Legal · Privacy

Privacy, in plain English.

What we collect, why we collect it, what we do with it, and how to ask us to stop. No dark patterns, no buried defaults.

Last updated 29 April 2026

This is the policy for oakandmason.co.uk. We try to keep it short and readable. If anything is unclear, drop us a line at privacy@oakandmason.co.uk and a real person will reply.

Who we are

Oak & Mason Ltd is a company registered in England & Wales (company no. 14960471). Our registered office is at 1 Allied Business Centre, Coldharbour Lane, Harpenden, AL5 4UT. For the purposes of UK GDPR and the Data Protection Act 2018, we are the data controller for the personal data we collect through this site.

If you would rather email us about anything privacy-related, the address is privacy@oakandmason.co.uk.

What we collect

We collect three kinds of data:

  • What you give us through forms. Names, email addresses, phone numbers, postcodes, and any free-text messages you choose to send. The free-text might include your investment goals, budget ranges, or background, depending on which form you use.
  • What we need to open and run your account. If you start an account, we collect identification documents, address verification, and source-of-funds evidence. This is required by anti-money-laundering rules (MLR 2017) and is not optional.
  • Standard web analytics. We log basic page-view data (pages viewed, time on page, approximate location, device type) to understand how the site is used. We do not run third-party advertising trackers.

Why and how

We collect data for the following reasons, each tied to a lawful basis under UK GDPR:

  • To send you the guide or information you asked for. Lawful basis: consent (you ticked a box or submitted a form asking for it).
  • To follow up on a question or enquiry. Lawful basis: legitimate interests (responding to your message).
  • To open and operate your account. Lawful basis: contract (we cannot run your account without it) and legal obligation (anti-money-laundering rules).
  • To improve the site. Lawful basis: legitimate interests (running and improving the service).

If we ever want to use your data for a new purpose that is not covered above, we will ask you first.

Who we share data with

We do not sell your data. Ever. We share it only with parties we need to share it with so that the service can function:

  • The HMRC-bonded warehouse holding your cask, so they can register it in your name.
  • The LBMA-approved London vault holding your gold, so they can allocate the coins on the inventory in your name.
  • Our payment provider, so payments can be processed.
  • HMRC, where the law requires it (anti-money-laundering, tax reporting).
  • Our IT and email providers, so the site can run and we can email you back.

All of our processors are bound by data-processing agreements that meet UK GDPR standards.

How long we keep it

We keep enquiry data for up to two years after the last contact, in case you come back to us. Account data is kept for the duration of your account and for six years after the account closes (the period required by anti-money-laundering rules). Web analytics is anonymised after 14 months.

Your rights

Under UK GDPR you have the right to:

  • Ask for a copy of the data we hold about you
  • Ask us to correct anything that is wrong
  • Ask us to delete your data (subject to legal retention)
  • Ask us to restrict how we use it
  • Object to a particular use
  • Ask for your data in a portable format
  • Withdraw consent (where consent was the basis)

To exercise any of these, email privacy@oakandmason.co.uk. We aim to respond within five working days, and have one calendar month under UK GDPR to complete the request.

If you are not happy with how we have handled it, you can complain to the Information Commissioner’s Office: ico.org.uk.

Cookies

We use a small number of cookies for the site to function (remembering form progress, for example) and for basic analytics. We do not use third-party advertising or marketing cookies. You can control cookies through your browser settings.

Children

This site and our services are for adults aged 18 and over only. We do not knowingly collect data from anyone under 18. If you think a child has submitted a form to us, email privacy@oakandmason.co.uk and we will delete it.

Changes

If we change this policy in any meaningful way, we will update the “last updated” date at the top and notify anyone with an active account.

Contact

For anything privacy-related: privacy@oakandmason.co.uk. For anything else: our contact page.