Privacy Policy

This privacy policy explains how we collect and use any personal data when you access our services (including our website) in accordance with the Data Protection Act 2018 (the 2018 Act) and the EU General Data Protection Regulation (GDPR).

Data Protection Principles

Personal data must be processed in accordance with six Data Protection Principles. It must:

  • be processed fairly, lawfully and transparently;
  • be collected and processed only for specified, explicit and legitimate purposes;
  • be adequate, relevant and limited to what is necessary for the purposes for which it is processed;
  • be accurate and kept up to date. Any inaccurate data must be deleted or rectified without delay;
  • not be kept for longer than is necessary for the purposes for which it is processed; and
  • be processed securely.

We are accountable for these principles and must be able to show that we are compliant.

What personal data do we collect?

Our reasons for collecting personal information from you may be to: (i) help us deliver our services; (ii) improve, develop and market new services; (iii) carry out requests made by you on our website or in relation to our services; (iv) use as otherwise required or permitted by law.

We collect personal data when:

  • you visit our website;
  • you complete and submit the Contact Form;
  • we engage in business dealings.

Specifically, we hold the following types of data:

  • personal details such as name, address, phone numbers, email address if the Contact Form is used;
  • data provided to us or requested by us for the purposes of providing our services to ensure our clients receive an appropriate service and ongoing support: personal details such as name, address, phone numbers, job title, email addresses.

How will we use personal data?

When you visit our website, a record of your visit is made. That data is used completely anonymously, in order to determine the number of people who visit our website and the most frequently used sections of the site. This enables us to continually update and refine the site. If you use any forms on the website to send an email to us, a record will also be made of your email address and your telephone number.

We may collect, hold, use and disclose the information collected as is necessary in the performance of our services to you or for complying with a legal obligation; or as part of our legitimate interests in marketing our services to existing clients and interested parties to grow our business.

We may therefore collect, hold, use and disclose the information collected to compile statistical data and to: maintain our database; develop/improve our website; respond to any email enquiries; notify you of any upcoming marketing, trainingor other events; provide you with publications; manage quality control; manage systems administration; attend to compliance issues; provide you or your organisation with advice; and for other marketing purposes.

We will not use or disclose personal data for any other purpose which is not related to the above purposes without your consent, unless otherwise authorised, required or permitted under the laws of England and Wales.

We do not operate any automated decision-making systems.

Will we disclose your data?

We may disclose personal data where it has been supplied to us for the purposes of providing services and support on a confidential basis to external service providers so that they can provide services such as systems integration advice or bespoke computer programming services in connection with the operation of our business and the delivery of our service to you.

How long will we retain personal data?

Personal data must not be kept for longer than is necessary for the purposes for which it is processed.

Where you have provided consent for the processing of data you have the right to withdraw this consent which must be in writing. Where consent has been withdrawn, the data will be disposed of.

Once data is no longer needed and/or consent has been withdrawn, we will arrange for the data to be disposed of. This will be by the deletion of data from our databases, online systems, email or other electronic systems.

Access to your information and other rights

Under the GDPR and the 2018 Act you have a number of rights with regard to your personal data.

Please contact us at should you require more detail/wish to exercise your rights.

  • The right to information about what personal data we process, how and on what basis as set out in this privacy policy.
  • The right to access your own personal data by way of a subject access request. Identification will be requested for security.
  • The right to correct any inaccuracies in your personal data.
  • The right to request that we erase your personal data, however this would only be where we were not entitled under the law to process it or it is no longer necessary to process it for the purpose it was collected.
  • The right to object to data processing where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop.
  • The right to object if we process your personal data for the purposes of direct marketing.
  • The right to receive a copy of your personal data and to transfer your personal data to another data controller. We will not charge for this and will in most cases aim to do this within one month.
  • With some exceptions, the right not to be subjected to automated decision-making.
  • In most situations, the right to be notified of a significant data security breach concerning your personal data.
  • In most situations we will not rely on your consent as a lawful ground to process your data. If we do however request your consent to the processing of your personal data for a specific purpose, you have the right not to consent or to withdraw your consent later.
  • We want to make sure that your personal information is accurate and up to date. Please contact us to correct or remove information you think is inaccurate or out of date.


You have the right to complain to the Information Commissioner. You can do this by contacting the Information Commissioners Office directly. Full contact details including a helpline number can be found on the Information Commissioners Office website ( This website has further information on your rights and our obligations.

Identification will also be requested for security.


Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit

Our website uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics sets a cookie in order to evaluate your use of our website and compile reports for us on activity on the website. Google stores the information collected by the cookie on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Googles behalf. Google will not associate your IP address with any other data held by Google. By using our website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.

Other websites

Our website may contain links to other sites. When you link to other websites you should read their own privacy policy.

How to contact us

Please review our website regularly as our privacy policy may change from time to time. If you have any questions about our privacy policy or information we hold about you please contact:

The Directors, Painted Red Limited, Buckenham Lodge, Chapel Court, Fakenham, Norfolk, NR21 9EA
Tel: 01628 810111