Skip to main content

Privacy Policy

Last updated: January 2026

1. Introduction

Greybox Geospatial Ltd ("we", "our", "us") is committed to protecting your privacy and ensuring you have a positive experience on our website. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website www.greyboxgeo.com and when you communicate with us about our geospatial services and solutions.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read this policy carefully to understand our practices regarding your personal data.

2. What Information We Collect

We collect personal information that you voluntarily provide, as well as information collected automatically when you use our website:

Information You Provide:

  • Contact details (name, email address, phone number) submitted through contact forms
  • Company information (organization name, job title, industry)
  • Correspondence and communications with our team
  • Information about your inquiries or service requests

Information Collected Automatically:

  • Website usage data through cookies and analytics tools
  • Browser and device information
  • IP address and location data
  • Pages visited and time spent on our website

3. How We Use Your Information

We use your personal information for the following purposes:

  • To respond to your inquiries and provide customer support
  • To process and fulfill service requests
  • To send relevant business communications, project updates, and newsletters (with your consent)
  • To improve our website functionality, user experience, and services
  • To conduct market research and understand user preferences
  • To comply with legal obligations
  • To detect and prevent fraudulent activity or technical issues

4. Legal Basis for Processing Under UK GDPR

We process your personal data only when we have a legal basis to do so under the UK GDPR:

  • Consent: When you submit a contact form or subscribe to communications, you provide explicit consent to process your data
  • Legitimate Interests: We process data to provide and improve our services, conduct business operations, and maintain website security
  • Contractual Necessity: When you engage our services, we process data to fulfill our contractual obligations
  • Legal Obligation: We process data where required by law or regulation

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy and to comply with our legal obligations:

  • Contact form submissions and inquiries: up to 3 years from submission
  • Website analytics data: up to 2 years
  • Email correspondence: up to 3 years from last communication
  • Marketing consent records: until withdrawal of consent

After the retention period expires, we securely delete or anonymize your data.

6. Third-Party Service Providers

We share your data only with trusted third-party service providers who assist us in operating our website and providing services:

  • EmailJS: Processes contact form submissions and sends email notifications on our behalf
  • Cloudflare: Provides web hosting, content delivery, and security services
  • Analytics Providers: Help us understand website usage and improve user experience

These providers are bound by data protection agreements and use your data only for the purposes specified.

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you
  • Right to Rectification: You can request correction of inaccurate data
  • Right to Erasure: You can request deletion of your data in certain circumstances
  • Right to Restrict Processing: You can limit how we use your data
  • Right to Data Portability: You can request your data in a portable format
  • Right to Object: You can object to certain processing activities
  • Right to Withdraw Consent: You can withdraw consent for processing at any time

To exercise any of these rights, please contact us at the address below.

8. Security and Data Protection

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Secure HTTPS connections for all website communications
  • Encryption of sensitive data in transit and at rest
  • Regular security audits and vulnerability assessments
  • Restricted access to personal data (staff access only on need-to-know basis)
  • Regular staff training on data protection

However, no security system is completely secure, and we cannot guarantee absolute security of your data.

9. International Data Transfers

As Greybox Geospatial is UK-based, your data is primarily processed and stored within the UK and European Economic Area. If data is transferred outside these regions, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of any material changes by posting the updated policy on our website with a new "Last Updated" date.

11. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your personal data, please contact us:

Email: info@greyboxgeo.com

Address: Greybox Geospatial Ltd, 1 Winnall Valley Rd, Winchester, SO23 0LD, United Kingdom

Website: www.greyboxgeo.com

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.