Privacy Policy

Gill & Joiner Access Ltd (Company No. 17093613) is the data controller for personal data processed through this website. Our registered office is Silver Rose 21, East Lodge Village, East Lodge Lane, Enfield, England, EN2 8AS.

If you have any questions about this policy or how we handle your data, please contact us:

• Email: ray@gillandjoineraccess.co.uk or tanya@gillandjoineraccess.co.uk
• Tel: 07789 777742 (Raymond Gill) or 07949 989701 (Tanya Joiner)

Our processing activities are governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We only collect personal data that you voluntarily provide to us through our contact and project enquiry forms, or in subsequent correspondence. This includes:

• Identity details: your name and, where provided, the company you represent;
• Contact details: your email address and, where provided, telephone number;
• Project information: details of your enquiry, project stage, location, and any files (drawings, programmes, specifications) you choose to attach;
• Correspondence: the content of any messages and any subsequent emails or calls.

We do not collect special category data. We do not knowingly collect data from anyone under the age of 18.

We do not use any analytics, advertising, or social media tracking on this website, and we do not set any non-essential cookies. See our Cookie Policy for further detail.

We use your personal data only for the following purposes:

1. To respond to your enquiry and provide the consultancy information you have requested.
2. To prepare and send quotations for our services where you have asked us to.
3. To deliver the services you have engaged us to provide, including project correspondence and deliverables.
4. To keep records of our business communications and engagements as required by law and standard business practice.
5. To comply with our legal obligations, including tax, accounting, and regulatory requirements.

The lawful bases we rely on under UK GDPR are:

• Legitimate interests (Article 6(1)(f)) for responding to unsolicited enquiries and managing prospective client relationships;
• Contract (Article 6(1)(b)) where we have entered into an engagement with you or are taking steps at your request prior to entering into one;
• Legal obligation (Article 6(1)(c)) for record-keeping required by HMRC, Companies House, and other regulators.

We do not use your data for marketing, profiling, or automated decision-making.

We do not sell, rent, or trade your personal data. We share it only with the following categories of recipient, and only to the extent necessary:

• Resend (resend.com) — our transactional email provider. When you submit a form on this site, the content of your submission is sent through Resend's infrastructure so it can be delivered to our inbox. Resend acts as a data processor under our instructions.
• Vercel (vercel.com) — our website hosting provider. Vercel processes data only to serve the site and may keep short-term operational logs (IP addresses, request paths) as part of its hosting service.
• Our email provider — once a form submission reaches our inbox, it is stored in our standard business email system in the same way as any other correspondence.
• Professional advisers and subcontractors — where strictly necessary to deliver an engagement, and only under equivalent confidentiality and data protection obligations.
• Regulators, courts, and law enforcement — where we are legally required to disclose information.

We do not transfer personal data outside the UK or the European Economic Area as a matter of course. Where one of our processors operates internationally (for example, Resend or Vercel may route traffic through US or EU infrastructure), we rely on the safeguards offered by their UK GDPR-compliant data processing terms, including the UK International Data Transfer Addendum where applicable.

We retain personal data only for as long as is necessary for the purposes set out above:

• Unanswered or declined enquiries: up to 12 months from last contact, after which we delete them unless you have asked us to keep your details on file.
• Active client and engagement records: for the duration of the engagement and for at least 6 years afterwards, in line with our legal and accounting obligations.
• Email correspondence: held within our email system in line with our internal retention practices, typically for 6 years.

When the retention period expires, we delete or securely destroy the data. Where data is technically difficult to delete (for example, in encrypted backups), we isolate it from active processing until the backup cycle naturally overwrites it.

We use appropriate technical and organisational measures to protect personal data, including:

• Encryption in transit (HTTPS / TLS) for all data submitted through this website;
• Access controls on the email accounts and devices that receive and store enquiries;
• Use of reputable processors (Resend, Vercel) with their own published security and certification programmes;
• Restricting access to personal data to the directors and any subcontractors who genuinely need it.

No system is perfectly secure. If we ever become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours where required and, in serious cases, will contact affected individuals directly.

Under UK GDPR you have a number of rights in respect of your personal data. You can ask us to:

• Confirm what personal data we hold about you and provide a copy (right of access);
• Correct any data that is inaccurate or incomplete (right to rectification);
• Delete your data where we no longer have a lawful reason to keep it (right to erasure);
• Restrict how we use your data while a query about it is being resolved;
• Object to processing we carry out under legitimate interests;
• Receive a portable copy of data you have given us, in a structured electronic format;
• Withdraw consent at any time, where we have relied on your consent for a specific activity.

To exercise any of these rights, please email ray@gillandjoineraccess.co.uk or tanya@gillandjoineraccess.co.uk. We will respond within one month. There is no charge for most requests.

If you are unhappy with how we have handled your data, you can complain to the Information Commissioner's Office at ico.org.uk or on 0303 123 1113. We would, however, appreciate the chance to address your concerns first.

We may update this Privacy Policy from time to time to reflect changes in our business, the services we provide, or the law. The "Effective Date" at the top of this page shows when the current version was published. Material changes will be flagged on this page; for active engagements we will also notify you by email where appropriate.

We recommend reviewing this page periodically to stay informed about how we handle your data.