Privacy Policy

Last updated: 15th January 2026

Introduction

grastelino.top Ltd ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website grastelino.top or use our business automation and analytics services.

We are the data controller for the personal information we process about you. Our registered office is located at 299 Kings Road, Birmingham, West Midlands, B2X 1IE, United Kingdom. Company registration number: 64253917.

Data We Collect

We may collect and process the following categories of personal data about you:

  • Contact Information: Including your name, email address, telephone number, postal address, and company details when you contact us or request our services.
  • Communication Data: Records of your communications with us, including emails, phone calls, and messages sent through our website contact forms.
  • Website Usage Data: Information about how you use our website, including your IP address, browser type, operating system, referring URLs, pages visited, and time spent on our site.
  • Technical Data: Device information, browser settings, and other technical information collected through cookies and similar technologies.
  • Marketing Preferences: Your preferences regarding marketing communications and how you would like to hear from us.

How We Use Your Information

We use your personal data for the following purposes:

  • Service Delivery: To provide our business automation and analytics services, respond to your enquiries, and fulfil our contractual obligations.
  • Communication: To communicate with you about our services, respond to your questions, and provide customer support.
  • Business Operations: To manage our business relationships, process payments, and maintain accurate records.
  • Legal Compliance: To comply with legal obligations, resolve disputes, and enforce our agreements.
  • Marketing: With your consent, to send you information about our services, industry insights, and promotional materials.
  • Website Improvement: To analyse website usage, improve our services, and enhance user experience.

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

  • Contractual Necessity: Processing necessary for the performance of a contract or to take steps prior to entering into a contract.
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as providing customer support and improving our services.
  • Consent: Where you have given explicit consent for specific processing activities, such as marketing communications.
  • Legal Obligation: Processing necessary to comply with legal requirements.

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use, please refer to our Cookie Policy.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your data in the following circumstances:

  • Service Providers: With trusted third-party service providers who assist us in delivering our services, subject to appropriate data protection agreements.
  • Legal Requirements: When required by law, regulation, or legal process, or to protect our rights and interests.
  • Business Transfers: In connection with any merger, acquisition, or sale of business assets, subject to appropriate data protection measures.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations. The retention period varies depending on the type of data and the purpose for processing:

  • Contact and Communication Data: Retained for up to 7 years after the end of our business relationship for legal and regulatory compliance.
  • Website Usage Data: Typically retained for up to 26 months for analytics purposes.
  • Marketing Data: Retained until you withdraw consent or for up to 3 years of inactivity.

Your Rights

Under GDPR and UK data protection law, you have the following rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right of Rectification: You can request correction of inaccurate or incomplete personal data.
  • Right of Erasure: You can request deletion of your personal data in certain circumstances.
  • Right to Restrict Processing: You can request restriction of processing in specific situations.
  • Right to Data Portability: You can request transfer of your data to another organisation in a structured format.
  • Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication procedures
  • Staff training on data protection and security
  • Incident response and breach notification procedures

International Data Transfers

Your personal data may be transferred to and processed in countries outside the UK and European Economic Area (EEA). When we make such transfers, we ensure appropriate safeguards are in place, including:

  • Adequacy decisions by the European Commission or UK authorities
  • Standard Contractual Clauses approved by regulatory authorities
  • Other legally recognised transfer mechanisms

Children's Privacy

Our services are not intended for individuals under the age of 16, and we do not knowingly collect personal data from children under this age. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our website and updating the "last updated" date. We encourage you to review this policy periodically.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please reach out to us:

  • Email: [email protected]
  • Phone: +44 1214503551
  • Post: Data Protection Officer, grastelino.top Ltd, 299 Kings Road, Birmingham, West Midlands, B2X 1IE, United Kingdom

Complaints

If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the relevant supervisory authority:

  • UK: Information Commissioner's Office (ICO) - ico.org.uk
  • EU: Your local data protection authority