Privacy Policy

Data Controller Tumbles and Grumbles Ltd (


Tumbles and Grumbles Limited Data Protection Officer Caroline Davies, C/O Harlands Accountants Llp Greencroft Industrial Park, Amos Drive, Annfield Plain, County Durham, England, DH9 7XN


Legal Basis

Tumbles and Grumbles Ltd offers a range of training services and goods relating to first aid, and health and safety for both adults and children (e.g. training kits, training courses and workshops). As such, Tumbles and Grumbles Ltd has a legitimate business interest in capturing, processing and retaining data from customers who have requested goods and services from the company for a mutually beneficial purpose.


Tumbles and Grumbles Ltd undertakes to capture, process and retain all data obtained from individuals and businesses in line with the requirements of all applicable Data Protection Laws, including the UK Data Protection Act (DPA), Privacy and Electronic Communications Regulation (PECR) and the EU General Data Protection Regulation (GDPR).

Tumbles and Grumbles Ltd will capture, process and retain data from the following categories of Data Subjects:


Customers (based in the UK and EEA)

Tumbles and Grumbles Ltd will initially capture, process and retain customer data that is obtained through telephone, email or the website when a customer requests goods, services or information. This data will be used for the purposes of:

• Creating a customer profile on our in-house data systems • Processing customer orders

• Creating and issuing customer invoices

• Debt chasing

• Marketing activity (data provided may be manually profiled by Tumbles and Grumbles Ltd to produce tailored marketing messages and limited customer data will be used when these messages are sent through our secure email management system)

• Staff training, internal auditing, dealing with complaints and customer queries


Tumbles and Grumbles Ltd customers have the right to withdraw consent to hold their data at any time. However, if a customer chooses to withdraw consent, then Tumbles and Grumbles Ltd will be unable to process any further orders for goods and services.

Tumbles and Grumbles Ltd Customers are provided with an opportunity to opt out of Tumbles and Grumbles Ltd marketing messages when receiving subsequent marketing communication.

Complainants Tumbles and Grumbles Ltd has a Customer Complaints Policy and customers have the right to make a complaint when they are unhappy with goods or services that have been provided by Tumbles and Grumbles Ltd. When receiving the details of any complaint, Tumbles and Grumbles will use the data provided for the purposes of:

• logging and processing the details of the complaint

• carrying out and investigating the scenario outlined in the complaint

• making decisions based on the findings of any investigation

• informing the complainant of the outcome of their complaint

• informing any affected parties of the outcomes and actions required (should there be any)


Data Transfers

Tumbles and Grumbles Ltd may transfer customer data to third parties/partners in order to fulfil personalised certificate orders including production and delivery requirements. This may include third parties operating outside the EEA. Tumbles and Grumbles Ltd will carry out all necessary due diligence to ensure that all data transfers to third parties/partners are carried out securely and that all necessary safeguards are in place to ensure data security. Tumbles and Grumbles Ltd will also ensure that third parties/partners are fully aware of their responsibilities to ensure GDPR compliance when processing customer data transferred to them.

For marketing purposes, Tumbles and Grumbles Ltd may also share customer email addresses with secure advertising platforms such as Google and Facebook in order to tailor Tumbles and Grumbles Ltd marketing messages for users.

Tumbles and Grumbles Ltd will not transfer personal data to any other company or organisation without your prior consent, with the exception of Her Majesty’s Revenue and Customs (HMRC) requests for financial data (relating to customer invoicing).


Data Retention

When a customer makes a purchase, Tumbles and Grumbles Ltd will retain the data captured on the platform or paid invoice on our CRM system indefinitely for the purposes of:

• fulfilling the contract with the customer

• providing an auditable customer trail

• providing historical data for accounting purposes

• responding to HMRC financial information requests

• reviewing and improving services and processes


Individual Rights

Tumbles and Grumbles Ltd will capture, process and retain personal data in line with DPA and GDPR requirements. Your individual rights in line with these requirements include the:

• right to be informed of how we use and process your personal data

• right of access to any personal data that we retain about you

• right to rectification of any personal data that we retain about you that you believe to be inaccurate

• right to erasure when there is no legal justification or legitimate business interest allowing us to retain your personal data

• right to restrict processing of personal data if , for example, you think that personal data we retain about you is inaccurate or we have no legal justification or legitimate business interest to continue to retain and process your personal data. Rather than request erasure, you can make the request to restrict processing

• right to data portability should you want to move, copy or transfer your personal data from one source to another

• right to object when personal data is processed due to legitimate business interest or performance of a task in the exercise of official authority, direct marketing and research and/or statistical analysis

• rights associated with automated decision making and profiling which allow you to obtain human intervention in any such process, express your points of view on decisions or outcomes made about you and obtain an explanation of any decisions made and subject them to challenge

• right to withdraw consent to hold your personal data at any time

• right to lodge a complaint with a supervisory authority should you be dissatisfied with how we have managed your personal data (the Information Commissioner’s Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest)


Subject Access Requests

In line with these individual rights, anyone who wishes to make a formal Subject Access Request to Tumbles and Grumbles Ltd for the purposes of requesting personal data or taking some action with respect to the personal data that is held about them should submit the request in writing to the Tumbles and Grumbles Ltd Data Protection Officer either in writing by post to Tumbles and Grumbles Ltd, C/O Harlands Accountants Llp Greencroft Industrial Park, Amos Drive, Annfield Plain, County Durham, England, DH9 7XN or by emailing to



Visitors to the Tumbles and Grumbles website should be aware that information and data may be automatically collected by our website through the use of “cookies.” These are small text files that a website can use to recognise repeat visitors and facilitate the visitor’s ongoing access to, and use of, the site. They allow us to monitor usage behaviour and compile aggregate data that will help us to make improvements to our website.

Cookies are not programs that will enter a visitor’s computer system and damage files. Generally, cookies work by assigning a unique number to the visitor that has no meaning outside the assigning site. If a visitor does not want information collected through the use of cookies, there is a simple procedure in most browsers that allows the visitor to deny or accept the cookie feature. However, please note that you may lose some features and functionality if you choose to disable cookies.

Whenever you visit our website we automatically record the IP address that you are connecting to us from and we log the pages that are visited. We also record other details such as the operating system and web browser type being used. If a link was followed to this site, details of the search engine or website that was previously visited are recorded. This data is used only to compile general statistical information. We also use cookies to measure the effectiveness of our marketing campaigns on websites such as Google, Facebook, LinkedIn and Twitter.

May 2018