Privacy Policy

1. Introduction

Granite Rose Consultancy Limited ("we," "us," or "our") is committed to protecting the privacy and security of your personal data in compliance with the Data Protection (Bailiwick of Guernsey) Law, 2017 ("Guernsey GDPR") and other applicable regulations.

This Privacy Policy explains:

  • What personal data we collect.
  • How we use, store, and protect it.
  • Your rights regarding your data.

By using our website or engaging with our services, you agree to the terms outlined in this policy.

2. Information We Collect

We collect personal data to provide Governance, Risk, and Compliance (GRC) consultancy services. This includes:

a) Data You Provide

  • Contact & Business Information (e.g., name, email, company, job title).
  • Service-Related Data (e.g., compliance queries, risk assessments, contractual details).
  • Professional Credentials (e.g., CVs, certifications for recruitment or consultancy roles).
  • Communications (e.g., emails, support requests, meeting notes).

b) Data Collected Automatically

  • Website Usage Data (e.g., IP address, browser type, pages visited via cookies).
  • Cookies & Analytics (used to improve site functionality—see our Cookie Policy).

c) Third-Party Data

  • Publicly available business information (e.g., LinkedIn, corporate registries).
  • Referrals from partners (where lawful and transparent).

3. How We Use Your Data

We process personal data for:

Purpose

Legal Basis (Guernsey GDPR)

Delivering GRC consultancy services

Contractual necessity

Responding to inquiries

Legitimate interest

Improving our website & services

Legitimate interest

Compliance with legal obligations

Legal requirement

Marketing (with consent)

Consent

4. Data Sharing & International Transfers

We may share data with:

  • Subcontractors & Partners (only as needed, under strict confidentiality).
  • Regulators (if required by Guernsey law).
  • International Clients/Partners (with safeguards like EU SCCs for transfers outside Guernsey).

We do not sell your data.

5. Data Security & Retention

  • Security Measures: Encryption, access controls, and regular audits.
  • Retention Periods: Kept only as long as necessary (e.g., 7 years for tax records, or as per client agreements).

6. Your Rights Under Guernsey GDPR

You have the right to:
✅ Access, correct, or delete your data.
✅ Restrict or object to processing.
✅ Withdraw consent (if applicable).
✅ Lodge a complaint with the Guernsey ODPA.

To exercise these rights, contact us at:
📧 [email protected]
📞 07839 114747

7. Updates to This Policy

We may revise this policy periodically. The latest version will always be available on our website.

Company Name: Granite Rose Consultancy Limited
Registered Address: 📍 2 Courtil Fougere, Saltpans Road, St. Sampson, Guernsey, GY2 4NT

Email: [email protected]
Website: www.graniterose consultancy.com

Discover more about Granite Rose Consultancy

Get in touch to find out more about who we are and enquire about how we can help you

 

Contact

This website uses cookies to enhance your browsing experience. Read More