Privacy Notice

This Privacy Notice explains how Open International (company registration no. 5716519) and Open GI Limited (company registration no. 1519547) of Buckholt Drive, Warndon, Worcester, WR4 9SR (Open GI) use your personal information, which you provide to us. Open GI protects the personal information that you provide to us and is committed to complying with all relevant Data Protection Laws.

We are a data processor for the processing of our customers’ data, but we also act as a data controller in relation to information that we gather from job applicants and our own staff. 

We are established in the United Kingdom and registered with the UK Information Commissioners Office (ICO).

We comply with the UK Data Protection Act 2018 (which incorporates the UK-GDPR), the EU General Data Protection Regulation (GDPR), and any other relevant data privacy laws.

If you have any queries regarding this Privacy Notice, you should first contact our Data Protection Officer via email: If you do not receive a reply within two working days, please telephone us on UK +44 (0)1905 754455 and request to speak to our Data Protection Officer.

Visitors to our website

Customers and potential customers

Customers and potential customers may contact us through our website using the Contact Us forms or buttons. When you do this, we will ask you to provide your business contact details, such as your email address and telephone number. We will also ask you to consent to our using your information for the intended purpose. This information will then be passed either to our marketing or sales teams to contact you to assist you with your enquiry.

In the course of us assisting you with your enquiry, we may ask for your consent to use your details for further purposes, such as marketing. When we do this, you will be clearly advised, and your specific consent will be required before we can use your information for any follow-up purpose. By default, no consent is assumed. If you do opt in but change your mind at a later date, you may opt out at any point using the link provided in the material we send.

As part of our business onboarding processes and ongoing relationship management, we may ask you to complete forms and supply us with information about your business, including directors or partners information, contact details, email addresses, telephone numbers, etc. We will use this information to ensure that our internal records are up to date. The information may also be used for internal due diligence checks such as credit checks, sanctions checks, FCA authorisation checks, and other such business-related checks.

Direct marketing or sharing of relevant business news

We do not send marketing material to members of the public, or consumers (B to C). Our Marketing Team may send product relevant marketing material or product news to our business customers or potential business customers (B to B) under the lawful basis of our legitimate interests. In all cases, we provide you with a link to this privacy notice and a clear means of opting out from this material. Opting out of marketing material will not affect how we send you other important messages, such as maintenance or incident notices, as these are considered vital parts of our contractual relationship.

Job applicants

On our website you may apply for a position in our organisation – Visit our Careers page.

If you decide to do this, then you will be required to submit your personal details including previous employment experience and qualifications. This information is used for the specific purpose of assessing your suitability for a position in our business, and you will be required to consent to the use of your personal data for this purpose. If you do not consent to our processing of your data for this purpose, then our ability to consider your application may be limited. We will only ask for the minimal amount of data required to assess your suitability for a chosen role. We may retain your information for longer periods for matching against future roles, but only if you instruct us to do so.

Clients of our customers

As part of the service that we provide to our customers, we are required to process or store the personal data (which may contain criminal driving convictions data or driver related health information) of clients of our customers, e.g., policyholders. All this information is processed strictly in accordance with the instructions of our customers, whom are data controllers, and is stored securely on servers located within the United Kingdom. Open GI manages and supports its UK-based infrastructure and we do not subcontract this processing out (save for hosted infrastructure services). Please refer to our sub-processors section for further information.

Sharing your information

We will only share your information with parties that you have agreed we can share it with, or those detailed in our sub-processors section. There are, however, certain scenarios where we may have to share your data with other parties where this is required to comply with applicable laws and government or regulatory bodies’ lawful requests for information. Examples of these scenarios are:

  • For legal reasons, we may be required to share your data with law enforcement agencies, governments, etc. This may be as part of an investigation, or it may be as part of service such as fraud prevention.
  • Where your data may be required to protect against harm to the rights of property or person as permitted by law.
  • Where your data may be required to prevent or protect serious physical harm to an individual.
  • If Open GI is involved in an acquisition, a merger, sale of assets, or liquidation.

