Privacy & cookie policy
October 9, 2025 2025-10-20 11:09Privacy & cookie policy
Privacy & Cookie Policy
Introduction
At Grand Central Creative we’re committed to protecting and respecting your privacy.
This policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others, and how we keep it secure. It also explains how we use cookies.
This policy applies to Grand Central Creative (referred to as “we”, “us”, or “our”). We are the data controller for information collected through this website.
This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. What Type of Data Do We Collect?
We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped together as follows:
- Identity Data: Includes name, email address and phone number.
- Contact Data: Includes name, email address and phone number, company data and any message you submit via our contact form.
- Technical Data: Includes internet protocol (IP) address, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access this website.
- Usage Data: Includes information about how you use our website.
- Client Data: As a marketing agency, we may process personal data on behalf of our clients (as a “Data Processor”). This is governed by a separate Data Processing Agreement with our clients.
- Candidate Data: If you apply for a job with us, we will collect information from your CV, cover letter, and interviews, such as your employment history, qualifications, and contact details.
2. How Do We Collect Your Data?
We use different methods to collect data from and about you, including through:
- Direct interactions: You may give us your Identity and Contact Data by filling in the contact form on our website or by corresponding with us by post, phone, or email.
- Automated technologies or interactions: As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies.
- Third parties or publicly available sources: We may receive personal data about you from various third parties, such as Google Analytics, advertising networks, and search information providers.
3. How and Why We Use Your Personal Data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Purpose / Activity | Type of Data | Lawful Basis for Processing |
To respond to your enquiries via our contact form. | Identity, Contact, and your message. | Legitimate Interest (to respond to your business query). |
To manage our relationship with you as a client. | Identity, Contact. | Performance of a Contract with you. |
To administer and protect our business and this website. | Identity, Contact, Technical. | Legitimate Interest (for running our business, network security). |
To use data analytics to improve our website and services. | Technical, Usage. | Legitimate Interest (to define types of customers for our services). |
To process a job application. | Candidate Data. | Legitimate Interest (to assess suitability for a role). |
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you before we process your personal data for our legitimate interests.
4. Data Sharing and Disclosures
We do not sell your data. We may have to share your personal data with the parties set out below for the purposes detailed in the table above:
- Third-Party Service Providers: Companies that provide IT, system administration and CRM (e.g. HubSpot).
- Professional Advisers: Including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
- HM Revenue & Customs, regulators, and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
5. International Transfers
Some of our external third parties may be based outside the UK, so their processing of your personal data will involve a transfer of data outside the UK.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- The country has been deemed to provide an adequate level of protection for personal data by the UK Government.
- We use specific contracts approved for use in the UK which give personal data the same protection it has in the UK (such as the International Data Transfer Agreement – IDTA).
6. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed.
7. Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.
8. Your Legal Rights
Under data protection law, you have rights including:
- Your right of access – You have the right to ask us for copies of your personal information.
- Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate.
- Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
- Your right to withdraw consent – Where we are relying on consent to process your personal data, you have the right to withdraw that consent at any time.
To exercise any of these rights, please contact us at hello@grandc.co.uk.
9. Cookie Policy
What are cookies?
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree.
How we use cookies:
Our website uses cookies to distinguish you from other users. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. We use the following types of cookies:
- Strictly Necessary Cookies: These are required for the operation of our website. They do not require your consent.
- Analytical/Performance Cookies: They allow us to recognise and count the number of visitors and to see how visitors move around our website. This helps us to improve the way our website works. We will only use these with your consent.
- Functionality Cookies: These are used to recognise you when you return to our website and remember your preferences. We will only use these with your consent.
Cookies We Use
Cookie Name | Provider | Purpose | Type | Expiry |
_ga | Google Analytics | Used to distinguish users. | Analytical | 2 years |
_gid | Google Analytics | Used to distinguish users. | Analytical | 24 hours |
Managing Cookies
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. You can also manage your preferences through the cookie consent banner on our website. However, if you block all cookies (including essential cookies), you may not be able to access all or parts of our site.
10. Changes to this Policy & Contact
We keep our privacy policy under regular review. Any updates will be posted on this page.
If you have any questions about this privacy policy or our privacy practices, or if you wish to make a complaint, please contact us at hello@grandc.co.uk.
You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk).
