Privacy Policy

This website is controlled and operated by Jack & Grace Ltd. We take your privacy very seriously so this policy sets out the ways in which we may collect personal data, why we do that and your rights to the way we store this data.

Data Protection

Jack & Grace is committed to protecting the privacy and confidentiality of your private information. We uphold the relevant data protection principles and process data in accordance with the Data Protection Act 2018 (DPA 2018) and the General Data Protection Regulation (GDPR) which requires organisations that process personal data to meet certain legal obligations.

Jack & Grace enters into a contract with data subjects and process data on that basis, information is collected for the purpose of:

  • Administering a relationship with the data subject, providing services and responding to inquiries and retaining information related to current client service provision
  • Enable business development through the retention of data held under legitimate interest
  • Enable Jack & Grace to meet legal and other regulatory obligations


The information collected is known as ‘personal data’ and can include (but is not limited to) name, address, email address, telephone, and other contact numbers and financial information. The information is collected in several different ways. For example, data may be provided directly online or over the telephone, or when corresponding by letter. This data is then retained for legitimate purposes under the relevant legislation and disposed of once services or relationships have ceased.

In visiting the Jack & Grace website, cookies are used to collect information such as Internet Protocol (IP) address which connects the computer or mobile device to the Internet, and information about the visit such as the pages viewed or searched for, page response times, download errors, etc. This is to measure Jack & Grace’s website performance and make improvements in the future. Cookies are also used to enhance this website’s functionality and personalisation, which includes sharing data with third-party organisations (Google Analytics).

Any details gathered about Jack & Grace’s clients may be used: 

  • to provide services under the contract in force
  • to contact the data subject about other services that might be of interest, if the subject has consented to this
  • to meet other legal and regulatory requirements
  • for other legitimate interests


Jack & Grace retains records based on a retention policy so that it can defend against potential legal claims or disciplinary action which can be brought within statutory time limits. There is no automated decision-making involved in the use of personal information and therefore no data portability. All third-parties comply with the General Data Protection Regulation (GDPR) requirements.

On occasions, Jack & Grace may process information outside of the UK but will maintain written records of processing activities performed which shall include: (i) the categories of processing activities performed; (ii) details of any on cross border data transfers outside of the European Economic Area (EEA); and (iii) a general description of security measures implemented in respect of the client personal data.

If personal data is transferred to a country or territory outside the EEA it will do so in accordance with data protection legislation.

If the law allows or requires personal information during the period of contractual arrangements or after Jack & Grace has ceased to act information may be given to:

  • the police and law enforcement agencies
  • courts and tribunals
  • the Information Commissioner’s Office (ICO)


In addition, after Jack & Grace has ceased to act information may be given to:

  • professional indemnity insurers or legal advisers where we need to defend against a claim
  • professional disciplinary body where a complaint has been made, in order to defend the company against a claim
  • the data subject’s new advisers or other third parties they ask us to give information to


The data subject can request to have their personal information removed at any time or can request to see records or any other information the organisation holds about them – this must be requested in writing. Please email: