PRIVACY & COOKIE POLICY
​
Pit & Plate Ltd referred to in this policy as we, us, our.
The person who is accessing our website and whose data is processed is referred to in this policy as
you and your.
​
1. INTRODUCTION:
At Pit & Plate Ltd, we are committed to respecting and protecting your privacy. This Privacy & Cookie
Policy explains how we collect, use, disclose, and protect personal data when you visit or interact with
our website. We understand the importance of your privacy and value your trust in us to handle your
data responsibly.
​
This policy applies to all visitors and users of our website and outlines our practices in relation to
personal data, including data collection, usage, and storage. It also details your rights under the UK
GDPR and Data Protection Act 2018, including how to exercise these rights.
​
Please read this Privacy & Cookie Policy carefully to understand how we process your data. By using
our website, you consent to the practices described in this policy. If you do not agree with any part of
this policy, we ask that you discontinue the use of our website.
​
2. Information
2.1 Our Site is owned and operated by Pit & Plate Ltd, a business structure that is a limited
company.
2.2 registered in England under company number 12867752.
2.3 Registered address: Oakley House, Tetbury Road, Cirencester, Gloucestershire, GL7 1US
2.4 Data Protection Officer (DPO): Ness Harrison. The DPO can be contacted regarding any
questions or concerns about this policy or your data.
2.5 Contact Email: enquiries@pitandplate.co.uk
2.6 Telephone contact: 07809 329851
​
3. What does this policy cover?
This Privacy & Cookie Policy applies specifically to your use of our website. It explains how we collect,
use, disclose, and protect your personal data while you interact with our website and use its features.
This policy also provides details about our use of cookies and similar technologies.
​
Please be aware that our website may include links to third-party websites. These websites are not
operated by us, and we have no control over their content or data-handling practices. We encourage
you to review the privacy policies of any third-party websites you visit, as we are not responsible for
the protection and privacy of any data you provide to these external sites.
​
This policy covers the personal data we collect directly through our website and any related services,
ensuring it is processed in compliance with UK data protection laws.
​
4. Children’s Privacy
Our website and services are not intended for individuals under the age of 13, and we do not
knowingly collect personal data from children without parental or guardian consent. If we discover
that we have collected personal data from a child without such consent, we will promptly delete it.
If you believe that we might have any information from or about a child without appropriate consent,
please contact us so that we can take appropriate action.
​
5. Your personal data?
The Data Protection Act 2018 and the UK General Data Protection Regulation (the “UK GDPR”) which
is collectively known as, “the Data Protection Legislation” defines personal data as any information
relating to an identifiable individual. This includes any data that can directly or indirectly identify a
person, referred to as the ‘data subject’.
​
Personal data can include, but is not limited to:
• Identifiers such as your name, contact information (e.g., email address and phone number),
and location.
• Technical information, including IP addresses, browser types, device IDs, and operating
system versions.
• Usage information, such as browsing history, preferences, and interactions with our website.
Personal data can also include sensitive information, known as “special category data” under UK
GDPR, which may relate to health, racial or ethnic origin, political opinions, religious beliefs, or other
protected characteristics. We only process special category data with explicit consent or as permitted
by law.
​
This policy explains how we handle personal data, ensuring compliance with UK data protection laws
to protect your privacy.
​
6. Your rights in relation to data
Under the Data Protection Legislation, you have the following rights regarding your personal data,
which you may exercise free of charge. These rights include:
a) The Right to Access: You have the right to request confirmation of whether we process your
personal data and, if so, to access a copy of that data along with information about how we use
it.
b) The Right to Rectification: If any personal data we hold about you is inaccurate or incomplete,
you have the right to request its correction without undue delay.
c) The Right to Erasure: Also known as "the right to be forgotten," this right enables you to
request the deletion or removal of your personal data when there is no longer a valid reason for
us to continue processing it. This right is subject to certain legal limitations.
d) The Right to Restrict Processing: You can request that we temporarily suspend the processing
of your personal data if, for example, you contest its accuracy or object to its processing.
e) The Right to Data Portability: If you have provided personal data to us, you have the right to
receive it in a structured, commonly used, and machine-readable format for reuse with another
service provider where the processing is based on consent or a contract.
f) The Right to Object: You have the right to object to our processing of your personal data in
certain circumstances, including for direct marketing purposes. We will stop processing your data
for these purposes upon receiving your objection.
g) The Right Not to Be Subjected to Automated Decision-Making: You have the right not to be
subject to a decision based solely on automated processing, including profiling, which produces
legal effects concerning you. We do not use your personal data in this way.
h) The Right to Withdraw Consent: Where we rely on your consent to process your personal
data, you have the right to withdraw that consent at any time. This will not affect the lawfulness
of any processing carried out before you withdraw your consent.
For more information about our use of your personal data or to exercise any of the above rights, please
contact us using the details provided in Section 10.
It is important to us that the personal data we hold about you is accurate and up-to-date. If your
personal data changes, please inform us as long as we retain that data. We are committed to
addressing any concerns regarding our use of your personal data and encourage you to contact us if
you have any questions.
​
7. What data is collected and how
We collect various types of personal data to improve our services, respond to inquiries, and enhance
your experience on our website. The data we collect includes:
a) Data You Provide Directly: We may collect personal data you provide directly to us when:
• You contact us via email or fill out forms on our website.
• You register for an account, subscribe to newsletters, or sign up for services.
• You participate in surveys or provide feedback.
This data may include:
• Identity and Contact Information: Name, email address, phone number, and postal address.
• Feedback and Correspondence: Information provided in your communications with us.
b) Data Collected Automatically: When you visit our website, we may automatically collect certain
information about your device and browsing activities, including:
• Technical Information: IP address, browser type and version, device identifiers, operating
system, and platform.
• Usage Information: Details about your visits to our website, such as the pages accessed, date
and time of access, duration of visit, and navigation paths.
This data helps us understand how our website is used, enabling us to improve its functionality and
performance. We collect this data using cookies and similar tracking technologies. Please refer to our
Cookies section for more information.
c) Data from Third Parties: Occasionally, we may receive data about you from third parties, including:
• Analytics Providers: Data from services like Google Analytics which helps us understand
website usage patterns.
• Advertising Networks: Data to personalise the advertising we may show you on our website
or other platforms.
d) Purpose and Legal Basis for Processing: We collect and process your personal data for the following
purposes, under the lawful bases permitted by the UK GDPR:
• To Provide and Improve Services: Processing is necessary for our legitimate interests in
ensuring the effective operation of our website and services.
• To Communicate with You: With your consent, we may use your contact information to
respond to your inquiries, send updates, or provide information about our services.
• For Marketing: Where permitted by law or with your consent, we may contact you for
marketing purposes. You can opt out of these communications at any time as we constantly
work to completely uphold your rights and adhere to our commitments under the Data
Protection Legislation and the Privacy and Electronic Communications (EC Directive)
Regulations 2003.
e) Data Collection for Legal Obligations: In some cases, we may process your data to comply with
legal requirements or to respond to lawful requests from authorities.
​
8. Legal Basis for Processing
We rely on one or more of the following legal bases to process your personal data:
• Performance of a Contract: Processing is necessary for us to fulfil our contract with you or to
take steps at your request before entering into a contract.
• Legitimate Interests: We may process your personal data where it is necessary for our
legitimate interests (or those of a third party), provided that your interests and fundamental
rights do not override those interests.
• Consent: In certain cases, we will obtain your consent to process your personal data, such as
for marketing communications. You can withdraw your consent at any time.
• Legal Obligation: We may process your data where necessary to comply with legal or
regulatory obligations.
​
9. Data retention
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was
collected, including to meet legal, accounting, or reporting requirements.
To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the
personal data, the potential risk of harm from unauthorised use or disclosure, the purposes of
processing, and any applicable legal requirements.
Once the retention period expires, we will securely delete or anonymise your data in accordance with
our data retention policy. If anonymisation is not possible (for example, because your data is stored
in backup archives), we will store it securely and isolate it from further processing until deletion is
possible.
​
10. Keeping your data secure
We are committed to ensuring the security of your personal data. We take appropriate technical and
organisational measures to protect your data from unauthorised access, alteration, disclosure, or
destruction. These measures include:5
a) Access Control
• Restricting access to personal data to authorised personnel, contractors, and third-party
agents who have a legitimate need to access it and are bound by confidentiality obligations.
