Privacy Policy


We treat privacy and confidentiality very seriously at Golley Slater (referred to in this notice as “we”, “us” or “our”). We comply with all aspects of the UK’s data protection legislative framework, which includes the UK General Data Protection Regulation (GDPR) and other UK legislation.

Scope of this notice

We respect the right of individuals to privacy. Our Privacy Notice explains:

  • Who we are
  • Who this privacy policy applies to
  • What kinds of personal data we may hold about you
  • How we obtain data about you
  • What we do with personal data
  • Who we may share your personal data with
  • Retention
  • Security
  • Transfers
  • Your rights
  • Your right to complain

Who we are

Our company is Golley Slater Group Limited. Our registered office is Wharton Place, Wharton Street, Cardiff, CF10 1GS and company registered number 0584047.

In the course of providing marketing services to our clients and running our businesses, we gather and use personal information about a number of different categories of people. We have developed this privacy notice in order to be as transparent as possible about the personal information we collect and use.

Individuals wishing to contact us about data protection issues may do so by writing to us at Group Operations Director, Golley Slater Group Limited, Wharton Place, Wharton Street, Cardiff, CF10 1GS or by emailing us at

Who does this privacy notice apply to

This privacy notice has been written for the benefit of the following categories of people (referred to in this notice as “you”):

  • our clients and people that represent them or who work for them;
  • people who make enquiries about our services;
  • people who receive our newsletters or invitations to our seminars and events and those who attend such events;
  • people who visit our websites or who follow us on our various social media channels;
  • business contacts of Golley Slater Group Limited;
  • people who have won a prize that we are contracted to fulfil 
  • suppliers that we use or that our clients use; and
  • our regulators, insurers, auditors, professional advisers and certification bodies.

This privacy notice does not apply to:

  • people who currently work for us, have worked for us or who are interested in working for us. We have written a separate privacy notice for this group.
  • any services which we provide to a client as a data processor. In such circumstances our collection and use of personal information is covered by our client’s privacy notice.

If you believe that we are processing your personal information, but you are not included in the above list please contact us to discuss this.

What kinds of personal information we may hold about you

The personal information that we collect includes:

  • basic information, such as your name (including name prefix or title), the company you work for, your title or position.
  • contact information, such as your postal address, email address and phone number(s).
  • where you are our client, we will collect information about your circumstances that have led to you wishing to use our services. We also keep records of your contact with us.
  • technical information collected when you visit our website or digital or in relation to materials and communications we send to you electronically, which includes information about the type of device you are using, your IP address and geographic location, your operating system and version, browser type, the content you view and the search terms you enter.
  • information you provide to us for the purposes of attending meetings and events we host, including access and dietary requirements.
  • where you are a prize winner, name; address; date of birth and email address for you and your emergency contacts 

What we do with personal data

We may use this personal data for the following purposes:

  • to send you relevant marketing communications about our services
  • to undertake research and analysis
  • for identity validation and fraud reduction
  • to communicate with you in relation to the provision of services by us
  • to enable us, our clients or other suppliers of ours or our clients to communicate with you in relation to the provision of goods or services by you or the person that you work for
  • to enable you and any other relevant individuals to be invited to, and to attend, the event and to facilitate your attendance (for example, dietary or special access requirements).
  • If you are a public official, otherwise act in official capacity, work for a public body, are a journalist or otherwise involved in the media and we need to contact you in the course of providing public relations or related services for our clients
  • to understand how people use our website so that we can make it more intuitive.
  • to deliver and manage a prize or incentive.


The lawful basis on which we rely are


Processing of your personal data is necessary for us to administer the pre-contract and contractual relationship between ourselves and our clients/suppliers in connection with the performance of a contract.

Legal obligation

This applies where we need to collect and use your personal information to comply with applicable laws and regulatory requirements.


We may (but usually do not) need your consent to use your personal information. You can withdraw your consent by contacting us (see below).

Legitimate interests

Golley Slater uses and shares personal data based on its legitimate commercial interests.

The data protection legislative framework recognises that it is in our legitimate business interests to collect and use personal information for marketing reasons. We do not need your consent to do this lawfully, but we are obliged to inform you that you have a right to object to this. The law also allows us to send marketing communications by electronic means to our existing clients and business contacts without needing consent. Again, you have the right to object to this activity if you wish.

How we obtain data about you

The personal data we have comes from various sources.

  • You give us your personal information directly, when you engage with us, including via our websites or digital media channels
  • We obtain additional information in the course of undertaking checks in order to comply with our statutory and regulatory obligations or where such checks are in our legitimate business interests
  • We obtain contact details and other information from our business contacts
  • We collect data from public information sources such as telephone directories, social media, the internet and news articles, and occasionally buy marketing lists of business contacts
  • We collect personal information while monitoring our technology tools and services, including our websites, email and social media communications. For information about our use of tracking devices and cookies, please refer to our Cookies policy here.

Who we share your information with

A number of third parties may have access to your personal information or we may share or send it to them. This includes:

  • business partners, suppliers and sub-contractors for the performance of any contract we enter into with you;
  • analytics and search engine providers that assist us in the improvement and optimisation of our site.
  • We will disclose your personal information to third parties:
    • In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
    • If Golley Slater or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
    • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Acceptable Use Policy and other agreements; or to protect the rights, property, or safety of Golley Slater Group, our customers, or others.

Personal information used in Golley Slater’s data products and services may also be passed to and used by members of the Golley Slater group of companies. We may also pass data to other companies that process personal data on our behalf to help us conduct our business. When we do so, we ensure that appropriate contractual safeguards are put in place.


Our policy is to not hold personal information for longer than is necessary. We have established data retention timelines for all of the personal information that we hold based on why we need the information. The timelines take into account any statutory or regulatory obligations we have to keep the information, our legitimate business interests, best practice and our current technical capabilities. We have developed a Data Retention Policy that captures this information. We delete or destroy personal information securely in accordance with our Data Retention Policy.


Golley Slater takes security seriously and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us including the use of encryption and pseudonymisation. We have Cyber Essentials Plus certification. If you wish to discuss the security of your information please contact us.


We do not send personal data outside the European Economic Area (EEA) as a matter of course.

We rely upon the EU GDPR adequacy decision for transfers of data between the UK and the EEA.

Transfers of personal data outside the EEA can arise where we are acting for business clients with interests outside the EEA that:

have operations or employees / contractors that based outside the EEA

buy goods or services from businesses or organisations that are based outside the EEA

are entering into transactions with business, organisations or individuals based outside the EEA

If we are required to transfer personal data outside of the EEA, we will ensure that we do so in a legally compliant manner and take steps to ensure the information is protected in the same way as if it was being used in the EEA.

Your rights

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes. You can exercise your right to prevent such processing by not opting in to be contacted for marketing purposes. You can also exercise the right at any time by contacting us at Golley Slater Group Ltd., Wharton Place, 13 Wharton Street, Cardiff, CF10 1GS


Your right to complain

If you have a complaint about our use of your information, we would prefer you to contact us directly in the first instance so that we can address your complaint. However, you can also contact the Information Commissioner’s Office via their website at or write to them at:

Information Commissioner’s Office

Wycliffe House

Water Lane




Changes to this Privacy Notice

Golley Slater reserves the right to update and revise this Privacy Notice from time to time to take into account legislative and other developments. Any changes we may make to our Privacy Notice will be posted on this page and contain an “effective date” reflecting when the last changes occurred.

Effective Date: 1 June 2022.