This "Policy" describes the way in which GX Admin manages and processes the information and data you provide to us to enable us to manage our "Customer" relationship. GX Admin Ltd is also registered with the Information & Commissioners Office to both handle and store personal data (Registration no: Z338400X)
References stated within this policy to "GX Admin", "us", "we" or "our" relate to GX Admin Ltd, we offer a range of services in relation to passport applications and booking of appointments this includes: consultancy and assistance services and booking services with HM Passport Office, please refer to section  of this policy for information on the organisations we may share data with.
"Services" refer to any service offered by GX Admin to customers, we will process any personal information provided to us or otherwise held by us relating to you in the manner set out in this policy or as held by us relating to you in the methods set out in this policy.
"Employee", “Team”, or “Staff ” refers to individuals employed by GX Admin who work under a legally binding employment contract that requires them to agree and adhere to our terms and policies in relation to this policy.
By accepting this policy, you agree that you understand and accept the use of your personal information as set out in this policy. If you do not agree with the terms of this policy, please do not use our website or otherwise provide us with your personal information by any other means as specified above.
Not only is your personal data protected by the high standards and efficient processes within our organisation, it is also protected by the law. The GDPR legislation states we can only process your personal data when a genuine reason is present. It must be one of the following:
• Consent has been provided for processing
• When it is in the public interest, our legitimate interest or if it is your vital interest.
• To fulfil any contract that we have with you or when we have a legal obligation
2 Data that we store
When using our website we will ask you for specific personal data in order to provide our services for may includes (but not limited to):
• Full names of applicant(s)
• Dates of birth
• Telephone Number
• Email Address
• Current Address
• Passport Details (Passport Number, Passport date of issue) (If applicable)
• Parent(s) of applicant details (Full names, Dates of birth, Passport numbers, Passport dates of issue, Country of birth, Nationality) (If applicable)
• Grandparent(s) of applicant details (Full names, Dates of birth, Country of birth, Nationailty) (If applicable)
• Naturalisation details (Certificate numbers, Dates of issue, Place of issue) (If applicable)
We ask for the data listed above in order to provide the services stated on our website in relation to passport application consultancy services and booking of passport appointments with HM Passport Office.
When entering this data into our website it will be stored in our secure database, the information requested is the minimum we require in order to provide our services as advertised to our customers. After entering the above data on our website we also ask you to read and agree to both our terms & conditions and this policy prior to using our services.
3 Data that we only process (not store)
In order to process payments for our services we must share some information with third party payment providers “Sagepay Europe Ltd” and “Global Payments (GPUK LLP)” these companies process our card transactions and require us to send the following customer data when placing an order with GX Admin:
• Credit/Debit Card Details
• Credit/Debit Card Billing Address
We do not store this data it is simply passed directly to our payment provider via a secure SSL encrypted connection. All data entered into our website is encrypted via a secure SSL connection, this means that third parties are unable to intercept the data as it is transmitted securely between the customers device our server and between our server and third party payment providers.
Once this data has been sent to our third party providers it is then discarded by our system and is not stored on our server or database. You can also see more information about the third party providers we use and their roles in [section 6] of this policy.
4 How we store data
All data entered into our website is sent securely via SSL encryption to our web server. Data that we hold is stored securely in our database, this database is held on a secure dedicated server, this server operates the latest Windows server, security and firewall software and is held in a secure data center owned and operated by Fasthosts Internet Ltd.
When speaking to a member of our team by phone we may also ask you for personal information in relation to the information listed in section , we may ask for this information in order to confirm order details and/or provide the best possible service to you in relation to an enquire.
All staff members employed and in the service of GX Admin Ltd have secure access to our internal system(s), this means that any information given to our staff verbally by telephone will only ever be input into our secure system which stores all data on our secure external database hosted on our dedicated server. This data will never be stored locally on individual staff members computers or device, this reduces the risk of a data breach and.also reduces the risk of data misuse as it means that all data is secured in a single location.
When providing our services to customers we also offer email support services, due to this our staff members are required to operate email client software on their local machines. Our email services are setup using secure SSL connections and operate using IMAP service protocol, this means that all email messages are held on our secure server
However due to the way that email services such as IMAP operate this email data may at any given time be downloaded to an employee’s local machine in order for their software to provide email functionality.
This data is limited to the personal data included in general enquiries and support, so may include some personal data depending on the type of enquiry and/or conversations had with customers in relation to services we provide.
As part of our company policies we always ensure that all devices used by our staff include the latest updates, firewall and antivirus software due to the potential storage of email data and conversation data held on local machines.
