Grovura Limited Privacy Policy

Last updated: November 2025

Grovura Limited (“we”, “our”, or “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data in accordance with UK data protection laws, including the UK GDPR and the Data Protection Act 2018.

1. Data Controller

The Data Controller for Grovura Limited is:

Mr. Mark Shipley
Westthorpe Business Innovation Centre
Westthorpe Fields Road, Killamarsh, S21 1TZ
Email: datacontroller@Grovura.com

As the Data Controller, Mr. Shipley is responsible for ensuring your personal data is handled in accordance with this Privacy Policy and applicable data protection legislation.

2. Personal Data We Collect

We may collect the following personal data about you in a B2B (business-to-business) context:

• First name and last name

• Job role / position

• Business email address

• Business postal address

• Business phone number (mobile and/or landline)

We collect this information solely for the purposes of providing marketing products, communications, or other marketing-related services.

3. Lawful Basis for Processing

Our lawful basis for processing your personal data is legitimate interest, as we need to make initial communications or offers in order to provide our services. We ensure that our processing does not override your privacy rights.

All our communications include an opt-out option allowing you to stop receiving marketing messages at any time.

4. How We Use Your Data

Your personal data may be used for the following purposes:

• Sending marketing communications and offers relevant to your business

• Providing marketing services and support

• Responding to enquiries and requests

• Maintaining accurate records for our business operations

We do not sell or supply your personal information to third parties.

5. International Data Transfers

If we need to transfer personal data outside the EU or UK, we will ensure that adequate safeguards are in place and inform you before any such transfer occurs.

6. Data Retention

We will store your personal data indefinitely or until it is no longer accurate. We will regularly review and update records to ensure they remain correct.

7. Your Rights

Under UK data protection laws, you have the following rights regarding your personal data:

• The right to access – request a copy of the data we hold about you

• The right to rectification – correct inaccurate or incomplete data

• The right to erasure – request deletion of your data from our records

• The right to restrict processing – limit how we use your data

• The right to data portability – receive your data in a structured, machine-readable format

• The right to object – object to processing, including marketing communications

• The right not to be subject to automated decision-making, including profiling

Requests regarding your rights can be submitted to the Data Controller at datacontroller@Grovura.com

8. Data Protection Impact Assessments (DPIA)

Where necessary, we conduct Data Protection Impact Assessments to systematically evaluate and mitigate risks associated with processing personal data. These assessments help ensure compliance with data protection regulations and uphold your privacy rights.

9. Data Breach Notification

In the event of a data breach (including loss, unauthorised access, alteration, or disclosure), we will notify affected individuals within 72 hours of becoming aware of the breach.

10. Complaints

If you believe we have not complied with data protection laws, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) via ico.org.uk.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any updates will be published on this page with the “Last updated” date revised.