Privacy Policy

1. Policy on the processing of Personal Data.

Groundleader Ltd is registered with the Information Commisioners’ Office (ICO) in the UK as a Data Controller.

Groundleader Ltd (“we” / “our” / “us” / “Groundleader”) sell the use of various online software-as-a-service products (“services” / “products” / “offerings”), which are all developed and updated by “Grounds Maintenance Solutions Ltd” (“GMS Ltd” / “GMS”). GMS Ltd have licensed these products exclusively to us, for the purposes of marketing and sales support to the software end-users. Therefore, due to the direct relationship between Groundleader Ltd and GMS Ltd, you should consider your relationship with Groundleader Ltd to also be de facto a relationship with Grounds Maintenance Solutions Ltd.

Where hereby we refer to “we”, “our”, “us” or “Groundleader”, you should consider this to equally apply or refer to “Grounds Maintenance Solutions Ltd” as well as “Groundleader Ltd”.

Grounds Maintenance Solutions Ltd therefore also handles your data in accordance with this Policy (also see in Section 4 below, the paragraph entitled, “Essential sharing of data with third-parties”). Our services are used by our clients (“you” / “your”), and in some instances by your clients / subcontractors / suppliers / staff (“client” / “user”), if you have given them login credentials. The services are accessed via any device capable of running a browser connected to the internet, by anyone who holds suitable login credentials.

We intend to describe here the types of data we process, how we use the data, and with whom we share it.

This Policy on the processing of Personal Data applies to information relating to you, and where applicable your users, your customers, and/or your subcontractors, which we collect from you and process. Regards the processing of such data in relation to the services, Groundleader Ltd qualifies as the data controller. Groundleader respects your privacy and handles your data with due care, in accordance with European data protection laws and regulations, such as GDPR. When you log in to use one of our services, you have access to the collected data. When one of your users logs in, they should have access only to the data that you have given them the “right” to see/edit, depending on what “role” you have allocated to them.

2. Our contact details.

Groundleader Ltd, 5a Gremista Industrial Estate, Lerwick, Shetland, Scotland, UK, ZE1 0PX.

Email address: admin@groundleader.com.

3. Data that we process.

When you register with Groundleader Ltd and use one or more of our services, you agree that we may collect and process any of the following types of data:

• The name(s) of your organisation, address(es), telephone number(s), email address(es), fax number(s), company number, tax registration number, website URL(s), social media ID(s), and any other relevant contact details of your organisation.
• Your clients’ full name(s), billing address(es), telephone number(s), email address(es), fax numbers(s), website URL(s), site address(es), photos or maps of their site(s), and other notes and information pertaining to them.
• Full bank account details (name, address, sort code, account number), and/or payment-card details, of your organisation.
• Full bank account details (name, address, sort code, account number), and/or payment-card details, of your clients.
• Your (and if relevant your clients’) I.P. address(es)
• Where applicable, your equipment or vehicle registration / chassis / serial / ID numbers, and other details relating to this, such as the manufacturer, type, model, etc.
• The rate(s) you charge your clients for your services.
• Your logos, trademarks, letterhead, photographs, and other images.
• Data relating to you or your users’ working hours, exposure to hand-arm vibration, site safety information, incident-reports, quality-management data, and the like.
• Your and your users’ full name(s), gender, age, and contact details such as telephone number or email.
• “Customer relationship management” notes relevant to you (or your users, organisation etc) as our customer. For example, we may profile what type of user you are (e.g. contractor, public organisation, voluntary sector, not-for-profit), what kind of work you mainly do (e.g. building contractor, landscaping, grounds maintenance), what scale of operation you have (e.g. how many clients or teams you have), how you prefer us to communicate with you, etc.
• Any other information pertaining to yourself, your organisation / users / suppliers / customers etc, that you input into our systems, or communicate to us by other means, such as email, fax, telephone, social media, postal, etc.
• Any other types of your clients’ or users’ information that you (or one of your users) input into our systems.
• If you or one of your users is accessing our services via a mobile device, then depending on the service, and on the privacy settings on that mobile device, there may at some time be reason to process your mobile device location data. If the mobile device does not allow that information to be shared, then it is possible this might limit or disable some features of the service.

If you “follow” or communicate with us via a social media provider (e.g. “Facebook”, “Twitter”), or sign up to one of our newsletters (some aspects of which may in some instances be handled by external service providers, e.g. “mailchimp”), note that their privacy policy also applies, and where practicable in this connection, you may wish to consider consulting their privacy policy / policies as well

4. Purposes for processing your data.

The purposes of processing your data are described below.

Your account, and communication preferences.
When you register for an account, service, or marketing-list with Groundleader Ltd, you will be required to fill in certain data which can identify you, such as your name, organisation name, address, email address etc. We will use this data to communicate with you regarding our services, in accordance with the preferences indicated by you, either at the initial sign-up stage, or those given at a later stage.

Please note that email, and our online services, are our primary means of communication with all our clients. It is essential for you to maintain a current active email address with us. You may not completely opt out of emails as the primary means of communication.

If you wish to change aspects of your marketing and communication preferences, you can do so at any stage via email, fax, telephone, hitting “unsubscribe” in an email link, or by changing preferences within your login “area”. Please note however that we will in any case obviously need to continue to send you essential communications in relation to the service, such as invoices, product update information, etc. We reserve the right (and are legally obliged) to retain historical billing addresses, email addresses and the like for a reasonable period, for the sake of accounting and tax purposes, credit-control, etc.

Our access to your data
In order to administer the service(s), including providing you with technical support, you accept that we may from time to time need to view your account or access your data, in order to respond to or analyse issues or problems as they arise. We may also need to access your content in order to run the likes of aggregate statistical analyses on client accounts (e.g. for billing).

Essential sharing of data with third-parties.
At times, we may need to share some of your data with third-parties, such as payment or subscription service providers (e.g. “PayPal”, or a direct-debit agency), and other companies who provide essential infrastructure and support services in connection with our service, e.g. the companies who provide our online hosting services, and other essential I.T. support. We will do everything we reasonably can to ensure their access is controlled in accordance with European data protection laws and regulations, such as GDPR, and that they provide sufficient protection of data in order to meet the requirements our own privacy policy. Also, as stated in section 1 above, we work very closely with GMS Ltd, the developers of the software.

Anonymised or aggregated data.
Groundleader Ltd will occasionally conduct analysis of customer data for the purposes of marketing, internal reporting, etc. When such data is published, it can be presented in a way which does not link or identify to an individual or organisation. For example, we might indicate which of our pricing structures is the most popular, or analyse what percentage of our customers use certain aspects of the services. Where data is identifiable to an individual or organisation, it will not be used for marketing purposes without the express prior permission of the individual or organisation in question.

5. Storage and retention of your data.

Our services are primarily stored and operated securely from Amazon Web Services’ servers (“AWS” / “Amazon”). Amazon have been given approval by the group of European Union data protection authorities, known as the Article 29 Working Party, for compliance with its data protection regulations worldwide, giving customers the assurance their data is being given the same level of protection whether it is stored in a data centre in Europe or elsewhere.

Some aspects of our online space are operated by a hosting service called “Big Wet Fish” (“BWF”). BWF servers are located within the UK.

We will not retain your data any longer than permitted or required by law, and as necessary for the purposes of delivering the service to you, and for billing and tax / accounting purposes.

If your subscription period ends without renewal, we will preserve your data for a limited period as would be considered reasonable, in a secure and encrypted space. We would make reasonable efforts to contact you to give you opportunity to access or download your data, before it is deleted.

Where any automated data-deletion processes are in place, such as deletion of aged archive data, we will make you aware of any such process, and give you reasonable opportunity to download your data before it is deleted. If you wish to revoke consent and/or request deletion of some or all of your data, reasonable efforts will be made to do so in accordance with relevant UK data-protection laws (although note that where you have access to our service and are in a position to effect this yourselves via the “delete” facilities provided within our service, you would of course be expected to undertake this function yourselves).

6. Parties with access to your data.

Groundleader Ltd will process your data for the purposes indicated in section 4 above. Only staff of Groundleader Ltd, GMS Ltd, and other essential I.T. support personnel (e.g. specialist I.T. contractors doing “penetration” testing, hosting providers, etc.) that require access to our customer data in order to perform their activities, will have access to your data.

We will not otherwise share your data with third parties, unless we have your express prior consent. In addition to the above, we may disclose data in the following circumstances:

• When obliged by law.
• To protect your vital interests, or those of another person, including circumstance where you are incapable of giving your consent for any reason, e.g. not responding to persistent attempts to contact you, or when you are medically or physically incapable of doing so.
• When necessary for the establishment, exercise or defence of legal claims.

In the event of a corporate sale, merger, reorganization, dissolution or similar event relating to Groundleader Ltd and/or GMS Ltd, your data may be part of the transferred assets. You will be notified in due course of any such change in ownership, of either company.

