Call us 9am – 5pm Monday to Friday



What is the GDPR?

The General Data Protection Regulation is a European Union law enacted in April 2016 and in force across the European Union from 25th May 2018, as well as in other jurisdictions that have adopted it. It represents the most comprehensive change to data protection law in Europe in more than 20 years, bringing improved rights for individuals whose personal data is being stored and used by businesses, charities and governments, placing upon those organisations the obligations of transparency and accountability, and bringing the law in line with today’s digitally-connected society.

How does Merrehill comply with the GDPR?

Merrehill takes legal compliance seriously, and holds as significant the concepts of personal privacy, and of fairness and open communication in business. We already take steps to ensure that business-to-business marketing campaigns we design and run on behalf of our clients are compliant with existing business disclosure rules and are delivered in accordance with The Privacy and Electronic Communications (EC Directive) Regulations 2003, also known as “PECR”. We are registered as a data controller with the UK’s Information Commissioner’s Office (ICO) and have been operating until the commencement of the GDPR, in accordance with the Data Protection Act 1998.

From 25th May 2018, Merrehill will be applying new processes and policies in line with the GDPR, and will continue to document and review any such processes and policies as relate to data protection and privacy law so as to maintain pace with updated guidance, statutory amendments and case law. We will continue to offer our clients business-to-business marketing campaigns, including prospective lead generation campaigns, having balanced the legitimate interests of our business and our clients with the fundamental rights and freedoms of data subjects as contained not only in the GDPR but in the European Convention on Human Rights and Human Rights Act 1998, ensuring that we respect both comercial interests and individual privacy. To make certain that our relationships with clients, suppliers and partners remain compliant where personal data is transferred between organisations, we have put in place new agreements in line with the GDPR and ICO guidance, as well as internal procedures that maintain information security and eliminate or reduce the risk to individuals whose data is being stored or used.

How do I exercise my data subject rights with Merrehill?

We have appointed a Data Protection Officer (DPO) who acts as a single point of contact for the ICO, data subjects and members of staff in all matters relating to data protection compliance. As well as by letter, anyone can contact our DPO by sending an email to or by telephone on 01625 800 586.

Data Protection and Privacy Notice

Certificate of Service