Data Use & Collection
This page outlines how A C Goatham & Son Limited collects, processes, stores and shares personal data.
1. What Data We Collect
We may collect and process:
- Identity Data – name, title, date of birth
- Contact Data – email, telephone, address
- Technical Data – IP address, browser type, usage patterns
- Profile & Usage Data – preferences, interests, website interactions
- Marketing & Communications Data
- Transaction & Financial Data (if placing orders)
We may also aggregate data (e.g., website usage) for analysis, which is not considered personal data.
2. How We Collect Data
- Direct interactions – forms, emails, phone calls, etc.
- Automated technologies – cookies, server logs, etc.
See our cookie policy for more information.
3. Legal Bases for Processing
We rely on one or more of the following:
- Contract – to fulfil contracts with you
- Legitimate Interest – e.g., to prevent fraud or improve services
- Legal Obligation – to meet legal/regulatory duties
- Consent – where you’ve explicitly agreed (e.g., marketing)
How We Use Your Data
| Purpose | Types of Data | Legal Basis |
|---|---|---|
| Registering you | Identity, Contact | Contract |
| Fulfilling orders | Identity, Contact, Financial, Transaction, Marketing | Contract, Legitimate interest |
| Customer service | Identity, Contact, Profile, Marketing | Contract, Legal obligation, Legitimate interest |
| Website protection | Identity, Contact, Technical | Legal obligation, Legitimate interest |
| Marketing & personalisation | Identity, Contact, Profile, Usage, Technical | Consent or Legitimate interest |
| Analytics & improvement | Technical, Usage | Legitimate interest |
5. Marketing
- You may receive marketing if you’ve made a purchase or requested information and not opted out.
- You can opt out at any time via:
- Website preference settings
- Unsubscribe links in emails
- Directly contacting us
We will not share your data with third parties for their own marketing unless you give explicit consent.
6. Data Sharing
We may share data with:
- Internal teams
- Trusted external service providers
- Third parties involved in business restructuring, merger or acquisition
All partners must comply with data protection laws and are not permitted to use your data for their own purposes.
7. Data Security
We have implemented security measures to prevent your data being:
- Lost
- Used/accessed unlawfully
- Altered or disclosed without permission
Access is restricted to authorised personnel who are bound by confidentiality.
8. International Transfers
We do not transfer your personal data outside of the UK.
9. Data Retention
We only keep your personal data for as long as necessary, typically:
- Up to 6 years for legal/tax purposes (e.g. Contact, Identity, Financial data)
- Longer if needed for legal claims or obligations
- Aggregated or anonymised data may be retained indefinitely
You may request deletion of your data in certain circumstances (see Privacy Policy for details).