Privacy Policy

Last Updated: 22/03/2025

1. Introduction

Welcome to Burnt Grove ("we", "our", or "us"). Your privacy is important to us, and this Privacy Policy explains how we collect, use, and protect your personal data when you use our website and services.

By using our services, you consent to the collection and processing of your personal data as outlined in this policy.

2. Data We Collect

We may collect the following types of data:

2.1 Information You Provide

  • Account Information: Name, email address, billing address, and payment details when you subscribe to our services.

  • Business Information: Details about your company, including branding and design preferences.

  • Communication Data: Emails, messages, or other interactions with us.

2.2 Commercially Sensitive Data

We recognise that, as part of your design requests, you may submit commercially sensitive information such as unreleased products, offers, or business strategies. We are committed to treating all such data with the highest level of confidentiality and care.

By submitting any commercially sensitive data, you acknowledge the following:

  • Confidentiality: We will not disclose your sensitive information to third parties, except where required by law or necessary to complete your design requests.

  • Limited Access: Only authorised personnel within Burnt Grove will have access to this data, and access will be restricted to what is necessary for the completion of your project.

  • Data Protection: We will take all reasonable steps to safeguard commercially sensitive data, including encryption and secure storage.

However, it is your responsibility to ensure that you have the necessary rights to share this data with us and that no third-party agreements are violated by the submission of such information.

2.3 Automatically Collected Data

  • Technical Data: IP address, browser type, device information, and usage patterns collected via cookies and analytics tools.

  • Usage Data: Information about how you interact with our website and services.

2.4 Third-Party Data

We may receive data from third-party payment processors, analytics providers, and business partners when necessary to provide our services.

3. How We Use Your Data

We use your personal data for the following purposes:

  • To provide and manage our subscription-based design services.

  • To process payments and manage billing.

  • To communicate with you regarding service updates, support, and marketing (only if you opt-in).

  • To improve our website and service offerings using analytics and feedback.

  • To comply with legal obligations and enforce our Terms & Conditions.

4. Legal Basis for Processing

We only process personal data when we have a legal basis to do so, including:

  • Contractual Necessity: When processing is required to deliver our services.

  • Legitimate Interests: To improve our services and maintain security.

  • Consent: When you explicitly opt-in to receive marketing communications.

  • Legal Obligations: When required by law.

5. Data Sharing & Third Parties

We do not sell or trade your personal data. However, we may share data with trusted third parties, including:

  • Payment Processors: To securely process transactions.

  • Cloud Storage & Hosting Providers: To store and manage business operations.

  • Analytics Providers: To improve our services and website performance.

  • Legal & Regulatory Authorities: When required to comply with legal obligations.

All third parties must adhere to strict data protection policies.

6. Data Storage & Retention

We retain personal data only for as long as necessary:

  • Account Data: Stored while you have an active subscription and up to 6 years after for legal and tax purposes.

  • Communication Data: Stored for up to 2 years for reference and service improvement.

  • Technical Data: Retained for up to 12 months for website analytics.

7. Your Rights

Under UK GDPR, you have the following rights:

  • Access: Request a copy of your personal data.

  • Correction: Rectify inaccurate or incomplete data.

  • Deletion: Request deletion of your data, subject to legal obligations.

  • Objection: Object to data processing based on legitimate interests.

  • Data Portability: Request a structured copy of your data.

To exercise your rights, contact us at barnaby@burntgrove.com. We will respond within 30 days.

8. Cookies & Tracking Technologies

We use cookies to enhance user experience and track website usage. By continuing to use our site, you consent to cookie usage. You can manage cookie preferences in your browser settings.

9. Data Security

We take security seriously and implement:

  • Encryption of sensitive data.

  • Access controls to restrict internal access.

  • Regular monitoring for security threats.

However, no system is 100% secure. You acknowledge that data transmission over the internet carries inherent risks.

10. International Data Transfers

If we transfer data outside the UK/EU, we ensure safeguards such as Standard Contractual Clauses (SCCs) to maintain data protection.

11. Updates to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via email or website notification.

12. Contact Information

For any privacy-related concerns, contact:

Burnt Grove

Email: barnaby@burntgrove.com