Privacy Notice

Rock and Co 5 Senate Place, Stevenage, SG1 4QS is the Data Controller and registered with the Information Commissioners Office ZA508157 for the processing of personal data.

We may amend this privacy notice from time to time. If we do so, we will supply you with and/or otherwise make available to you a copy of the amended privacy notice.

  • We keep to a minimum the information we hold about you.
  • We use your data to arrange a quotation, respond to your enquiries, manage our relationship with you, meet our legal obligations, and improve our website.
  • We delete your data when it is no longer needed for these reasons
  • We do not sell your date.
  • We do not give your information to third parties without your consent, but there are three exceptions.
  • You have lots of privacy rights
  • We do not process your data outside of the European Economic Area (EEA) unless necessary for the performance of a contract.

Do you want more detail?

To see more about how Rock and Co uses your personal data.

To contact Rock and Co with a data protection query regarding the processing of your personal data, please use the contact us form.

This page was last updated on 20th October 2022

Information we hold about you

As our client, we will hold the following information about you:

  • Your name, identity and contact information
  • Information about our business relationship
  • Information and documents about your quotation or enquiries, including communications with you
  • Billing and payment information

Using your data

References to the basis of processing are a reference to the article of the General Data Protection Regulation and Data Protection Act 2018 under which we undertake the processing in question.

Providing you a service

We use the information we hold about you and your business, both personal and otherwise, to give you the best service we can.

We also use your information to bill you, and keep track of payments that you make.

(Processing is necessary for the performance of a contract – Basis: Article. 6(b): this is necessary to deliver the service to you.)

Our data collection methods are:

  • Through engagement (or potential engagement) of our services
  • Enquiries via our office, website, social media or booking system
  • By communications, including email, telephone, post or social media
  • Networking
  • Through engagement of service providers
  • Via third parties and/or publicly available resources

Data Security

We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an

unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to

know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

If you have particular security requirements, please contact us to discuss how we can support you.

Information Technology data

We use the logs from our servers to assist in our firm’s security, as well as to determine visitor patterns to the Rock and Co website (e.g. such as working out which pages on the site are most popular, or whether a news event has caused an increase in traffic).

Basis: Article 6(f): processing is necessary for the purposes of the legitimate interests pursued by Rock and Co, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. (The data is not used to identity you)

Your data and the EEA

We do not transfer or process data outside the European Economic Area unless we have your specific consent or where the nature of the processing requires it (for example, where we are emailing a party to your matter who is based outside the EEA, or because you have chosen to use an email or other communications service which routes data outside the EEA).

Your privacy rights

You have lots of privacy rights in respect of our processing of your personal data.

  • The right to be informed – which is what this privacy notice is about
  • The right to access the data we hold about you
  • The right to object to direct marketing (We do not carry out direct marketing)
  • The right to object to processing carried out on the legal basis of Legitimate Interest
  • The right to erasure (exceptions may apply)
  • The right to data portability
  • The right to have your data rectified if it is inaccurate
  • The right to have your data restricted from processing

To exercise any of these rights, please contact us

You also have the right to lodge a complaint about our processing with a supervisory authority — you probably want the UK’s Information Commissioner’s Office

Third parties

We do not trade your personal information and as a general principle, we will not transfer your personal data to third parties without your permission.

There are three exceptions to this:

  • If you do not pay your bills, we may choose to engage a third party to recover any money you owe us.
  • It is possible, though unlikely, that we might be forced to disclose your information in response to a court order or other binding mandate.
  • We also have a small number of companies providing services to us. We use a call handling centre, which would get to see and to record your telephone number, name and message that you decide to leave, telephony and broadband services.
  • We use Google Ads, and other Google products to maintain high end user experience, see more details on google website

All of our third party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data.

We only permit our third party service providers to process your personal data for specified purposes and in accordance with our instructions.

Deletion and retention periods

  • Data about clients: duration of your relationship with us, then seven years
  • Data about specific matters: duration of the matter, then seven years
  • Enquiry data: duration of enquiry, then 7 years

When assessing what retention period is appropriate for your personal data, we take into consideration:

  • The requirements of our business and the services provided;
  • Any statutory or legal obligations;
  • The purposes for which we originally collected the personal data;
  • The lawful grounds on which we based our processing;
  • The types of personal data we have collected;
  • The amount and categories of your personal data; and
  • Whether the purpose of the processing could reasonably be fulfilled by other means.

Subject Access Requests

We strive to be as open as we can be in terms of giving people access to their personal data. A Subject Access Request under the GDPR and DPA18 is your right to request a copy of the information that we hold about you.  Such requests must be in writing to the contact us details provided in this policy. If we do hold your personal data we will respond in writing without undue delay and within one calendar month of your request (where that request was submitted in accordance with this policy).

The information we supply will:

  • Confirm that your data is being processed;
  • Verify the lawfulness and the purpose of the processing;
  • Confirm the categories of personal data being processed;
  • Confirm the type of recipient to whom the personal data have been or will be disclosed, and
  • Let you have a copy of the data in an intelligible form.

Please note that you may need to provide identification in order to prove who you are to access your data.

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

In the instance that we do not hold information about you we will also confirm this in writing at the earliest opportunity.

Anonymous data & cookies

 This website uses Google AdWords

This website uses the Google AdWords remarketing service to advertise on third party websites (including Google) to previous visitors to our site. It could mean that we advertise to previous visitors who haven’t completed a task on our site, for example using the contact form to make an enquiry. This could be in the form of an advertisement on the Google search results page, or a site in the Google Display Network. Third-party vendors, including Google, use cookies to serve ads based on someone’s past visits to the Rock & Co. website. Of course, any data collected will be used in accordance with our own privacy policy and Google’s privacy policy.

What are cookies?

A cookie is a small information file that is sent to your computer, mobile, tablet or other device when you visit a website. These files are used to ensure each user has the most relevant experience possible when using a website. This includes remembering items in your basket, preferences, and ensuring all adverts or offers are relevant to you.

Rock & Co Granite Ltd uses cookies to help you shop using our website ( and associated pages (the Site) more effectively and to place online orders. We do not store personally identifiable information in our cookie data. We also use some carefully selected third party suppliers to enhance your online experience and they will place cookies on your computer for use on our website too.

Cookies are perfectly safe to be stored on your computer and almost all web browsers have cookie storing enabled as default. However, all browsers have the option of disabling cookies being stored on your computer if you wish to do this.

Please be aware that disabling cookies on your browser will reduce your ability to shop online. We use cookies to process products in your basket and orders. Disabling your cookies will mean you cannot purchase through the Site.

Our cookie policy

Our cookies collect anonymous information on how people use the Site, and don’t store sensitive information such as your name, address or credit/debit card details. If you visit the Site when your browser is set to accept cookies, we will interpret this as an indication that you consent to our use of cookies and other similar technologies as described in this policy. However, if you would prefer to restrict, block or delete cookies from the Site, or any other website, you can use your browser to do this.

You can set preferences for how Google advertises to you using the Google Ads Settings page, and if you want to you can
opt out of interest-based advertising entirely by cookie settings or
permanently using a browser plugin.

× How can we help you?