Privacy

1 WHO ARE WE?

We are White Griffin Ltd, a company registered in England and Wales with company number 10411839 and its registered address at Appledram Barns, Birdham Road, Chichester, West Sussex, United Kingdom, PO20 7EQ (“White Griffin”, “we” or “us”). Our correspondence address is hello@whitegriffin.co.uk

We operate the website at www.whitegriffin.co.uk and www.whitegriffin.com (“Site”).

White Griffin Limited is the data controller for the purposes of the UK Data Protection Act 2018 and is responsible for your personal data.

2 WHAT IS THIS PRIVACY POLICY FOR?

White Griffin respects your privacy and is committed to protecting your personal data.

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

This privacy policy explains how we will process any personal data that we collect from you, or that you provide to us, for example when you visit our Site (regardless of where you visit it from), if you receive services from us, contact us about receiving services from us or if you register to receive marketing from us.

This privacy policy will also tell you about your privacy rights and how the law protects you (in accordance with the Data Protection Act 2018 and the General Data Protection Regulation (EU) 2016/679 – which remains applicable despite the UK leaving the EU).

The Site is not intended to be used by children and we do not knowingly collect data relating to children.

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements our other policies and is not intended to override them.

3 WHAT PERSONAL DATA MAY WE COLLECT?

We may collect, use, store and transfer different kinds of personal data about you when you contact us, receive services from us and when you access the Site.

We may collect and process the following categories of information about you:

  • Identity Data: such as your first name, maiden name, last name or username.
  • Contact Data: such as your address, email address and telephone number(s).
  • Technical Data: such as internet protocol (IP) address, the type of mobile, tablet or computer (‘Device’) you use, browser type and version, time zone setting and location, browser plug-in types and versions, Internet Service Provider, mobile operating system and platform, mobile number, mobile network information, a unique device identifier (for example, your Device’s IMEI number) and other technology on the Devices you use to access the Site.
  • Profile Data: such as services purchased by you, your interests, preferences, feedback and survey responses.
  • Usage Data: such as information about how you use the Site, page views and the length of your visit.
  • Marketing and Communications Data: such as your preferences in receiving marketing from us and your communication preferences.

We do not collect any Special Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

We, or our third-party suppliers, such as the company which hosts our Site, may also collect, use and share Aggregated Data such as statistical data, demographic data, page view and conversion data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we or they may aggregate your Usage Data to calculate the percentage of users accessing a specific Site feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

4 HOW IS YOUR PERSONAL DATA COLLECTED?

We use different methods to collect data from and about you, including through:

  • Direct interactions. You may give us your Identity, Contact, and Profile Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
    • enquire about or purchase our services;
    • request marketing to be sent to you;
    • report a problem to us;
    • enter a survey; or
    • give us feedback
  • Automated technologies or interactions. As you interact with the Site, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
  • Third parties or publicly available sources. We will receive Technical Data from analytics providers such as Google.
5 COOKIES

Our Site uses cookies to distinguish you from other users. This is to provide you with a good user experience when you browse the Site and allows us to improve its features. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Site may become inaccessible or not function properly.

6 HOW WE USE YOUR PERSONAL DATA

We will use your personal data for the following purposes:

  • to provide services to you;
  • to acknowledge, confirm or send receipts for any services you purchase from us;
  • to deal with enquiries, complaints and feedback from you and our service providers;
  • to manage, improve and administer the Site;
  • for our internal business and technical operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes and as part of our efforts to keep our Site secure;
  • to enforce or apply our Terms and Conditions for the Supply of Services, our Terms of Use, any other agreements we have in force with you or to investigate potential breaches of them;
  • to our data analysis service provider, Google Analytics. Google uses data collected from the Site to track and examine the use of the Site, to prepare reports on its activities and may share them with other Google services. If you enable ‘Do Not Track’ in your web browser, the application of Google Analytics can be reduced;
  • to notify you of changes to the Site or to our services; or
  • if you have consented, to send you newsletters, surveys and other communications. If you complete a survey for us, we may process the information you choose to submit in response.
7 OPTING OUT

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.

8 DISCLOSURES OF YOUR PERSONAL DATA

We may share your personal data in accordance with this policy with the following third parties:

  • selected third parties who act on our behalf to support our operations, for example our IT suppliers, payment service providers, website service providers, communications tools providers, CRM providers;
  • an acquirer if we, or substantially all of our assets, are acquired;
  • a prospective seller or buyer if we sell or buy any assets;
  • law enforcement or regulatory agencies if we are under a legal or regulatory obligation to do so; and
  • other companies and organisations for the purposes of fraud protection and credit risk reduction, or to protect the rights, property, or safety of White Griffin, our customers, suppliers, contractors or others.
9 WHERE YOUR PERSONAL DATA IS PROCESSED

We use third party suppliers to host our Site, and their servers are located in the USA. As a result, our processing of your data may involve a transfer of data to the USA.

Other of our suppliers, or staff working for them, may also operate in the USA, or in other countries outside of the EEA. These staff may for example be engaged in the fulfilment of your request or the processing of your payments or provide IT support services to us.

Please note that the USA and certain other countries outside the EEA do not provide the same legal standards for protection of your personal data that you have in the United Kingdom or EEA.

10 DATA SECURITY

We have put in place appropriate security measures to prevent your personal data being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

All information you provide to us is stored on secure servers. However, the transmission of information over the internet or public communications networks can never be completely secure and we cannot 100% guarantee the security of data that you provide to us online.

If you believe your personal data has been breached, please contact us immediately at hello@whitegriffin.co.uk

11 MARKETING EMAILS

We will inform you before collecting your data if we intend to use your data for marketing purposes or if we intend to disclose your information to any third party for marketing purposes. You have the right to withdraw consent to marketing at any time by contacting us hello@whitegriffin.co.uk

12 LINKS TO THIRD PARTY WEBSITES

The Site may contain links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control third-party websites and are not responsible for their privacy practices. These websites and any services accessible through them will have their own privacy policies. We encourage you to read those policies. We do not accept any responsibility for the actions of those third parties.

13 WHAT ARE YOUR LEGAL RIGHTS?

You have the following rights (subject to applicable local laws) in relation to the personal data that we hold about you:

  • to access your personal data, and some related data (your right of access), commonly known as a “data subject access request”. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • to require any inaccurate personal data that we hold about you to be corrected or deleted (your right to rectification). We may need to verify the accuracy of any new data you provide to us.
  • in certain circumstances to require us to delete your personal data (your right to erasure). This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
  • to object to our use of your personal data (your right to object to processing). You may object to our processing your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
  • in certain circumstances to require us to restrict or block the processing of your personal data (your right to restriction of processing); This enables you to ask us to suspend the processing of your personal data in the following scenarios:
    • If you want us to establish the data’s accuracy.
    • Where our use of the data is unlawful but you do not want us to erase it.
    • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
    • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • to obtain your personal data from us, in a structured, commonly used and machine-readable format in certain circumstances (your right to data portability). We will provide you, or a third party you have chosen with your personal data in a structured, commonly used, machine-readable format.
  • to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
14 HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.

In some circumstances you can ask us to delete your data: see section 13 above for further information.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

15 CHANGES TO THIS PRIVACY POLICY AND TO YOUR PERSONAL DATA

We keep our privacy policy under regular review. Any changes we may make to our Privacy Policy in the future will be posted on this page. Please check back frequently to see any updates. If we make any material changes, we will notify you either by email or when you next visit the Site. Please contact us if your personal data changes during your relationship with us.

16 CONTACT

Questions, comments or requests regarding this Privacy Policy should be addressed to hello@whitegriffin.co.uk

17 COMPLAINTS

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Ready to start your journey?
Get in touch today.

Contact us