• Using secure password protocols, role-based access, and permission settings to limit access to
sensitive data.
b) Data Encryption
• Encrypting personal data during transmission and storage to prevent unauthorised access.
c) Secure Storage
• Storing data on secure servers and implementing regular security testing and monitoring to
protect against potential vulnerabilities.
d) Data Anonymisation and Minimisation
• Where possible, we anonymise or pseudonymise personal data to enhance security. We also
follow data minimisation principles, ensuring that we only retain data necessary for specific
purposes.
e) Regular Security Audits
• Conduct regular audits and assessments of our security practices to maintain data protection
standards and address emerging threats.
f) Data Breach Response
• In the event of a data breach involving your personal data, we have a protocol in place to
respond swiftly and mitigate potential harm. Where required by law, we will notify both
affected individuals and the Information Commissioner’s Office (ICO) within the appropriate
timeframe.
g) Training and Awareness
• Providing regular data protection and security training to employees to ensure they
understand the importance of safeguarding personal data and are aware of best practices for
security.
​
11. Data Protection Impact Assessments (DPIA)
To ensure the privacy and protection of personal data, we conduct Data Protection Impact
Assessments (DPIAs) for processing activities that pose a high risk to individuals’ privacy. These
assessments help us identify and mitigate risks associated with data processing activities in line with
GDPR requirements.
​
12. Transferring your data
We are committed to ensuring that your personal data is processed securely, regardless of where it is
stored or transferred. The location of your data storage will depend on our operational requirements
and legal obligations. We take the following steps to protect your data during international transfers:
a) Data Storage Within the UK and EEA
• Wherever possible, we store your personal data within the United Kingdom or the European
Economic Area (EEA), where it is fully protected under UK GDPR and EU GDPR standards.6
b) Transfers Outside the UK and EEA
• If it becomes necessary to transfer your personal data to countries outside the UK and EEA
(known as "third countries"), we will ensure that appropriate safeguards are in place to
protect your data to the same standard as within the UK and EEA. This includes:
o Standard Contractual Clauses (SCCs): We may use legally approved SCCs, which
provide binding commitments for data protection.
o Adequacy Decisions: If the country to which your data is transferred has been
deemed to provide an adequate level of data protection by the UK or European
Commission, your data will be treated as adequately protected.
c) Data Transfers to the United States
• For any data transferred to the United States, we may work with service providers who are
certified under the UK and EU-US Privacy Frameworks, or we will apply similar safeguards,
including SCCs, to ensure protection.
d) Security Measures for International Transfers
• In addition to legal safeguards, we apply technical and organisational security measures to
ensure that your data is secure during transfer. This includes encryption and restricted access
protocols.
If you would like further information about how we protect your personal data in cases of international
transfer, please contact us using the details provided in this policy.
​
13. Third-Party Data Sharing
We respect your privacy and will not share your personal data with any third parties except in specific
circumstances. Any data sharing will always be done in accordance with applicable data protection
laws, including the UK GDPR. We may share your data in the following situations:
a) Service Providers and Third-Party Processors
• We may share your personal data with third-party service providers who perform functions
on our behalf, such as website hosting, data storage, IT support, analytics, and marketing
services. These providers process data under our instructions and are contractually obligated
to protect your data and use it solely for the purposes specified by us.
b) Business Transfers
• If we undergo a merger, acquisition, reorganisation, or sale of some or all of our assets, your
personal data may be transferred as part of the transaction. We will take appropriate steps to
ensure the confidentiality and integrity of your personal data during any such transaction.
c) Legal Obligations
• We may disclose your personal data to comply with applicable legal or regulatory
requirements, or in response to requests from law enforcement authorities, courts, or other
government agencies where we believe disclosure is necessary to comply with the law,
protect our rights, or ensure the safety of our users.
d) Anonymised and Aggregated Data
• We may share anonymised or aggregated data with third parties for statistical analysis or
research purposes. This data cannot be used to identify you personally and is shared solely for
analytical or business development purposes.
e) Consent-Based Sharing
• In certain circumstances, we may share your data with third parties if you have given us
explicit consent to do so. This may include sharing data for specific marketing or promotional
purposes.
f) Security and Confidentiality
• Any third parties with whom we share your data are required to keep it secure and
confidential. We only work with reputable partners and ensure data processing agreements
are in place to uphold strict data protection standards.
We take steps to ensure that any third-party recipients of your data protect it securely and use it only
in compliance with this Privacy & Cookie Policy. If you would like more information on our data-sharing
practices, please contact us using the details provided in this policy.
