skip to Main Content

HighGround GDPR Statement


The purpose of this page is to explain, in broad terms, how the data protection laws of the EU and UK apply to our operations. In particular, the page explains how these laws affect our handling of the personal data of:

  • our users; and
  • the personnel of our customers and prospective customers.


The EU’s General Data Protection Regulations (“EU GDPR“) regulates the collection, storage, processing and transfer of personal data – that is, any data that relates to an identified or identifiable natural person. For example, personal names and addresses are personal data; email addresses may also be personal data.

As a result of Brexit, the UK now has a separate set of laws governing the handling of personal data (“UK GDPR“).

With respect to any particular processing activity, then depending upon the location of the individuals concerned and the location of our processing activities, we may be subject to the EU GDPR or the UK GDPR or both.

Are we a controller or processor?

Both the EU GDPR and the UK GDPR distinguish between controllers of personal data and processors of personal data. Controllers are the persons or entities responsible for determining the purposes and means of the processing of personal data; whereas processors act only on behalf of controllers in relation to their processing of personal data.

Controllers and processors have different obligations and responsibilities under the GDPRs.

We sometimes act as a controller for personal data, while in other cases we act as a processor. We have outlined the different cases in the table below.

Acting as controller Acting as processor
  • Personal data stored in our marketing databases or otherwise used for our marketing purposes.
  • Personal data stored in our customer relationship management system or used for managing customer relationships.
  • Personal data in or relating to communications that we send and receive.
  • Transaction-related personal data.
  • Personal data included in analytics data relating to the use of our systems and services.
  • The names, contact information and other information of users of customer systems that are monitored by means of HighGround
  • The names, contact information and other information of users of the HighGround service.

Applicable documents

Where we act as a controller of personal data, we have an obligation to provide to data subjects information about our activities. To help fulfil this obligation, we have published a detailed privacy and cookies policy, which you can see here:

Privacy and cookies policy

On the other hand, where we act as a processor of personal data, our specific obligations under the GDPR are owed primarily to the relevant controller. In this case, the privacy and cookies policy does not apply. Instead, our processing is regulated by a set of contractual obligations contained in the contract between us and the controller.

Terms & Conditions

Using your data

You can find in our privacy policy information about the ways in which we may use personal data.

Where we act as a processor, however, then we follow the instructions of the relevant controller. Formally, then, you should consult the privacy notice or policy of that organisation in order to establish how we might use relevant personal data. In practice, we typically only use this type for personal data for the purpose of providing our services to the relevant controller.

Security of personal data

Whether we are acting as a controller or processor of personal data, we have obligations under the UK GDPR and/or EU GDPR to keep data securely.

Any questions?

If you have any questions about the contents of this page, please do get in touch:

Back To Top