1 Privacy Policy


Shepley Spring, together with other members of its group (we/us/our) are committed to safeguarding the privacy of our customers and users (you/your) who visit our websites (the Websites). This privacy policy (the Privacy Policy) sets out our personal information collection and sharing practices for our websites and is intended to inform you of the ways in which the Websites collect personal information, the uses of that personal information and the ways in which we will share any personal information you choose to provide to us.


If you are an existing customer of ours, further details about how we use your personal information is set out in your customer contract with us. Further notices highlighting certain uses we wish to make of your personal information together with the ability to opt in or out of selected uses may also be provided when we collect personal information from you.


Our websites may contain links to other third party websites. If you follow a link to any of those third-party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third-party websites.


This Privacy Policy is intended to explain our privacy practices and covers the following areas:

2 Information we may collect about you


We will collect and process all or some of the following personal information about you:

(a) Information you provide to us

Personal information that you provide to us, such as when using the contact form on our websites, including your name, email address, and other contact details;

(b) Our correspondence

If you contact us, we will typically keep a record of that correspondence;

 (c) Website and communication usage

Details of your visits to the websites and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.

3 Uses made of your personal information


In this section, we set out the purposes for which we use personal information that we collect via our websites and, in compliance with our obligations under European law, identify the “legal grounds” on which we rely to process the information.


These “legal grounds” are set out in European Data Protection Law, which allows companies to process personal data only when the processing is permitted by the specific “legal grounds” set out in law.


Please note that in addition to the disclosures we have identified below, we may disclose personal information for the purposes we explain in this notice to service providers, contractors, agents, advisors (e.g. legal, financial, business or other advisors) and affiliates of Shepley Spring that perform activities on our behalf.

(a) To communicate effectively with you and conduct our business

To conduct our business, including to respond to your queries, to otherwise communicate with you, or to carry out our obligations arising from any agreements entered into between you and us;

Use justification:

(b) Contract performance, legitimate interest (to enable us to perform our obligations and provide our services to you)

To provide you with updates and offers, where you have chosen to receive these. We may also use your information for marketing our own and our selected business partners’ products and services to you by post, email, SMS, phone and fax and, where required by law, we will ask for your consent at the time we collect your data to conduct any of these types of marketing. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us through the “GDPR Contacting Us” form.

 (c) For research and development purposes

To analyze your personal information in order to better understand your and our other clients’ services and marketing requirements, to better understand our business and develop our products and services;

 (d) To monitor certain activities

To monitor queries and transactions to ensure service quality, compliance with procedures and to combat fraud;

 (e) To inform you of changes

To notify you about changes to our services and products;

 (f) To ensure website content is relevant

To ensure that content from our websites is presented in the most effective manner for you and for your device, which may include passing your data to business partners, suppliers and/or service providers;

 (g) To reorganize or make changes to our business

In the event that we: (i) are subject to negotiations for the sale of our business or part thereof to a third party; (ii) are sold to a third party; or (iii) undergo a re-organization, we may need to transfer some or all of your personal information to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analyzing any proposed sale or re-organization. We may also need to transfer your personal information to that re-organized entity or third party after the sale or reorganization for them to use for the same purposes as set out in this policy.

 (h) In connection with legal or regulatory obligations

We may process your personal information to comply with our regulatory requirements or dialogue with regulators as applicable which may include disclosing your personal information to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.

4 Transmission, storage and security of your personal information

Security over the internet


No data transmission over the Internet or website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal information in accordance with data protection legislative requirements.


All information you provide to us is stored on our or our subcontractors’ secure servers and accessed and used subject to our security policies and standards. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.

Export outside the EEA


Your personal information may be accessed by staff or suppliers in, transferred to, and/or stored at, a destination outside the country in which you are located, whose data protection laws may be of a lower standard than those in your country. We will, in all circumstances, safeguard personal information as set out in this Privacy Policy.


Please contact us through the “GDPR Contacting Us” form below if you would like to see a copy of the specific safeguards applied to the export of your personal information.

