Legal Information
Privacy Policy
This page explains how personal data submitted through the Grumpio website is processed: the purposes for which it is used, the legal bases relied upon, how long it is retained, the circumstances in which it may be disclosed and the rights available to data subjects under the UK GDPR and the GDPR.
Last updated: 16 July 2026
Data Controller
The controller for personal data processed through this website is Grumpio LTD, a fintech engineering and regulatory-readiness company serving the United Kingdom and the European Union. Processing is carried out in accordance with the UK GDPR and the GDPR.
Questions and requests concerning this policy or the handling of personal data may be submitted through the contact page or by e-mail to [email protected].
Personal Data Processed
Data collection through this website is limited to the minimum required for corporate communication. No account registration, marketing subscription or payment data is collected. The data processed is:
- Enquiry data: the full name, business email address, company name, selected solution of interest and message content submitted through the contact form.
- Technical records: standard server logs generated by the hosting infrastructure to keep the website secure and available.
Purposes of Processing
Information submitted through the contact form is used to assess and respond to the enquiry and to conduct any follow-up the sender requests, including the arrangement of meetings and the preparation of proposals. Technical records are used solely to operate, secure and troubleshoot the website. Personal data is not used for marketing profiling, is not used for purposes beyond those described here and is not sold to any third party.
Legal Bases for Processing
Enquiry data is processed on two legal bases recognised by the UK GDPR and the GDPR: the legitimate interest in receiving, assessing and answering business enquiries directed to Grumpio LTD, and the taking of pre-contractual steps at the request of the enquirer where a message concerns a potential engagement. Technical records are processed on the basis of the legitimate interest in operating a secure and reliable website.
Retention Period
Personal data is retained for no longer than necessary for the purposes described above. Records of enquiries and any subsequent proposal discussions are kept for a period consistent with the nature of the correspondence, after which they are deleted. Where a statutory retention obligation applies to specific records, that obligation takes precedence.
Disclosure and Hosting
Personal data is not sold and is not shared with third parties for marketing purposes. Access is limited to the technical service providers engaged to host and operate this website, strictly to the extent the service requires and subject to contractual safeguards. Where disclosure is required by a competent authority acting under applicable law, only the data covered by the request is provided.
The website is served from infrastructure selected for security and reliability. Hosting arrangements are reviewed against the data-protection requirements applicable to Grumpio LTD's operations in the United Kingdom and the European Union.
Data Subject Rights
Under the UK GDPR and the GDPR, data subjects may request access to the personal data held about them, request the rectification of inaccurate data, request erasure where the conditions for it are met, request the restriction of processing in the circumstances the legislation defines, object to processing based on legitimate interest and, where applicable, receive the data they have provided in a portable format. Requests may be submitted through the contact page and will be handled in accordance with applicable law once received, following verification of the requester's identity.
Data subjects also have the right to lodge a complaint with a supervisory authority: the Information Commissioner's Office (ICO) in the United Kingdom, or the relevant supervisory authority in the EU Member State concerned.
Automated Decision-Making
No automated decision-making, including profiling, that produces legal or similarly significant effects is applied to personal data submitted through this website. Enquiries are not evaluated, scored or filtered by automated means.
Cookies and Policy Changes
The use of cookies and similar storage on this website is described in the cookie policy. This privacy policy may be revised where the website, the services or the applicable data-protection requirements change. The current version is always published on this page, and the last-updated date above is amended accordingly.
Questions
Questions About This Policy
Data-protection questions and data-subject requests may be submitted through the contact form or by e-mail to [email protected] and will be handled in accordance with applicable law once received.