1. Introduction

Welcome to www.stourcroft.com (“we”, “our”, or “the Website”). We are committed to protecting your personal information and your right to privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, and protect your information when you visit our website and use our contact form. By using our website, you agree to the collection and use of information as described in this policy.

2. Data Controller Information

The data controller responsible for your personal information is:

3. Information We Collect

We collect minimal personal information, only when you voluntarily provide it through our contact form. This may include:

• Name: To address you appropriately in our response
• Email address: To respond to your enquiry
• Phone number: If provided, to contact you regarding your enquiry
• Message content: The details of your enquiry or message

We do not use cookies for tracking purposes, and we do not collect any automated information about your visit to our website.

4. Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

• Legitimate interests (Article 6(1)(f)): We have a legitimate interest in responding to enquiries submitted through our contact form and maintaining business communications.
• Consent (Article 6(1)(a)): By submitting the contact form, you consent to us processing your information to respond to your enquiry.

5. How We Use Your Information

We use the information collected through our contact form solely for the following purposes:

• To respond to your enquiries, questions, or requests
• To provide information about our services if requested
• To maintain records of correspondence for quality and training purposes
• To comply with legal obligations

6. Data Retention

We retain personal information collected through our contact form for no longer than necessary. Specifically:

• Contact form submissions: We retain these for up to 2 years from the date of submission, unless we need to keep them longer for legal reasons
• Email correspondence: We may retain email exchanges for up to 2 years for reference purposes

After this period, we will securely delete or anonymise your personal information.

7. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following limited circumstances:

• Service providers: We may share information with trusted third-party service providers who assist us in operating our website or responding to enquiries (such as email service providers)
• Legal requirements: We may disclose information if required by law, court order, or other governmental or law enforcement authority
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction

8. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Secure transmission of data using SSL/TLS encryption
• Regular security assessments of our systems
• Limited access to personal information on a need-to-know basis
• Regular training of staff on data protection obligations

However, please note that no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. International Data Transfers

We primarily store and process your data within the United Kingdom. If we need to transfer your personal data outside the UK, we will ensure appropriate safeguards are in place in accordance with UK GDPR requirements, such as:

• Transfers to countries with an adequacy decision
• Use of Standard Contractual Clauses approved by the UK Information Commissioner’s Office (ICO)

10. Your Rights Under UK GDPR

Under UK GDPR, you have the following rights regarding your personal information:

• Right to access: You can request a copy of the personal information we hold about you
• Right to rectification: You can request that we correct any inaccurate or incomplete information
• Right to erasure (‘right to be forgotten’): You can request that we delete your personal information in certain circumstances
• Right to restriction of processing: You can request that we limit how we use your information
• Right to data portability: You can request to receive your information in a structured, commonly used format
• Right to object: You can object to our processing of your personal information
• Right to withdraw consent: Where we rely on consent, you can withdraw it at any time

To exercise any of these rights, please contact us using the details provided in Section 2. We will respond to your request within one month, as required by UK GDPR.

11. Children’s Privacy

Our website is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately so we can delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will post any changes on this page with an updated “Last updated” date. We encourage you to review this Privacy Policy periodically.

13. Complaints

If you have any concerns about how we handle your personal information, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

However, we would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.

14. Contact Us

If you have any questions about this Privacy Policy or our data protection practices, please contact us.