Click to view our online
e-brochure online here

Quick contact

Privacy Policy



Data Protection Policy

Cookies Policy

T: 01400 283500



Data Protection Policy



Blue Castle Group recognises its responsibilities to protect all aspects of personal data that it collects in the course of its business activities, whether the data is that of its employees, customers, supplier or other interested party’s personal information.

The General Data Protection Regulation (GDPR) has been introduced to regulate the personal data held by companies, its main aim is to protect the fundamental rights and freedoms of individuals, in particular the protection of personal data and the protection of the principle of free movement of personal data within the EU.


About the data we hold

Blue Castle Group will process (collect, store and use) the information you provide in accordance to the EU’s General Data Protection Regulation. We will endeavor to keep your information accurate and up to date, and will not retain it for longer than is necessary.


Employees Data

As an employer it is our responsibility to ensure that the information we hold about you is relevant, accurate and kept up to date.  Any data held shall be processed fairly and lawfully and in accordance with the rights of data subjects under General Data Protection Regulation.

We will only pass relevant information with regards to you to a third party when it is necessary to do so. This will be for the purpose of completing payroll, pension contributions, HMRC requirements and any other requirements we may have under Employment Law.


Customer and Supplier Data

The personal data we collect from our customers and suppliers will be processed fairly and lawfully and in accordance with the rights of data subjects under GPDR. To enable us to complete our service offering, we may need to share some of your details with a third party company. Any information we share will be required to complete your order, and all of our third party companies are subject to our GDPR compliance checks. The information we share will be used for the following purposes:

- To provide you with the services, and/or information you have requested;

- Keep a record of your relationship with us;

- Ensure we know how you prefer to be contacted;

- Provide you with a more personalised service;

- Administering orders and accounts relating to you;

- For sending promotional emails, mailings or to call you about services, offers and other things we think might be of interest and relevant to you. (Provided we have your consent)

For further information on this please refer to our Privacy Policy (insert link)


Data Breaches

Data security is of great importance to Blue Castle Group and our ISO 9001 accreditation for Quality Management Requirements, outlines our robust internal procedures, demonstrating our ongoing commitment to compliance and safeguarding your data.

To prevent unauthorised disclosure or access to your information, we have implemented strong physical and electronic security safeguards and we also follow stringent procedures to ensure we work with all personal data in line with the Data Protection Act 1998.

We take our data security very seriously and have secure systems in place to ensure that your data is protected and is only accessible to those that require access to fulfil the services we provide to you.


We understand that a personal data breach isn’t only about loss or theft of personal data, and that it can include misuse of data, accidental or unlawful destruction, alteration, unauthorised disclosure of, or access to, personal data; therefore we have allocated responsibility for managing breaches to a dedicated person that is trained to recognise data breaches. For further information on this please refer to our Privacy Policy


We have provided our staff with information and training so that they know how they should use the personal data that they have access to, what their responsibilities are to protect this data, how it should be processed; and how to escalate a security incident to the appropriate person within our organisation to determine whether a breach has occurred.


Some examples of a Data Breach are:

- access by an unauthorised third party;

- deliberate or accidental action (or inaction) by a controller or processor;

- sending personal data to an incorrect recipient;

- computing devices containing personal data being lost or stolen;

- alteration of personal data without permission; and

- loss of availability of personal data.


Depending on the type of data breach, it must be reported to the Information Commissioner’s Offices (ICO) within 72 hours of becoming aware of the breach, and if the breach poses a high risk of adversely affecting an individual’s rights and freedoms, they must also be notified without undue delay.  Therefore, we have a robust breach detection procedure in place and all employees are under strict instruction to report any data breach or suspected data breach to the Compliance Manager immediately and all reports will be recorded on the company’s Compliance Register.


An example of the types of data breaches that are reportable to the Information Commissioners Office are:

- the loss of a USB stick,

- data being destroyed or sent to the wrong address,

- the theft of a laptop or electronic device that is not encrypted

- IT systems being hacked

- Theft of personal data held on the company’s systems


Due to the nature of our business, we may use a third party company to complete our service offerings. Any third party company that we use is required to sign a GDPR Supplier Contract (as required under Article 28 of the General Data Protection Regulation) and provide us with a copy of their Privacy Policy. This is so that we can ensure that they have adequate safeguards in place to protect any data that we share with them.


They are also required, under Article 33(2) of the General Data Protection Regulation, to inform us without undue delay, of any data breach that affects data we have shared with them, as soon as they become aware of the breach.


Subject Access requests

Blue Castle Group, at your request, can confirm what information we hold about you and how it is processed. If there are any discrepancies in the information we hold, please let us know and we will correct the information.


Any person that we hold personal data on, has the right, upon written request, to receive details about the personal data we hold on them and information on how this is being processed.  They have the right to request details on the source of the data and to whom it may be disclosed.

We are only obliged to supply this information if you make a written request and all requests will be responded to within 30 days. Please send a written request detailing the information you would like to see, along with proof of your identity by post to:


Compliance Manager, Blue Castle Group, Warwick House, Long Bennington Business Park, Long Bennington, NG23 5JR or email

If you wish to complain about the way we are using your personal data, please contact Compliance Manager - email or call 01400 283500.

For further information about your rights, please contact the Information Commissioner’s Office