GDPR & Privacy Policy

This Privacy Policy explains how we process your personal information, in compliance with data protection regulations.

If you are an employee of ShredPro, we have a separate policy that covers the processing of your personal data.

Founded in 2007, ShredPro Ltd is an independent shredding company, tailoring our services to ensure our clients’ needs are met, to the highest standards. We uphold the highest standards in information destruction whilst promoting environmentally friendly services.
Our company number is 06445522, and our registered office address is Oxalis House, Masons Rd, Stratford upon Avon, Warwickshire, England, CV37 9NB. We are registered with the Information Commissioners Office (ICO) as a data controller, registration number Z1196543. We are also members of the British Security Industry Association (BSIA) and hold ISO 9001 and ISO 14001 certifications.

The type of personal information we collect
We currently collect and process the following information:
• Identity Data: your first and last names
• Contact Data: telephone number, address and email address (private or professional)
• Information relating to your identity where we are required by law to collect this, for example in compliance with Health and Safety legislation
• Yours or your organisations banking details where required, such as where you are requesting or using services offered by us
• Your communications with us, including a record of the email correspondence created when you contact us as part of a product or service enquiry
• Monitoring and recording of calls, for regulatory purposes, training and to improve our service to you
• From time to time, if we request more specific information in the form of surveys, this is voluntary, and is to help us improve our software products and customer services.

Where we need to collect personal data by law or under the terms of a contract we have with you and you fail to provide that data when requested, then we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

Special Categories of Personal Data
These may be processed for managing our legal and health and safety obligations and may include information on any access requirements you may have. This type of information is not routinely collected but you may feel is necessary to enable us to deliver safe and appropriate services. The information you choose to share with us may consist of special category personal data comprising details of any disability or other health information you wish to share with us.

How we get the personal data and why we have it
We’ll collect and process your data for different reasons in different circumstances, but we’ll only collect and process your data where we have a legal basis for doing so. Our purpose and legal basis for processing is set out below.

Personal data may be provided to us by you directly or provided to us from other sources where information needs to be shared, for example where other parties are involved in the services being delivered to you. Other examples include agents on whom we act on behalf of, professional bodies, financial bodies and suppliers or contractors
This list is not exhaustive, and due to the nature of our services there may be times when new categories of personal information may be shared with us for new and evolving reasons, and as a result, we keep this policy under constant review.
We then process it for one of the following reasons:
• To manage our relationship with you
• To provide services to you
• To respond to your enquiries
• To comply with our legal obligations as a business
• To get in touch with you about properties and services that may be of interest to you
• To advise you in relation to the services you purchase from us.
More detailed examples may include:
• To fulfil our obligations to you when providing you with our services
• To comply with our statutory and regulatory obligations, including verifying your identity for Safeguarding checks.
• To provide you (or to enable third parties to provide you) with information about goods or services that we feel may be of interest to you, where you have provided permission for us to do so: or,
• if you are already an existing customer, where we choose to contact you by electronic means (including e-mail or SMS) with information about our own goods and services similar to those which you have already obtained from us or have negotiated to obtain from us. You can unsubscribe at any time from these marketing messages.
• For statistical purposes so we can analyse figures to help us manage our business and plan strategically for the future
• To notify you about changes to our services or business.

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for our processing this information are:
• Your consent. Where consent has been given, you are able to remove your consent at any time. You can do this by contacting us
• We have a contractual obligation. For example, where the processing is necessary for the performance of a contract to which you are a party, or to take steps prior to entering a contract with you, for us to provide you with our products and services.
• We have a legal obligation. For example, where processing is necessary in order for us to meet our requirements under the Health and Safety legislation, or to provide information to law enforcement organisations or the Courts.
• We have a legitimate interest. For example, where it is necessary for the purposes of our legitimate interests, except where our interests are overridden by the interests, rights or freedoms of affected individuals (such as you).
To determine this, we shall consider several factors, such as what you were told at the time you provided your data, what your expectations are about the processing of your personal data, the nature of the personal data, and the impact of the processing on you. Our legitimate interests may include processing necessary to improve and to promote our
services and product and to better understand our customers’ interests and knowledge of the property market and to administer the technical aspects of our service and products.

