top of page

PRIVACY & COOKIE POLICY

​

Pit & Plate Ltd referred to in this policy as we, us, our.

The person who is accessing our website and whose data is processed is referred to in this policy as

you and your.

​

1. INTRODUCTION:

At Pit & Plate Ltd, we are committed to respecting and protecting your privacy. This Privacy & Cookie

Policy explains how we collect, use, disclose, and protect personal data when you visit or interact with

our website. We understand the importance of your privacy and value your trust in us to handle your

data responsibly.

​

This policy applies to all visitors and users of our website and outlines our practices in relation to

personal data, including data collection, usage, and storage. It also details your rights under the UK

GDPR and Data Protection Act 2018, including how to exercise these rights.

​

Please read this Privacy & Cookie Policy carefully to understand how we process your data. By using

our website, you consent to the practices described in this policy. If you do not agree with any part of

this policy, we ask that you discontinue the use of our website.

​

2. Information

2.1 Our Site is owned and operated by Pit & Plate Ltd, a business structure that is a limited

company.

2.2 registered in England under company number 12867752.

2.3 Registered address: Oakley House, Tetbury Road, Cirencester, Gloucestershire, GL7 1US

2.4 Data Protection Officer (DPO): Ness Harrison. The DPO can be contacted regarding any

questions or concerns about this policy or your data.

2.5 Contact Email: enquiries@pitandplate.co.uk

2.6 Telephone contact: 07809 329851

​

3. What does this policy cover?

This Privacy & Cookie Policy applies specifically to your use of our website. It explains how we collect,

use, disclose, and protect your personal data while you interact with our website and use its features.

This policy also provides details about our use of cookies and similar technologies.

​

Please be aware that our website may include links to third-party websites. These websites are not

operated by us, and we have no control over their content or data-handling practices. We encourage

you to review the privacy policies of any third-party websites you visit, as we are not responsible for

the protection and privacy of any data you provide to these external sites.

​

This policy covers the personal data we collect directly through our website and any related services,

ensuring it is processed in compliance with UK data protection laws.

​

4. Children’s Privacy

Our website and services are not intended for individuals under the age of 13, and we do not

knowingly collect personal data from children without parental or guardian consent. If we discover

that we have collected personal data from a child without such consent, we will promptly delete it.

If you believe that we might have any information from or about a child without appropriate consent,

please contact us so that we can take appropriate action.

​

5. Your personal data?

The Data Protection Act 2018 and the UK General Data Protection Regulation (the “UK GDPR”) which

is collectively known as, “the Data Protection Legislation” defines personal data as any information

relating to an identifiable individual. This includes any data that can directly or indirectly identify a

person, referred to as the ‘data subject’.

​

Personal data can include, but is not limited to:

• Identifiers such as your name, contact information (e.g., email address and phone number),

and location.

• Technical information, including IP addresses, browser types, device IDs, and operating

system versions.

• Usage information, such as browsing history, preferences, and interactions with our website.

 

Personal data can also include sensitive information, known as “special category data” under UK

GDPR, which may relate to health, racial or ethnic origin, political opinions, religious beliefs, or other

protected characteristics. We only process special category data with explicit consent or as permitted

by law.

​

This policy explains how we handle personal data, ensuring compliance with UK data protection laws

to protect your privacy.

​

6. Your rights in relation to data

Under the Data Protection Legislation, you have the following rights regarding your personal data,

which you may exercise free of charge. These rights include:

a) The Right to Access: You have the right to request confirmation of whether we process your

personal data and, if so, to access a copy of that data along with information about how we use

it.

b) The Right to Rectification: If any personal data we hold about you is inaccurate or incomplete,

you have the right to request its correction without undue delay.

c) The Right to Erasure: Also known as "the right to be forgotten," this right enables you to

request the deletion or removal of your personal data when there is no longer a valid reason for

us to continue processing it. This right is subject to certain legal limitations.

d) The Right to Restrict Processing: You can request that we temporarily suspend the processing

of your personal data if, for example, you contest its accuracy or object to its processing.

e) The Right to Data Portability: If you have provided personal data to us, you have the right to

receive it in a structured, commonly used, and machine-readable format for reuse with another

service provider where the processing is based on consent or a contract.

f) The Right to Object: You have the right to object to our processing of your personal data in

certain circumstances, including for direct marketing purposes. We will stop processing your data

for these purposes upon receiving your objection.

g) The Right Not to Be Subjected to Automated Decision-Making: You have the right not to be

subject to a decision based solely on automated processing, including profiling, which produces

legal effects concerning you. We do not use your personal data in this way.

h) The Right to Withdraw Consent: Where we rely on your consent to process your personal

data, you have the right to withdraw that consent at any time. This will not affect the lawfulness

of any processing carried out before you withdraw your consent.

