Privacy Notice

Last updated 13/05/2026

Introduction

Please review this Privacy Notice (“Privacy Notice”) to learn more about how we collect, use, share and protect the personal information that we have obtained. 

The companies connected to Ashlar Block, all with registered offices at 34-36 Queen Anne Street, London, UK, are: Ashlar Block Limited, Company Number 14869222; Ashlar Strategies Limited, Company Number 14875685; and Gateway 21 Limited FRN 999557 and Company Number 14871909. 

As the operational companies and data controllers within the Group, Ashlar Strategies and Gateway 21 are registered with the Information Commissioner under ZB649352 and ZB649348 respectively. 

Ashlar Block Limited, as a holding company, does not itself collect, control or process personal information. For simplicity, for the remainder of this notice and as this notice applies to both operating entities, Ashlar Strategies and Gateway 21 are collectively referred to as ‘the Group’; this reference does not include Ashlar Block Limited. The Group takes our legal responsibilities around your personal data and the security of such data seriously. The below privacy notice explains our processing of personal data. 

1         Collection and use of personal information

1.1     What information we collect

We may collect and process your personal data including your name, address, email address, i/p address, date of birth and any other general purpose data for the purposes outlined below. We do not ordinarily collect special category data (such as religious or medical information) or criminal offence data other than where:

  • that may be identified as a result of checks we might make in relation to potential or actual customers: against Sanctions lists, and lists of Politically Exposed Persons. 

  • that may be disclosed to us by you unsolicited, or in connection with any invitations we make to identify appropriate support in connection with any vulnerabilities, in accordance with our Consumer Duty.  

We may collect personal data provided directly by you, provided by introducers, accessible from public registers, and provided by third parties in response to legitimate requests (for example screening for sanctioned individuals). 

We may collect and process data in connection with:

  • Responding to enquiries or providing services - When you submit your information to us through our contact form or via email, we will use your information to process and respond to the request. 

  • Recruitment and personnel - If you send us a resume or curriculum vitae (CV) to apply online for a position with the Group, we will use the information that you provide to match you with available Group job opportunities.

  • Security, quality, and risk management - Personal data may be processed in the context of maintaining security and within the scope of internal quality and risk analysis. 

  • Direct marketing - We may process personal data to promote and develop our services and to share information we think will be of interest to you. In all cases, we will request consent prior to marketing to you. Additionally, opt out can be achieved by using the unsubscribe options contained within the communications or by contacting us. 

  • Social Media - We utilise LinkedIn and may use other platforms for elevating our brand's visibility, showcasing our initiatives and events, and connecting with potential clientele. When you engage with our posts or send us a direct message, you may furnish us with your personal information. This personal data will be employed solely for the purpose of communicating with you. Additionally, we may gather insights from LinkedIn or other platforms regarding your interactions and engagement with our content on their respective platforms. The processing of your personal data is rooted in our legitimate interest in advancing our business, fostering audience engagement on social media, and addressing your comments and inquiries. It's important to note that we do not oversee the privacy practices of these social media platforms. If you seek more information regarding how the platforms collect and manage your personal data, we recommend referring to their privacy policies on their official websites.

In some cases where you have registered for certain services we will store your email address temporarily until we receive confirmation of the information you provided via an email (i.e. where we send an email to the email address provided as part of your registration to confirm a subscription request). 

1.2     The legal grounds we have to use your personal information

The Group companies generally collect only the personal information necessary to fulfil your request or provide the service. Where additional, optional information is sought, you will be notified of this at the point of collection. 

When we process your personal information, we will rely on one of the following processing conditions: 

  • Performance of a contract: this is when the processing of your personal information is necessary in order to perform our obligations under a contract;

  • Legal obligation: this is when we are required to process your personal information in order to comply with a legal obligation, such as keeping records for tax purposes or providing information to a public body or law enforcement agency;

  • Legitimate interests: we will process information about you where it is in our legitimate interest in running a lawful business to do so in order to further that business, so long as it doesn’t outweigh your interests; or

  • Your consent: in some cases, we will ask you for specific permission to process some of your personal information, and we will only process your personal information in this way if you agree to us doing so.  You may withdraw your consent at any time by contacting the Group at admin@gateway21.co.uk.

Examples of the ‘legitimate interests’ referred to above are:

  • To offer information and/or services to individuals who visit our website or offer information about employment opportunities.

  • To prevent fraud or criminal activity and to safeguard our IT systems.

  • To customise individuals’ online experience and improve the performance, usability and effectiveness of the Group’s online presence.

  • To conduct, and to analyse, our marketing activities.

  • To meet our corporate and social responsibility obligations.

  • To exercise our fundamental rights including our freedom to conduct a business and our right to protect property.

Third parties whose legitimate interests may on occasion be pursued include:

  • Complying with legal requirements or any obligations construed through any professional body of which we are a member, where we would be subject to legal, regulatory and/or professional obligations. 

  • We need to keep records to demonstrate that our services are provided in compliance with those obligations.

The Group does not make use of automated decision making.

1.3  Cookies

Cookies will typically be placed on your computer or internet-enabled device whenever you visit us online. This allows the site to remember your computer or device and serve a number of purposes.

Although most browsers automatically accept cookies, you can choose whether to accept cookies via the cookie consent banner or your browser’s settings (often found in your browser’s Tools or Preferences menu). If you wish to revoke your selection, you may do so by clearing your browser’s cookies, or by updating your preferences in the cookie banner.

For more information, please refer to our Cookie Policy.