14. How can I access my personal data?
Under the UK GDPR, you have the right to request details of the personal data we hold about you. This
is known as a “subject access request” (SAR). You can make a request to access your personal data at
any time by following the steps below:
a) How to Submit a Subject Access Request
• To request access to your data, please contact us in writing using the contact details provided
at the top of this policy. Include any information that will help us identify your records (such
as your full name, contact details, and any relevant account information).
b) Verification of Identity
• For your security, we may require additional identification to verify your request. This helps
ensure that we do not disclose personal data to anyone who does not have the right to access
it.
c) Response Time
• We will respond to your request as soon as possible, and at the latest within one month of
receiving it. If your request is complex or you have made multiple requests, we may extend
this period by up to two additional months. In such cases, we will inform you of the delay and
the reasons for it.
d) Fees
• There is generally no charge for making a subject access request. However, if your request is
"manifestly unfounded or excessive" (for example, if you make repetitive requests), we may
charge a reasonable fee to cover our administrative costs or, in some cases, refuse to comply
with your request.
e) Information Provided
• When responding to your request, we will provide you with a copy of your personal data,
along with details of how we process it, why we hold it, and who it may be shared with.
If you would like further information on how to access your personal data, or if you have any concerns
about our data handling practices, please contact us. We aim to resolve any issues you may have
directly, but you also have the right to file a complaint with the Information Commissioner’s Office
(ICO) if you believe we are not handling your data in compliance with applicable laws.
15. Your Right to Lodge a Complaint
If you have any concerns or are not satisfied with our handling of your personal data, you have the
right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory
authority for data protection issues:
• Website: https://ico.org.uk/
• Phone: 0303 123 1113
• Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
We would, however, appreciate the opportunity to address your concerns directly before you
approach the ICO, so please feel free to contact us in the first instance.
16. About cookies
Our website uses cookies and similar tracking technologies to enhance your browsing experience,
analyse website traffic, and improve our services. This section explains what cookies are, the types we
use, and how you can manage your cookie preferences.
a) What Are Cookies?
• Cookies are small text files stored on your device (computer, tablet, or smartphone) when you
visit a website. They help websites remember your actions and preferences, allowing for a
smoother browsing experience. Cookies can either be "session cookies," which are deleted
once you close your browser, or "persistent cookies," which remain on your device until they
expire, or you delete them.
b) Types of Cookies We Use: Our website may use the following types of cookies:
• Strictly Necessary Cookies: These cookies are essential for the operation of our website. They
enable you to use features like secure areas, shopping carts, or account logins. Without these
cookies, certain services cannot be provided.
• Analytical/Performance Cookies: These cookies allow us to count visitors and see how users
navigate our website. They help us understand which pages are most popular and how we can
improve site performance. Data collected by these cookies is anonymous.
• Functionality Cookies: These cookies allow our website to remember your choices (such as
language preference or region) and provide enhanced, personalised features. They ensure
that when you return to our website, your preferences are remembered.
• Targeting/Advertising Cookies: These cookies record your visit to our website, the pages you
visited, and the links you followed. We may use this information to make our website, and any
advertising displayed more relevant to your interests. We may also share this information with
third-party advertising networks, such as Google Ads.
c) Third-Party Cookies: In addition to our own cookies, we may use third-party cookies from trusted
providers like Google Analytics to help us analyse how visitors use our website. These third-party
cookies are subject to the respective privacy policies of the providers.
d) Managing Cookies: You have the right to control and manage cookies as you wish. When you first
visit our website, you will be asked to consent to non-essential cookies. You can accept, reject, or
customise your cookie preferences through our cookie banner in accordance with your consent
preferences.
• Browser Settings: Most web browsers allow you to control cookies through the browser
settings. You can choose to block or delete cookies; however, please note that this may affect
your experience on our website, and some features may not function as intended.
• Opt-Out Options: If you wish to opt out of Google Analytics tracking, you can install the Google
Analytics opt-out browser add-on, available at tools.google.com/dlpage/gaoptout.
e) Changes to Our Cookie Policy: We may update this Cookies section periodically to reflect changes
in the types of cookies we use or for other operational, legal, or regulatory reasons. We recommend
checking this page regularly to stay informed about our use of cookies.
17. This privacy & cookie policy
We may update this Privacy & Cookie Policy from time to time to reflect changes in our practices, legal
or regulatory requirements, or to enhance our transparency regarding how we manage your personal
data. Any modifications will be posted on this page, and significant changes may be highlighted on our
website or communicated directly to you if required by law.
We encourage you to review this page periodically to stay informed about how we protect your
privacy and manage cookies. Your continued use of our website following any updates to this policy
will be deemed acceptance of the changes unless specific consent is required.
c) Last Update
• This Privacy & Cookie Policy was last updated on 13th January 2025.
If you have any questions about the changes or updates to this policy, please contact us using the
details provided at the top of this document.