For more information about our use of your personal data or to exercise any of the above rights, please

contact us using the details provided in Section 10.

It is important to us that the personal data we hold about you is accurate and up-to-date. If your

personal data changes, please inform us as long as we retain that data. We are committed to

addressing any concerns regarding our use of your personal data and encourage you to contact us if

you have any questions.

​

7. What data is collected and how

We collect various types of personal data to improve our services, respond to inquiries, and enhance

your experience on our website. The data we collect includes:

a) Data You Provide Directly: We may collect personal data you provide directly to us when:

• You contact us via email or fill out forms on our website.

• You register for an account, subscribe to newsletters, or sign up for services.

• You participate in surveys or provide feedback.

This data may include:

• Identity and Contact Information: Name, email address, phone number, and postal address.

• Feedback and Correspondence: Information provided in your communications with us.

b) Data Collected Automatically: When you visit our website, we may automatically collect certain

information about your device and browsing activities, including:

• Technical Information: IP address, browser type and version, device identifiers, operating

system, and platform.

• Usage Information: Details about your visits to our website, such as the pages accessed, date

and time of access, duration of visit, and navigation paths.

This data helps us understand how our website is used, enabling us to improve its functionality and

performance. We collect this data using cookies and similar tracking technologies. Please refer to our

Cookies section for more information.

c) Data from Third Parties: Occasionally, we may receive data about you from third parties, including:

• Analytics Providers: Data from services like Google Analytics which helps us understand

website usage patterns.

• Advertising Networks: Data to personalise the advertising we may show you on our website

or other platforms.

d) Purpose and Legal Basis for Processing: We collect and process your personal data for the following

purposes, under the lawful bases permitted by the UK GDPR:

• To Provide and Improve Services: Processing is necessary for our legitimate interests in

ensuring the effective operation of our website and services.

• To Communicate with You: With your consent, we may use your contact information to

respond to your inquiries, send updates, or provide information about our services.

• For Marketing: Where permitted by law or with your consent, we may contact you for

marketing purposes. You can opt out of these communications at any time as we constantly

work to completely uphold your rights and adhere to our commitments under the Data

Protection Legislation and the Privacy and Electronic Communications (EC Directive)

Regulations 2003.

e) Data Collection for Legal Obligations: In some cases, we may process your data to comply with

legal requirements or to respond to lawful requests from authorities.

​

8. Legal Basis for Processing

We rely on one or more of the following legal bases to process your personal data:

• Performance of a Contract: Processing is necessary for us to fulfil our contract with you or to

take steps at your request before entering into a contract.

• Legitimate Interests: We may process your personal data where it is necessary for our

legitimate interests (or those of a third party), provided that your interests and fundamental

rights do not override those interests.

• Consent: In certain cases, we will obtain your consent to process your personal data, such as

for marketing communications. You can withdraw your consent at any time.

• Legal Obligation: We may process your data where necessary to comply with legal or

regulatory obligations.

​

9. Data retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was

collected, including to meet legal, accounting, or reporting requirements.

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the

personal data, the potential risk of harm from unauthorised use or disclosure, the purposes of

processing, and any applicable legal requirements.

Once the retention period expires, we will securely delete or anonymise your data in accordance with

our data retention policy. If anonymisation is not possible (for example, because your data is stored

in backup archives), we will store it securely and isolate it from further processing until deletion is

possible.

​

10. Keeping your data secure

We are committed to ensuring the security of your personal data. We take appropriate technical and

organisational measures to protect your data from unauthorised access, alteration, disclosure, or

destruction. These measures include:5

a) Access Control

• Restricting access to personal data to authorised personnel, contractors, and third-party

agents who have a legitimate need to access it and are bound by confidentiality obligations.

• Using secure password protocols, role-based access, and permission settings to limit access to

sensitive data.

b) Data Encryption

• Encrypting personal data during transmission and storage to prevent unauthorised access.

c) Secure Storage

• Storing data on secure servers and implementing regular security testing and monitoring to

protect against potential vulnerabilities.

d) Data Anonymisation and Minimisation

• Where possible, we anonymise or pseudonymise personal data to enhance security. We also

follow data minimisation principles, ensuring that we only retain data necessary for specific

purposes.

e) Regular Security Audits

• Conduct regular audits and assessments of our security practices to maintain data protection

standards and address emerging threats.

f) Data Breach Response

• In the event of a data breach involving your personal data, we have a protocol in place to

respond swiftly and mitigate potential harm. Where required by law, we will notify both

affected individuals and the Information Commissioner’s Office (ICO) within the appropriate

timeframe.

g) Training and Awareness

• Providing regular data protection and security training to employees to ensure they

understand the importance of safeguarding personal data and are aware of best practices for

security.

​

11. Data Protection Impact Assessments (DPIA)

To ensure the privacy and protection of personal data, we conduct Data Protection Impact

Assessments (DPIAs) for processing activities that pose a high risk to individuals’ privacy. These

assessments help us identify and mitigate risks associated with data processing activities in line with

GDPR requirements.

​

12. Transferring your data

We are committed to ensuring that your personal data is processed securely, regardless of where it is

stored or transferred. The location of your data storage will depend on our operational requirements

and legal obligations. We take the following steps to protect your data during international transfers:

a) Data Storage Within the UK and EEA

• Wherever possible, we store your personal data within the United Kingdom or the European

Economic Area (EEA), where it is fully protected under UK GDPR and EU GDPR standards.6

b) Transfers Outside the UK and EEA

• If it becomes necessary to transfer your personal data to countries outside the UK and EEA

(known as "third countries"), we will ensure that appropriate safeguards are in place to

protect your data to the same standard as within the UK and EEA. This includes:

o Standard Contractual Clauses (SCCs): We may use legally approved SCCs, which

provide binding commitments for data protection.

o Adequacy Decisions: If the country to which your data is transferred has been

deemed to provide an adequate level of data protection by the UK or European

Commission, your data will be treated as adequately protected.

c) Data Transfers to the United States

• For any data transferred to the United States, we may work with service providers who are

certified under the UK and EU-US Privacy Frameworks, or we will apply similar safeguards,

including SCCs, to ensure protection.

d) Security Measures for International Transfers

• In addition to legal safeguards, we apply technical and organisational security measures to

ensure that your data is secure during transfer. This includes encryption and restricted access

protocols.

If you would like further information about how we protect your personal data in cases of international

transfer, please contact us using the details provided in this policy.

​

13. Third-Party Data Sharing

We respect your privacy and will not share your personal data with any third parties except in specific

circumstances. Any data sharing will always be done in accordance with applicable data protection

laws, including the UK GDPR. We may share your data in the following situations:

a) Service Providers and Third-Party Processors

• We may share your personal data with third-party service providers who perform functions

on our behalf, such as website hosting, data storage, IT support, analytics, and marketing

services. These providers process data under our instructions and are contractually obligated

to protect your data and use it solely for the purposes specified by us.

b) Business Transfers

• If we undergo a merger, acquisition, reorganisation, or sale of some or all of our assets, your

personal data may be transferred as part of the transaction. We will take appropriate steps to

ensure the confidentiality and integrity of your personal data during any such transaction.

c) Legal Obligations

• We may disclose your personal data to comply with applicable legal or regulatory

requirements, or in response to requests from law enforcement authorities, courts, or other

government agencies where we believe disclosure is necessary to comply with the law,

protect our rights, or ensure the safety of our users.

d) Anonymised and Aggregated Data

• We may share anonymised or aggregated data with third parties for statistical analysis or

research purposes. This data cannot be used to identify you personally and is shared solely for

analytical or business development purposes.

e) Consent-Based Sharing

• In certain circumstances, we may share your data with third parties if you have given us

explicit consent to do so. This may include sharing data for specific marketing or promotional

purposes.

f) Security and Confidentiality

• Any third parties with whom we share your data are required to keep it secure and

confidential. We only work with reputable partners and ensure data processing agreements

are in place to uphold strict data protection standards.

We take steps to ensure that any third-party recipients of your data protect it securely and use it only

in compliance with this Privacy & Cookie Policy. If you would like more information on our data-sharing

practices, please contact us using the details provided in this policy.

 

14. How can I access my personal data?

Under the UK GDPR, you have the right to request details of the personal data we hold about you. This

is known as a “subject access request” (SAR). You can make a request to access your personal data at

any time by following the steps below:

a) How to Submit a Subject Access Request

• To request access to your data, please contact us in writing using the contact details provided

at the top of this policy. Include any information that will help us identify your records (such

as your full name, contact details, and any relevant account information).

b) Verification of Identity

• For your security, we may require additional identification to verify your request. This helps

ensure that we do not disclose personal data to anyone who does not have the right to access

it.

c) Response Time

• We will respond to your request as soon as possible, and at the latest within one month of

receiving it. If your request is complex or you have made multiple requests, we may extend

this period by up to two additional months. In such cases, we will inform you of the delay and

the reasons for it.

d) Fees

• There is generally no charge for making a subject access request. However, if your request is

"manifestly unfounded or excessive" (for example, if you make repetitive requests), we may

charge a reasonable fee to cover our administrative costs or, in some cases, refuse to comply

with your request.

e) Information Provided

• When responding to your request, we will provide you with a copy of your personal data,

along with details of how we process it, why we hold it, and who it may be shared with.

If you would like further information on how to access your personal data, or if you have any concerns

about our data handling practices, please contact us. We aim to resolve any issues you may have

directly, but you also have the right to file a complaint with the Information Commissioner’s Office

(ICO) if you believe we are not handling your data in compliance with applicable laws.

 

15. Your Right to Lodge a Complaint

If you have any concerns or are not satisfied with our handling of your personal data, you have the

right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory

authority for data protection issues:

• Website: https://ico.org.uk/

• Phone: 0303 123 1113

• Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,

Cheshire, SK9 5AF

We would, however, appreciate the opportunity to address your concerns directly before you

approach the ICO, so please feel free to contact us in the first instance.

 

16. About cookies

Our website uses cookies and similar tracking technologies to enhance your browsing experience,

analyse website traffic, and improve our services. This section explains what cookies are, the types we

use, and how you can manage your cookie preferences.

a) What Are Cookies?

• Cookies are small text files stored on your device (computer, tablet, or smartphone) when you

visit a website. They help websites remember your actions and preferences, allowing for a

smoother browsing experience. Cookies can either be "session cookies," which are deleted

once you close your browser, or "persistent cookies," which remain on your device until they

expire, or you delete them.

b) Types of Cookies We Use: Our website may use the following types of cookies:

• Strictly Necessary Cookies: These cookies are essential for the operation of our website. They

enable you to use features like secure areas, shopping carts, or account logins. Without these

cookies, certain services cannot be provided.

• Analytical/Performance Cookies: These cookies allow us to count visitors and see how users

navigate our website. They help us understand which pages are most popular and how we can

improve site performance. Data collected by these cookies is anonymous.

• Functionality Cookies: These cookies allow our website to remember your choices (such as

language preference or region) and provide enhanced, personalised features. They ensure

that when you return to our website, your preferences are remembered.

• Targeting/Advertising Cookies: These cookies record your visit to our website, the pages you

visited, and the links you followed. We may use this information to make our website, and any

advertising displayed more relevant to your interests. We may also share this information with

third-party advertising networks, such as Google Ads.

c) Third-Party Cookies: In addition to our own cookies, we may use third-party cookies from trusted

providers like Google Analytics to help us analyse how visitors use our website. These third-party

cookies are subject to the respective privacy policies of the providers.

d) Managing Cookies: You have the right to control and manage cookies as you wish. When you first

visit our website, you will be asked to consent to non-essential cookies. You can accept, reject, or

customise your cookie preferences through our cookie banner in accordance with your consent

preferences.

• Browser Settings: Most web browsers allow you to control cookies through the browser

settings. You can choose to block or delete cookies; however, please note that this may affect

your experience on our website, and some features may not function as intended.

• Opt-Out Options: If you wish to opt out of Google Analytics tracking, you can install the Google

Analytics opt-out browser add-on, available at tools.google.com/dlpage/gaoptout.

e) Changes to Our Cookie Policy: We may update this Cookies section periodically to reflect changes

in the types of cookies we use or for other operational, legal, or regulatory reasons. We recommend

checking this page regularly to stay informed about our use of cookies.

 

17. This privacy & cookie policy

We may update this Privacy & Cookie Policy from time to time to reflect changes in our practices, legal

or regulatory requirements, or to enhance our transparency regarding how we manage your personal

data. Any modifications will be posted on this page, and significant changes may be highlighted on our

website or communicated directly to you if required by law.

We encourage you to review this page periodically to stay informed about how we protect your

privacy and manage cookies. Your continued use of our website following any updates to this policy

will be deemed acceptance of the changes unless specific consent is required.

c) Last Update

• This Privacy & Cookie Policy was last updated on 13th January 2025.

If you have any questions about the changes or updates to this policy, please contact us using the

details provided at the top of this document.

bottom of page