We do not rely on "Do Not Track" requests. We rely on industry-leading offline security and strict data custody policies. This page explains how your data is collected, processed, and protected.
GiM Operations Ltd (SC875507) does not collect data for its own purposes. We act as a Data Processor under UK GDPR (Art. 28), processing data strictly at the instruction of licensed institutional partners.
Our Authorized Data Controllers include FCA-regulated insurers, financial institutions, energy bodies, and government agencies. Each Controller maintains its own legal basis for collection — whether Legitimate Interest, Regulatory Mandate, or contractual obligation.
Every venue in our network consents to specific data streams in advance via commercial contract. The streams collected are determined by the commissioning Controller and agreed with the venue operator before any hardware is installed.
Data is collected at the direction of our Authorized Data Controllers on consenting partner venues. Our architecture ensures PII is destroyed at the source.
All optical telemetry — commissioned by insurers and manufacturers — is processed locally on the Edge Node. Advanced anonymization techniques are applied locally before transmission. The cloud never sees a face; it only sees a movement vector.
Transactional logs — commissioned by financial institutions — are stripped of customer names. Credit card numbers are tokenized (PCI-DSS Level 1). We track the spend, not the spender.
Sensitive liability evidence is not stored on public cloud servers. It is routed to secure, UK-based offline storage facilities, physically disconnected from the public internet until a legal warrant is presented.
Data residence matters. Your data is not stored in a server farm in Virginia or Frankfurt, subject to the US CLOUD Act or EU surveillance.
Governing Law: Scotland (UK)
Physical Location: The Scottish Borders
Chain of Custody: Owned and operated by GiM Operations Ltd. No third-party sub-processors for Tier-1 data. All processing governed by binding Data Processing Agreements (DPAs).
Under UK GDPR and the Data Protection Act 2018, you have the right to access, rectify, erase, or port your data. To exercise any of these rights, contact our Data Protection Officer directly.
Request a machine-readable copy of all data associated with your venue.
Request complete deletion of your data from all GiM systems and storage nodes.
Request an access ledger showing exactly who queried your data and when.
For any data-related enquiry, complaint, or rights request, contact our registered Data Protection Officer.
privacy@gimindex.com
GiM Operations Ltd
Edinburgh, Scotland
Company No. SC875507
Registered with the ICO