In order to provide the services that we offer as efficiently as possible, the Open GI Group may use third parties to perform certain functions and in doing so, they may process customer data or personal data under our instruction. In all cases, Open GI maintains full control of the data it is processing and has entered into a contract with each of the third parties to regulate their use of the data and to ensure compliance with all relevant legislation. Please see our List of Third Party Processors.

Security and Accreditations

Open GI works very hard to ensure the protection of your information against unauthorised access, alteration, destruction, disclosure, or use. To ensure the level of security your information deserves, Open GI will:

  • Ensure that any data that moves across an untrusted network (such as the Internet) will be encrypted using strong methods. Unfortunately, the transmission of information via the internet cannot be guaranteed due to the scale and nature of it. We will do our best to protect your personal data but cannot guarantee the security of your data whilst in transit to our site(s). Any transmission to us is at your own risk. Once we have received your information, we use appropriate procedures and security measures to protect it against unauthorised access or disclosure as reasonably as we can.
  • Ensure that all our staff who may come into contact with your data or the systems that process your data have sufficient knowledge and training to handle it in a confidential and secure manner.
  • Ensure that we have appropriate policies and procedures in place which instruct our staff on how to handle your data securely.
  • Ensuring that we minimise access to your information to only the minimal staff and systems that need it in order to perform the service we are offering you.
  • Any information that we receive from you will be stored depending on the service, but in all cases, it will be within the UK in secure data centres with multiple layers of technical and organisational controls.

As part of our service to you, we employ the services of professional ethical hackers to test our systems for vulnerabilities which allows us to better protect your information. These are professional qualified specialist companies with whom we have very strict contractual and non-disclosure agreements.

Open GI has regular independent external security controls assessments performed. This includes our Cyber Essentials Plus accreditation, which is continuously maintained. We can provide our certificate of accreditation to appropriate interested parties upon request. Please request via our Contact Us section of this website using the Data Protection address.

Open GI, in certain scenarios and for certain products, can be considered part of the overall payment chain solution for PCI-DSS. In such cases, Open GI has determined its applicability and, where relevant, been assessed against PCI-DSS SAQ-D (SP). Open GI assumes responsibility of the technical and organisational controls only within its technical and physical remit, and as such can provide attestation and evidence of relevant requirements upon request to appropriate interested parties. Please request via our Contact Us section of this website using the Data Protection address.

Use of cookies

We use cookies on this website. For more information about cookies and how we use them please read our Cookies policy section.

In line with privacy regulations, we will not drop non-essential cookies onto your system without your prior consent. Whilst acceptance of all cookies does help us to improve our website (and do not collect any personally identifiable information), you are not forced to accept these, and our website will function perfectly OK without doing so.

Please note that our website may log the IP address you are visiting from to help deliver appropriate content to you. This is server side and does not utilise a cookie.

Information we hold about you

You have the right to ask us for a copy of the personal information we hold on you via a “data subject access request”. You have the right to have any inaccuracies corrected or removed, or to instruct us to cease processing your data if no longer relevant, or if there are no other legal or contractual obligations for us to do so. There is no fee for this. However, subsequent copies of such information within an unreasonably short period may be chargeable.

To request a copy of the personal data that we hold about you, please contact our Group Data Protection Officer using one of the methods below:

By post: The Data Protection Officer, Open GI Limited, Buckholt Drive, Warndon, Worcester, WR4 9SR.

By email:

Please do not send us personal or sensitive data over and above the minimum requirements (such as your name and contact details) via fax or email without prior notification and agreement, or unless explicitly requested.

Please note that unless specifically instructed, your information will be sent using the same format as that of the request. i.e., if the request was received via email, the information will normally be sent back to you via secure email unless you explicitly request otherwise. Your information will be returned within one (1) month, and in a secure manner. No information will be released, and the clock will not start until your identity has been confirmed.

If the data you need sight of is specific, it would help us to respond quicker if you were to identify exactly what data or which area you are looking for. For example, all personal data we hold about you regarding your marketing preferences, or all data you have given us in relation to careers at Open GI.

Please be aware that some exceptions exist in data privacy laws. This means that some data may not be able to be shared with you. An example would be any data that identifies another individual apart from yourself. Other exceptions exist, such as management forecasting, information on legal proceedings, and several others. We will always engage with our internal and external legal teams to ensure the information we provide you (or inform you that we cannot provide) is fair and lawful. You can of course dispute what we provide and are within your rights to lodge a complaint with the Information Commissioner (The ICO) if you feel you have been treated unfairly or in an unlawful manner. However, we encourage you to discuss any concerns with us in the first instance as we will always work with you to ensure your rights are lawfully exercised. Please contact our DPO for this.

International transfers

All data we collect from you here, and subsequently process, will be done so within the United Kingdom. If it becomes necessary to process data outside the UK, we ensure that the third party that processes the data undertakes to provide at least an equivalent level of protection that we would provide to you, and we will make it clear to you that this will take place.

If you are sending us your data from outside of the UK, please first satisfy yourself that we have adequate security controls in place, and that you are sending your data to us in a secure manner. Please contact us first before sending if you are unsure. By default, we do not expect or request personal data belonging to non-UK residents.

The European Commission has granted the United Kingdom an adequacy decision allowing the free movement of personal data between the EU and the UK. Guidance or regulatory requirements, such as the IDTA, are in place for other geographical locations that may not have an approved adequacy decision.

Data retention

We hold your data only for as long as is necessary for specified or contractual purposes. This is governed by our Data Retention Policy.

Some of the information we collect via our website is submitted to us by electronic mail. Our policy states that we retain all emails for a 7-year period after which time they are automatically deleted.

If you choose to exercise your right to erasure (also known as the right to be forgotten), we will need to retain some basic information in a suppress list to avoid sending you unwanted material or correspondence at a later date. However, please be aware that the ‘right to be forgotten’ is not an absolute right, and circumstances may exist where we must lawfully retain this data, overriding your request. This will only be used where the law is clear, and we will always inform you where this is the case.

Cookies policy

A ‘cookie’ is a piece of information that gets stored on the device you are browsing from. They can record how you move around a website so that when you revisit it, it can present tailored options based on the information stored about your last visit. Cookies can also be used to analyse traffic and for advertising and marketing purposes. In most cases, cookies are not intrusive but are there to make the page work better either directly (such as essential cookies), or indirectly (such as performance (analytics) cookies to assist web designers in making the site easier to use).

Some cookies could be considered intrusive if they collect personal data or otherwise identify you as an individual and further use this data. Open GI do not use such cookies on this website.

At the highest level, cookies can be considered to be either:

Essential or Strictly Necessary: These cookies are essential for the proper operation of a website. Without these cookies, the website will not perform correctly. Consent is not required for essential cookies, although they should still be listed in a cookie notice. Please see the ‘Cookies we use‘ section for any cookies we consider to be essential.


Anything else that does not fall within the definition of essential cookies. Typically, these are used to analyse behaviour on a website, advertising, etc. These cookies require that the visitor actively consents to them being used and must not be ‘dropped’ onto your device without such consent. As a rule of thumb, if a website would still function adequately from the perspective of the end user without a certain cookie, then that cookie would not be considered as essential.

We are required to obtain your consent for all non-essential cookies used on our website. You can block all cookies (including essential cookies) at any time by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block essential cookies, you may not be able to access parts of our site because essential cookies are required to allow it to function correctly. The method of blocking cookies differs from browser to browser, so you are advised to determine the method appropriate to your device and/or browser. We cannot offer assistance or advice for this.

Cookie persistence can be either: 

  • Session or non-persistent cookies: these are only stored on your device during your web session and are automatically deleted when you close your browser – they usually store an anonymous session ID allowing you to browse a website without having to log in to each page, or to maintain your session information across multiple browser tabs.
  • Persistent cookies: a persistent cookie is stored as a file on your computer, and it remains there when you close your web browser until it expires (see table below). The cookie can be read by the website that created it when you visit that website again to set certain parameters.

Cookies can also be categorised as follows: 

• Performance cookies: These cookies enable us to monitor and improve the performance of our website. For example, they allow us to count visits, identify traffic sources and see which parts of the site are most popular (or the least popular). These are non-essential cookies.
• Essential cookies: These are cookies that ensure the proper functioning of the website (e.g., cookies for login or registration, language preferences, contact forms). Essential cookies would be considered as essential for the website to function correctly and as such would not require consent.
• Targeting/advertising cookies: These cookies can target audiences based on their browsing behaviour to deliver marketing material more relevant to you. These are non-essential cookies.
• Social media advertising and remarketing cookies: The LinkedIn Insight Tag and Facebook Pixel allows us to perform campaign reporting and view insights about website visitors that may come via the campaigns we run on LinkedIn or Facebook. It allows user behaviour to be tracked after they have been redirected to our website via a post or advert. With remarketing, you may see our adverts on LinkedIn or Facebook after you have visited our site. For this to happen, the Facebook Pixel and LinkedIn Insight Tag are activated when a visitor lands on a webpage, and a unique cookie is placed in their browser. Lookalike audience targeting allows us to show adverts on Facebook and LinkedIn to people who are similar to those who have already visited our website. These are non-essential cookies.

• Facebook opt out:
• Facebook privacy policy:
• LinkedIn opt out:
• LinkedIn privacy policy:

Cookies we use

Cookie Name Description Expires After



Google Analytics (non-essential performance cookies). These cookies are used to collect information about how visitors use our website.
We use the information to compile reports and to help us improve the website.
The cookies collect information in an anonymous form (no personal data), including the number of visitors to the website, where visitors have come to the website from, and the pages they visited on this site.
2 years

24 hours

10 minutes

1 minute
_fbp Facebook Pixel (non-essential performance cookie). Helps to store and track visits across websites. When the Facebook pixel is installed on a website, and the pixel uses first-party cookies, the pixel automatically saves a unique identifier to an _fbp cookie for the website domain if one does not already exist. 3 months
bcookie LinkedIn (targeted/advertising cookie). Browser identifier cookie to uniquely identify devices accessing LinkedIn to detect abuse on the platform. 2 years
lang LinkedIn (targeted/advertising cookie). Used to remember a user’s language setting to ensure displays in the language selected by the user in their settings. End of session
li_gc LinkedIn (targeted/advertising cookie). Used to store consent of guests regarding the use of cookies for non-essential purposes. 2 years
lidc LinkedIn (targeted/advertising cookie). This cookie allows visitors to ‘share’ content from our site to LinkedIn. 24 hours
UserMatchHistory LinkedIn (targeted/advertising cookie). This cookie is set by LinkedIn to record advertisement analytics. 1 month
AnalyticsSyncHistory LinkedIn (targeted/advertising cookie). Used to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries 1 month
quform_session Essential session only cookie. This is for the contact forms on our website and are used to maintain sessions between page changes. No personal information or data is stored. The ‘Contact Us’ form functionality will not work without this cookie. We therefore consider this to be an essential cookie. End of session

You can alter your cookie consent preferences at any time by clicking on the cookie icon in the bottom left corner of our website and adjusting the sliders to ‘off’ followed by ‘close’ in the slide out blade. Please refresh your page to ensure that the new settings have taken effect. Note that this cookie policy is also linked to in this blade.

You can also control your cookie settings through your web browser. Methods vary from browser to browser and/or device to device.

You can opt out of being tracked by Google Analytics across all websites, by going to Alternatively, some web browsers may have plug-ins that enable analytical cookies to be blocked. 

We periodically check the effectiveness of our Cookie controls to ensure that all settings perform correctly and that only essential cookies are stored on your device should you only accept these.

If you have any questions about the cookies that we use or this cookie policy, feel free to email us at

Our website may have links to other websites. This Privacy Notice only applies to Open GI’s website. You should therefore read the privacy policies of the other websites when you are using those sites. Open GI is not responsible for the privacy notices of other parties’ websites.


We may make changes to our privacy notice in the future. Any updates or changes will be posted on this page and will be reflected in the version date. We do not send out individual notifications that this privacy notice has been amended.

Page last updated: September 2023