Plowman Craven Limited (Company Number – 06429056) (hereafter ‘the Company’) fully supports the increasing demand placed on protecting prospect and client/personal data and our obligation ensures that we hold data lawfully, fairly and in a transparent manner in line with GDPR.

The Company collects client and prospect business data for specified and legitimate business purposes stated throughout this document.  The collection and storage of business data is limited to what the company considers necessary and processed only for the purposes stated in this document.   The Company will send relevant product and services information to its prospects/clients based on the company type and/or job title. The Company is committed to protecting the privacy of its business clients. The Company will not sell or redistribute any business contact data in any way; all data is protected in accordance to ISO 27001. Our communication activities are limited to Business to Business activities.

Please note that our website may include links to third-party websites, blogs, articles, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

1. Business Data Collection

The Company collates business/contact data from a variety of sources:

  • Direct 
    • Business Enquiries and Contracts
    • Business Cards
    • Website Enquiries & Website Forms
  • Indirect
    • Business Development
    • Third-Party Data
    • Social Media Contacts
    • Commercial Events

2. Direct Business Data Collection

The Company receives business to business information from multiple sources as stated below:

Business enquiries
Where a client contacts us directly via any source of communication, the Company will gather the minimum amount of business data in order to fulfil the quote request and contract; this would include the client’s business name, address and the contact details (business telephone number and email address).  The Company will send relevant product and services information to our clients based on the company type and/or job title and other relevant profiling information. The Company will hold and process the client data in accordance to this policy; giving the client the option to opt-out of future communications from the Company at any stage.

Business Cards
The Company will promote its business interests through the appropriate business channels (including but not limited to business meetings, networking events, exhibitions and trade shows).  At the event, the Company will gather relevant business contact data to promote its products and services accordingly and follow all business leads obtained during these opportunities.  The Company will hold and process the client data in accordance to this policy; giving the client the option to opt out of future communications from the Company at any stage.

Website Enquiries & Forms
When a client or prospect client completes and submits an online form, they are asked if they would like to opt-in to future communications. The Company will hold and process the client data in accordance to this policy; giving the client the option to opt-out of future communications from the Company at any stage. By using the website, the Company will gather a variety of data to help optimise the client experience. For more information please see our cookies policy

3. Indirect Business Data Collection

Business Development
The Company will directly or indirectly gather client data to market future business interest for its products and services to its clients and prospect clients obtained through communications channels. 

Third-Party Data
The Company will seek to gather business contact information from external sources such as opted-in contacts from third-party data agencies, and online directories. We may receive personal data about you from various public sources.  We may collect technical data about you from the following providers: (a) analytics providers such as Google based outside the EU; (b) advertising networks; and (c) search information providers.  We may collect data relating to your Identity and Contact Data from (a) data brokers or aggregators where you have consented to such data being transferred; (b) from publicly availably sources such as Companies House, LinkedIn and other social media platforms.

Social Media Contacts
The Company will source clients and prospect clients via social media channels.

Commercial Events
The Company will attend exhibitions, networking events and other communications events where business data will be made available by the host or organiser. The host/organiser will be responsible for obtaining consent from all attendees for their information to be distributed and utilised for communications purposes by the Company.

Aggregated Data
We also collect, use and share “Aggregated Data” such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

4. Storing Business Data

The Company recognises that business/client contacts will change over time and that certain individuals will move from one company to another; whilst certain individuals will change roles within their company or leave the industry altogether.  The Company will take reasonable measures to ensure that communications business to business communications data is kept as up to date as possible and will give clients the option to opt-out at any stage of the communications process.

The Company will store client data in our internal database and under no circumstances will this information to be sold or distributed external to the Company.  The Company will hold and store client/business data for a period of no longer than of seven years.

Clients have the right to know what personal information the Company uses and can ask the Marketing Department to correct any errors. Clients You also have the right to request a copy of personal information and/or for it to be deleted. (If relevant) You can also opt out of individual profiling and automated decision making.

5. Using Business Data

The Company will only hold business data and personal data (1) Where we need to perform the contract we are about to enter into or have entered into with you, (2) to promote its business’ services and products through communications campaigns stated above or (3) we need to process to comply with a legal or regulatory obligation, which are legitimate reasons to process and hold the data. 

The Company views its communications campaigns as long-term strategies to promote its business interest.  The Company will only exclude business data when requested to do so by the client or prospect client through the opt-out options below.

6. Disclosure of your personal data

We may have to share your personal data with the parties set out below for the purposes set above.

External Third Parties including our IT/platform suppliers and preferred subcontractors involved on our projects.

Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

7. International Transfers

We do not transfer your personal data outside the European Economic Area (EEA).

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include: (1) the right to request access to your personal data, (2) the right to request correction of your personal data, (3) the right to request erasure of your personal data, (4) the right to object to processing of your personal data, (5) the right to request restriction of processing your personal data, (6) the right to request transfer of your personal data, and (7) the right to withdraw consent.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

9. Opting Out

The Company will hold business contact data for clients and prospects clients alike.  Any client or business contact receiving communications information from the Company can request to be excluded from receiving further communications information from us. 

This can be done through one of the following methods:

  • By selecting the “unsubscribe” button on an e-shot
  • By writing to the Communications Department c/o GDPR, Plowman Craven, Lower Luton Road, Harpenden, Hertfordshire AL5 5EQ
  • By emailing us at

Prospective clients and clients can contact the Company’s Health, Safety and Compliance Manager for further clarity on this policy on 01582 765566.  If you are not satisfied with the response, you can raise your issues with the ICO: