GDPR & Data Protection

Last updated: May 2026

Grid Design Agency Limited (“Grid Design”, “we”, “us”, “our”) takes data protection seriously. This page explains how we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

 

What data we collect

When you contact us through our website or work with us as a client, we may collect:

  • Your name, email address, phone number, and company details
  • Information you share during enquiries, calls, or project briefs
  • Technical data (IP address, browser type, page interactions) via standard analytics

 

Why we collect it

We process personal data only when we have a lawful basis under UK GDPR. Specifically:

  • Contract: To deliver services we’ve agreed with you
  • Legitimate interests: To respond to enquiries and improve our website
  • Consent: For marketing communications, where you’ve opted in
  • Legal obligation: To meet financial, tax, and regulatory requirement

 

How long we keep it

We only keep personal data for as long as needed:

  • Enquiry data: 12 months from last contact
  • Client project data: 7 years after engagement ends (for legal/tax reasons)
  • Marketing data: Until you unsubscribe

 

Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (“right to be forgotten”)
  • Object to or restrict processing
  • Request data portability
  • Withdraw consent at any time
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise any of these rights, email hello@griddesign.co.uk. We’ll respond within 30 days.

 

Sharing data

We never sell your personal data. We only share it with trusted service providers who help us run our business — such as our CRM, email service, and accounting software. All providers are GDPR-compliant and bound by contract.

 

International transfers

Where data is transferred outside the UK, we ensure adequate safeguards are in place — including Standard Contractual Clauses or transfers to countries with UK adequacy decisions.

You may view, print, or download extracts for your personal use only.

You must not copy, reproduce, republish, distribute, or exploit any part of the Website for commercial purposes without our written permission.

 

Data Processing Agreement (DPA)

Clients engaging Grid Design as a data processor can request a Data Processing Agreement at any time. Email hello@griddesign.co.uk and we’ll send our standard DPA within 1 working day.

 

Security

We protect your data with appropriate technical and organisational measures, including encrypted connections (HTTPS), access controls, and regular security reviews.

 

Changes to this page

We may update this page occasionally. The “last updated” date at the top will reflect the most recent revision.