top of page




1.1 Who we are

The Garhill Limited website is manged by Garhill Ltd (“Company”), a company incorporated and registered in England and Wales with company number 01558834 and registered office is at Marston House, 5 Elmdon Lane, Solihull B37 7DL who is the controller and responsible for your personal data (collectively referred to as “Garhill”, "we", "us" or "our" in this privacy policy).

1.2 Purpose of this Privacy Policy

We take your privacy very seriously. As such, we ask that you read this Privacy Policy carefully as it contains important information about:

(a) what personal data we may collect from you;

(b) how we will use, store and protect your personal data;

(c) with whom we may share personal data; and

(d) your rights under relevant data protection laws.

It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements the other notices and is not intended to override them.


Under data protection laws, we must have a legal basis in order to process your personal data. The legal bases on which we may process your data are:

• Consent: where you have consented for us to process your personal data for one or more specific reasons.

• Performance of a contract: in order to perform a contract we may have with you.


We may collect and process the following personal data about you:

Identity data: first name, maiden name, last name, username or similar identifier, marital status, title, date of birth          and gender.

Contact data: billing address, delivery address, email address and telephone numbers.

Financial data: bank account and payment card details.

Transaction data: details about payments to and from you and other details of products and services you have              purchased from us.

Marketing and communications data:[your preferences in receiving marketing from us and our third parties and            your communication preferences.

[Technical Data: your login data, browser type and version, time zone setting and location, browser plug-in types        and versions, operating system and platform, and other technology on the devices you use to access this website.]

[Profile Data: your username and password, the services purchased by you, your feedback and survey responses.]

[Usage Data: information about how you use our website and services.]


We collect your personal data in a number of ways:

• Directly: contact, financial and identity data directly provided by you when you fill in online forms or correspond          with us in any way, for example when:

o  applying for services;

o  submitting a query; or

o  when you give us feedback or contact us. 

From third parties/public sources:

o  contact, financial and transaction data may be obtained from providers of technical, payment, credit               referencing, and delivery services such as Creditsafe Limited.

o identity and contact data from publicly availably sources such as Companies House and the Electoral              Register based inside the EU.

• From automated technologies or interactions:

o Data is collected as you interact with our website and we will automatically collect data about your                equipment, browsing actions and patterns. We collect this data using cookies or similar technologies. 


We will only use your personal data when the law allows us to. Most commonly, we may use your personal data for the following purposes:

to provide the requested services to you;

in accordance with our legitimate interests (in circumstances where your interests and fundamental rights do not            override our interests);

to personalise your experience on the Company website;

to provide customer service, including to respond to your enquiries and fulfil any of your requests for information;

to send you important information regarding our services and/or other technical notices, updates, security alerts,          and support and administrative messages; 

to provide you with choices regarding certain personal data uses, particularly around marketing and advertising;

to get your express opt-in consent before we share your personal data with any third party for marketing                      purposes; and

as we believe to be necessary or appropriate:

o in order to comply with a legal obligation. This applies where the processing is necessary for us to comply          with the law;

o to enforce or apply this Privacy Policy; and

o to protect our legitimate rights, privacy, property or safety, and/or those of a third party and your rights do          not override those interests.

We will only use your personal data for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to obtain an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.


We will not retain your personal data for longer than is necessary for the purposes for which the personal data is processed. This means that your data will only be retained for as long as it is still required to provide you with services or is necessary for legal, regulatory, tax, accounting or reporting requirements. When calculating the appropriate retention period for your data, we consider the nature and sensitivity of the data, the purposes for which we are processing the data, and any applicable statutory retention periods. Using these criteria, we regularly review the personal data which we hold and the purposes for which it is held and processed. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

When we determine that personal data can no longer be retained (or where you request us to delete your data in accordance with your right to do so (please see section 11 below for more information)), we ensure that this data is securely deleted or destroyed.


It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.


In order to protect your personal data, Signature Private Finance Limited Group has appropriate organisational and technical security measures. These measures include ensuring our internal IT systems are suitably secure and implementing procedures to deal with any suspected data breach. In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required, will notify you and any applicable authority of such a breach.


Transfers to third parties

The security of your data is important to us and we will, therefore, only transfer your data to third parties if:

you have expressly consented to your data being shared with specific third parties;

the third party needs to access the personal data for the purposes of providing any contracted services to you;

the third party has agreed to comply with Signature Private Finance Limited’s instructions, required data security            standards, policies, and procedures and put adequate security measures in place;

the transfer complies with any applicable cross border transfer restrictions and suitable safeguards have been put in      place; and

a fully executed written contract that contains suitable obligations and protections has been entered into between          the parties.


You have certain rights in relation to the personal data we process and hold about you. These include:

Right to rectification: you have the right to require us to correct any inaccuracies in your data.

Right to erasure: you have the right to require us to delete your data, subject to certain legal requirements.

Right to restriction of processing: you have the right to require us to restrict the way in which we process your                personal data.

You may wish to restrict processing if, for example:

You contest the accuracy of the data and wish to have it corrected;

You object to processing but we are required to retain the data for reasons of public interest; or

If you would prefer restriction to erasure.

Right to data portability: you have the right to obtain from us easily and securely the personal data we hold on you        for any purpose you see fit.

Right to object to processing: you have the right to require us to stop processing your personal data should you wish      the data to be retained but no longer processed.

Right of access: you have the right to request access to personal data that we may process about you.

Right to withdraw consent: you have the right at any time to withdraw consent allowing us to process your personal      data.

If you would like to exercise any of the above rights, please:

put your request in writing;

include proof of your identity (such as a copy of your driving licence or passport) and address (such as a recent            utility or credit card bill); and

specify the right you wish to exercise.

Response time

We will respond to requests made by you within one month.


We will not charge a fee for you to exercise any of the rights listed above.


For more information about the cookies we use, please see our Cookies Policy.


No changes to this Privacy Policy are valid or have any effect unless agreed by us in writing. We reserve the right to vary this Privacy Policy from time to time. Our updated terms will be displayed on the Garhill Limited website. It is your responsibility to check this Privacy Policy from time to time to verify such variations.


You have the right to make a complaint about data misuse at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

01564 773 223


bottom of page