Privacy Policy

1. Introduction

This privacy policy explains how we collect, use, and protect your personal data when you use this website or contact us for SumUp consultancy services. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Important: This website is operated by Glenrill Ltd an independent consultancy based in Fife, Scotland. We do not process SumUp account applications or card payments. For SumUp's own privacy policy regarding their services, please visit sumup.com/privacy.

2. Who We Are

We are an independent consultancy service providing advice and support to businesses in Fife and Scotland regarding SumUp payment solutions, website hosting and other services. For data protection enquiries, please contact us via the contact form on our homepage or email email@Glenrill.co.uk.

3. What Personal Data We Collect

We may collect the following personal data when you use our website or contact us:

• Contact Information: Name, business name, email address, phone number
• Business Information: Business type, location, payment needs, and other details you provide in enquiry forms
• Technical Information: IP address, browser type, device information, pages visited (via analytics cookies if accepted)
• Chat Data: Messages sent via our AI chat widget (processed by OpenAI as described below)

4. How We Use Your Data

We use your personal data for the following purposes:

• Consultancy Services: To respond to your enquiries and provide SumUp consultancy advice
• Communication: To contact you about your enquiry and arrange consultations
• Service Improvement: To understand how visitors use our website and improve our services
• Legal Compliance: To comply with legal obligations and protect our legitimate interests

Legal Basis: We process your data based on:

• Your consent (when you submit a contact form or use our chat widget)
• Legitimate interests (to provide consultancy services and improve our website)
• Legal obligations (to comply with UK law)

5. AI Chat Widget and OpenAI

Our website includes an AI-powered chat widget that uses OpenAI's services to answer questions about our services or umUp. When you use this chat:

• Your messages are sent to OpenAI's servers for processing
• OpenAI may process and store your messages according to their own privacy policy
• We do not store chat history on our servers beyond your current session
• Do not share sensitive personal or financial information via the chat widget

For more information about how OpenAI handles data, see their privacy policy.

6. Cookies and Tracking

Our website uses minimal cookies. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

7. Data Sharing and Third Parties

We may share your data with:

• OpenAI: For AI chat functionality (as described above)
• Hosting Provider: Our website hosting service (AWS Lightsail or similar)
• Email Service: If we use an email marketing or CRM platform to manage enquiries

We do not sell your personal data to third parties. We do not share your data with SumUp unless you explicitly request that we facilitate an introduction.

8. Data Retention

We retain your personal data only for as long as necessary to provide our services and comply with legal obligations:

• Contact Form Data: Retained for up to 2 years from your last contact with us
• Email Correspondence: Retained for up to 2 years or until you request deletion
• Analytics Data: Anonymised after 14 months (if using Google Analytics or similar)

9. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (subject to legal obligations)
• Right to Restrict Processing: Request that we limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time (where consent is the legal basis)

To exercise any of these rights, please contact us via the contact form or email email@glenrill.co.uk.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. However, no internet transmission is completely secure, and we cannot guarantee absolute security.

11. International Data Transfers

Your data may be transferred outside the UK when using services like OpenAI (based in the USA). We ensure such transfers comply with UK GDPR requirements through appropriate safeguards.

12. Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children.

13. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Please review this policy periodically.

14. Contact Us

If you have questions about this privacy policy or how we handle your data, please contact us via:

• Contact form on our homepage
• Email: email@Glenrill.co.uk

15. Complaints

If you believe we have not handled your data properly, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Phone: 0303 123 1113