the UK/EU only with appropriate safeguards and client notification.

Data Protection by Design and Default

  • Gysho integrates data protection by design and default into all services and conducts Data Protection Impact Assessments (DPIAs) for high-risk processing.

Rights of Data Subjects

Under UK GDPR, you have the right to:

  • Access, rectify, erase, restrict, or object to the processing of your personal data.
  • Request the transfer of your data to another organization.
  • Contest automated decisions and request human intervention where applicable.
  • Withdraw consent at any time by contacting us or using unsubscribe links in our communications.

We will verify your identity before fulfilling requests and respond within statutory timeframes.

Procedure for Data Breaches

  • Gysho maintains an Incident Response Management Process for personal data breaches.
  • In the event of a data breach, we will take immediate steps to mitigate harm and will notify affected individuals and the UK Information Commissioner’s Office (ICO) within 72 hours, as required by law.

Training and Awareness

  • All Gysho staff and contractors receive regular data protection and security training.
  • Clients are responsible for ensuring their own staff are trained in data protection relevant to their environment.

Use of Cookies and Tracking Technologies

  • We use cookies and similar technologies, embedded in Hubspot, to enhance user experience and analyze service usage.

Changes and Updates to the Policy

  • We may update our Privacy Policy from time to time. Changes will be notified through updates on this page.
  • This policy is reviewed at least annually or after significant changes in law, technology, or business operations.

Complaint Procedure and Supervisory Authority

Contact Us

If you have any questions about this Privacy Policy or your data rights, please contact us at:Gysho Ltd., Sussex Innovation Centre, Science Park Square, Brighton, East Sussex, England, BN1 9SB
Email: contact our privacy officer