Privacy and GDPR Policy
This privacy and GDPR policy explains how we collect, use, store, share and protect personal data when you use this website, contact us or buy from us.
- Business name: SecureStone UK Ltd
- Email: ashley@securestoneuk.co.uk
When UK GDPR or EU GDPR may apply
We consider whether UK GDPR applies because we are established in the UK, or because goods or services are offered to people in the UK, or behaviour in the UK is monitored. We also consider separately whether EU GDPR may apply where goods or services are offered to people in the EEA or behaviour in the EEA is monitored.
- We have noted that UK GDPR may apply to our activities.
What personal data we collect
Depending on how you interact with the website and our services, we may collect and use the following categories of personal data:
- basic contact details such as name, email address and phone number
- address information
Why we use personal data
We use personal data to provide and manage services, respond to enquiries, manage orders, support customers, meet legal obligations, maintain records, improve the website, and where permitted, send relevant follow-up communications or marketing.
Lawful bases
We rely on the lawful basis that is most appropriate to the activity. This may include contract, legal obligation, legitimate interests, consent, or another lawful basis where applicable. Direct marketing may in some cases rely on legitimate interests, but this does not override PECR rules where consent is still required.
Cookies and similar technologies
We review cookies, pixels and similar technologies separately from general GDPR compliance. Some limited technologies may fall within narrow PECR exceptions, but advertising, tracking and similar tools generally still require valid consent before they are used.
- Necessary cookies: these help the website operate securely and deliver the service you ask for.
- Marketing cookies: these may be used for advertising, attribution, retargeting or campaign measurement.
Third parties and international transfers
We may use service providers, processors or platforms to help us run the website and deliver services. Where personal data is accessed or transferred internationally, we aim to identify those transfers, check whether adequacy applies, and where needed use suitable safeguards such as contractual measures.
Processor agreements and due diligence
Where another organisation processes personal data on our behalf, we aim to have suitable agreements in place and to review matters such as sub-processors, security standards, breach notification, assistance obligations and deletion or return of data when the relationship ends.
Your rights, including subject access requests
You may have rights over your personal data, including the right to ask for access to it. We aim to handle rights requests without undue delay and usually within the legal timeframe that applies. If we need proof of identity or clarification, we may ask for it before completing the response, and we will carry out searches that are reasonable and proportionate.
Data protection complaints
If you have a concern about how your personal data has been handled, you can use the complaint form on this page or contact us using the details provided. We aim to acknowledge data protection complaints, investigate them appropriately, keep you informed where needed and tell you the outcome without undue delay.
Data breaches and security
We aim to maintain a process for identifying, containing, recording and assessing personal data breaches. We also review security regularly. This may include access controls, account security, device security, backups, logging, processor security and incident response procedures.
Retention
We keep personal data only for as long as it is reasonably necessary for the purpose it was collected, or to meet legal, regulatory, accounting, contractual or reporting requirements. Our standard retention period is currently set at 6 years, although some categories of data may need to be kept for a shorter or longer period depending on the circumstances.
Cookie tools and third-party services
Our website may also use third-party services and tools such as Stripe, reCAPTCHA. These tools may store or access information on your device depending on how the site is configured, the purpose of the tool, and the choices you make through our cookie banner.
How to contact us
If you would like to contact us about privacy matters, data subject rights, complaints or marketing opt-outs, you can use the contact details shown on this page or the forms provided below.
Last updated: 19 May 2026
Copyright Notice
Copyright © 2026 SecureStone UK Ltd
Unless we say otherwise, this website and the material published on it, including written content, branding, layout, graphics, images and design elements, belong to SecureStone UK Ltd and are protected by copyright and other intellectual property rights.
You may view pages from this website in a browser, store them in your browser cache and print or download extracts for your own personal, non-commercial use. This permission does not allow you to republish, reproduce, adapt, distribute, share, broadcast or otherwise exploit any part of the website for commercial or public use without our prior written permission.
You must not copy the overall look and feel of this website, reuse written content as your own, or reproduce images, branding or other protected material on another website, platform or publication unless we have agreed this with you in writing first.
If you breach this notice, your right to use this website will end immediately and we may require you to remove, return or destroy any unauthorised copies. We also reserve the right to take further action where appropriate.
Email Opt-out
If you no longer want to receive follow-up messages or marketing contact from us, you can submit a request using the button below.
Data Requests (SAR)
If you want to ask for a copy of the personal data SecureStone UK Ltd holds about you, you can make a subject access request. You can also ask us to correct inaccurate information, erase data where appropriate, restrict processing, object to certain uses, or ask for a copy of data in a portable format where the law gives you that right.
How we handle a request
- We will review the request and confirm what is being asked.
- We may ask for reasonable proof of identity before we begin where this is necessary for security.
- We will search the systems, inboxes and records we reasonably need to check.
- We will provide a response without undue delay and usually within one calendar month.
- If we need clarification before we can proceed, we may pause the process until that clarification is received.
Information we may need from you
To help us deal with your request efficiently, please tell us your full name, contact details and enough information for us to identify the records you are asking about. If you have used more than one email address or account with us, please include those details too.
Identity verification
Where appropriate, we may ask for proportionate identification before disclosing personal data. This helps protect your information from unauthorised access.
Where we may search
Depending on the nature of your request, we may need to search contact records, order data, account records, support emails, form submissions, marketing systems, backups and other business systems relevant to your relationship with us.
How to make a request
Data protection complaint form
Email opt-out request
Data request form
Business Hours
Mon-Fri (8am - 6pm)
Saturday (9am - 6pm)
Sunday (10am - 4pm)
Out of Hours/Emergency Support
Please Call: 07542 715038
SecureStone UK Limited, registered as a limited company in England and Wales under company number: 17133668.
Registered Company Address: 21 Clare Road, Halifax, West Yorkshire, England, HX1 2HX.
