Granelon
Legal Document — Rev. 2026-01

PRIVACY POLICY

Effective Date: 1 January 2026
Jurisdiction: United Kingdom (UK GDPR)
Controller: Granelon
DOCUMENT START ——

1. Introduction

This Privacy Policy describes how Granelon ("we", "us", "our") collects, uses, and safeguards personal data submitted through or in connection with the website granelon.info. Granelon operates as a home movement archive based at 92 Kensington Church Street, London W8 4BH, United Kingdom. This policy is governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using this website or submitting an enquiry, you acknowledge the data handling practices described in this policy. If you have questions about this policy, contact us at [email protected].

2. Data We Collect

We collect the following categories of personal data:

  • Contact enquiry data: Name, email address, enquiry type, and message content submitted via the contact form on contact.php.
  • Technical data: IP address, browser type, device type, operating system, pages visited, and time spent on the site. This data is collected automatically via server logs and, where consent is given, via analytics cookies.
  • Cookie data: Preference records for cookie consent, stored locally. See the Cookie Policy for full details.

We do not collect sensitive personal data (as defined under UK GDPR Article 9) and we do not request information about health, finances, identity documents, or occupational status.

3. How We Use Your Data

Personal data collected via the contact form is used solely to respond to the submitted enquiry and to maintain a record of communications for archive correspondence purposes. Technical data is used to maintain the operational security and performance of the website and, where analytics consent has been provided, to understand how visitors engage with the archive.

We do not use personal data for automated profiling, targeted advertising, or resale to third parties. We do not transfer personal data outside the United Kingdom without appropriate safeguards in place.

4. Legal Basis for Processing

Contact enquiry data is processed on the basis of legitimate interests (UK GDPR Article 6(1)(f)) — specifically, the legitimate interest of responding to direct communications from site visitors. Technical data collected via non-essential cookies is processed on the basis of consent (UK GDPR Article 6(1)(a)), which may be withdrawn at any time via the Cookie Settings link in the site footer. Technical data collected via server logs for security purposes is processed on the basis of legitimate interests.

5. Data Retention

Contact enquiry records are retained for a maximum of 24 months from the date of the enquiry, after which they are permanently deleted from our systems. Technical log data is retained for a maximum of 12 months. Cookie consent preference records are retained for the duration of the consent period (typically 12 months) and refreshed upon the next consent event.

6. Your Rights Under UK GDPR

You have the following rights in relation to your personal data held by Granelon:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request correction of inaccurate data.
  • Right to erasure: You may request deletion of your personal data, subject to legal retention obligations.
  • Right to restriction: You may request that we restrict processing of your data in certain circumstances.
  • Right to object: You may object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to complain: You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe your data has been handled improperly.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 calendar days.

7. Third-Party Services

This website loads resources from third-party CDN providers (Google Fonts, jsDelivr, unpkg, Cloudflare, jQuery CDN). These providers may log technical data (IP address, request headers) in accordance with their own privacy policies. We recommend reviewing their respective policies. We do not share your contact enquiry data with these providers. Google Maps iframe embeds on contact.php are subject to Google's Privacy Policy. The iframe is loaded with referrerpolicy="no-referrer-when-downgrade" to limit referrer data transmission.

8. Security

We implement technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include HTTPS enforcement via server configuration, restricted access to server logs, and regular review of data handling procedures. No data transmission over the internet can be assured absolutely secure; we take all reasonable steps to protect data in transit and at rest.

9. Changes to This Policy

This policy may be updated periodically to reflect changes in data handling practices or legal obligations. The effective date at the top of this document will be updated accordingly. Continued use of the site after a policy update constitutes acknowledgement of the revised terms.

10. Contact

Data controller: Granelon, 92 Kensington Church Street, London W8 4BH, United Kingdom.
Email: [email protected]
Telephone: +44 20 7359 4821
Office hours: Monday – Friday, 09:00 – 18:00 (GMT/BST)

DOCUMENT END ——
Document Reference: GRN-PRIV-2026-01 | Last reviewed: January 2026