Privacy Policy

Who we are

Throughout this document when you see the words “I”,  “me”, “my”, “us”, “we” and “our” this is referring to Grant Thoms, trading as Grant Thoms Projects.

I am a sole trader and my place of business is 9 Whinwell Road, Stirling FK8 1EZ.

I collect personal data to allow me to maintain my own records and accounts and to also support any staff employed by Grant Thoms Projects.

If you have any questions regarding this privacy policy you should contact The Data Protection Officer, Grant Thoms Projects, 9 Whinwell Road, Stirling FK8 1EZ.

Our website address is:

The privacy and security of your information is extremely important to us. This Privacy Policy is intended to give you a clear view of what data we collect, how we use it and how we store it, so you can be confident in submitting data when dealing with us.

You can request further information at any time about what personal information we are holding and how it is being used; you can ask for electronic copies of your personal information to be sent to you, and you can request that we erase your personal data.

We’ll keep this page updated to show you what we do with your personal data. This policy applies to you if you visit our website, use any of our services, email us, contact us or visit our premises.

We are limited to using your data under the following conditions: where you have consented to it, where we need to do so in order to fulfil our contract with you, or in certain special circumstances, such as compliance with legal obligations, or for other legitimate purposes.

We will never sell your personal data and we will only share it with other organisations we work with to deliver the services we provide where they have shown they’ll respect your privacy and security.

What personal data we collect and why we collect it

Personal data is any data which may identify you, or be identified as relating to you. For example, your name, address, phone number and email address. We will sometimes need to collect this information. We will only collect the personal data we need.

We collect data in connection with projects we might be working on, services you have hired us to deliver or projects we are working on with others.

You can give us personal data in various ways. You can submit personal data through forms on our website, in person, by phone, by email or you can visit our premises.

This personal data may include name, title, address, date of birth, age, gender, employment status, email address, phone numbers, personal description, photographs, usernames, passwords, databases.


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


We use Google Analytics to track visits to the site. More information about Google Analytics can be found on the Google Analytics website.

Who we share your data with

In order to carry out the day-to-day running of our business and fulfil the requirements of the projects we work on, we sometimes need to disclose your data to other bodies or third party suppliers. When we are sharing the data, we will always do so in such a way that access can be revoked again.

These parties may include:

  • Our employees
  • Contractors we work with
  • Service providers providing services to us
  • Advisers
  • Agents

We may also disclose your information to third parties if we are compelled to by law or to comply with any legal obligation.

On many of the pages on our website you will see “social feeds” for services such as Twitter and Facebook. These services enable you to share, comment, or bookmark pages on our website. Some pages may also include embedded content e.g. videos, images and articles. Embedded content from other websites behaves in exactly the same way as if the visitor has visited the other website directly.

You should be aware that all of these sites and services are likely to be collecting information about what you are doing all around the internet, including on our site. We recommend that you check the respective policies of each of these sites to see how exactly they use your personal information and how to opt out, or delete, such personal information if you wish to do so at any time.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

We keep email data and project files no longer than is necessary for a legitimate purpose, in line with the provision of the EU General Data Protection Regulations and Data Protection Act 2018. You can read more about how we store your personal data by viewing our Data Retention Policy below.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Please contact us in the first instance if you feel unhappy regarding any issues around the use of your personal data. We would welcome the opportunity to resolve any problem or query you have. You also have the right to contact the Information Commissioners Office (ICO). You can contact them via their website here:

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Additional information

How we protect your data

Information systems and data security is imperative to us to ensure that we are keeping your data safe. We operate and implement robust procedures for managing your data, the hardware it is present on. We only host your personal data with suppliers who have confirmed that they take your personal data security as a priority and we regularly assess these suppliers as the threat landscape changes.

What data breach procedures we have in place

What third parties we receive data from

What automated decision making and/or profiling we do with user data

Industry regulatory disclosure requirements

Data Retention Policy

This policy sets out clear information on how long data and documentation is retained for by Grant Thoms Projects. We collect personal data to allow us to maintain our own records and accounts and to also support our staff.

If you have any questions regarding this Privacy Policy you should contact The Data Protection Officer, Grant Thoms Projects, 9 Whinwell Road, Stirling FK8 1EZ.


Grant Thoms Projects collects personal data to carry out business as an organisation. The administration of this data is overseen by the organisation. Any data collected will only be used for the purpose it was gathered for.

Data retention

We keep email data and project files no longer than is necessary for a legitimate purpose, in line with the provision of the EU General Data Protection Regulations and Data Protection Act 2018.

Contact information

If you have any questions regarding any aspects of this policy, wish to find out what data we hold about you, or would like to request the erasure of your personal data, please contact us using one of the methods outlined below:

Write to us: Data Protection Officer, Grant Thoms Projects, 9 Whinwell Road, Stirling FK8 1EZ.

Email us: