PRIVACY POLICY (WEBSITE PRIVACY NOTICE)
For www.teamtyrrell.com

Last updated: 4 March, 2026

1. Who we are (Controller)

Tyrrell Promotions Limited (“TPL”, “Tyrrell”, “Team Tyrrell”, “we”, “us”) is the controller of personal data collected through www.teamtyrrell.com.

Registered office: 27 High Street, Horley, Surrey, RH6 7BH, UK
Company number: 02881061
Email: contact@teamtyrrell.com

If you have questions about this Privacy Policy or want to exercise your rights, contact us using the details above.

Data Protection Officer (DPO): We have not appointed a DPO unless we are legally required to do so. If we appoint a DPO, we will publish their contact details here.

2. What this Privacy Policy covers

This Privacy Policy explains how we collect and use personal data when you:
a) use our website contact form,
b) email us, or
c) sign up to our newsletter.

It also covers basic website technical data and cookies where applicable. In the UK, cookies and electronic marketing also interact with the Privacy and Electronic Communications Regulations (PECR).

3. Personal data we collect

A) Contact form and email correspondence
We may collect:
• Identity data: name
• Contact data: email address, phone number (if provided)
• Message content: information you include in your enquiry and any attachments
• Technical data: IP address, device and browser information (where captured by our systems), and message metadata (time, date)

B) Newsletter sign-up
We may collect:
• Identity data: name (optional, if requested)
• Contact data: email address
• Preference data: subscription preferences and opt-in status
• Engagement data: newsletter opens/clicks (if enabled by the provider)

C) Website usage data (where applicable)
Depending on configuration, we may collect:
• Technical data: IP address, device identifiers, browser type/version, operating system, referrer URL
• Usage data: pages viewed, interactions, approximate location (city/region level)

4. How we use your data and our lawful bases

Under UK GDPR and EU GDPR, we must have a lawful basis for processing. Common lawful bases include consent, contract, legal obligation, and legitimate interests. (Privacy notice content requirements are set out in GDPR transparency obligations, including Article 13 where data is collected from you.)

A) Responding to enquiries (contact form and email)
Purpose: to respond to your messages, provide requested information, and manage our relationship.
Lawful basis:
• Legitimate interests (we have a legitimate interest in responding to enquiries and running our business), and/or
• Steps prior to entering into a contract (where your enquiry relates to potential services or transactions)

B) Sending newsletters and marketing emails
Purpose: to send newsletters and updates you request.
Lawful basis:
• Consent (you can withdraw at any time via the unsubscribe link or by contacting us)

PECR note (UK): marketing by email generally requires consent unless a narrow “soft opt-in” applies, and cookie rules also sit alongside data protection law. We operate on the basis of consent for newsletter subscriptions unless clearly stated otherwise at the point of collection.

C) Website security and operational administration
Purpose: to keep our website secure, prevent fraud/abuse, maintain logs, and troubleshoot.
Lawful basis:
• Legitimate interests (maintaining a secure and functional website)

D) Legal and compliance purposes
Purpose: to comply with legal obligations, respond to lawful requests, and establish/exercise/defend legal claims.
Lawful basis:
• Legal obligation and/or legitimate interests

If we use cookies or similar technologies (including analytics), we will:
• provide clear cookie information, and
• collect consent where required.

In the UK, PECR applies to cookies and uses the UK GDPR standard of consent.

If you implement non-essential cookies (analytics/marketing), you should add:
• a Cookie Policy (or a cookie section with a full cookie table),
• a consent tool (banner) with granular choices,
• instructions for changing preferences.

5. Cookies and similar technologies (if used)

6. Who we share personal data with

Who we share personal data with
We may share personal data with trusted service providers (“processors”) that help us operate, such as:
• website hosting and IT providers
• email service providers (for inbox management)
• newsletter/email marketing platforms
• analytics providers (if enabled)
• CRM tools (if used)

We only share what is necessary, and we require appropriate contractual protections.

We may also share data with professional advisers (legal/accounting) and authorities where we are required to do so.

7. International transfers (UK and EEA)

Some of our suppliers may process data outside the UK or EEA. Where personal data is transferred internationally, we use appropriate safeguards such as:
• adequacy decisions (where applicable), and/or
• standard contractual clauses and related measures (and for UK transfers, the UK’s approved transfer mechanisms such as the UK Addendum/IDTA, as applicable).

8. How long we keep your data (retention)

We keep personal data only as long as necessary for the purposes described.

Typical retention (adjust to your business):
• Enquiries (contact form/email): up to [12–24] months after last contact, unless a longer period is needed for contractual or legal reasons.
• Newsletter subscribers: until you unsubscribe or we suppress your address (for compliance logging).
• Suppression list (unsubscribed emails): as long as necessary to ensure we respect your opt-out.
• Security logs: typically [30–180] days unless needed for investigating incidents.

9. Your rights

Depending on your location and applicable law (UK GDPR and/or EU GDPR), you have rights including:
• access to your personal data
• correction of inaccurate data
• erasure (“right to be forgotten”) in certain circumstances
• restriction of processing in certain circumstances
• data portability (where processing is based on consent or contract and carried out by automated means)
• objection to processing based on legitimate interests (including objection to direct marketing)
• withdrawal of consent at any time (where we rely on consent)

You can exercise rights by contacting us using the details in section 1.

10. Complaints

UK: You can complain to the Information Commissioner’s Office (ICO).
EEA: If EU GDPR applies to you, you can also complain to your local EEA supervisory authority.

We encourage you to contact us first so we can try to resolve the issue.

11. Children

Our website and communications are not directed at children, and we do not knowingly collect personal data from children.

12. Changes to this Privacy Policy

We may update this policy from time to time. We will post the updated version on this page and update the “Last updated” date.