Privacy Policy

Who We Are

Greyline Investigations Limited is a professional OSINT and digital intelligence agency providing investigation services to clients across the UK, Nigeria, and internationally. We are a company incorporated in England and Wales (Company Number 17121990) and operate as the data controller in respect of personal data processed through our website and client engagements.

Where we process personal data relating to the subject of an investigation on behalf of a client, we act as a data processor on that client's instructions. In all other respects we are the data controller.

What Personal Data We Collect

2.1 Data you provide directly

• Identity data: name or alias, contact email address, WhatsApp or phone number
• Case data: details of the investigation requested, including information about the subject of investigation
• Communication data: emails, messages, and correspondence sent to us
• Contractual data: signed NDAs and Client Services Agreements

2.2 Data we collect automatically

• Technical data: IP address, browser type, and pages visited on our website, collected via standard web server logs
• Usage data: how you interact with our website (page visits, time spent, referral source)

2.3 Data about third parties (investigation subjects)

When conducting investigations, we process personal data about the subject of the investigation. This data is collected from publicly available open sources only (OSINT). We do not access private accounts, intercept communications, or obtain data through unlawful means. The legal basis for processing this data is our legitimate interests in providing the contracted service and, where relevant, the vital interests or legal claims of the commissioning client.

Legal Basis for Processing

We process personal data only where we have a valid legal basis under UK GDPR:

• Contract performance: processing necessary to deliver investigation services to clients who have engaged us.
• Legitimate interests: processing for fraud prevention, security, improving our services, and conducting OSINT investigations on behalf of clients — balanced against individuals' rights and freedoms.
• Legal obligation: where we are required to process data to comply with applicable law, including any law enforcement disclosure requirement.
• Consent: where you have given specific, informed consent — for example, when subscribing to communications. Consent may be withdrawn at any time.

How We Use Your Personal Data

We use personal data for the following purposes:

• To respond to case inquiries and assess feasibility of requested services
• To prepare, execute, and deliver investigation services under a Client Services Agreement
• To send NDA documents and contractual correspondence
• To process payments and maintain financial records
• To communicate case updates, findings, and reports
• To comply with legal and regulatory obligations
• To protect Greyline's legitimate business interests and defend against legal claims
• To improve our website and services using aggregated, anonymised analytics

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

Who We Share Your Data With

We do not sell, rent, or share your personal data with third parties for marketing purposes. We may share data in the following limited circumstances:

• Service providers: trusted third-party suppliers who process data on our behalf under strict data processing agreements (e.g. secure email providers, encrypted cloud storage). These parties may only process data on our instructions.
• Legal and regulatory authorities: where we are required by law, court order, or regulatory requirement to disclose data. We will notify you where legally permitted to do so.
• Law enforcement: where we have a legal obligation or reasonable belief that disclosure is necessary to prevent crime or protect a person's safety.
• Professional advisers: solicitors, accountants, and insurers, where necessary and subject to professional confidentiality obligations.

We will never disclose your identity or case details to the subject of an investigation without your express prior written consent.

International Data Transfers

Greyline serves clients globally, including in Nigeria, the USA, Canada, and Australia. Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR Chapter V, including:

• Transfer to countries with an adequacy decision from the UK Secretary of State
• Use of International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses
• Binding Corporate Rules where applicable

For Nigerian client engagements, we additionally adhere to the Nigeria Data Protection Act 2023 (NDPA) requirements where applicable.

How Long We Keep Your Data

We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law:

• Inquiry data (no engagement): 90 days from inquiry submission, then permanently deleted
• Client data and case files: 12 months from case closure, then permanently deleted unless the client requests extended retention in writing
• Signed contracts and financial records: 7 years in accordance with UK company law and HMRC requirements
• Website analytics data: aggregated and anonymised; individual session data retained for no more than 13 months

On expiry of the retention period, data is securely and permanently deleted from all systems and backups.

Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

• Right of access: to obtain a copy of the personal data we hold about you (Subject Access Request).
• Right to rectification: to have inaccurate data corrected.
• Right to erasure: to request deletion of your data where there is no legitimate reason for continued processing.
• Right to restriction: to request that we limit how we use your data in certain circumstances.
• Right to data portability: to receive your data in a structured, commonly used format.
• Right to object: to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent: where processing is based on consent, to withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at cases@greylineinvestigations.co.uk. We will respond within one calendar month. We may need to verify your identity before processing your request.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

How We Protect Your Data

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

• End-to-end encrypted communications for all client and case correspondence
• Access controls limiting data access to authorised personnel only
• Encrypted storage for all case files and personal data
• Regular review of security practices and procedures
• Immediate notification procedures in the event of a data breach

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO without undue delay and within 72 hours of becoming aware of the breach, as required by UK GDPR Article 33.

Cookies and Website Tracking

Our website may use essential cookies and standard web server logging to ensure the site functions correctly and to understand aggregate visitor patterns. We do not use advertising, tracking, or third-party analytics cookies. For full details, see our Cookie Policy.

Children's Data

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data about a child, please contact us immediately at cases@greylineinvestigations.co.uk and we will delete it promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. The current version will always be available on our website. We will notify active clients of any material changes by email.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or want to raise a concern about how we handle your personal data, please contact us:

• Email: cases@greylineinvestigations.co.uk
• Website: greylineinvestigations.co.uk
• Subject line: Data Protection Enquiry — [Your Name]

We take all privacy enquiries seriously and aim to respond within five working days.