Overview

Grant Fides Limited (“we”, “us” or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Notice explains how we collect, use, store and share your personal data when you interact with us, including through our website and while providing our services.

We are the data controller of your personal data for the purposes of the Data Protection Act 2018 and the UK General Data Protection Regulation (“UK GDPR”).

This Privacy Notice should be read alongside our Terms of Business, which set out further details of how we process personal data while providing our services. If you have any questions about this Privacy Notice or how we use your information, please contact us at: chris.grant@grantfides.com

What personal information we collect

We may collect and process the following types of personal information:

  • Identity and contact data (such as name, address, email address and telephone number)

  • Professional and background information (such as occupation and relevant third-party details)

  • Financial and transaction data (including payment details and records of services provided)

  • Engagement and communications data (including correspondence, meeting notes and records of decisions)

  • Website and usage data (including IP address, browser type and how you interact with our website)

  • Marketing information (including preferences and interaction history)

  • Compliance-related information (including identification documents where required by law)

We may also receive personal data relating to third parties where it is provided to us as part of our services.

Where we get personal information from

We may collect personal information from:

  • You directly

  • Your organisation or representatives

  • Third parties you ask us to deal with

  • Providers of compliance or identity verification services

  • Regulatory authorities

  • Publicly available sources

  • Market research organisations

  • Providers of marketing lists or other business contact information

How we use your personal information and our lawful bases

We use your personal information where we have a lawful basis to do so under UK GDPR. We may use your personal information to:

  • Provide and manage our services - contract

  • Communicate with you, including responding to enquiries - contract or legitimate interests

  • Invoice, collect payments and maintain financial records - contract, legitimate interests or legal obligation

  • Maintain records of our business relationship - legitimate interests or legal obligation

  • Improve our services and website functionality - legitimate interests

  • Send relevant business updates and service information - legitimate interests or consent, where required

  • Comply with legal and regulatory obligations - legal obligation

  • Establish, exercise or defend legal claims - legitimate interests

  • Use software tools, including Artificial Intelligence and third-party platforms, to support delivery of our services - contract or legitimate interests, subject to appropriate safeguards and, where applicable, data protection requirements

Where we rely on consent, you may withdraw your consent at any time.

Our legitimate interests

Where we rely on legitimate interests, our interests may include:

  • Managing and developing our business

  • Providing, improving and administering our services

  • Communicating with clients and prospective clients

  • Maintaining records of our business dealings

  • Managing complaints, disputes and legal claims

  • Protecting our business, systems and information

  • Sending relevant business updates where permitted by law

We only rely on legitimate interests where we consider that our interests are not overridden by your rights, freedoms or interests.

Disclosure of personal information

We do not sell your personal data.

We may share your personal information with:

  • Professional advisers (including accountants and legal advisers)

  • Software and technology providers (including cloud-based systems and data processing tools)

  • Regulatory authorities or law enforcement bodies where required

  • Third parties involved in delivering our services

Any third parties we engage are required to process your data securely and only for permitted purposes.

International transfers

Your personal data may be processed outside the United Kingdom, including by third-party service providers.

Where this occurs, we will ensure that appropriate safeguards are in place in accordance with UK data protection legislation, including:

  • Transfers to countries subject to adequacy decisions; or

  • Use of approved contractual safeguards such as the UK International Data Transfer Agreement or Standard Contractual Clauses

If you do not provide personal data

Where we are required to collect personal data by law or under the terms of a contract, and you fail to provide that data, we may not be able to provide our services.

How long we keep your information

We will retain your personal information only for as long as necessary for the purposes for which it was collected, including to meet legal, regulatory and accounting requirements.

We will typically retain personal data for up to 7 years to comply with legal, regulatory and accounting requirements.

Your data protection rights

Under UK data protection law, you have the right to:

  • Access the personal data we hold about you

  • Request correction of inaccurate or incomplete data

  • Request deletion of your data

  • Restrict or object to processing

  • Request transfer of your data to another organisation

  • Withdraw consent where applicable

Some of these rights may be subject to limitations depending on the lawful basis for processing and applicable legal exemptions. To exercise any of these rights, please contact us using the details above. We will respond without undue delay and within one month.

Automated decision-making

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects.

Cookies

Our website may use cookies to improve functionality and user experience. Cookies are small text files placed on your device. You can control cookies through your browser settings. For more information, visit: www.allaboutcookies.org.

Data security

We take appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, misuse or alteration.

However, the transmission of information over the internet is not completely secure, and we cannot guarantee absolute security.

Complaints

If you have any concerns about how we use your personal data, please contact us in the first instance. You also have the right to lodge a complaint with the Information Commissioner’s Office:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline: 0303 123 1113

www.ico.org.uk

Changes to this Privacy Notice

We may update this Privacy Notice from time to time. Any changes will be published on our website.

Last updated: 29 April 2026

Privacy Notice