Storage limits


Our retention periods for personal data are based on business needs and legal requirements. We retain personal data for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, we may retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data. When personal data is no longer needed, we either irreversibly anonymize the data (and we may further retain and use the anonymized information) or securely destroy the data.

5 Your rights & contacting us



You have the right to ask us not to process your personal information for marketing purposes. From time to time, we will inform you if we intend to use your information for certain types of marketing activities, or if we intend to disclose your information to certain categories of third parties for such purposes. You can exercise your right to prevent such processing by not checking certain boxes on the forms we use to collect your personal information. You can also exercise the right at any time by contacting us as set out in the “GDPR Contacting Us” form below.

Updating information


We will use reasonable endeavors to ensure that your personal information is accurate. In order to assist us with this, you should notify us of any changes to the personal information that you have provided to us by contacting us as set out in the “GDPR Contacting Us” form below.

Your rights


If you have any questions in relation to our use of your personal information, you should first contact us as per the “GDPR Contacting Us” form below. Under certain conditions, you may have the right to require us to:

(a) provide you with further details on the use we make of your information;

(b) provide you with a copy of information that you have provided to us;

(c) update any inaccuracies in the personal information we hold (please see paragraph 5.2);

(d) delete any personal information that we no longer have a lawful ground to use;

(e) where processing is based on consent, to withdraw your consent so that we stop that particular processing (see paragraph 5.1 for marketing);

(f) object to any processing based on the legitimate interest ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and

(g) restrict how we use your information whilst a complaint is being investigated.


Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights, we will check your entitlement and respond in most cases within a month.


If you are not satisfied with our use of your personal information or our response to any exercise of these rights you have the right to complain to: Contacting Us.

Contacting us


If you have any questions in relation to this policy, please contact us as per the “GDPR Contacting Us” form below.

6 Cookies policy


We use cookies on the websites. To find out more about how we use cookies, please see our Cookies Policy.

7 Changes to our Privacy Policy and/or Cookies Policy


We may change the content of our websites and how we use cookies and consequently our Privacy Policy and our Cookie Policy may change from time to time in the future. If we change this Privacy Policy or our Cookies Policy, we will update the date it was last changed below. If these changes are material, we will indicate this clearly on our Websites.


Use of personal information under EU data protection laws must be justified under one of a number of legal “grounds” and we are required to set out the grounds in respect of each use in this policy. We note the grounds we use to justify each use of your information next to the use in the “Uses of your personal information” section of this policy.

These are the principal legal grounds that justify our use of your information:

Consent: Where you have consented to our use of your information (you will have been presented with a consent form in relation to any such use and may withdraw your consent by contacting us as per the “GDPR Contacting Us” form below.

Contract performance: Where your information is necessary to enter into or perform our contract with you.

Legal obligation: Where we need to use your information to comply with our legal obligations.

Legitimate interest: Where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.

Legal claims: Where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.

California Consumer Privacy Act (CCPA)

On January 1, 2020 the state of California enacted the California Consumer Privacy Act (CCPA). This act further enhances existing consumer protection and privacy rights already covered by the California Online Privacy Protection Act (CalOPPA). As part of the CCPA you are in control of your data that we hold and you can excise any of the following options in relation to this Personal Information (PI):

  • The Right to Disclose:
    • You have the right to request we disclose to you the types and sources of information collected, the reason for sharing, and the type of third party with whom data was shared.
  • The Right to Delete (or update):
    • You have the right to request that we delete (or update) personal information that we hold about you, subject to regulatory exceptions (such as auditing, accounting, etc.).
  • The Right to Access:
    • You have the right to access information about yourself that is collected, stored, and used by us or associated third parties.
  • The Right to Opt-Out:
    • This is also known as the, “Do Not Sell My Personal Information” clause and gives you the right to opt out of your data being sold to third parties.

Shepley Spring is providing a way for customers to enter CCPA related requests. You can complete the form below:

Contact Us

Please note that we fully respect your right to exercise any of the above options and will not discriminate against you in any way because of any choice you decide to make here. Please allow 45 days for requests to be processed. Thank you for you submission.