Skip to content

Cookies

Our website uses cookies to improve your experience. By using the website you agree to our use of cookies. Read more

Effective Date: 16 September 2025

1. Introduction

Girling & Company Software Ltd and Eikos Software Systems Ltd (collectively referred to as "we", "us", or "our") are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you interact with our website (https://www.gmvi.co.uk) use and our SaaS Applications, Eikos and Empirica ("Services") and communicate with us in relation to our services.

We act as both a Data Controller (for our website and SaaS Applications usage data) and a Data Processor (for personal data input into our SaaS Applications).

2. Information We Collect

We may collect and process the following categories of personal data:

  • Personal Information: name, company name, job title, email address, phone number.
  • Usage Data: information about how you use our Services, including IP address, browser type, device information, pages visited, and interactions.
  • Cookies and Tracking Data: collected via cookies or similar technologies

3. How We Use Your Personal Information

We use the personal data we collect to:

  • Provide, maintain, and support our Services.
  • Improve and enhance the user experience.
  • Diagnose and resolve technical issues.
  • Communicate with you, including support responses and service updates.
  • Fulfill contractual obligations with our customers.
  • Comply with legal obligations.

4. Legal Basis for Processing

We process your data based on one or more of the following legal grounds:

  • Contractual necessity (e.g., delivering our Services).
  • Legitimate interests (e.g., service improvement, usage analytics).
  • Legal obligations (e.g., compliance with applicable laws).
  • Consent (e.g., for optional communications or cookies, where required).

5. Use of Google Analytics

We use Google Analytics, a service provided by Google LLC, to collect information about the use of our website and SaaS Applications (Eikos and Empirica). This helps us analyse engagement, improve performance, and understand usage patterns.

Google Analytics collects:

  • Device and browser information
  • Referring URLs and navigation paths
  • Pages visited and time spent
  • Anonymised IP addresses

We have configured Google Analytics to anonymise IP addresses and disable advertising and remarketing features. No personally identifiable information (such as names or email addresses) is shared with Google.

Data may be processed on servers located outside your jurisdiction, including the United States. We rely on appropriate safeguards (such as Standard Contractual Clauses) for such transfers.

Opt-Out Options:

You can opt out using Google’s browser add-on: https://tools.google.com/dlpage/gaoptout.

6. Use of AI Features (Azure OpenAI)

Certain SaaS Application features (e.g., text generation, summarisation) are powered by Microsoft’s Azure OpenAI Service (“Azure OpenAI”). When enabled these features allow the content you submit (such as prompts) to be processed by AzureOpenAI to provide a response which you can retain within the SaaS Application. .

  • Scope & data: When you use AI features, your inputs and the generated outputs are processed to provide the feature, along with minimal technical metadata.
  • Roles: For customer content in Eikos, your organisation is the Controller and we are the Processor; and Microsoft acts as our sub-processor only for these AI features.
  • Sharing & location: By default, we use Azure OpenAI’s Global deployment type. This means prompts and responses may be processed in any Azure geography where the relevant model is hosted. Data that is stored at rest for Azure OpenAI features (e.g., files you upload for stateful features, fine-tuning datasets) remains in our customer-designated Azure geography; the deployment type primarily affects location of processing, not storage.
  • Retention & safety: We do not add extra retention for AI content beyond your service configuration. Microsoft operates safety/abuse-monitoring systems per its product terms;
    (prompts and outputs are not used to train Microsoft’s models).
  • Cookies: Azure OpenAI does not place cookies in your browser; no new third-party advertising cookies are introduced.

Customers may enable / disable AI features for the SaaS Application at instance level on request. See Microsoft’s Azure OpenAI data privacy documentation.

7. Sharing of Personal Data

The only parties who we may share data with are;

  • Service providers and subprocessors who support our hosting, analytics, or support operations (e.g., Microsoft Azure, Google).
  • Legal authorities, where required by law or to enforce our agreements.
  • All third-party providers are subject to data processing agreements and appropriate security measures.

8. Data Retention

We retain personal data for as long as is necessary to fulfill the purposes for which it was collected, including compliance with legal, regulatory, or contractual obligations. Data stored in our SaaS Applications is handled in accordance with customer instructions, license agreements and any applicable laws.

9. Data Security

We implement, manage and operate appropriate technical and organisational security measures to protect your data, including encryption and access controls which are subject to regular security assessments.

We encourage all customers to implement information security best practices when using our SaaS Applications.

10. Your Rights

Under data protection laws (e.g., GDPR, UK GDPR, CCPA), you may have rights including:

  • Right to access your data
  • Right to correct or update your data
  • Right to request deletion ("right to be forgotten")
  • Right to restrict or object to processing
  • Right to data portability
  • Right to withdraw consent (where applicable)

To exercise your rights, contact us at info@gmvi.co.uk. In most cases, if you are using our SaaS Applications through your employer, your employer is the Data Controller, and we will direct your request to them.

11. Cookies and Similar Technologies

Our website and SaaS Applications use cookies to:

  • Enable site functionality (e.g., login sessions)
  • Analyse usage via Google Analytics
  • Remember user preferences

You can manage cookies via your browser settings or using consent tools where provided. For more information, see our Cookie Policy.

12. Third-Party Links

Should our website or SaaS Applications contain links to external websites or embedded third-party services, we are not responsible for the privacy practices of these third parties and we encourage you to review their privacy policies independently.

13. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with the “Effective Date” updated and you are responsible for reading it. Continued use of our Services after an update constitutes acceptance of the revised policy.

14. Contact Us

If you have any questions or concerns about this Privacy Policy or how we process your data, you may contact us at info@gmvi.co.uk.