Legal & Policies

Privacy notice

Gillespies privacy notice

(last updated 5th July 2025)

 

Who we are

Gillespies LLP (“we”, “us”, “our” or "Company"), whose registered office is The Coach House, Hinksey Hill, Oxford, OX1 5BS, is committed to protecting and respecting the privacy of all visitors to its website. 

What this policy covers

In line with General Data Protection Regulations (effective 25 May 2018), this privacy notice sets out how we handle and process personal data in our day-to-day business activities, including through our website, client communications, business development efforts, recruitment and project delivery. It applies to anyone whose data we process, including clients, collaborators, applicants and website users.

By visiting www.gillespies.co.uk you are accepting and consenting to the practices described in this policy. If you do not agree with the following policy you may wish to cease using this website.

The personal data we collect

We may collect personal information such as your name, job title, employer, contact details, and any other information you provide to us. This may happen when you correspond with us, fill in forms on our website, respond to surveys, attend our events, or communicate with our staff in any professional capacity.

We also collect technical data when you interact with our website, such as your IP address, browser type, time zone, and usage patterns. This is typically collected via cookies and analytics tools to help us understand user behaviour and improve our website experience.

If you apply for a role, we may process information you submit as part of your application, including your CV and any references provided.

How we use your personal data

We process your personal data to manage our client and partner relationships, respond to enquiries, deliver projects, and keep you updated about relevant services or event. We may also use your data to assess job applications or maintain the security and functionality of our website.

We only use personally identifiable information (your data) for the specific purpose of developing new business for our company. Our lawful basis for processing your data is Legitimate Interest stated here as the assumption that the organisation at which you are employed may benefit from the services offered by our company

How we may use it:

  • To maintain responsible commercial relations with you
  • To understand your service and project needs
  • To manage and develop our business and operations
  • To meet legal and regulatory requirements
  • To notify you of changes to our services
  • To process a job application, if appropriate; see our recruitment privacy policy for further information
  • To recommend your product or service to relevant industry contacts
  • To keep our site safe and secure

When you voluntarily give us your personal information we will only use it for the above purposes. If we intend to use your personal information for a purpose other than those above, we will seek your express consent.

Who will it be shared with?

Gillespies LLP will only use this information for our own internal purposes. In our company, access to your data is limited to employees specifically tasked with managing data or developing new business. We will not sell, rent or otherwise distribute any personal information to third parties.

Your legal rights

You have the right to ask us not to process your personal information. You also have the right to see and correct data that we hold about you. If your details change or any other information we hold is inaccurate or out of date, please contact us directly by email or post using the below details.

By post

Data Controller
Gillespies LLP
The Coach House
Hinksey Hill
Oxford
OX1 5BS

By email

Please send your email to datacontroller@gillespies.co.uk

We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Making a complaint

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance if you are likely to do so.

Data security and protection

We are committed to ensuring that your information is safe, and will take reasonable technical and organisational precautions to ensure that your personal information is treated securely. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and management procedures to safeguard and secure the information we collect online.

Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

We will hold information for clients, consultants and suppliers for the duration of the contract for a specific project, as well as 12 years post completion in accordance with professional indemnity requirements. For unsuccessful job applications, we will keep your personal data on file for 6 months in case there are other further employment opportunities for which you may be suited. You may withdraw your consent to this at any time, by emailing datacontroller@gillespies.co.uk

Third-party links

Our website may contain links on some pages that, when clicked, will take you to our industry clients’ and consultants' websites. If you follow a link to any of these websites this privacy statement does not apply, and we do not accept responsibility or liability for their policies.

Cookies and tracking technologies

Cookies are small text files that are saved to your computer.

We use ‘traffic log cookies’ to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to our customers’ needs. We only use this information for statistical analysis purposes.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. Gillespies does not use cookies to collect or store personally identifiable information about you. You can choose to accept or decline the use of cookies on your computer when you visit this website. Please click here to read our cookie policy. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org

Mixpanel

We use a web analytics service provided by Mixpanel Inc. ("Mixpanel"), to understand how users interact with our website and to improve our services. Mixpanel uses cookies, pixel tags, and similar technologies to collect and analyse information about your use of our site (such as pages visited, time spent, IP address, and device information).

The information generated by Mixpanel about your use of our website may be transmitted and stored by Mixpanel on servers in the United States or the European Union. Mixpanel acts as a data processor for us and uses this information solely to evaluate your use of our website, compile reports on website activity, and provide other services relating to website activity and usage.

Mixpanel does not sell your personal information or combine it with data from other sources. For more information on Mixpanel's privacy practices, please review the Mixpanel Privacy Policy <https://mixpanel.com/legal/privacy-policy>.

Opt-Out Choices: You can prevent Mixpanel from collecting your information by opting out. You can do this at anytime by visiting the Mixpanel Opt-Out Page. Please note that if you clear your cookies or use a different browser, you will need to opt out again.

Data breach reporting

If it becomes apparent that a potential data breach has occurred, we will report this to the ICO within 72 hours of becoming aware of the data breach. This will be the case if the data breach is likely to result in damage to a person’s reputation, financial loss, loss of confidentiality, or major financial or social disadvantage. If the breach is likely to result in a high risk to the rights and freedoms of the data subject the company will also contact the data subject without undue delay.

Data breaches will be reported to the Information Commissioner Office (ICO) by calling the dedicated personal data breach helpline on 0303 123 1113.

Changes to this policy

We may update this privacy policy from time to time to reflect legal or operational changes. The latest version will always be available on our website. We encourage you to review it periodically.