Privacy Policy

1. Introduction

This Privacy Notice explains how Goodwin PLC and its subsidiary companies (together the “Goodwin Group”, “we”, “us” or “our”) collect, use, store, share and protect personal data, and the rights available to individuals in relation to that data. It applies to personal data collected through our websites, business activities, manufacturing operations, supply chain relationships, recruitment processes, premises, and other interactions you may have with us, whether online or offline. This Privacy Notice is intended to meet the transparency requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

Goodwin PLC is the data controller responsible for this website. Goodwin PLC is a company registered in England and Wales (company number 305907) with its registered office at: Ivy House Foundry Hanley Stoke-on-Trent ST1 3NR United Kingdom Depending on the context and processing activity, individual companies within the Goodwin Group may act as data controllers, joint controllers, or data processors. The data controller will usually be the Goodwin Group company to which you provide your personal data, unless otherwise stated. You can contact our Data Protection Officer (see contact details below) for information about which company is responsible for specific processing activities. Appropriate contractual and organisational arrangements are in place to ensure compliance with applicable data protection laws.

3. Contact Details and Data Protection Officer

Questions regarding this Privacy Notice or our processing of personal data should be addressed to our Data Protection Officer (DPO): Email: privacy@goodwingroup.com Telephone: 01782 220000 Goodwin PLC Ivy House Foundry Hanley Stoke-on-Trent ST1 3NR United Kingdom

4. Lawful Bases for Processing

We process personal data only where we have a lawful basis to do so under the UK GDPR. Depending on the circumstances, these lawful bases will be one or more of the following:
Lawful basis Examples of when this may be used
Performance of a contract or taking steps at your request prior to entering into a contract • To supply goods or services to our customers; including to manage accounts, billing and customer support. • To purchase goods or services from our suppliers. • To respond to enquiries or requests for quotation. • To administer employment and contractor relationships, including recruitment and payroll.
Legitimate interests, provided those interests are not overridden by your rights and freedoms • To communicate with customers and business contacts about our products and services where permitted by law. • To improve and develop our products and services. • To maintain the security of our premises, systems, and networks (including the use of CCTV and access controls). • To prevent fraud or security incidents.
Compliance with a legal obligation • To comply with applicable employment, tax, accounting, health and safety, or regulatory requirements (including occupational health testing). • To respond to lawful requests from courts, regulators, or public authorities.
Protection of vital interests • To protect the life or physical safety of individuals, for example ensuring an employee or visitor receives medical assistance in the event of an accident or medical emergency.
Your consent, provided that where we rely on consent, you may withdraw your consent at any time • Recording meetings or calls with our customers, suppliers or other business contacts. • Sending certain types of marketing communications.

5. Retention of Personal Data

We retain personal data only for as long as is reasonably necessary for the purposes for which it was collected, including to comply with legal, regulatory, contractual, insurance or reporting obligations, and to protect our legitimate business interests. In most circumstances, personal data will not be retained for more than six years from the last meaningful interaction with you. However, certain categories of data may be retained for longer periods where required by law, regulation, contractual commitments or where there is a compelling legitimate reason to do so, for example, in relation to health and safety, product assurance, employment or potential legal claims. When retention periods expire, personal data will be securely deleted, anonymised or otherwise rendered inaccessible.

6. Disclosure of Personal Data

We may disclose personal data to:
  • other companies within the Goodwin Group, where necessary for legitimate business purposes
  • third-party service providers who process personal data on our behalf, such as IT providers, professional advisers, auditors, insurers, recruitment agencies and payment service providers
  • regulatory authorities, law enforcement agencies, courts or other public bodies where required or permitted by law
Where third-party processors are engaged, appropriate contractual safeguards are in place to ensure personal data is processed securely and only in accordance with our instructions. In the event of a sale, transfer, or other disposal of all or part of our business or assets, personal data may be transferred to the new owner, subject to appropriate safeguards. The new owner will be required to use personal data in the same way as set out in this Privacy Notice, unless and until it notifies you of any changes in accordance with UK data protection laws.

7. International Transfers

Where personal data is transferred outside the United Kingdom, we ensure that appropriate safeguards are in place in accordance with UK data protection laws. These safeguards may include UK adequacy regulations, international data transfer agreements, standard contractual clauses, transfer risk assessments or other legally recognised mechanisms.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data against loss, unauthorised access, alteration or disclosure. These measures include physical security, access controls, encryption, secure IT systems, policies and procedures, and staff training. Sensitive information, including financial data, is subject to additional safeguards. We regularly review, test and update our security measures to ensure they remain appropriate to the risks involved. These measures are independently verified through Cyber Essentials Plus certification.

9. Your Rights

You have the following rights in relation to your personal data, subject to certain legal limitations:
  • the right to access
  • the right to correct inaccurate or incomplete data
  • the right to delete in certain circumstances
  • the right to restrict processing
  • the right to data portability
  • the right to object to processing based on legitimate interests or for direct marketing
  • the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects
To exercise your rights, please contact the Data Protection Officer using the details above. For security purposes, we may ask you to provide information to verify your identity before processing your request. We will respond to your request within one month of receiving it. If your request is complex or you have made a number of requests, we may extend this period by a further two months, but will inform you within one month of receiving your request. If we are unable to fulfil your request, we will let you know the reasons why.