5 How data is used within our organisation
When entering data via our website and agreeing to the terms & conditions of our service and this policy you agree and give GX Admin permission to act an as agent and to use your personal data in order to either check and process your passport application directly with HM Passport Office or to book an appointment directly with HM Passport Office (depending on the service required by the Customer). The data we hold is only ever used for this purpose in relation to the services outlined in our terms & conditions.
Access to your information is limited to specific GX Admin employees at various levels, each level within our organisation has certain restrictions on the data available. As an organisation we design our systems and infrastructure to limit specific classes of staff members to your data depending on job description and services that they will need to provide, our data protection levels for staff fall under the following categories:
Level  Sales Staff (General Enquiries)
Level  Administration Staff (Order Processing, Customer Enquiries)
Level  I.T Staff & Management (Order Processing, Administration, Complaints, & Technical use of our system(s))
Level  Staff have limited access and are only able to view limited customer information depending on the service being provided, this is often limited to customer name, contact number and email address in relation to a booking held on our system and can only be accessed after the customer has provided information such as booking reference numbers/and or confirmed parts of the data in order for the staff member to access said data for the following tasks:
• Sales enquiries by phone, email
• Processing of complaints and refunds
Level  Staff have more access to our system and are able to access all customer data in relation to orders placed via our website, this information is only ever used to supply the services as stated in our terms & conditions for the following purposes:
• Processing of applications/booking of appointments
• Contacting customers in regards to services requested
• General administration
Our internal systems have been designed in such as way that access to this information at this level is still strictly controlled, staff are only able to access this data for a limited amount of time in order to provide the services required by the customer. Once an order has been completed staff are then not able to access this data and must put a request to higher management in order to access this data any any point after services have been provided.
Level  Staff have full access to data stored on our secure database in relation to customer information, billing address and all documentation that we hold, this information is used for:
• Complaints & refunds
• Accounting & invoicing
• Statistical analysis
• Development of our system(s)
• Technical issues with our system(s)
At each level of our organisation our staff are made fully aware of their responsibilities in regards to how they handle data, this includes relevant training and basic knowledge of handling data in relation to the service they are providing to our customers.
6 Third parties
In order to provide all the services provided by GX Admin we must both use and share some of the personal information we store with third parties, sharing of data with third parties will only ever be done for the sole purpose of providing the agreed services to our customers.
Although we have listed some of these providers in the previous sections of this policy, here is a more comprehensive list of providers with whom we may share both personal and non-personal data in order to provide both payment facilities and "Services" to our customers:
"Global Payments (GPUK LLP)" - (Personal data) processing of credit/debit card information via our website(s).
"Sage Pay Ltd" - (Personal data) processing of credit/debit card information via our website(s).
"PayL8r (Social Money Ltd)" - (Personal data) processing of finance applications in relation to monthly payment purchase options for our services.
"Fasthosts Ltd" - (Non-personal data) for secure hosting & data storage
"Text Local Ltd" - (Personal data) sending of SMS text messages for order confirmations.
"HM Passport Office" - (Personal data) We use personal data supplied in order to process passport applications or book appointments on behalf of customers as an agent.
When using third party companies we are always sure to choose well known and reputable companies that have well founded data protection policies to ensure that our customers data is always safe and secure.
By accepting our terms & conditions and this policy you agree and give permission for GX Admin to contact you in relation to the services stated in these agreements by the following means:
You understand that by talking to any staff member be it electronically via online chat or by telephone may require you to confirm additonal details in order for us to provide the services requested, this could be in relation to but not limited to the following: general enquiries, requests to confirm incorrect information, provide help and guidance with applications, complaints and refund requests.
8 Data retention & removal
When providing us with data in relation to services we provide we will hold this information in our database for a period of 6 months, this period allows us to provide the following services in relation to the data we hold in order to carry out our obligations of our business as follows:
• Accounting & invoicing
• Refunds and complaints
• Technical analysis and statistics
• General Administration
GX Admin will always assist you if you choose to exercise your rights over your personal data which may include, withdrawal of previous granted consent at that specific point in time. This would not include previous consented processing. Access or correction to personal data which is stored or processed.
As part of our data protection policy we are happy to remove any data held on our system(s), if you wish to request that your information is removed please send us a request either via email to: firstname.lastname@example.org or is writing to GX Admin Ltd, Postal Address. Your data removal request will be processed within 3-5 working days and you will receive written confirmation of this action.
Our policy may be updated from time to time. If at any point this policy is updated the date of said change will be clearly marked. We regret that if you were to decline the changes made to this policy we may not be able to continue to provide services to you in future.
You can contact us on email@example.com if you have any concerns regarding this policy.
Policy last updated: 25/05/2018