Data Privacy Statement


DirectStone Ltd knows that your privacy is very important to you. When it comes to your information, we follow some straightforward principles. We aim to be clear about the data we collect and why.

Please note that DirectStone Ltd reserves the right to update or change this privacy notice at any time. If it is updated or changed during the service we are providing you with, we will notify you and provide a link to our new data privacy policy.

All our employees who handle personal data have agreed to the terms of our Data Protection Policy a link to which can be found in our website footer and they have a responsibility to comply with it accordingly.

What personal data do we collect?

The nature of the services we provide requires that we collect and process your personal data.

We collect the following personal data from you:

  • Your name
  • Your phone number
  • Your email address
  • Your postal address

If you don’t provide us with personal data, we will still endeavour to provide our services, but it may not be possible to do so.

(N.B. Please do not provide us with the personal data of anyone else without their permission, unless you have obtained the explicit consent from that person.)

How else do we obtain personal data?

The only way in which we would have obtained your data would be directly from you. We do not collect data from direct marketing companies who collect personal data from individuals who have consented to third party marketing communications.

How do we use your personal data?

We limit the use of personal data to ensuring we deliver the service you have requested. Furthermore, we retain your personal data only for as long as is necessary to deliver you this service. We retain an archived version of your personal data for 6 years as part of an accounting record. Records in an archived state means access to them is greatly restricted.

After 6 years, unless we need it for a particular investigation, we securely destroy all records of your personal data in line with our retention schedule. Destruction of paper records is done securely and appropriately. For example, we securely shred paper records in line with the British Standard for secure destruction of confidential material (BS EN 15713).

To whom might we disclose your personal data?

If another organisation helps us to provide our service, we’ll also make your personal data available to them. If this involves transferring information to a country not recognised by the Information Commissioner’s Office as providing equivalent protection, we’ll use additional safeguards approved by UK or EU regulations.

We shall only disclose your personal data to third parties in circumstances that are necessary for delivering the service agreed with you.

We have never and will never sell your personal data.

If there are attacks on our services, or other criminal activity, we may share information with the police or similar public body.

How do we secure your personal data?

Unfortunately, no data transmission over the internet or any other network can be guaranteed as 100% secure, but we take appropriate steps to try to protect the security of your personal data. For example, we encrypt all personal data disclosed to third parties. Likewise, DirectStone Ltd servers and all data stored locally are protected by a hardware firewall designed to prevent unauthorised intrusion into the network. Software security solutions are also in place which constantly scan for malware and viruses on the network.

All staff are required to ensure that any paper files not in current use are kept in locked cabinets in our secure facility. Any paper documentation containing personal data is shredded once it becomes superfluous.

All staff understand the importance of maintaining the secure management of personal information.

Access to personal data is restricted to authorised users on a need-to-know basis.

In the event of a data breach involving your personal data which presents a high risk we have a Data Breach Management Plan in place, and we will contact you without delay.

Inaccuracies and corrections

We would like to keep your personal data accurate and up to date. If you become aware of any errors, noted on our correspondence with you for example, then please let us know by phoning or emailing us.

How to contact us and exercise your rights?

Under the GDPR you have certain rights over your personal data that we hold:

  • To receive a copy of your personal data that we hold
  • To request rectification of any errors.
  • To delete it once we no longer need it.
  • To erase all personal data that we hold.

To contact us regarding those rights, or anything else in this data privacy statement, please write to our Data Protection Officer: Simon Heslop, by email: or at our postal address below:

Direct Stone Ltd
25 Enterprise House,
Wrest Park,
MK45 4HS.

If you don’t feel we’ve dealt with your request appropriately, you have the right to appeal to the Information Commissioner’s Office

Links to other websites

Our website does not contain links to other websites. This privacy policy applies only to personal data collected by DirectStone Ltd.

What are cookies?

A cookie is a small file which asks permission to be placed on your computer’s hard drive. A cookie can’t read data off your hard disk or read cookie files created by other sites. Cookies do not damage your system; they allow web applications to respond to you as an individual. A cookie in no way gives us access to your computer or any information about you, other than the personal data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, however, you can reset your browser so as to refuse any cookie or to alert you to when a cookie is being sent. If you refuse cookies, this may prevent you from taking full advantage of our website.