Home / Privacy Policy
Legal

Privacy Policy

Last updated: 19 March 2026

This policy explains how Grey Rock Group Limited collects, uses, and protects any personal information you provide when using this website or contacting us.

1. Who We Are

Grey Rock Group Limited is registered in England and Wales (Company No. 16361772), with a registered address at Orchard House, Exeter EX5 1BR. We are the data controller for the personal data collected through this website.

You can contact us regarding this policy at: hello@greyrockgroup.co.uk

2. What Data We Collect

We only collect personal data that you voluntarily provide to us through the contact form on this website. This may include:

  • Your name
  • Your email address
  • Your company or project name
  • The reason for your enquiry
  • The content of your message

We do not use cookies, tracking pixels, analytics tools, or any other technology that collects data about your browsing behaviour. We do not collect data passively.

3. How We Use Your Data

We use the information you submit solely to respond to your enquiry. We do not use your data for marketing purposes, and we do not add you to any mailing list without your explicit consent.

4. Legal Basis for Processing

We process your data on the basis of legitimate interests — specifically, our legitimate interest in responding to genuine business enquiries submitted to us. Where you contact us with a view to entering into a contract, we may also process your data on the basis of pre-contractual necessity.

5. How We Store Your Data

Enquiry data submitted through the contact form is received by email and stored securely within our internal systems. We retain correspondence for as long as is necessary for the purpose for which it was collected, or as required by law. We do not store your data in any third-party CRM or marketing platform.

6. Sharing Your Data

We do not sell, rent, or share your personal data with third parties for marketing purposes. We may share data with trusted professional advisers (such as legal or financial advisers) where strictly necessary, and only under appropriate confidentiality obligations.

7. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — you may request a copy of the personal data we hold about you
  • Right to rectification — you may ask us to correct inaccurate data
  • Right to erasure — you may ask us to delete your data where there is no legitimate reason for us to continue processing it
  • Right to restrict processing — you may ask us to limit how we use your data
  • Right to object — you may object to processing based on legitimate interests
  • Right to data portability — you may request your data in a structured, machine-readable format

To exercise any of these rights, please contact us at hello@greyrockgroup.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

8. Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. Our website is served over HTTPS and form submissions are protected with CSRF tokens and server-side validation.

9. Changes to This Policy

We may update this policy from time to time. The date at the top of this page indicates when it was last revised. Continued use of this website after any changes constitutes acceptance of the updated policy.

10. Contact

If you have any questions about this privacy policy or how we handle your data, please contact us at hello@greyrockgroup.co.uk or write to us at Orchard House, Exeter EX5 1BR.