Draw Group Ltd, a company incorporated in England and Wales whose registered office is at 20-22 Wenlock Road, London, N1 7GU (registered number 12518947 (“we/us/our”). We hold personal data about individuals, our employees, clients and suppliers for a variety of business purposes. We are the data controller who determines the purpose and manner in which your personal data is used.

We are committed to respecting your privacy and to complying with applicable data protection and privacy laws. We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. That is why we have developed this privacy Policy (“Policy”), which:

  • Sets out the ways you interact with us, the types of personal data that we collect and how we collect it
  • Explains why we use the personal data we collect
  • Explains in what circumstances we will share your personal information within our organisation and with other organisations where relevant; and
  • Explains the rights and choices you have when it comes to your personal data.

This Policy is effective from 16th March 2020 and all personal data passed to us will be treated in accordance with this Policy. The Policy which is applicable at any point in time will be displayed on our website and mobile app.


We collect your personal identification information such as

  • name
  • email address
  • phone number
  • your interests and demographics

The type of personal data we may gather differs where you are an employee or prospective employee. The personal data we collect in these cases might include:

  • contact details
  • educational background,
  • financial and pay details
  • details of certificates and diplomas, education and skills, and CV
  • marital status
  • nationality
  • job title

Sensitive Data

This is personal data about an individual’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceedings. We do not collect this kind of information.


You directly provide us with most of the personal data we collect either through this website, our mobile apps. We collect and process personal data when you

  • Visit and view our website or mobile apps via your browser’s cookies
  • Register online
  • Make a purchase or order products/services on our website or mobile app
  • Speak to us by telephone
  • Correspond with us by email
  • Communicate with us via social media


We use the information we collect to provide services to you and to understand your needs. We collect your personal data for our business or operational purposes so that we can

  • Process your orders
  • Manage your account
  • Communicate with you, telephonically, by email or via social media
  • Administer payments you have made
  • Administer promotions that you have entered
  • Communicate with entrants or winners as the case may be
  • Fulfil any prizes that may be won
  • Email you with special offers on other products and services we think you may like
  • Improve our services through knowledge of what is used by you and how you use it

Additionally, we may also use your information and share it if required, when

  • Investigating complaints
  • Complying with our legal, regulatory and corporate governance obligations
  • Ensuring business policies are adhered to, such as policies covering email and internet use
  • Checking references, ensuring safe working practices, monitoring and managing staff access to systems and facilities and staff absences, administration and assessments
  • Monitoring staff conduct and dealing with disciplinary matters
  • Marketing our business


If you agree, we will share your personal data with our partner companies. We do not sell your personal data to third parties.  The organisation that will receive your data is PromoVeritas.

Information may also be shared with third parties or those in our supply chain so that we can honour our obligations to you or for delivery or shipping purposes.

When it comes to your payment information, we use payment processors. We will not store or collect your payment card details. That information is provided by you directly to our third-party payment processors. The use of your personal information in these cases is governed by their Privacy Policy and not ours.


  • encryption of independent 3rd party servers including mail servers
  • regular third-party server backups and database backups
  • third party audits
  • access controls and
  • security testing.

Whilst we take appropriate technical and organisational measures to safeguard your personal data, it is important that you keep your personal login details and devices protected from unauthorised access and you take care when providing it to third-parties such as payment providers.


We will retain your data for no longer than is necessary and in any event no longer than 5 years from the date of last use.  What is necessary will depend on the circumstances of each case, considering the reasons that your personal data was obtained and if we are still providing goods or services to you. We will also need to take into consideration any regulations that we must fulfil, for example for auditing purposes or for legitimate business purposes. In these limited circumstances we may retain your information after your relationship with us has ended.


This Policy applies to all our staff when they process your personal data and we will ensure that they are familiar with this Policy and comply with its terms.


We would like to send you information, from time to time about our promotions, products or services but we will only do so when we have your consent which you can revoke at any time.

We will abide by any request not to use your personal data for direct marketing purposes and if you have consented, you may always easily opt out at a later date.

We will not send direct marketing material to you electronically (e.g. via email) unless you have given us consent to receiving our marketing material and you have the right at any time to stop us from contacting you for marketing purposes or sharing your personal data.


We would like to make sure you are aware of all your data protection rights. Every user is entitled to the following

The right to access – You have the right to ask us for copies of your personal data

The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to ask us to complete information you believe is incomplete

The right to erasure – You have the right to request that we erase your personal data under certain conditions

The right to restrict processing – You have the right to request that we restrict the processing of personal data under certain conditions

The right to object to processing – You have the right to object to us processing of personal data under certain conditions

The right to data portability – You have the right to request that we transfer the data we have collected to other organisations, or directly to you, under certain conditions

If you make a request, we will have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email address or call us on the details below.

Transferring Data Internationally

We will not transfer your data internationally. If this was to occur, we would uphold our commitments set out under current Data Protection Legislation during the transfer period when the UK leaves the EU until an Adequacy Decision has been reached. We would not transfer any personal data outside of the European Economic Area (EEA) unless such transfer is to a country or jurisdiction where the EU Commission has approved as having an adequate level of protection (including to the USA under a Privacy Shield agreement) or appropriate safeguards are in place as set out in Article 46 GDPR or equivalent provisions of subsequent Data Protection Legislation or the transfer is otherwise allowed by applicable Data Protection Legislation (such as in the form of a derogation under Article 49 GDPR).


Cookies are small text files containing a unique identifier, which are stored on your computer or mobile device so that your device can be recognised when you are using a particular website or mobile app. They can be used only for the duration of your visit or they can be used to measure how you interact with services and content over time. Cookies help to provide important features and functionality on our websites and mobile apps, and to improve your customer experience. Cookies can also be used help us to detect fraudulent activity or to prevent security breaches and so we may record information about your device within the cookie.


We use cookies and similar technologies, (“Cookies”), to personalise and improve your customer experience as you use our website and mobile apps and to provide you with relevant online advertising.


Please refer to our Cookie Policy which can be found here.


Clicking on links on this website or on our mobile apps may take you to a third-party website.  At the point you enter the third-party website, the privacy and cookie policy of the third party will apply to all information that you provide. It is important at that point to read that third party’s privacy and cookie policy as we do not accept any responsibility or liability for websites of other organisations.


We may supplement or amend this Policy from time to time. Any new or modified Policy will be circulated to staff before being adopted or appearing on our website.


Please contact us in relation to Data Security at:

Post: 20-22 Wenlock Road, London, N1 7GU


Telephone: 0330 133 2302


We’d like the chance to resolve any complaints you have; however you also have the right to complain to the UK data protection regulator (the “ICO”) about how we have used your personal data. Their website is