Privacy Policy


Geoff Smith Associates is committed to protecting your privacy and providing customers and suppliers with a positive experience in using our products and services and use of our website. 

This Privacy Statement applies to Geoff Smith Associates Limited and describes how we handle personal information and the choices available to you regarding collection, use, access, and how to update and correct your personal information.

It concerns our role in running the business of Geoff Smith Associates Ltd and in that capacity we are Data Controller.

It also references our role in providing solutions. The personal data content of customers is under their control. They are Data Controllers of that data. 

Geoff Smith Associates ltd as a Data Controller administering GSA business

Collection of Your Personal Information

We may collect data, including personal information, about you as customers or suppliers and how you use solutions and services or otherwise interact with us. "Personal information" is any information that can be used to identify an individual, and may include name, address, email address, phone number, login information (Help Desk Portal user details, password) and marketing preferences or account information. We also collect personal information from trusted third-party sources such as Google Analytics and engage third parties to collect personal information to assist us.

We collect personal information for a variety of reasons, such as:

  • Processing your Organisation’s order and payment transaction details
  • Sending marketing communications
  • Creating an account
  • Enabling the use of certain features of our Solutions
  • Providing customer service
  • Managing recruitment processes
  • Contacting you in respect of your Organisation’s solution or services.

Uses of Your Personal Information

We may use your personal information for the purposes of operating our business, delivering, improving, and customising our website and Solutions, sending marketing and other communications related to our business, and for other legitimate purposes permitted by applicable law. Some of the ways we may use personal information include:

  • Delivering a Solution you have requested
  • Analysing, supporting, and improving our Solutions and your customer experience
  • Personalising our website, newsletters and other communications
  • Sending communications to you, including for marketing or customer satisfaction purposes from GSA.

GSA will process personal data lawfully adhering to the lawful reasons for processing personal data of:

  • Consent
  • Contract
  • Legal Obligation
  • Vital Interests
  • Public Tasks
  • Legitimate Interests

Access to and Accuracy of Your Personal Information

GSA weed and delete any personal information and documentations that has expired or are no longer current.

GSA strives to make it easy for customers to keep Personal Information up to date and to help GSA maintain its accuracy.   Personal Information will be stored only for the time period necessary to fulfill the purposes outlined in GSA’s Privacy Policy reflected in this Privacy Statement unless otherwise required or permitted by law.  Personal information collected will be kept as long as GSA have reasonable business needs.

Personal customer information will be kept for as long as GSA provide or utilise goods or services and then for as long as the Contract specifies.

If there are any changes required to the information we hold please contact GSA immediately on the below contact:

This email address is being protected from spambots. You need JavaScript enabled to view it. or telephone 01455 299 100 and ask for Compliance.

Use of Cookies

GSA do not use Cookies. The only information GSA collects from our web site is data inputted by way of contact through our ‘Contact Us’ function.

Sharing and use of Personal Data

We may share your personal information with third parties for the purposes of operating our business, delivering, improving, and customising our Solutions, sending marketing and other communications related to our business, and for other legitimate purposes permitted by applicable law or otherwise with your consent.

There are times when GSA may be required to disclose personal Information by law, legal process, litigation, and/or requests from public and governmental authorities. GSA may also disclose personal information for purposes of investigations, compliance with requests from law enforcement, or other issues of public importance.

Subject to applicable Data Protection legislation, GSA may share your information with:

  • Prospective and Actual customers and affiliates in respect of public source Contract Award information (i.e. Non-personal information) for procurement purposes
  • GSA’s legal and professional advisors, including auditors
  • In an emergency or to otherwise protect the vital interests of customers or employees
  • Anyone else where GSA customers consent or it is required by law
  • With business partners, service vendors, authorised third-party agents, or contractors to provide a requested Solution, service or transaction. Examples include, but are not limited to: joint procurements, hosting websites, event registration, assisting with sales-related efforts or post-sales support, and providing customer support.
  • In aggregated, anonymised, and/or de-identified form which cannot reasonably be used to identify you.
  • If we otherwise notify you and you consent to the sharing.

Security of Your Personal Information

GSA are committed to ensuring that any information gathered from customers or suppliers is secure.   In order to prevent unauthorised access, disclosure accidental or unlawful destruction, loss or alteration, GSA have put in place a suitable physical, technical, administrative, electronic and managerial process to safeguard and secure the information GSA collect. We also contractually require that our suppliers protect such information from unauthorised access, use, and disclosure.

Retention of Personal Information

We will retain your personal information as needed to fulfill the purposes for which it was collected. We will retain and use your personal information as necessary to comply with our business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements.


Consent to Transfer, Processing and Storage of Personal Information

All company data including personal information is access controlled within audited Policy-Controlled systems and is backed up on a daily basis stored off site in an encrypted format.

GSA may share non-personal information with international customers and partners for procurement purposes.  In the event GSA shares any information internationally, GSA also does so with explicit consent. GSA ensures that all international customers or affiliates who do receive information protect the information with the same care and policies as GSA.  For purposes of this Privacy Policy, non-personal information combined with personal information is treated as Personal Information.

Geoff Smith Associates ltd Solution content

Solutions operated by GSA for customers operate on the basis that the customer is Data Controller. GSA are Data Processors.

All Subject Access Requests and content enquiries of solutions must be addressed to the Data Controller.

GSA solutions operate cookies solely for the purpose of session management and authentication.

Updates to this Privacy Statement

GSA may review the Privacy Policy and this related Privacy Statement a minimum of annually and changes will be made as and when needed.   It is advisable, therefore, that you review this document and the Policy periodically for any changes. Customers or suppliers will be notified of any updates as relevant.    These changes are effective immediately after publishing.

Version: 1.2

Last updated: 15/09/2023 


ISO9001 Quality Management System (Accreditation since: 2003 Certificate No 97492020)

ISO27001 Information Security Management System (Accreditation since: 2010 Certificate No 168202020)

ISO14001 Environmental Standard and Social Value (Accreditation since: 2014 Certificate No 216712020)

Cyber Essentials Plus Certificate: Cyber Essentials Accreditation since: 2014. Cyber Essentials Plus accreditation since 2017

NHS Data Security and Protection Toolkit (22/23 Standards Exceeded: Organisation code E5D0H)

GSA operate from a Police Assured Secure Facility (PASF)


GSA Solutions are available to purchase through a number of leading frameworks, including:

G-Cloud 13 – Crown Commercial Services

Digital Outcomes and Specialists (DOS 6) – Crown Commercial Services

Contact Us

5 Cartwright Court,
Cartwright Way,
Bardon Hill,
LE67 1UE

Telephone: 01455 299100

Privacy Statement

Cookie Policy

Terms and Conditions