Last updated: July 31, 2022
GoGlory is committed to the highest standards of data privacy, protection, and ethical processing. As a data controller subject to the jurisdiction of the United Kingdom and the European Union, GoGlory operates in full compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the UK GDPR as incorporated into domestic law under the Data Protection Act 2018.
We acknowledge that the protection of personal data is not only a regulatory requirement but a core component of user trust, business ethics, and platform credibility.
Our GDPR framework applies to the collection, processing, storage, transfer, and deletion of any personal data relating to identifiable individuals, whether obtained directly or indirectly, including:
Users and customers of the GoGlory platform
Business partners and service providers
Website visitors, form submitters, and email correspondents
Internal personnel and contractors (where applicable)
This framework governs both automated and manual data systems and applies across our digital infrastructure, including websites, applications, internal databases, and third-party services.
1. Lawfulness, Fairness, and Transparency
GoGlory ensures all data processing activities have a lawful basis, such as consent, contractual necessity, legal obligation, or legitimate interest. We communicate clearly and accessibly with individuals about how their data is collected, used, and stored.
2. Purpose Limitation
Personal data is collected only for specific, explicit, and legitimate purposes and is not further processed in ways that are incompatible with those purposes. All processing activities are documented and reviewed to prevent scope creep.
3. Data Minimisation
We collect only the data that is strictly necessary for the purposes for which it is processed. Our forms, databases, and analytics tools are designed to avoid overcollection.
4. Accuracy
We take proactive steps to ensure that personal data is accurate and up to date. Individuals may request corrections at any time, and we maintain internal mechanisms to flag and rectify inaccuracies.
5. Storage Limitation
GoGlory retains personal data only for as long as necessary to fulfil the purposes for which it was collected, unless required to retain it longer for legal or regulatory reasons. Data retention policies are reviewed regularly.
6. Integrity and Confidentiality (Security)
We have implemented appropriate technical and organisational measures to safeguard personal data against unauthorised access, loss, alteration, or disclosure. These include:
Encrypted storage and communications
Role-based access controls
Regular vulnerability assessments
Third-party vendor risk assessments
7. Accountability
We maintain detailed records of all personal data processing activities in accordance with Article 30 of the GDPR. Our Data Protection Governance Framework is supported by documented policies, employee training, and periodic compliance reviews.
In accordance with Chapter III of the GDPR, GoGlory enables all data subjects to exercise their rights, including:
Right of access to personal data
Right to rectification of inaccurate or incomplete data
Right to erasure (“right to be forgotten”) where applicable
Right to restriction of processing in certain circumstances
Right to data portability upon request
Right to object to processing, particularly in cases of direct marketing or profiling
Rights related to automated decision-making, including the right to request human intervention
Individuals may exercise these rights by contacting us via the form provided on our website. All requests are processed within the statutory timeframes and subject to appropriate identity verification.
GoGlory processes personal data under one or more lawful bases as defined under Article 6 of the GDPR. These may include:
Consent (Article 6(1)(a))
Performance of a contract (Article 6(1)(b))
Legal obligation (Article 6(1)(c))
Legitimate interests (Article 6(1)(f)), where not overridden by individual rights
Consent is obtained through clear, affirmative action, and individuals are provided with the ability to withdraw consent at any time.
Where GoGlory transfers personal data outside the UK or EU, we ensure that appropriate safeguards are in place. These may include:
Transfers to countries with an adequacy decision
Standard Contractual Clauses (SCCs)
Binding Corporate Rules (BCRs), where applicable
We monitor our international partners and vendors to ensure continuous compliance with evolving adequacy and transfer frameworks.
GoGlory integrates privacy and data protection measures into its systems architecture, development processes, and product lifecycle from the outset. This includes:
Conducting Data Protection Impact Assessments (DPIAs) for high-risk activities
Applying data minimisation and pseudonymisation where appropriate
Ensuring all new features and updates undergo privacy reviews before release
In the event of a personal data breach, GoGlory will act in accordance with Articles 33 and 34 of the GDPR:
Supervisory authorities will be notified within 72 hours where there is a risk to individuals’ rights and freedoms
Affected individuals will be notified without undue delay if the breach is likely to result in high risk
Internal breach logs and remedial actions will be documented in full
We operate a formal incident response policy and conduct periodic tabletop exercises to test readiness.
All GoGlory personnel who handle personal data receive regular training on data protection principles and their specific responsibilities. Our GDPR compliance efforts are reviewed by designated compliance leads and subject to internal audit protocols.
If you wish to:
Request access to or correction of your personal data
Withdraw consent
Make a complaint regarding data processing
Report a concern or potential breach
Obtain a copy of our Data Protection Policy
Please use the contact form on our website, clearly indicating the nature of your request. All correspondence is handled with confidentiality, and we aim to respond within the legally mandated timelines.
If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority. In the UK, this is:
Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
www.ico.org.uk
