Privacy Policy

We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal information. It also explains your rights in relation to your personal information and how to contact us or supervisory authorities in the event you have a complaint.

We collect, use and are responsible for certain personal information about you. When we do so we are subject to the General Data Protection Regulation (otherwise referred to as the Data Protection Act 2018), which applies across the United Kingdom, and European Union and we areresponsible as the ‘Data Controller’ of that personal information for the purposes of those laws.

Key terms
It would be helpful to start by explaining some key terms used in this policy:

We, us, our

FM Conway Ltd of Conway House, Vestry Road, Sevenoaks, Kent, United Kingdom, TN14 5EL

Personal information

Any information relating to an identified or identifiable individual

Special category personal data

Personal information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership.

Genetic and biometric data

Data concerning health , sex life or sexual orientation


FM Conway (referred to as “FMC”/"the Company" in this privacy policy) is the data controller and responsible for your personal data.

FMC respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

This privacy policy aims to give you information on how FMC collects and processes your personal data through your use of this website.

This website is not intended for children and we do not knowingly collect data relating to children. 

This privacy policy is supplemental to other FMC policies and is not intended to override them.


We keep our privacy policy under regular review. This version was last updated on 18 May 2023.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

This website may include links to third-party websites and applications. Clicking on those links or enabling those connections may allow third parties to collect or share personal data about you. We do not have any control over these third-party websites and are not responsible for their privacy statements. When leaving our website, we encourage you to review the privacy policy of every website that you visit.

The Company may collect, use, and store personal data. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

The Company may collect, use, store and transfer different kinds of personal data about you which we have grouped as follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  •  Technical Data includes internet protocol (IP) address, your login data, browser type and version, operating system and platform, and other technology on the devices you use to access this website.
  •  Profile Data includes your interests, preferences, feedback and survey responses.
  • Usage Data includes information about how you use our website and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We do not collect any Special Categories of Personal Data about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data. Nor do we collect any information about criminal convictions and offences.

The Company uses different methods to collect data from and about you including through:

  • Direct interactions. You may give us your identity, contact data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
    • express an interest in a vacancy;
    • express an interest in any services we provide;
    • subscribe to our publications;
    • request to be considered for a charitable donation;
    • enter a competition, promotion or survey; or
    • give us feedback or contact us.
  • Automated technologies or interactions. As you interact with our website, we maycollect technical data by using cookies about your browsing actions and patterns. For further information, please refer to our Cookie Policy.

Your personal data may be stored in hard copy at any of our locations or in our IT systems, including our email systems.

Under current Data Protection Law (GDPR - DPA 2018) we will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.
  • Where you have explicitly given positive consent.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email. 

You have the right to withdraw consent to marketing at any time by contacting us.

You have the right to withdraw consent at any time by contacting us.

We have set out below, in a table format, a description of the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.


To manage our relationship with you which will include:
(a) Notifying you about changes to our terms or privacy policy
(b) Asking you to leave a review or take a survey.

Type of data
  1. Identity
  2. Contact
  3. Profile
  4. Marketing & Communications
Lawful basis for processing including basis of legitimate interest
  1. Performance of a contract with you 
  2. Necessary to comply with a legal obilgation
  3. Necessary for our legitimate interests (to keep our records updated and to study how customers use our services) 

To enable you to partake in a prize draw, competition or complete a survey.

Type of data
  1. Identity
  2. Contact
  3. Profile
  4. Usage
  5. Marketing & Communication
Lawful basis for processing including basis of legitimate interest
  1. Performance of a contract with you 
  2. Necessary for our legitimate interests (to study how customers use our services, to develop them and grow on business) 

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.

