GiM Operations Ltd Request Brief

UK data policy

Plain-English data policy for GiM Operations Ltd.

This page explains how GiM Operations Ltd intends to handle personal data, venue-side operational data, pilot enquiries, and aggregate supplier signals in a UK context.

Last updated: 12 May 2026

1. Who this policy covers

This policy applies to GiM Operations Limited, company number SC875507, and the GiM Operations website, free venue tools, pilot enquiries, and partner conversations.

For data protection questions or rights requests, contact GiM Operations using the email link below.

Email me

2. What GiM may collect

Depending on how you engage with GiM Operations, the company may collect:

  • Business contact details such as name, organisation, role, and email address.
  • Messages submitted through the website or sent directly by email.
  • Pilot participation details, such as venue name, operating context, tool setup requirements, and agreed pilot notes.
  • Website technical data such as basic server logs, browser type, approximate device information, and pages requested.
  • MiX usage signals where a venue has agreed to participate, such as lookup events, selected specs, category searches, and timing patterns.

GiM does not need customer personal data, payment card data, CCTV, or individual staff profiling for the MiX supplier signal hypothesis.

3. Why GiM uses data

GiM Operations may use data to:

  • Respond to supplier, venue, partner, investor, or advisor enquiries.
  • Set up and support free venue tools such as MiX.
  • Run small pilots and understand whether the tools are useful in real operations.
  • Create anonymised aggregate signal reports for supplier-side observers where the venue-side basis and scope have been defined.
  • Improve reliability, security, accessibility, and usability of the website and tools.
  • Keep business records where needed for company administration or legal obligations.

4. Lawful basis under UK data protection law

GiM Operations is intended to operate under the UK data protection regime, including the UK GDPR and Data Protection Act 2018. Depending on context, the lawful basis may include:

  • Legitimate interests: responding to business enquiries, developing venue-first tools, understanding pilot performance, and protecting systems.
  • Contract or steps before contract: where GiM is discussing or providing a tool, pilot, supplier brief, or partner arrangement.
  • Consent: where a venue or contact has specifically agreed to a defined pilot, optional communication, or optional data use.
  • Legal obligation: where company, tax, accounting, or legal record-keeping requires information to be retained.

If a new use would materially change the purpose or risk, GiM should define that use before collecting more data.

5. Aggregate supplier signals

The Independent Bar Signal Project is intended to test whether staff lookup behaviour from free venue tools can become useful pre-order signal intelligence for suppliers.

Supplier-side reporting is intended to use aggregate patterns rather than customer-level data, payment data, CCTV, or individual staff performance scoring. Example signal reports should be clearly marked as illustrative, pilot-stage, or aggregate where relevant.

6. Sharing and processors

GiM Operations may use trusted service providers for hosting, email, analytics, development, security, or form handling. These providers should only process data for defined operational purposes.

GiM does not intend to sell raw venue data, customer data, payment data, or individual staff profiles. Supplier-side outputs should be aggregate reports or defined pilot deliverables.

7. Retention

GiM should keep data only for as long as it is needed for the purpose it was collected for, unless a longer period is required for legal, accounting, or dispute reasons.

  • General enquiries: normally reviewed and deleted when no longer useful.
  • Pilot records: retained for the pilot and reasonable follow-up period.
  • Aggregate signal reports: retained as business records where they do not identify individuals.
  • Data not needed for a defined signal: should be discarded under The Void principle.

8. Your UK data rights

Under UK data protection law, individuals may have rights to be informed, access their data, correct inaccurate data, request deletion in certain circumstances, restrict processing, object to some processing, and request portability where it applies.

To raise a data question or rights request, use the contact link above. You also have the right to complain to the UK Information Commissioner's Office.

Complain to the ICO

9. Cookies and analytics

The current static website is not designed around advertising cookies or behavioural ad tracking. If analytics, form handling, or third-party embeds are added later, this page and any cookie notice should be updated before launch.

10. The Void

The Void is GiM's discard-first design principle: if a signal does not need the data, the system should not keep it.

This principle is intended to reduce operational risk, protect venue trust, and keep the supplier signal layer focused on aggregate insight rather than unnecessary data capture.