Privacy Policy.

Last updated May 2025

Introduction

This Privacy Notice explains how and why Gryff Mason Ltd ("we", "us", or "our") collects, uses, and shares your personal information when you visit our website at www.gryffmason.com or interact with us in connection with our services.

It is intended to help you understand what personal information we collect, how we use it, and what rights you have under applicable data protection laws.

We are responsible for determining how your personal information is processed. By using our website or services, you agree to the terms of this Privacy Notice. If you have any questions, please refer to the Contact Us section below.

Personal Information we Collect

We collect personal information that you provide to us when you make an inquiry, sign up for our services, or work with us on a project. The specific information we collect depends on how you interact with us and may include:

Contact details
Such as your name, phone number, and email address.

Professional details
Such as your job title and company name.

Service-related information
Including:

  • Experience with other providers
  • Product or service requirements
  • Regulatory or compliance needs
  • Benefit-related information
  • Information shared during consultations or discovery sessions

Project-related data
Such as documentation, submissions, or supporting materials provided to us during the course of delivering our services.

We do not collect or process sensitive personal information, such as data relating to health, race, religion, or political beliefs.

Information Automatically Collected

When you visit our website, certain personal information may be collected automatically. This helps us understand how the site is used, improve performance, and support marketing and customer engagement activities.

This information is collected and processed on our behalf by:

  • Webflow, our website hosting and analytics provider, which collects technical and usage data to help us monitor performance and visitor behavior
  • HubSpot, a customer engagement platform we use for contact management, lead tracking, marketing communications, and client support. If you interact with forms, chat tools, or subscribe to updates, HubSpot may collect and associate personal information with your usage activity
  • Other analytics providers (such as Google Analytics), which may use cookies or similar technologies to track site usage and generate aggregated traffic insights

In addition, our website uses Google Fonts and Adobe Fonts to display text consistently across devices. When your browser loads these fonts, limited technical data may be shared with these providers to enable proper font rendering.

Where required by law, we will request your consent before placing non-essential cookies or tracking technologies on your device. You can manage your preferences through your browser settings or via our cookie banner (where available).

How we Use Your Personal Information

We process your personal information to operate our website, deliver our services, meet our legal obligations, and support legitimate business functions. We may also process your information for additional purposes with your consent.

We may use your personal information for the following purposes:

  • To respond to your enquiries: If you contact us through a form, email, or chat, we will use your information to respond to your request or follow up on your query.
  • To provide our services: We may use your information to deliver the services or information you have requested, including project communications and client onboarding.
  • To communicate with you: We may contact you to provide important updates or information related to the services we are delivering. These communications are necessary and cannot be unsubscribed from. If you have opted in, we may also send you marketing emails or newsletters about our services or offers. You can unsubscribe from these at any time.
  • To improve our services and website: We may use technical and usage data (collected automatically or via third-party tools) to understand how our services are used and improve user experience.
  • To comply with legal and regulatory obligations: We may use your information to fulfil our legal duties, such as maintaining records, responding to legal requests, or complying with applicable laws and regulations.
  • To ensure security and prevent misuse: We may use your information to detect and prevent fraud, unauthorized access, or other harmful activity on our website or within our systems.

Where required by law, we will seek your consent before processing your personal information for specific purposes, such as email marketing or the use of certain cookies. You may withdraw your consent at any time.

Legal Basis For Processing Personal Data

We only process your personal information when we have a valid legal reason to do so, in line with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR). This may include your consent, the need to deliver our services, legal obligations, or legitimate business interests.

We may rely on the following legal bases to process your personal information:

  • Consent: We may process your information if you have given us clear permission to do so for a specific purpose. For example, to send you marketing emails. You can withdraw your consent at any time.
  • Contractual necessity: We may process your information where it is necessary to enter into or fulfil a contract with you. This includes providing the services you request or managing our agreement with you.
  • Legal obligations: We may process your information where we are required to do so by law. This may include responding to legal requests, meeting record-keeping requirements, or complying with applicable regulations.
  • Legitimate interests: We may process your information where it is reasonably necessary for our legitimate business interests. This could include improving our services, securing our systems, or communicating with you in the context of an existing relationship. We will only do so where these interests are not overridden by your rights.
  • Vital interests: In rare situations, we may process your information to protect your vital interests or the vital interests of another person. For example, in an emergency where someone’s safety is at risk.