Type of data
  1.  Identity
  2. Contact
  3. Profile
  4. Usage
  5. Marketing & Communication
  6. Technical
Lawful basis for processing including basis of legitimate interest

Necessary for our legitmate interests (to study how customers use our services, to develop them, to grow our business and to inform our marketing strategy)


To use data analytics to improve our website, products/services, marketing, customer relationship and experiences

Type of data
  1. Technical
  2. Usage
Lawful basis for processing including basis of legitimate interest

Necessary for our legitmate interests (to definbe types of customers for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)


To make suggestions and recommendations to you about goods or services that may be of interest to you

Type of data
  1. Identity
  2. Contact
  3. Technical
  4. Usage
  5. Profile
  6. Marketing & Communication
Lawful basis for processing including basis of legitimate interest

Necessary for our legitimate interests (to develop our products/services and grow our business)

Your information may be shared internally, including to members of the FMC operational or support teams.

The Company may share your data with third parties such as its clients, insurers, subcontractors, suppliers, legal advisors, regulatory bodies, service providers and joint venture companies.

The Company may share your data with any third parties to whom we may choose to sell, transfer or merge the whole or part of our business and/or our assets. We may also share your data in circumstances where we choose to acquire other businesses. In the event of a change of ownership, we would require the new owner to respect the importance of keeping your personal data secure and only use your data in accordance with this privacy policy and the law.


FMC takes the security of your data seriously. The Company has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused, or disclosed, and is not accessed except by its authorised users in performance of their duties.

Where the Company engages third parties to process personal data on its behalf, the third party will only do so upon written instruction, and they will be subject to a duty of confidentiality. The third party will also be obliged to implement appropriate technical and organisational measures to ensure the security of your personal data.


The Company ensures that it does not retain your personal data for any longer than is reasonably necessary to fulfil its legitimate purpose, including for the purpose of satisfying any legal, regulatory, accounting or reporting requirements. We may, in specific circumstances, retain your personal data for a longer period if there is a legitimate reason to do so. Specific circumstances may include the prospect of litigation or where there is an ongoing complaint in respect of our relationship with you.  Other examples may include the need for public interest archiving, scientific or historical research, or  statistical purposes. This list is not exhaustive and other circumstances may arise.

The appropriate retention period for personal data is data specific and the following factors are taken into consideration when determining the length of time:

  • amount;
  • nature and sensitivity;
  • the potential risk of harm from unauthorised use or disclosure;
  • the purpose for which we process your personal data;
  • whether we can achieve those purposes through other means and;
  • the applicable legal, regulatory, tax, accounting or other requirements.

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.
In some circumstances you can ask us to delete your data: see your legal rights below for further information.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

You have several legal rights under data protection laws in relation to your personal data. Your  rights include the ability for you to: 

  • request reasonable access to your personal data;
    - The right to be provided with a copy of your personal information (the right of access)
  • request correction of your personal data at any time;
    - The right to require us to correct any mistakes in your personal information
  • request erasure of your personal data, subject to qualification;
    - The right to require us to delete your personal information—in certain situations
  • object to processing of your personal data, such as when your data is no longer necessary;
    - At any time to your personal information being processed for direct marketing(including profiling);
    - In certain other situations to our continued processing of your personal information,eg processing carried out for the purpose of our legitimate interests.
  • request restriction of processing your personal data;
    - The right to require us to restrict processing of your personal information—in certain circumstances, e.g., if you contest the accuracy of the data
  •  request transfer of your personal data; and 
    - The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
  • Not to be subject to automated individual decision making.
    - The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

If you would like to exercise any of the rights set out above, please contact us by email at

If you believe that FMC has not complied with your data protection rights, you can complain to the Information Commissioner.


FMC does not charge a fee for you to access your personal data upon reasonable request. We do, however, reserve the right to charge a reasonable fee in circumstances where your data request is continuous, unnecessary or unfounded.


We intend to respond to all legitimate requests within 30 days of receipt of your request. On occasion, where such requests are particularly complex, this may not be possible and in such circumstances, we will endeavour to keep you informed of our progress.

If you have any questions about this privacy policy or our privacy practices, please contact us in the following ways:

Full name of legal entity: FM Conway Limited
Email address:
Postal address: Conway House, Vestry Road, Sevenoaks, Kent, TN14 5EL

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact in the first instance.