GRK
GRK

Privacy Policy

  

GRK GROUP

Privacy Policy


Effective Date: April 2026

Version 1.0 | Last Reviewed: April 2026

173 London Road, Biggleswade, SG18 8EJ, United Kingdom

Growing Together — One Step at a Time


1. Introduction

GRK Group ('we', 'us', or 'our') is committed to protecting and respecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights in relation to it.

This policy applies to all business entities operating under the GRK Group, including Viyash Ltd (BP, 173 London Road, Biggleswade SG18 8EJ), GRK Trading (ESSO), BP Oldbury Hill, and SAS Corp Ltd, as well as all services offered within our stores including National Lottery, PayPoint, Cashzone, Collect+, Amazon Hub, Costa Coffee, Rollover, Londis, and valeting services.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using our services or visiting our stores, you acknowledge that your personal data may be processed as described in this policy.


2. Who We Are

GRK Group is the data controller responsible for your personal data. Our contact details are as follows:

• Business name: GRK Group

• Registered address: 173 London Road, Biggleswade, SG18 8EJ, United Kingdom

• Email: privacy@grkgroup.co.uk

• Telephone: [Insert telephone number]

If you have any questions or concerns about how we handle your personal data, please contact us using the details above.


3. What Personal Data We Collect

Depending on how you interact with us, we may collect the following personal data:

3.1 In-Store Customers

• Your name and contact details when you complete a service form or competition entry

• Payment card information processed securely through our payment terminals (we do not store your full card details)

• CCTV footage recorded at our forecourt and store premises for security purposes

• Age verification information when purchasing age-restricted goods such as fuel additives, tobacco, alcohol, lottery tickets, or knives

3.2 Online and Digital Interactions

• Name, email address, telephone number, and message content when you contact us via our website or email

• Technical data such as your IP address, browser type, and device information collected automatically when you visit our website

• Cookie data collected through your use of our website (see Section 9 on Cookies)

3.3 Employees and Job Applicants

• Full name, address, date of birth, and National Insurance number

• CV, work history, qualifications, and references

• Bank account details for payroll purposes

• Emergency contact details

3.4 Suppliers and Contractors

• Business name, contact name, email address, and telephone number

• Bank details and invoicing information for payment processing


4. How We Collect Your Data

We collect your personal data in the following ways:

• Directly from you: When you visit our stores, make a purchase, contact us, submit a form, or apply for a job

• Automatically: Through CCTV systems at our sites and through cookies and analytics tools on our website

• From third parties: From payment processors, age verification providers, and our brand partners where relevant to service delivery


5. How We Use Your Personal Data

We use your personal data for the following purposes:

• To provide and manage the products and services you request from us in-store or online

• To process payments securely and prevent fraudulent transactions

• To verify your age when you purchase age-restricted goods, in compliance with UK law

• To operate and manage our National Lottery, PayPoint, Cashzone, Collect+, and Amazon Hub services

• To respond to your enquiries, complaints, or feedback

• To send you important information about our services, such as changes to opening hours or policies

• To send you promotional communications and special offers where you have given your consent

• To maintain the security of our premises through CCTV monitoring

• To recruit, employ, and manage our staff

• To manage relationships with our suppliers and service partners

• To comply with our legal and regulatory obligations, including UK tax and VAT requirements

• To improve our services through analysis of how our stores and website are used


6. Our Lawful Basis for Processing

Under UK GDPR, we must have a valid lawful basis for processing your personal data. We rely on the following bases:

• Contract: To fulfil purchases, services, or employment arrangements you have entered into with us

• Legal obligation: To comply with UK law, including tax, employment, age verification, and licensing requirements

• Legitimate interests: For CCTV security, fraud prevention, improving our services, and managing our business operations

• Consent: For marketing communications and non-essential cookies — you can withdraw consent at any time


7. Who We Share Your Data With

We do not sell your personal data to any third party. We may share your data with the following categories of organisations where necessary to deliver our services or comply with the law:

• Payment processors (such as card terminal providers) for secure transaction processing

• Our brand partners including BP, ExxonMobil (ESSO), Londis, Costa Coffee, Rollover, Collect+, Amazon, PayPoint, Cashzone, and Allwyn (National Lottery) where required for service operations

• Age verification service providers where applicable

• Courier and logistics partners for parcel services

• HM Revenue and Customs (HMRC) for tax and VAT compliance

• Law enforcement agencies or regulatory authorities where we are legally required to do so

• IT service providers and software platforms that support our business operations

• Professional advisers such as accountants, solicitors, and auditors

All third parties who process data on our behalf are required to handle it securely and lawfully, and we have appropriate agreements in place where required.


