Data Protection Statement


Your personal data is data which by itself or with other data available to us can be used to identify you. We are Wandsworth Group Ltd, the data controllers. This data protection statement sets out how we’ll use your personal data. You can contact our Data Protection Officer (DPO) at The Wandsworth Group, Ritchie House, Woking Business Park, Albert Drive, Sheerwater, Woking, Surrey GU21 5JY if you have any questions.

The types of personal data we collect and use

Whether or not you become a customer, we’ll use your personal data for the reasons set out below and if you become a customer, we’ll use it to manage the account, product(s) or service you have requested. We’ll collect most of this directly during the process of taking you requirements, providing a quote and processing your order. The sources of personal data collected indirectly are mentioned in this statement. The personal data we use may be about you as a personal or business customer and may include:

  • Full name and personal details including contact information (e.g. home and business address and address history, email address, home, business and mobile telephone numbers);
  • Financial details (e.g. details of bank accounts or credit card);
  • Records of products and services you’ve obtained or applied for, how you use them, and the relevant technology used to access or manage them (e.g. mobile phone location data, IP address, MAC address);

Monitoring of communications

Subject to applicable laws, we may monitor and record our communication exchanges with you; calls, emails, text messages, social media messages and other communications in the course of your dealings with us. We may do this for a variety of reasons, including regulatory compliance, self-regulatory practices, crime prevention and detection, protecting the security of our communications systems and procedures, checking for obscene or profane content, for quality control and staff training, and when we need to see a record of what’s been said.

Providing your personal data

We’ll tell you if providing some personal data is optional, including if we ask for your consent to process it. In all other cases, we will require your personal data in order to fulfil your request (i.e. an order, a sample request, a brochure request, etc) unless you’re a customer and we already hold the necessary information.

Market and market research opt-out

If you’d prefer not to receive up-to-date information on our products and services, or to be included in market research, you can indicate this by updating your marketing preferences at any time.

Data subject access requests:

You have the right to find out what information, if any, is held about you. This is known as a data subject access request.

A data subject access request is not designed to deal with general queries that you may have about your account. We therefore aim to provide you with the information you require without you having to make a formal request.

Right to rectification

You have the right to have your personal data corrected if it’s inaccurate, or to have any incomplete personal data completed.

Using your personal data: the legal basis and purposes

We’ll process your personal data:

  1. As necessary to perform our contract with you for the relevant products and services;
    1. To take steps at your request prior to entering into it;
    2. To decide whether to enter into it;
    3. To manage and perform that contract;
    4. To update our records;
  1. As necessary for our own legitimate interests:
    1. For good governance, accounting, and managing and auditing our business operations;
    2. To monitor emails, calls and other communications;
    3. For market research, analysis and developing statistics;
    4. To send you marketing communications.
  1. As necessary to comply with a legal obligation, e.g.:
    1. When you exercise your rights under data protection law and make requests;
    2. For compliance with legal and regulatory requirements and related disclosures;
    3. For establishment and defence of legal rights;
    4. For activities relating to the prevention, detection and investigation of crime;
    5. To monitor emails, calls, other communications, and activities on your
  1. Based on your consent, e.g.:
    1. To send you marketing communications where we have asked for your consent to do

You are free at any time to change your mind and withdraw your consent. The consequence might be that we can’t do certain things for you.

Sharing of your personal data

Subject to applicable data protection law we may share your personal data with:

  • Sub-contractors and other persons who help us provide our products and services;
  • Companies and other persons providing services to us;
  • Our legal and other professional advisors, including our auditors;
  • Government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities and with regulators e.g. the Information Commissioner’s Office);
  • Courts, to comply with legal requirements, and for the administration of justice:
  • In an emergency or to otherwise protect your vital interests;
  • To protect the security or integrity of our business operations;
  • In the event of a change in business structure (e.g. disposal, merger or acquisition of all or part of the business);
  • Market research organisations who help to improve our products or services;
  • Payment systems (e.g. Visa or Mastercard);
  • Anyone else when we have your consent or as required by

Protecting Your Data

We protect your personal data against unauthorised access, unlawful use, accidental loss, corruption or destruction.

We use technical measures such as encryption and password protection to protect your data and the systems they are held in. We also use operational measures to protect the data, for example by limiting the number of people who have access to the databases in which our booking information is held.

We keep these security measures under review and refer to industry security standards to keep up to date with current best practice.

How long we keep your data

We keep your data only for as long as we need it. How long we need data depends on what we are using it for, whether that is to provide services to you, for our own legitimate interests (described above) or so that we can comply with the law.

We will actively review the information we hold and when there is no longer a customer, legal or business need for us to hold it, we will either delete it securely or in some cases anonymise it.

Sending data outside of the European Economic Area

We will only send data outside of the European Economic Area (‘EEA’) to work with our agents and advisers who we use to deliver services to you or to comply with a legal duty. If we do transfer data outside the EEA, we will make sure that it is protected in the same way as if it were being used in the EEA. We will use one of the following safeguards to ensure that it is protected:

Transfer the data to a non-EEA country which has privacy laws at least as protective as those within the EEA

Put in place a contract with the recipient of the data which means the recipient must protect the data to the same standards as required within the EEA, or Transfer it to organisations which are part of the Privacy Shield. The Privacy Shield is a framework which sets out the standards for data to be sent between the United States and European countries. The Privacy Shield ensures that data is protected to the same standards as used within the EEA.

Want to talk to us?

Register your interest with us below and one of our team will be in touch.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.