Information on this site is advertising in nature

GDPR Compliance

Last updated: 1 June 2026

1. Our Commitment to Data Protection

Grand-branch is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take the protection of your personal data seriously and have implemented appropriate measures to ensure your data is handled lawfully, fairly, and transparently.

2. Data Controller Information

For the purposes of data protection legislation, the data controller is:

grand-branch

47 Renewable Way

Manchester, M2 4WP

United Kingdom

3. Data Protection Principles

We adhere to the following principles when processing personal data:

  • Lawfulness, fairness, and transparency: We process personal data lawfully, fairly, and in a transparent manner
  • Purpose limitation: We collect personal data only for specified, explicit, and legitimate purposes
  • Data minimisation: We ensure personal data is adequate, relevant, and limited to what is necessary
  • Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date
  • Storage limitation: We keep personal data only for as long as necessary for the purposes for which it was collected
  • Integrity and confidentiality: We process personal data securely using appropriate technical and organisational measures
  • Accountability: We take responsibility for complying with these principles and can demonstrate compliance

4. Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so. The lawful bases we rely on include:

  • Consent: You have given clear consent for us to process your personal data for a specific purpose
  • Contract: Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
  • Legal obligation: Processing is necessary for us to comply with the law
  • Legitimate interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests

5. Your Rights Under GDPR

Under the UK GDPR, you have the following rights regarding your personal data:

5.1 Right to Be Informed

You have the right to be informed about how we collect and use your personal data. This information is provided in our Privacy Policy and this GDPR Compliance page.

5.2 Right of Access

You have the right to request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

5.3 Right to Rectification

You have the right to request correction of any incomplete or inaccurate personal data we hold about you.

5.4 Right to Erasure

You have the right to request erasure of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose for which it was collected, or when you withdraw consent.

5.5 Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing based on legitimate interests.

5.6 Right to Data Portability

You have the right to request the transfer of your personal data to another party in a structured, commonly used, machine-readable format, where we are processing based on consent or contract and processing is carried out by automated means.

5.7 Right to Object

You have the right to object to processing of your personal data where we are relying on legitimate interests as our lawful basis, or where we are processing for direct marketing purposes.

5.8 Rights Related to Automated Decision Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

6. Exercising Your Rights

To exercise any of your rights, please contact us using the contact details provided above. We will respond to your request within one month of receiving it. In some cases, we may need to verify your identity before processing your request.

There is generally no fee required to exercise your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

7. Data Security

We have implemented appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. These measures include:

  • Encryption of data in transit and at rest where appropriate
  • Access controls to limit who can access personal data
  • Regular security assessments and testing
  • Staff training on data protection and security
  • Incident response procedures

8. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

9. International Data Transfers

If we transfer personal data outside the UK, we ensure that appropriate safeguards are in place to protect your data. This may include:

  • Transfers to countries with an adequacy decision
  • Standard contractual clauses approved by the ICO
  • Binding corporate rules
  • Other legally approved transfer mechanisms

10. Data Protection Officer

If you have any questions about our data protection practices or wish to exercise your rights, please contact us at:

Data Protection Enquiries

grand-branch

47 Renewable Way

Manchester, M2 4WP

United Kingdom

11. Complaints

If you are not satisfied with our response to any enquiry or complaint or believe our processing of your personal data does not comply with data protection law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire, SK9 5AF

United Kingdom

We would appreciate the opportunity to address your concerns before you contact the ICO, so please contact us in the first instance.

12. Updates to This Information

We may update this GDPR Compliance information from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this information periodically.