Or on rarer occasions:
• Where we need to protect your interests (or someone else’s interests); and/or
• Where it is needed in the public interest or for official purposes

Website Cookies
Cookies are small files of letters or numbers downloaded onto a device when users access websites. We do not use cookies by default, and they are not required for users to browse and use our website, however if third party services are introduced (for example for marketing campaigns) then cookies may be used to track the success of these services. We use cookies to track website usage. This cookie does not collect personal information, but records the time of visit, date, referring page and the business-to-business IP address. This anonymous information is used by us to create a better user experience.

Website Logs
Our webserver automatically collects some information that does not identify you personally. For example, IP address, type of browser and operating system, the date and time you access our site etc.

Online Purchases
If you make a purchase of our services online with a credit card, a third party commerce service is used to verify credit card details. This company is sent the total price of the purchase, the card number and expiration date, and the cardholders name and billing address. All information transmitted to this third party is sent using SSL (Secure Socket Layer) encryption. Using this method of encryption further ensures the privacy and security of all our customers. This information is used to verify the account and clear the transaction.

External Links
Some pages may contain external links to other websites. We cannot be held responsible for content or privacy policy of those sites.

Data Sharing
We only share information where there is a legal, regulatory or professional obligation to disclose your personal information, in order to apply the relevant rules and/or to protect the rights or safety of all parties.
Sometimes we might share your data with third parties. This could include:
• Engaging third-party service providers to perform a variety of business operations on our behalf. For example, service providers we use for specific purposes, such as for our IT systems, legal counsel for the provision of legal advice and guidance.
• Regulatory authorities, law enforcement agencies and courts.
• In the event of a sale of all or a part of our business, the buyer and its professional advisers.
• If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation, or to protect the rights, property, or safety of our company, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Third Party (Sub-Processor) Organisations
For our general day to day data processing activities, we use third party organisations or systems to help us administer and monitor the services we provide:
• For the provision of IT and software services (e.g. Microsoft who provide our office software) to enable the management of our customers, staff and office administration
• for financial transactions and accounting (e.g. payments to our company)
• to share newsletters, promotional detail, industry news or other information that maybe of interest to you
• to help us improve our services
• for the administration of our website and customer interactions
• for any legal guidance in the provision of our services

Access to your personal information is only allowed when required by the law or is required as part our fulfilling our service obligations. We do not, and will never, sell your personal information to other third parties.

International transfers
There are times where your personal data may be transferred outside the UK. For example, where we have partners and service providers based outside of the UK (e.g. Microsoft for our IT Services), your personal data may be accessed or otherwise processed in other countries.
We have implemented measures and safeguards to ensure that any transfer of data is compliant with our data protection laws. For example, on the basis of a decision by the UK Government where the UK Government has recognised that the country to which your data will be transferred ensures an adequate level of protection. In the case of transfers not recognised as adequate by the UK Government we ensure that Standard Contractual Clauses or International Data Transfer Agreements that are approved by the Information Commissioners Office (ICO), the UK Government and/or European Commission are in place after carrying out a detailed assessment to ensure the companies receiving your data can comply with these Clauses. Please contact us if you wish to know more.

Keeping your information safe and secure
We are committed to keeping personal information secure to protect it from being inappropriately or accidentally accessed, used, shared or destroyed, and against it being lost. We endeavour to ensure that our suppliers take similar steps to keep your data secure. We take organisational measures to keep information secure and provide regular training for staff on data protection.

How long will we keep your data
We will only retain your data for as long as necessary to fulfil the purposes we collected it for originally. Once those purposes have been achieved then, unless a different purpose for processing your data arises, it will be permanently deleted.
For example, we will usually archive and retain your personal data for 3 years after the last point of contact we had with you, or from the end our contract with you. There may be
occasions, depending on the service you have chosen to use us for, which may require a longer retention period.

Your data protection rights
Under data protection law, you have rights including:
• Your right of access – You have the right to ask us for copies of your personal information.
• Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
• Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
• Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
• Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
• Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
• Your rights in relation to automated decision making & profiling – As a matter of principle, you have the right not to be subject to a decision based solely on automated processing, including profiling. However, we may automate such a decision if it is necessary for the entering into or performance of a contract between us, authorised by law or regulation or if you have given your explicit consent.

You are not usually required to pay any charge for exercising your rights. If you make a request, we have a calendar month to respond to you.
Please contact us if you wish to make a request.

Our Contact Details:
ShredPro Ltd
Oxalis House
Masons Rd
Stratford upon Avon
CV37 9NB
ICO registration number: Z1196543

How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us using the contact details above. You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk

This policy was last reviewed and updated: May 2025