Data Policy

This Data Protection Policy (“Policy”) applies to Walstead Group Ltd with its registered company number 09927306 and office address 18 Westside Centre, London Road, Colchester, Essex, CO3 8PH, United Kingdom (“Walstead”). The primary activity of Walstead is commercial print production and Walstead is the Data Controller. The Controller has appointed the Data Protection Officer (DPO). You can reach DPO by post; sending a letter to the address of the Controller’s registered office and by email [email protected].

It is our aim to be a leader within our sector and we are committed to working in the right way to achieve this goal. We are diligent in our approach to the data privacy of our customers and their end user consumers. We are committed to protecting the personal data you share with us and handling your information in an open and transparent manner, in particular with respect to the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

The purpose of this Policy is to inform you about why and how we use your personal data, who we give that information to, what your rights are and who you can contact for more information or queries.

When we refer to “Site” in this Policy we mean this specific website and any web pages, other than third party links, that may be accessed by you as you use our Site.

This Site provides links to other company sites within the Walstead group of companies and trusted third parties. Whilst we endeavour to ensure these sites share our values in respect for data protection, we are not responsible for the content or data protection practices of any other site. This Policy applies solely to data collected by Walstead and these sub-sites are subject to their own Policies.

How we obtain data

We may collect or obtain personal data from you in the performance of our business, when you give it to us (i.e. you submit a form on our Site), when other people give it to us (i.e. your employer, third party service providers, your suppliers) or because it is publicly available.

Where we are provided with personal data about you by someone else, we use reasonable efforts, including obligations under contract, to ensure they comply with the data protection laws and regulations relevant to that information; this may include ensuring that they have obtained any necessary consent to share the data and for us to process it.

Data we collect and why we use it

The personal data that we collect or obtain may include: identification data (such as name, address (private/work), phone number (private/work), e-mail address (private/work), country of residence, electronic identification data (cookie identifiers, logged data, IP addresses, your browser type and language, your access times,…); and employment details (for example, the organisation you work for, your job title and your education details); details of how you use our products and services; details of how you like to interact with us and other similar information).

The types of personal data that we collect will vary depending on the nature of the relationship between us, the services that we provide or how you use our Site.

Commercial relationship

As we are a business to business enterprise we have no direct commercial relationship with consumers or end users.

Walstead has commercial relationships with companies that serve consumers and as a result consumer personal data may be shared with us in the performance of our service, for instance where one of our group companies operates a mailing service for a product or where we process end users data for one of our virtual products.

Contact us 

If you contact us through this Site (via social media, the contact form or by phone), we may ask you for information such as your name, address and email address so we can manage and respond to your questions and comments submitted through our Site.

The legal grounds for processing your data

The law requires us to set out the legal grounds on which we process your personal data.

We may process your personal data for the following purposes:

  • In order to establish cooperation with our clients, subcontractors, suppliers e.g. to arrange the technical details of the products or services (e.g. technical parameters of our products, technical specifications of the equipment we purchase, schedules, price lists).
  • In order to perform contracts we concluded with our clients, subcontractors, suppliers, including, for instance, to assess whether the contract has been performed properly, agree on modifications to the schedule. Without being able to contact you we would not be able to perform our contracts. It is our legitimate interest which we pursue.
  • In order to offer our products and services to our clients (direct marketing). We send you information about our new products and services or the products and services which, in our opinion, could interest your employer/contractor – our client – and to re-establish our cooperation. The desire to establish, extend or renew cooperation constitutes our legitimate interest which we pursue.
  • In order to perform the effective and lawful operation of our business. In such case we also consider our legitimate interest as the proper legal ground for the processing of the personal data.

Your personal data is entered into our IT systems and stored there for easy access whenever we need it. Your data will not be subject to profiling or other decisions that will have significant impact on you based solely on automated decision making.


In connection with one or more of the purposes outlined in the “Data we collect and why we use it” section above, we may disclose details about you to other members of Walstead, third parties that provide services to us and other companies within Walstead that may reasonably require access to personal data relating to you. If our business enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners.

We reserve the right to disclose your personal information as required by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on us.

Security of your data and data retention

We employ strict technical and organisational (security) measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage both online and offline.

These measures include:

  • training to relevant staff to ensure they are aware of our privacy obligations when handling personal data;
  • administrative and technical controls to restrict access to personal data on a ‘need to know’ basis;
  • technological security measures, including fire walls, encryption and anti-virus software;
  • physical security measures, such as staff security badges to access our premises.

Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to us or by us.

We will retain your information for a reasonable period, i.e. the longest of the following periods: (i) as long as is necessary for the relevant activity or services; (ii) any retention period that is required by law; or (iii) the end of the period in which litigation or investigations might arise in respect of the services.

Your rights

You have several rights concerning the information we held about you. We would like to inform you that you have the right:

  • to be informed by obtaining confirmation that we are processing your personal data;
  • of access, to request a copy of the personal data we hold about you;
  • to rectification, to ask that we update the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete;
  • to erasure, to ask that we delete personal data that we hold about you;
  • to restrict processing or restrict the way in which we use such personal data if you believe that there is no (longer a) lawful ground for us to process it;
  • to withdraw consent to our processing of your personal data (to the extent such processing is based on consent);
  • to receive a copy of the personal data concerning you and to transmit such personal data to another party (to the extent the processing is based on consent or a contract);
  • to object to our processing of your personal data for which we use legitimate interest as a legal basis, in which case we will cease the processing unless we have compelling legitimate grounds to continue processing. In addition, you have the right to object to the processing of your personal data by us at any time and regardless of additional circumstances, but only if we process it for the purposes of direct marketing or profiling.

If you wish to exercise any of those rights, send us an e-mail to the address [email protected] with a content that would help us determine what your expectations are.

You may also use these contact details if you wish to make a complaint to us relating to your privacy.

If you are unhappy with the way we have handled your personal data or any privacy query or request that you have raised with us, you have a right to complain to the Data Protection Authority (“DPA”) in your jurisdiction. If you would like to be directed to the appropriate DPA, please contact us.


Our ongoing operations include the use of cloud services, for example Google or Microsoft Cloud services. Entities that provide such services often have their own datacenters located also outside the UK, the EU and the EEA.

This means that if we use such services (e.g. we send an e-mail with an attachment containing personal data) we may transfer personal data outside the UK, the  EU and the EEA.

This may occur only after meeting the conditions imposed by the UK GDPR. In particular, we have to ensure that appropriate safeguards have been applied, for example the Standards Contractual Clauses secure the transfer of the data.

How to contact us?

If you have any questions about Walstead, this Site or our Policy, you can e-mail us at [email protected] . You can also contact us through one of the mailing addresses found on the ‘Contact Us’ page of this Site .

Changes to this Policy

We may modify or amend this Policy from time to time. Any changes we may make to our Policy in the future will be posted on this page. To let you know when we make changes to this Policy, we will amend the revision date at the top of this page. The new modified or amended Policy will apply from that revision date. Please check back periodically to see changes and additions.