Privacy Policy

Last updated: 1st September 2025

This Privacy Policy explains how greyzip-vs-palmpr.com (“we,” “our,” “this website”) collects, uses, and protects your personal information. We are committed to safeguarding your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. About This Website

This website is an independent platform that publishes factual information and opinion based on documented evidence, relating to Palm PR Ltd and associated individuals and entities. The site is operated by Ashley Stevens (trading as greyzip Ltd), who is the Data Controller for the purposes of data protection law.

2. Information We Collect

We collect only the personal data that is necessary for:

Operating and improving this website;
Responding to enquiries or correspondence;
Publishing factual information that is already publicly available (e.g., company directorship records from Companies House) or provided with consent;
Hosting evidence and supporting documentation relevant to ongoing legal and regulatory matters.

Data we may process includes:

Names and roles of publicly listed company directors, officers, or other individuals relevant to the subject matter of this website;
Content submitted through our Contact Form (e.g., name, email address, and message content);
Technical data automatically collected via cookies or analytics tools (e.g., IP address, browser type, pages visited).

3. Lawful Basis for Processing

We process personal data under the following legal bases, as defined by UK GDPR:

Legitimate Interests (Article 6(1)(f)) – Publishing factual information, ensuring transparency, and maintaining a public record of relevant events;
Legal Obligation (Article 6(1)(c)) – Complying with applicable legal requirements, including record keeping and regulatory duties;
Consent (Article 6(1)(a)) – Where you voluntarily provide information via forms or email;
Public Interest (Article 6(1)(e)) – In some cases, processing information may be necessary to ensure accountability and inform the public.

We do not process sensitive “special category data” unless explicitly provided with consent or where necessary for legal claims.

4. How We Use Your Information

We may use personal data for:

Responding to contact or enquiries submitted through this website;
Hosting and publishing factual, evidence-based content in the public interest;
Supporting ongoing legal claims, regulatory investigations, and public transparency initiatives;
Website analytics and security monitoring (e.g., preventing abuse, spam detection).

5. How We Share Information

We will never sell your personal data. We may share information only when necessary:

With law enforcement, regulatory authorities, or legal advisers to support legal claims or compliance;
With website hosting, analytics, or security providers to ensure site functionality;
When required by law or court order.

All third-party services used by this website comply with applicable data protection laws.

6. Publicly Available Data

Much of the information published on this website is already in the public domain (e.g., company records from Companies House). Any commentary is clearly marked as opinion, and all allegations or ongoing investigations are identified as such.

Individuals and companies named on this website have a right of reply, and responses will be published in full.

7. Cookies and Analytics

We may use cookies or analytics tools to monitor website performance. These tools collect anonymous information such as:

Pages visited;
Approximate location data (city-level);
Device/browser type.

You can disable cookies in your browser settings if preferred.

8. Data Retention

We retain data for as long as necessary to:

Maintain the integrity of the published content;
Comply with legal obligations;
Resolve disputes or claims.
If you submit a request for your data to be removed (see “Your Rights” below), we will review it in line with legal obligations and legitimate interest.

9. Your Rights (UK GDPR)

You have the following rights under UK data protection law:

Right to Access – Request a copy of your personal data.
Right to Rectification – Ask us to correct inaccurate data.
Right to Erasure (“Right to be Forgotten”) – Request deletion of your data where legally appropriate.
Right to Restrict Processing – Limit how we use your data.
Right to Object – Object to processing where we rely on legitimate interest.
Right to Data Portability – Receive a copy of your data in a transferable format.

To exercise these rights, contact us at: ash@greyzip.com.

10. Security

We take appropriate technical and organisational measures to protect your data from unauthorised access, alteration, disclosure, or destruction.

11. External Links

This website may contain links to external websites. We are not responsible for their content or privacy practices.

12. Contact Us

If you have any questions about this Privacy Policy or how your data is processed, please contact:
Ashley Stevens
Email: ash@greyzip.com
Registered Business: greyzip Ltd

If you are unhappy with our response, you can lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Visitor comments may be checked through an automated spam detection service.