How We Share Your Personal Information

We only share your personal information when it is necessary, and we ensure appropriate safeguards are in place to protect it.

Third-party service providers

We may share your personal information with trusted third parties who support our business operations or help us deliver our services. These include technology partners, external specialists, and professional service providers.

These parties may assist with tasks such as:

  • Hosting and maintaining our website
  • Providing analytics and marketing support
  • Helping us deliver specific aspects of our services
  • Advising on technical, legal, regulatory, or financial matters

These providers are given access to personal information only where necessary, and they are contractually required to:

  • Use the information solely on our instructions
  • Keep it secure and confidential
  • Not disclose it to others
  • Retain it only for as long as needed to perform their services

We may share personal information with third parties in the following categories:

  • Data analytics and performance monitoring platforms
  • Customer relationship and marketing tools
  • Infrastructure and IT service providers
  • External consultants or specialists involved in delivering our services

We only share information when necessary and take steps to ensure that any third parties handling personal data do so in line with applicable data protection laws.

Business transfers

We may share or transfer your personal information in connection with a business transaction, such as a merger, acquisition, financing, or sale of assets. If this occurs, we will take appropriate steps to ensure your data continues to be protected.

How Long We Keep Your Personal Information

We keep your personal information only for as long as necessary to fulfil the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law. This may include compliance with tax, accounting, or other legal obligations.

When we no longer have a legitimate business reason to retain your personal information, we will delete or anonymise it. If immediate deletion is not possible because the information is stored in backup archives, we will store it securely and isolate it from any further use until deletion becomes possible.

How We Protect Your Personal Information

We take the security of your personal information seriously and have implemented appropriate technical and organisational measures to protect it. These measures are designed to safeguard personal information from unauthorised access, loss, misuse, or alteration.

While we apply reasonable security practices and regularly review our systems, no method of transmission over the internet or method of electronic storage is completely secure. As such, we cannot guarantee absolute security. If you choose to share information with us online, you do so at your own risk, and we recommend accessing our website only within a secure environment.

Your Rights Under Data Protection Laws

If you are located in the United Kingdom, European Economic Area (EEA), or Switzerland, you have certain rights under applicable data protection laws. These may include the right to:

  • Request access to the personal information we hold about you
  • Request correction or deletion of your personal information
  • Restrict or object to the processing of your information
  • Receive a copy of your personal information in a structured, commonly used format (data portability)
  • Not be subject to automated decision-making where it has a legal or significant effect

You may also have the right to object to the use of your personal information for direct marketing purposes.

If we rely on your consent to process your personal information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before the withdrawal.

You can exercise your rights or withdraw your consent by contacting us using the details in the Contact Us section below. We will consider and respond to your request in accordance with applicable data protection laws.

If you are based in the UK or EEA and believe that we are unlawfully processing your personal information, you have the right to lodge a complaint with your local data protection authority.

Marketing communications

You can unsubscribe from marketing communications at any time by clicking the unsubscribe link in our emails or by contacting us directly. Please note that we may still send you non-marketing messages, such as those relating to your service or account.

You can exercise your rights or withdraw your consent by contacting us using the details in the Contact Us section below.

Cookies and Tracking Technologies

Our Site uses cookies and other tracking technologies to enhance your experience and gather information about visitors. For more information, please refer to our Cookie Policy.

Changes To This Privacy Notice

We may update this Privacy Notice from time to time. When we do, we will update the "Revised" date at the top of the notice. We encourage you to review this Privacy Notice periodically to stay informed about how we protect your personal information.

Contact Us

If you have any questions about this Privacy Notice or how we handle your personal information, you can contact us at hello@gryffmason.com.