Grolan +44 20 7183 6294

— Legal

Privacy Policy

Last updated: January 2026 — Document ref: PRIV-2026-01

01 — Introduction

Who We Are and What This Policy Covers

Grolan (“we”, “us”, “our”) operates the website grolan.info, an editorial catalogue of natural nutritional supplements, men’s vitamin complexes, skincare formulations, and daily wellness ingredient compositions based in London, United Kingdom.

This Privacy Policy describes how Grolan collects, uses, stores, and protects personal data submitted through this website, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using the grolan.info website, you acknowledge that you have read and understood this policy. If you do not agree with how we handle personal data, please do not use the website or submit any personal information through the contact form.

02 — Data Controller

Data Controller Details

The data controller for personal data collected through grolan.info is Grolan, with its correspondence address at:

Grolan
83 Weymouth Street
W1U 3HW London
United Kingdom

Email: [email protected]
Telephone: +44 20 7183 6294

03 — Data We Collect

What Personal Data We Collect

We collect personal data only when you actively provide it. The categories of data collected are:

  • Contact form data — name, email address, and message content submitted through the contact form on contact.php.
  • Enquiry subject — the selected subject category submitted alongside a contact form message.
  • Technical data — IP address, browser type, operating system, referral URL, and pages visited. This data is collected automatically by web server logs and, where consented, by analytics tools.
  • Cookie data — preferences and session identifiers stored via cookies. See the Cookie Policy for full details.

We do not collect identity documents, payment information, health records, or any special category data as defined under UK GDPR Article 9. The catalogue is an informational resource and does not require account registration.

04 — How We Use Your Data

Purposes and Legal Basis for Processing

Personal data submitted through the contact form is used solely to respond to the enquiry and to maintain a record of the correspondence. The legal basis for this processing is legitimate interests (UK GDPR Article 6(1)(f)) — specifically, the legitimate interest in responding to communications directed at our organisation.

Technical data collected via server logs is used to maintain website security, identify technical issues, and understand aggregate usage patterns. The legal basis is legitimate interests in operating a secure, functional website.

Where analytics cookies are placed with your consent, anonymised usage data is processed to understand how visitors engage with the catalogue. The legal basis is consent (UK GDPR Article 6(1)(a)). You may withdraw consent at any time via the Cookie Settings link in the website footer.

We do not use personal data for automated decision-making, profiling, or direct marketing of any kind.

05 — Data Retention

How Long We Keep Your Data

Contact form correspondence is retained for a maximum of 24 months from the date of the last communication, after which it is permanently deleted. If a correspondence requires follow-up or constitutes an ongoing supplier or collaboration relationship, it may be retained for the duration of that relationship plus 12 months.

Server log data containing technical data (including IP address records) is retained for a maximum of 90 days. Anonymised aggregate analytics data may be retained indefinitely as it does not constitute personal data under UK GDPR.

Cookie preference records are retained for the duration of the cookie’s validity period as described in the Cookie Policy.

06 — Data Sharing

Who We Share Data With

Grolan does not sell, rent, or trade personal data to third parties. Data may be shared with the following categories of recipients only to the extent necessary for website operation:

  • Web hosting provider — server infrastructure provider based in the UK or EEA, processing technical data as a data processor under a data processing agreement.
  • Email infrastructure provider — used to receive and send enquiry correspondence. Processes contact form data only to the extent required for message transmission.
  • Analytics provider — where consent is given, anonymised usage data is shared with a web analytics platform. No personally identifiable information is shared.
  • Legal authorities — in cases where we are required by law to disclose data, for example in response to a valid court directive or legal process under UK law.

All third-party data processors are required to process data in accordance with applicable UK data protection law and are subject to contractual data processing agreements.

07 — Your Rights

Your Rights Under UK GDPR

As a data subject under UK GDPR, you have the following rights regarding personal data we hold about you:

  • Right of access — to request a copy of personal data we hold about you.
  • Right to rectification — to request correction of inaccurate data.
  • Right to erasure — to request deletion of personal data, subject to legitimate retention grounds.
  • Right to restriction — to request that processing be limited in certain circumstances.
  • Right to portability — to receive data in a structured, commonly used format where processing is based on consent or contract.
  • Right to object — to object to processing based on legitimate interests.
  • Rights related to automated decision-making — Grolan does not use automated decision-making or profiling.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 calendar days. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

08 — Security

How We Protect Your Data

grolan.info is served exclusively over HTTPS (TLS). Contact form submissions are transmitted over encrypted connections. We maintain technical and organisational measures appropriate to the risk associated with the data we hold, including access controls, server-side security measures, and data minimisation practices.

No data transmission over the internet can be guaranteed as completely secure. While we use reasonable measures to protect personal data, we cannot guarantee absolute security of information submitted to us electronically.

09 — Policy Updates

Changes to This Policy

This Privacy Policy may be updated periodically to reflect changes in our data practices or applicable law. The document reference number and last-updated date at the top of this page will be updated with each revision. The most current version is always available at grolan.info/privacy-policy.php.

For questions about this policy or our data practices, contact us at [email protected].