1.4   Children

The Group understands the importance of protecting children’s privacy, especially in an online environment. In particular, our sites are not intentionally designed for or directed at children under the age of 16. It is our policy never to knowingly collect or maintain information about anyone under the age of 13.

2         Sharing and transfer of personal information with third parties

We do not share personal information with external third parties, except as necessary for our legitimate professional and business needs, to carry out your requests, and/or as required or permitted by law or professional standards. Recipients in such cases might include providers to screen individuals for Know Your Customer purposes, the FCA, HMRC and law enforcement. In addition, the Group may transfer certain personal information outside of the UK and EEA to outside companies working with us or on our behalf for the purposes described in this Privacy Notice. The Group may store personal information outside of the UK and EEA. If we do this your personal information will continue to be protected by means of contracts we have in place with those organisations outside the EEA, containing standard data protection clauses which are in a form approved by the UK Government under the IDTA.

The Group will not transfer the personal information you provide to any third parties for their own direct marketing use.

Entities within the Group, who may each be the relevant information controller dependent on how the information was collected, might share your information internally within the Group amongst affiliated companies. We will never trade or grant access to your data to third parties for marketing purposes. However, we do share your data with our subcontractors as a common practice since, like many businesses, we rely on external assistance for various aspects of our operations. When we engage third-party assistance, we provide them with only the necessary data to enable them to perform their designated tasks. This data always remains under our control, ensuring they can only utilise it as instructed and cannot retain it once their involvement is no longer necessary, nor pass it on to others. We diligently evaluate and establish contracts with suppliers handling confidential and personal data, mandating them to appropriately safeguard the data.

In instances where legal requirements dictate, we may share your information with other third parties, such as our insurers or government agencies and regulatory bodies.

3         Choices

In general, you are not required to submit any personal information to the Group, but we will require you to provide certain personal information in order for you to receive additional information about our services and events. The Group will also ask for your permission for certain uses of your personal information, and you can agree to or decline those uses. If you opt-in for particular services or communications, such as an e-newsletter, you will be able to unsubscribe at any time by following the instructions included in each communication. If you decide to unsubscribe from a service or communication, we will try to remove your information promptly, although we may require additional information before we can process your request.

If you wish to prevent cookies from tracking you as you navigate our sites, you can reset your browser to refuse all cookies or to indicate when a cookie is being sent. Note, however, that some portions of our sites may not work properly if you elect to refuse cookies.

4         Your rights

If the Group processes personal information about you, you have the following rights:

  • Access and correction: you have the right to access that data. This is sometimes called a ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you, we will provide it to you free of charge. Before providing personal information to you, we may ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information. If the information we hold about you is incorrect, you are entitled to ask us to correct any inaccuracies in the personal information.

  • Object to processing: you have the right to object to us processing your personal information if we are not entitled to use it anymore.

  • Other Rights: in addition, you may have rights to have your information deleted for example if we are keeping it too long, have its processing restricted in certain circumstances and/or to obtain copies of information we hold about you in electronic form, or where relevant and appropriate request that your data is transferred to another data controller.

You can make a request or exercise these rights by contacting the Group via admin@gateway21.co.uk and we will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and professional standards. In accordance with the Consumer Duty, we will support reasonable requests for communication preferences associated with any known or disclosed vulnerabilities.

If you are dissatisfied with the way we have handled your personal data and we are unable to resolve the issue for you, you may escalate the matter to the relevant Data Protection Authority (“DPA”). Further details can be found on their site: 

United Kingdom

Information Commissioner’s Office

https://ico.org.uk/make-a-complaint/

Email: icocasework@ico.org.uk

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

5         Data security and integrity

The Group has reasonable security policies and procedures in place to protect personal information from unauthorised loss, misuse, alteration, or destruction. Despite the Group's best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of our ability, access to your personal information is limited to those who have a need to know. Those individuals who have access to the data are required to maintain the confidentiality of such information.

We also make reasonable efforts to retain personal information only for so long i) as the information is necessary to comply with an individual’s request, ii) as necessary to comply with legal, regulatory, internal business or policy requirements, or iii) until that person asks that the information be deleted.  The period for which data is retained will depend on the specific nature and circumstances under which the information was collected; however, subject to the requirements of i)–iii) above, personal information will not be retained for more than 2 years.

6         Changes to this Notice

The Group may modify this Privacy Notice from time to time to reflect our current privacy practices. When we make changes to this Notice, we will revise the “updated” date at the top of this page. Any changes to the processing of personal data as described in this Privacy Notice affecting you will be communicated to you through an appropriate channel, depending on how we normally communicate with you.

7         Policy questions and enforcement

The Group is committed to protecting the online privacy of your personal information. If you have questions or comments about our administration of your personal information, please contact us at admin@gateway21.co.uk. You may also use this address to communicate any concerns you may have regarding compliance with our Privacy Notice.

If you are not satisfied with the response you receive, you may escalate your concern to the Privacy Lead or, should one be appointed, the Data Protection Officer by sending an email to the same email address and marking it as an escalation. We will acknowledge your email within 14 days and seek to resolve your concern within one month of receipt. Where the concern is complex or we have a large volume of concerns, we will notify you that the concern will take longer than one month to resolve, and we will seek to resolve your concern within three months of the concern being first raised.  We may accept your concern (and in that case implement one of the measures set out in the ‘Your Rights’ section above), or we may reject your concern on legitimate grounds.

In any event, you always have the right to lodge a complaint with the regulator in charge of protecting personal information, the Information Commissioner’s Office. 

Ashlar Block Limited and its subsidiaries Ashlar Strategies Limited and Gateway 21 Limited are private English companies limited by shares.