Privacy Policy.

This Privacy Notice explains how and why Gryff Mason Ltd ("we", "us", or "our") collects, uses, and shares your personal information when you visit our website at www.gryffmason.com or interact with us in connection with our services. It is intended to help you understand what personal information we collect, how we use it, and what rights you have under applicable data protection laws.

We are the data controller responsible for your personal information. This Privacy Notice applies to your use of our website and services. If you have any questions, please refer to the Contact Us section below.

Personal Information we Collect

We collect personal information that you provide to us when you make an enquiry, sign up for our services, or work with us on a project. The specific information we collect depends on how you interact with us and may include:

Contact details
Such as your name, phone number, and email address.

Professional details
Such as your job title and company name.

Service-related information
Including:

• Experience with other providers
• Product or service requirements
• Regulatory or compliance needs
• Benefit-related information
• Information shared during consultations or discovery sessions
  

Project-related data
Such as documentation, submissions, or supporting materials provided to us during the course of delivering our services.

We do not intentionally collect or process special category data (such as information relating to health, race, religion, or political beliefs).

Information Automatically Collected

When you visit our website, certain personal information may be collected automatically. This helps us understand how the site is used, improve performance, and support marketing and customer engagement activities.

This information may be collected and processed by:

• Hosting and infrastructure providers
• Customer relationship and marketing platforms
• Analytics providers

In addition, our website may use third-party font delivery services. When your browser loads these fonts, limited technical data may be shared with those providers.

Where required by law, we will request your consent before placing non-essential cookies or tracking technologies on your device. You can manage your preferences through our cookie banner or your browser settings.

How we Use Your Personal Information

We process your personal information to operate our website, deliver our services, meet our legal obligations, and support legitimate business functions.

We may use your personal information for the following purposes:

• To respond to your enquiries and follow up on your requests
• To provide and deliver our services, including client onboarding and project communication
• To communicate with you regarding services, updates, or support
• To send marketing communications where you have opted in, with the option to unsubscribe at any time
• To improve our website, services, and user experience
• To comply with legal and regulatory obligations
• To ensure security and prevent fraud or misuse

Legal Basis For Processing Personal Data

We only process your personal information where we have a valid legal basis to do so under applicable data protection laws, including the UK GDPR.

These legal bases may include:

• Consent: Where you have given us clear permission to process your personal information for a specific purpose, such as receiving marketing communications. You may withdraw your consent at any time
• Contractual necessity: Where processing is necessary to enter into or perform a contract with you.‍
• Legal obligations: Where we are required to process your personal information to comply with the law.‍
• Legitimate interests: Where processing is reasonably necessary for our legitimate business interests, such as improving our services, securing our systems, or communicating with you. We will only rely on legitimate interests where we have considered the impact on your rights and are satisfied that our interests are not overridden.‍
• Vital interests: In limited circumstances, where processing is necessary to protect someone’s life or safety.

How We Share Your Personal Information

We only share your personal information where necessary and with appropriate safeguards in place.

Third-party service providers

We may share personal information with trusted third parties who support our operations or help deliver our services. 

These may include:

• Hosting and infrastructure providers
• Analytics and marketing platforms
• CRM and customer engagement tools
• External consultants, specialists, or professional advisers

Business transfers

We may share or transfer your personal information in connection with a business transaction such as a merger, acquisition, or sale of assets.

International transfers

Some of the third-party providers we use are located outside the United Kingdom. Where personal information is transferred outside the UK, we ensure that appropriate safeguards are in place, such as standard contractual clauses or reliance on adequacy regulations where applicable.

We only work with providers that implement appropriate data protection standards consistent with applicable laws.

How Long We Keep Your Personal Information

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this Privacy Notice, unless a longer retention period is required by law. When we no longer need your information, we will delete or anonymise it. Where immediate deletion is not possible, we will securely store and isolate it until deletion can take place.

How We Protect Your Personal Information

We take appropriate technical and organisational measures to protect your personal information from unauthorised access, loss, misuse, or alteration. While we take reasonable steps to protect your data, no method of transmission over the internet or method of electronic storage is completely secure.

Your Rights Under Data Protection Laws

If you are located in the United Kingdom, European Economic Area, or Switzerland, you have rights under applicable data protection laws, including the right to:

• Access your personal information
• Request correction or deletion
• Restrict or object to processing
• Request data portability
• Object to direct marketing
• Not be subject to certain automated decision-making

If we rely on your consent, you have the right to withdraw it at any time, you may exercise your rights by contacting us using the details below, and if you are based in the United Kingdom, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

Marketing communications

You can unsubscribe from marketing communications at any time by using the unsubscribe link in our emails or by contacting us directly. Please note that we may still send you non-marketing communications relating to our services or your account.

Cookies and Tracking Technologies

Our Site uses cookies and similar technologies. For more information, please refer to our Cookie Policy.

Changes To This Privacy Notice

We may update this Privacy Notice from time to time. When we do, we will update the "Last Updated" date above. We recommend reviewing this page periodically.

Contact Us

If you have any questions about this Privacy Notice or how we handle your personal information, you can contact us at hello@gryffmason.com.