7. Security measures.

Groundleader Ltd, and GMS Ltd, take the secure storage and protection of your data seriously, and will use appropriate technical and organizational measures to protect your data against unauthorized or unlawful processing.

Examples of our security and protection measures include:

• Data relating to your account(s) with us is logically segregated by account-based access rules. User accounts have unique usernames and passwords that must be entered to access the services.
• Account passwords and other highly sensitive information, such as bank details, are stored in encrypted format, and only for as long as necessary.
• All communications through our Secure Applications (e.g. “ToolFleet”, “VibeCalc”, “Groundleader”) are sent over SSL/TLS connections. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) technology protects communications by using both server authentication and data encryption. This ensures that data in transit is safe, secure, and available only for intended recipients.
• Our applications and infrastructure are maintained and updated at suitable intervals, to minimise the risk of security vulnerabilities. Also we endeavour to undertake “penetration testing” at suitable intervals, where we, or specialist contractors employed on our behalf, make efforts to “hack” (i.e. test) our own security systems.
• “Local” hard drive or SSD storage is (so far as practicable) encrypted.
• Paper records are (so far as practicable) stored under lock and key.
• Old paper documents which no longer serve a purpose, and which contain sensitive or personal data of some form, will be shredded.

Whilst we will take all commercially reasonable steps to secure and protect your data, you should be aware that no system, whether digital or paper-based, and no matter how robustly structured, can ever be 100% guaranteed against a security breach. In the event of a breach of the security of your data, we will notify you as soon as practicable.

8. Accessing and amending your data.

You can access, edit, and download your data by logging into your account.

Please note that we reserve the right to put in place authentication processes when you contact us, to ensure that the person seeking to change or access your data really is you, or is someone authorised to have access or make such changes on your behalf. In order to prevent fraudulent changes or access to your data, be aware that we will operate a principle of precaution when checking your identity, so if you or your agents fail to supply proof of this (e.g. unable to answer security questions), or if we are in doubt for any other reason, we are unlikely to change or give access to your data until suitable authentication has been established.

Regards our “Vibecalc”, “ToolFleet” and “Groundleader” services. Should you choose at any time, you will be able to download the more crucial aspects of your data in the form of Microsoft Excel files. These downloads (or “backups”) are available under the “manage” tabs of the “desktop” versions of our applications. These files are the principle means by which you are able to retrieve any of your content for “local” backup purposes (e.g. if you choose at any stage to close your account). The other means you can access your data, is via the applications themselves. Your content is unlikely to be available in any format other than the Excel files and through use of the applications themselves. However, we will do whatever we practicably can to ensure that you are able to retrieve any particularly vital content from our servers, via other means as would be considered reasonable, should you require. It is however impossible for us to guarantee absolutely the return of all your content. Nor can we guarantee the specific format that any retrieved content might take. So, it’s advisable for you to keep a “local” copy on your own computer or device, and we also recommend that you should try to schedule regular “backups” in the event that at any point you can’t access your data from our servers.

See also section 5 above, “storage and retention of your data”.

We will ensure your data is backed-up periodically as part of our own backup procedures, in case of problems with data corruption, or in case there are problems with updates to the software.

9. Cookies.

We sometimes use “cookies”, in order to delivery our services to you efficiently and effectively, for example, when you make payment for a product, use one of our applications, or fill in a multi-page form. Cookies are files that websites send to your computer or other internet-connected device to uniquely identify your browser, or to store information or settings on your device, in order that the site or application can function properly. It is essential that you permit your browser to accept the “cookies” and “popups” from our site(s), in order that our services can function properly.

10. Third-party links.

Where our websites, communications or services “link” to other sites belonging to other organisations or companies, we do not have any responsibility nor control over the content of those sites. Therefore you view and interact with the content of any such websites at your own risk, and you should not assume that we endorse the content of any of the sites we link to.

11. Policy updates.

The legislation on privacy, and also the general terms of our products and services, or the nature of our products and services, may change from time to time. In order to keep this policy current, we are likely to occasionally update it. We’ll endeavour to contact you when significant changes to the policy have taken place, although we are unlikely to contact you if minor updates (e.g. slight re-words to improve clarity) are not significantly going to alter the function of the policy, or where minor changes reflect a position of ensuring your rights are more robustly stated and delivered. Your continued use of our services after any such updates indicates your agreement with the revised terms.

This policy is current at 2019-11-07.