10. Complaints

If you are unhappy with how we handle your personal data or respond to your requests, you may contact our Data Protection Officer. You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner’s Office (ICO) online www.ico.org.uk or by telephone 0303 123 1113.

11. Website Visitors

Website Contact Forms
Information submitted via website contact forms will be used to respond to your enquiry and may be retained for record-keeping purposes. This information is not shared with third parties unless necessary to respond to your enquiry.
Website Analytics and Cookies
Our websites use internal and third-party analytics tools to collect standard internet log information and visitor behaviour data in a way that does not identify individuals. Where cookies or similar technologies are used, these are managed in accordance with our Cookie Policy and applicable consent requirements.
Live Chat
Some of our websites may offer a live chat facility for real-time communication with our employees. We use a third-party provider, Hubspot, to supply and support our live chat service. Information processed may include name, contact details, IP address, approximate location, browsing activity and conversation transcripts.

12. I.T. Network Security

We process IP addresses and related network data to ensure the security and reliability of our IT systems. Suspected malicious activity may be investigated and, where appropriate, reported to law enforcement, security vendors or information-sharing forums.

13. Marketing Communications

Where we send marketing communications, we do so on the basis of consent or legitimate interests, as applicable. You may opt out at any time using the unsubscribe options provided or by contacting us. We will not share your personal data with third parties for their own direct marketing purposes.

14. Customers and Suppliers

We process personal data relating to customers and suppliers for order processing, contract management, compliance checks, invoicing and business continuity purposes. Know-your-customer and due diligence checks are carried out where required.

15. Visitors to Our Premises

Visitors may be required to sign in and out for health and safety and security purposes. Vehicle registration details may be collected to manage parking and site safety.

16. CCTV

CCTV systems operate at our premises for safety, security and crime prevention purposes. Clear signage is displayed. CCTV footage is normally retained for up to three months unless required longer in connection with an incident.

17. Recruitment

Personal data of job applicants is processed to assess suitability for employment and to manage recruitment. Data may include contact details, employment history, qualifications, right-to-work information and equal opportunities data. Applicant data is normally retained for up to six months after completion of the recruitment process unless consent is given to retain it longer.

18. Employees and Former Employees

We process personal data relating to employees and former employees for employment administration, payroll, benefits, training, health and safety, security, compliance and legal purposes. Some records, particularly those relating to post-employment benefits, health and safety or long-life and/or safety critical products (for further details see below), may be retained for extended periods where legally or operationally required.

Product Safety and Quality Assurance

Certain employees involved in the manufacture and inspection of long-life and/or safety-critical products may have their name, qualifications and work records retained and shared with customers as part of product safety assurance. This processing is based on contractual necessity and legitimate interests and may require long-term or indefinite retention.

Health, Occupational Health and Safety-Related Data

Where required by law or risk assessment, we may process personal data relating to employees’ health, including occupational health assessments, sickness absence records, and the results of drug and alcohol testing. This information is processed to fulfil our health and safety obligations, prevent accidents in the workplace, assess employees’ fitness to perform their duties safely, support workplace adjustments, manage sickness absence, and handle related insurance or legal claims. Such data is handled with strict confidentiality and may be retained for extended periods in line with legal and operational requirements.

Recorded CCTV Video Footage

CCTV recording cameras and equipment are installed at Goodwin Group business premises, internally for the legitimate business interest of ensuring a safe working environment, and externally for the legitimate business interest of preventing (as a deterrence) and detecting crime (including identifying individuals engaged in criminal activity such as theft), a risk reduction control required by our insurers. The CCTV data is used and kept only to fulfil this original purpose, stored securely. Individuals have the right to request a copy of any CCTV footage in which they are in focus and/or clearly identifiable, they will need to provide details of which camera, location, date and times in order for the CCTV operator to locate the recording requested. CCTV data is retained for 3 months, except in the event of a security or health and safety incident when relevant records are then retained indefinitely as evidence.

Fingerprint Recognition

Where necessary for safety, security and time recording purposes, we may process fingerprint recognition data, to control access to premises and accurately record working time. Such data is handled with strict confidentiality and is deleted within 30 days following termination of employment.

19. Automated Tools and Artificial Intelligence

We may use automated tools, including systems incorporating artificial intelligence, to support administration, security, compliance and operational efficiency. These tools are subject to appropriate governance and human oversight and are not used to make solely automated decisions with legal or similarly significant effects, except where permitted by law and subject to safeguards.

20. Links to other websites

Our websites may contain links to third-party websites. We are not responsible for how those third parties collect, use or store your personal data. We encourage you to read the privacy notice on any third-party websites you visit.

21. Changes to this Privacy Notice

We may update this Privacy Notice from time to time. Any changes will be published on our website with an updated revision date. This Privacy Notice was last updated on 9 March 2026.
Powered by  GDPR Cookie Compliance
Privacy & Cookie Overview

This website uses cookies so that we can provide you with the best user experience possible and understand how users interact with our websites.

For a list of the cookies we use, please see our 'Cookie Policy' page.

If you would like to know more about how we use the data we collect on this website, along with additional details regarding data privacy, please see our 'Privacy Policy' page.