Privacy Policy

Our contact details

The Blacksmiths Group Data Protection Officer is Rob Lay. You can contact Rob at or via our registered address:

Name: Blacksmiths Group Limited
Address: Formal House, 60 St George’s Place, Cheltenham GL50 3PN
Company Number: 9875845
VAT Number: 231039057
Phone: +44 20 3880 2282

Why we have a privacy policy

This policy informs you of who we are, what data we collect about you, why we collect it, and what rights you have with regards to your data.

We are committed to ensuring that your privacy is protected. Any information collected whilst visiting our website will only be used in accordance with this privacy policy.

This policy will be regularly updated, so we recommend you check it regularly.


Personal Information – any information that can be used directly or indirectly to identify an individual. Examples of this are: name, telephone number, email address, home address, location data, online identifier (username) etc.

Data Subject – the individual to whom the data relates.

Data Controller – the organisation/person who determines the reason for collection of data and how it is collected.

Data Processor – the organisation/person who processes the data on behalf of the Data Controller.

Processing – any operation performed on personal data, including (but not limited to) collection, storing, manipulating, transmitting, using, altering or deleting. If an organisation is using personal data in some way, then it is highly likely this will fall under processing. This can be a manual or automated process.

GDPR and the Data Protection Act 2018

The Data Protection Act 2018 (DPA 2018) is the UK’s implementation of the General Data Protection Regulation (GDPR). It controls how your personal information is used by organisations, businesses or the government.

DPA 2018 sets out the key principles, rights and obligations for most processing of personal data in the UK. Everyone responsible for using and processing personal data has to follow strict ‘data protection principles’.

Under DPA 2018, you have the right to find out what information the government and other organisations store about you.

The type of personal information we collect

Blacksmiths Group is the Data Controller for the data we collect. We may collect personal information from you so that we can provide our services. The data we collect has been audited to ensure it is the minimum amount of data required.
We currently collect and process the following information:

Your personal data

The personal data we may collect directly from you is outlined below:

Identity Data – your full name, title, job title, and any other identity information that you provide to us.

Contact Data – your work address, billing address, residential address, e-mail address, telephone number(s), and any other contact information that you provide to us.

Financial Data – billing information that you provide to us, such as Invoice information, bank account information, and any other financial information that you provide to us.

Marketing Data – your preferences in receiving marketing from us and our third parties, and your other communication preferences.

Technical Data – your Internet Protocol (IP) address, pages visited, browser type and version, operating system and platform, and other technology on the devices you use to access our Site or use our services.

No special categories of personal data

We do not collect any ‘special categories of personal data’ about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).

We also do not collect any information about criminal convictions and offences.

How we use your personal information

We will use the information you provide for the following reasons:

– To establish contact with you to understand your requirements and how we can assist you
– To establish contractual agreements
– To maintain ongoing business relationships between us and the data subject
– Obtain goods and services from our suppliers or partners

Most of the personal information we process is provided to us directly by you for one of the following reasons:

– Prospective or existing Client
– Prospective or existing Supplier
– Prospective or existing Employee
– Visitor to our website or social media site(s).

How we get your personal information

Under the UK General Data Protection Regulation (UK GDPR), we must have a valid, lawful reason for collecting your data. The lawful basis we have for processing your data is consent.

In order for us to provide our services to you and respond to your communications, we collect and process your personal information. For the purposes of a UK GDPR lawful basis this is done under a legitimate interest, in that there is a legitimate interest for both you and Blacksmiths Group to process your information.

Once you enter into a contract with us we will process your information under the contractual legal basis, where there is a contractual requirement for us to hold and process your personal data.

In addition, to allowing us to communicate to you and provide services, we may use your information to contact you about our new or existing opportunities or services that we think may be of relevance to you. You can ask to be removed from our database at any time by contacting us:

Address: Formal House, 60 St George’s Place, Cheltenham GL50 3PN
Phone: +44 20 3880 2282.

How we share your personal information

We will respect your privacy and data, however there may be times that we will share your data with third parties, partners or suppliers.

This will only be done where it is necessary to deliver you the services you require.

How we store your personal information

We will process your data securely both at rest and in transit. We may use third party or cloud solutions to do this, but where this is done it will be encrypted and access only permitted via multi factor authentication.

The following cloud services will be used in the processing of data:

Microsoft Office 365 
AWS (Amazon Web Services) 

Blacksmiths Group have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We limit access to your personal data to those employees and other staff who have a business need to have such access.  All such people are subject to a contractual duty of confidentiality.

We have put in place procedures to deal with any actual or suspected personal data breach.  In the event of any such breach, we have systems in place to work with the relevant regulators.  In addition, in certain circumstances (e.g.  where we are legally required to do so) we may notify you of breaches affecting your personal data.

Blacksmiths Group is Cyber Essentials Certified.

How long we store your personal data

We will only retain your personal data for so long as we reasonably need to use it for the purposes set out above. Once it is no longer required your data will be deleted, unless there is another legitimate reason or legal obligation for doing so.

Your data protection rights

Under data protection law, you have rights with regards to your data including:

Your right of access – you have the right to ask us for copies of your personal information.
Your right to rectification – you have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – you have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – you have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing – you have the the right to object to the processing of your personal information in certain circumstances.

Your right to data portability – you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You have the right to withhold or request we remove your data; however, this may impact the level or type of service(s) we can provide to you.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

If you wish to make a request, please contact us at:

Address: Formal House, 60 St George’s Place, Cheltenham GL50 3PN
Phone: +44 20 3880 2282.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane

Helpline number: 0303 123 1113
ICO website:

Policy updated 23/05/2023.