Date Issued: October 2025
Review Date: March 2026

This Privacy Policy explains how Mumford & Wood Ltd (“we”, “our”, “us”) collects, uses, and protects your personal data when you use our website and services. It also explains how we use cookies and how you can manage them.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

1. About Us

Mumford & Wood Ltd is the controller of your personal data. This means we decide how and why your data is processed.

Data Protection Manager (DPM): Name: Cher Perry Address: Tower Business Park, Kelvedon Road, Tiptree, Essex CO5 0LX Email: cher.perry@ptp-group.co.uk Phone: 01621 813233

If you are not satisfied with our response, you can contact the Information Commissioner’s Office (ICO): www.ico.org.uk.

2. What Data We Collect

We may collect the following personal data:

Identity Information: Name, date of birth, gender, marital status.
Contact Information: Address, email, phone number.
Financial & Transaction Information: Bank details, payments, order history.
Technical Information: IP address, browser type, device details, cookies, and other tracking data.
Marketing Preferences: Your choices for receiving communications.

We may also collect aggregated or anonymised data (e.g., usage statistics) which does not identify you.

We do not intentionally collect special category (sensitive) personal data such as health information, religious or political beliefs, or data about criminal convictions, unless required by law or with your explicit consent.

3. How We Collect Data

Directly: When you register, purchase, contact us, or sign up for marketing.
Automatically: Through cookies and analytics tools when you use our website.
From third parties: Such as business partners, public sources (e.g., Companies House), or analytics providers.

4. How We Use Your Data

We process your data only when we have a lawful basis under UK GDPR:

Contract: To deliver orders, manage accounts, and provide services.
Legal obligation: To meet tax, legal, or regulatory requirements.
Legitimate interest: To improve services, maintain security, and understand customer needs (only where our interests are not overridden by your rights).
Consent: To send you marketing communications or to use non-essential cookies.

5. Marketing

We will only send you marketing communications if you have given clear, affirmative consent.

You can opt in via our website, during purchases, or through other interactions.
You can withdraw consent at any time by clicking “unsubscribe” in our emails or contacting us directly.

Even if you opt out of marketing, we may still contact you about essential matters such as your orders, services, or legal notices.

6. Sharing Your Data

We may share your personal data with:

Internal teams and group companies.
Trusted third-party suppliers: IT providers, payment processors, couriers.
Regulators or law enforcement authorities, where legally required.

We do not sell your personal data.

If our business is merged or sold, your data may be transferred to the new owner, who will be bound by the same data protection obligations.

7. Cookies & Tracking Technologies

What Are Cookies?

Cookies are small text files placed on your device when you visit our website. They help us improve your browsing experience and website performance.

Types of Cookies We Use

Essential cookies: Required for the site to function (e.g., shopping cart, login).
Performance cookies: Help us understand how visitors use our website (e.g., analytics).
Functionality cookies: Remember your preferences and settings.
Marketing/targeting cookies: Used (with your consent) to deliver relevant advertising.

Managing Cookies

On your first visit, you will see a cookie banner asking for your consent (except for essential cookies). You can:

Accept or reject non-essential cookies.
Change your preferences at any time via your browser settings or our cookie banner.

Please note: If you disable cookies, some website features may not work properly.

8. Data Retention

We retain your personal data only for as long as necessary for the purposes collected, including to meet legal, tax, or accounting requirements. Once data is no longer needed, we securely delete or anonymise it.

9. International Transfers

If we transfer your data outside the UK (for example, to IT service providers in the EEA or USA), we ensure appropriate safeguards are in place, such as:

Adequacy regulations issued by the UK government, or
Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner’s Office (ICO), or
Other approved data transfer mechanisms.

10. Your Rights

You have the following rights under UK GDPR:

Access: Request a copy of your personal data.
Correction: Ask us to fix inaccurate or incomplete data.
Erasure: Request deletion of your data (in certain circumstances).
Restriction: Ask us to limit processing in certain situations.
Portability: Receive your data in a structured, commonly used format.
Objection: Object to processing for marketing or certain legitimate interests.
Withdraw consent: Stop any processing based on your consent.

To exercise your rights, contact:

Mumford & Wood Ltd

Tower Business Park, Kelvedon Road, Tiptree, Essex CO5 0LX Email: ptpgconpliance@ptp-group.co.uk

If unresolved, you can lodge a complaint with the ICO: www.ico.org.uk.

11. Security

We use appropriate technical and organisational measures to protect your data from loss, misuse, or unauthorised access. Access is restricted to those who need it to perform their roles.

12. Updates to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with a new “last updated” date. Please check back regularly for changes.

Policies