Privacy Policy

Grand House Ltd – Privacy Policy

Last updated: February 2026

Grand House Ltd (“Grand House”, “we”, “us”, “our”) is committed to protecting your privacy and handling your personal data transparently and lawfully.

This Privacy Policy explains how we collect, use, store and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable laws.

1. Who We Are

Grand House Ltd
Company Number: 16309046
Registered Office: 64 Southwark Bridge Road, London, England, SE1 0AS
Email: Hello@grandhouseldn.com

For the purposes of data protection law, Grand House Ltd is the “data controller” of personal data collected through our website and in connection with our services.

2. What Personal Data We Collect

We may collect and process the following types of personal data:

a) Contact Information

  • Name

  • Email address

  • Telephone number

  • Company name

  • Job title

b) Business Information

  • Information you provide about your business

  • Strategic objectives

  • Project information

  • Marketing and operational data shared during consultancy

c) Communication Data

  • Emails

  • Messages

  • Call notes

  • Meeting records

d) Technical Data

  • IP address

  • Browser type

  • Device information

  • Website usage data

  • Analytics data

e) Marketing Data

  • Preferences in receiving communications

  • Engagement with emails or website content

We do not intentionally collect sensitive personal data unless voluntarily provided in a business context.

3. How We Collect Data

We collect data:

  • When you contact us via website forms

  • When you email or message us

  • When you enter into a client relationship

  • Through cookies and analytics tools

  • Through business networking platforms such as LinkedIn

  • Through lawful business development and outreach activities

4. How We Use Your Data

We use personal data for the following purposes:

  • Responding to enquiries

  • Delivering consultancy services

  • Managing client relationships

  • Invoicing and financial administration

  • Strategic analysis and systems implementation

  • Sending relevant business communications

  • Improving our website and services

  • Complying with legal obligations

We do not sell personal data.

5. Lawful Basis for Processing

We rely on the following lawful bases under UK GDPR:

Contract

Where processing is necessary to perform a contract with you or to take steps prior to entering into a contract.

Legitimate Interests

Where processing is necessary for our legitimate business interests, including:

  • Business development

  • Improving services

  • Professional networking

  • Managing client relationships

We ensure that our legitimate interests do not override your rights and freedoms.

Legal Obligation

Where we are required to process data to comply with legal or regulatory obligations.

Consent

Where required (for example certain marketing communications), we rely on your consent, which can be withdrawn at any time.

6. Data Sharing

We may share data with trusted third parties where necessary to operate our business, including:

  • Cloud storage providers

  • CRM and communication platforms

  • Email service providers

  • Analytics providers

  • Payment processors

  • Professional advisers (accountants, legal advisers)

We ensure that third party providers are subject to appropriate contractual and security obligations.

We do not sell personal data to third parties.

7. International Transfers

Some third party service providers may process data outside the UK.

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:

  • UK-approved Standard Contractual Clauses

  • Transfers to countries with adequacy decisions

  • Equivalent lawful mechanisms

8. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected.

Typical retention periods include:

  • Client records: up to 6 years for tax and accounting compliance

  • Enquiry records: up to 24 months from last contact

  • Marketing records: until consent is withdrawn

  • Financial records: as required by UK law

We may retain data longer where required for legal or regulatory reasons.

9. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Secure cloud storage

  • Password protected systems

  • Limited access controls

  • Encryption where appropriate

While we take reasonable steps to protect data, no system can guarantee absolute security.

10. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Rectify inaccurate data

  • Erase personal data (where applicable)

  • Restrict processing

  • Object to processing

  • Data portability

  • Withdraw consent where applicable

To exercise your rights, please contact: Hello@grandhouseldn.com

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK.

11. Cookies

Our website may use cookies and similar technologies to:

  • Analyse website traffic

  • Improve functionality

  • Enhance user experience

You may control cookies through your browser settings.

Where required, we use cookie consent mechanisms.

12. Third Party Links

Our website may contain links to third party websites. We are not responsible for the privacy practices of those websites.

13. Updates to This Policy

We may update this Privacy Policy from time to time. The latest version will always be published on our website with the updated date.

13. Contact us

If you have any questions about this Privacy Policy or how your data is handled, please contact:

Grand House Ltd
Email: Hello@grandhouseldn.com
Website: www.grandhouseldn.com

© 2025 Grand House Ltd. All rights reserved..