8. How Long We Keep Your Data

We keep your personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Our key retention periods are:

• Transaction and sales records: 7 years in accordance with UK tax law

• CCTV footage: 31 days, unless retained longer for an active investigation

• Customer correspondence: 2 years from the date of last contact

• Employee records: 7 years after the employment relationship ends

• Unsuccessful job applications: 6 months after the recruitment decision

• Supplier records: 7 years after the contract or relationship ends

• Marketing consent records: Until consent is withdrawn, plus 1 year

When personal data is no longer required, it is securely deleted or anonymised.


9. Cookies

Our website uses cookies to improve your browsing experience and help us understand how our site is used. Cookies are small text files stored on your device when you visit a website.

We use the following types of cookies:

• Strictly necessary cookies: Essential for the website to work correctly and cannot be switched off

• Analytical cookies: Help us understand how visitors use our website so we can improve it

• Marketing cookies: Used to deliver relevant content and track the effectiveness of our campaigns

When you first visit our website, you will be asked to accept or manage your cookie preferences. You can update your preferences at any time through the cookie settings on our website.


10. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

• Right of access: You can request a copy of the personal data we hold about you

• Right to rectification: You can ask us to correct any inaccurate or incomplete data

• Right to erasure: You can ask us to delete your data where we no longer have a lawful reason to hold it

• Right to restrict processing: You can ask us to limit how we use your data in certain circumstances

• Right to data portability: You can ask us to transfer your data to another organisation in a usable format

• Right to object: You can object to us processing your data for direct marketing or on the basis of legitimate interests

• Right to withdraw consent: Where we rely on your consent, you can withdraw it at any time without affecting prior processing

To exercise any of these rights, please contact us at privacy@grkgroup.co.uk or write to us at GRK Group, 173 London Road, Biggleswade, SG18 8EJ. We will respond within one calendar month. We may need to verify your identity before processing your request.


11. How We Protect Your Data

We take the security of your personal data seriously. We have put in place appropriate technical and organisational measures to protect your data against unauthorised access, loss, or misuse, including:

• Secure, encrypted payment processing through PCI DSS compliant providers

• CCTV monitoring and physical security at all our sites

• Restricted access to personal data — only staff who need it to do their job can access it

• Regular staff training on data protection responsibilities

• Secure disposal of records at the end of their retention period

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and will contact you directly where required.


12. Children's Privacy

Our services are not directed at children under the age of 13. We do not knowingly collect personal data from children under 13 without verifiable parental consent. If you believe we have inadvertently collected data from a child under 13, please contact us immediately and we will delete it promptly.

For age-restricted products and services, we operate strict age verification procedures in line with UK legal requirements.


13. Third-Party Websites

Our website may contain links to third-party websites operated by our brand partners or service providers. We are not responsible for the privacy practices of those websites and we encourage you to read their privacy policies before submitting any personal data to them.


14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our business, services, or legal obligations. The most up-to-date version will always be available at our stores and on our website. Where we make significant changes, we will notify you by email or by a prominent notice on our website.

This policy was last reviewed and updated in April 2026.


15. How to Make a Complaint

If you are unhappy with how we have handled your personal data, please contact us in the first instance so we can try to resolve your concern:

• Email: privacy@grkgroup.co.uk

• Post: GRK Group, 173 London Road, Biggleswade, SG18 8EJ, United Kingdom

If you remain dissatisfied after contacting us, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent data protection regulator:

• Website: www.ico.org.uk

• Telephone: 0303 123 1113

• Post: ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF


GRK Group | Privacy Policy | Version 1.0 | April 2026

173 London Road, Biggleswade, SG18 8EJ | privacy@grkgroup.co.uk

Growing Together — One Step at a Time

Copyright © 2026 GRK  - All Rights Reserved.

  • Privacy Policy

Powered by Nexoraa Limited

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept