Privacy Policy
Last updated: 20 June 2026
This Privacy Policy explains how GDPR Gateway Limited collects and uses personal data through our website and in connection with our services.
1. Who we are
GDPR Gateway Limited is a company registered in England and Wales, with a registered office address of Suite RA01, 195=197 Wood Street, London, E17 3NU. We are registered with the UK Information Commissioner's Office under registration number [XXXXX].
This Privacy Policy applies to our own use of personal data as a data controller. It does not replace the privacy notices of our clients, including where we act as their appointed representative under Article 27 of the UK GDPR or EU GDPR.
2. What this Privacy Policy covers
This Privacy Policy applies to personal data we collect and use when:
- you visit our website;
- you contact us through our website or by email;
- you enquire about our services;
- you become, or act on behalf of, one of our clients;
- we enter into or manage a contract with you or the organisation you represent.
3. Personal data we collect and why we use it
Website enquiries
If you contact us through our website, we may collect:
- your name;
- your email address;
- the contents of your message.
Our lawful basis for this processing is our legitimate interests in responding to enquiries, communicating with prospective clients and establishing business relationships.
Client and service administration
If you are a client, prospective client, authorised signatory, representative or contact person for a client, we may collect:
- your name;
- your email address;
- your signature;
- details of the organisation you represent;
- correspondence relating to our services.
We do not intentionally collect special category data during the provision of our services.
4. Website hosting and technical data
Our website is hosted within the European Union.
We do not transfer website data to the United States.
Depending on how our website hosting is configured, limited technical information such as IP addresses, device information or server logs may be processed by our hosting provider for security, maintenance and website delivery purposes. Where this occurs, it is used to operate and protect the website.
5. Cookies and analytics
Our website may use analytics tools to understand how visitors use the website. Where required by law, we will ask for your consent before using non-essential cookies or similar technologies. If you wish to control the use of non-essential cookies, please see the Cookie Controls popup button on the left hand side of your screen.
6. Who we share personal data with
We may share personal data with carefully selected service providers who help us operate our business, including:
- website hosting providers;
- email service providers;
- professional advisers, such as accountants or legal advisers;
- IT and security service providers.
We only share personal data where necessary and, where required, we put appropriate contractual protections in place.
We may also disclose personal data where required by law, regulation, court order or competent authority.
7. International transfers
Our website data is hosted within the European Union. Our operations data is hosted in the United Kingdom.
If we transfer personal data outside the United Kingdom, European Economic Area or another country considered adequate under applicable data protection law, we will ensure that appropriate safeguards are in place.
8. How long we keep personal data
We keep personal data only for as long as necessary for the purposes described in this Privacy Policy.
Our retention periods are:
- Website enquiry data: For as long as needed to respond to the enquiry and manage any resulting business relationship
- Client contact details: For the duration of the client relationship and for one year after the end of the relationship
- Contract records, including names, email addresses and signatures: For the duration of the client relationship and for six years after the end of the relationship
- Service-related correspondence: For the duration of the client relationship and for six years after the end of the relationship
- Technical website logs, where collected: For a limited period needed for website security, maintenance and operation
We may keep personal data for longer where required by law, regulation, court order or for the establishment, exercise or defence of legal claims.
9. Your rights
In relation to our processing of your personal data, you have the right to:
- request access to your personal data;
- request correction of inaccurate personal data;
- request deletion of your personal data;
- object to processing based on legitimate interests;
- request restriction of processing;
- request portability of your personal data;
- withdraw consent, where processing is based on consent.
To exercise your rights, contact us at privacy@gdprgateway.co.uk.
We may need to verify your identity before responding.
10. Complaints
If you have concerns about how we use your personal data, please contact us first so that we can try to resolve the issue.
You also have the right to complain to the UK Information Commissioner’s Office:
Information Commissioner’s Office
Website: ico.org.uk
Telephone: 0303 123 1113
If you are located in the EU, you may also have the right to complain to your local data protection supervisory authority.
11. Security
We take reasonable steps to protect personal data against unauthorised access, loss, misuse or disclosure.
However, no website or email system can be guaranteed to be completely secure. Please avoid sending unnecessary confidential, sensitive or special category personal data through our website contact form.
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The updated version will apply from the date it is published on our website.
13. Contact us
If you have any questions about this Privacy Policy or how we use personal data, contact us at privacy@gdprgateway.co.uk.