Important information regarding upcoming doorstep changes for existing customers - please click HERE for more information

Privacy & Cookies Notice

Graham's The Family Dairy Group Limited 

Doorstep Delivery Web Shop

Privacy Notice

Who are we?

When we say ‘we’ or ‘us’ or ‘our’, we are referring to Graham’s The Family Dairy Group Limited. Graham’s The Family Dairy Group Limited is a company registered in Scotland. Company No. 317473 (Scotland). Registered Office: Airthrey Kerse Farm, Henderson Street, Bridge of Allan, FK9 4RW.

We operate in the UK as a manufacturer and supplier of dairy products in the agriculture and food processing sectors. We are a "data controller" and this Privacy Notice applies to the products and services provided in relation to the Doorstep Delivery Web Shop and to our web shop website at which is owned and operated by us.

Your privacy is important to us, and we take great care of any information provided to us. This Privacy Notice explains how we collect, use and share your personal data. Our Privacy Notice applies whenever you visit our website, during the period you receive services from us, or during the process of you applying for or ordering products from us and afterwards. Please read this Privacy Notice carefully.

Where we need to collect personal data by law, or under the terms of a contract with you and you fail to provide that information when requested, we may not be able to perform the contract (for example, to provide you with products or services you have ordered).  In this case, we may have to cancel your order or contract, but we will notify you if this happens.

We reserve the right to update this Privacy Notice from time to time by publishing the updated version on our website.  We therefore encourage you to review our Privacy Notice periodically for the most up-to-date information. We will not substantially change the way we use personal data you have already provided to us without your prior agreement. This Privacy Notice was last updated on 21 July 2020.

If you have any questions or complaints regarding how we use your personal data or you wish to exercise any of your rights set out in the 'Your Rights' section of our Privacy Notice, please contact us via email us at or write to our Data Protection Coordinator at Graham’s The Family Dairy, Airthrey Kerse Farm, Henderson Street, Bridge of Allan, FK9 4RW.

How do we process your personal data?

We process the personal data you provide to us directly through a number of sources, such as:

  • When you contact us by email, telephone, post or social media to enquire about our products
  • When you enter competitions on our website
  • When using our online doorstep delivery web shop
  • When you subscribe to receive our monthly newsletter
  • When you make any complaints regarding our products or the service you have received
  • When we call or visit you to progress any agreements or contracts to supply us with goods or services
  • When you arrange a contract or agree to purchase our products
  • In the administration of our relationship with you
  • Through the fulfilment of our contractual obligations

What personal data do we collect and process?

The personal data we collect and process at Graham’s The Family Dairy will depend on our relationship with you, along with the services or products we are provide to you.

Typically, we may hold:

  • Names, Addresses – personal or business
  • Email address and telephone contact numbers – personal or business
  • Company name and nature of business
  • Bank Account details
  • Details of products or services you currently or have previously bought or requested from us
  • Records of correspondence and communications with you
  • Records and detail regarding any complaints or enquiries you make to us
  • Your requests and preferences regarding marketing information and how you would wish to receive this information

How do we use the personal data we hold about you?

Graham’s The Family Dairy uses your personal data for a number of reasons:

  • To understand your needs and how they may be met
  • To fulfil our contractual obligations - including online competitions that we run - and to meet agreements we have put in place with you
  • To manage our relationship with you
  • To maintain customer and administration records
  • To verify identification where required
  • To communicate with you by post, email or phone
  • To deliver products, orders and prizes
  • To manage our distribution and deliveries
  • To process financial transactions, invoicing and applications for credit
  • To investigate and respond to any complaints you may make
  • To respond to your feedback and ideas
  • To prevent and detect crime, fraud or corruption
  • To meet legal, regulatory and ethical responsibilities

What is our lawful ground for processing your personal data?

We may process your personal data for the performance of any contract or agreement we have in place with you and for our own legitimate interests, provided that those interests do not override any of your own interests, rights and freedoms which require the protection of personal data. Our legitimate interests include processing your personal data for marketing, business development, statistical and management purposes.

We may process your personal data for certain additional purposes with your consent, such as the provision of our monthly Graham’s Grazette Newsletter or when we ask your permission to forward your contact details to a (delivery) supplier that operates in your area.

How long will we keep your personal data?

At Graham’s The Family Dairy, we will only keep your personal data for as long as is necessary to fulfil the purposes for which it was collected.

When we assess the appropriate retention period for your personal data, we will consider the following:

  • The requirements of our business and the products and services we supply and distribute to you
  • Any statutory or legal obligations
  • The purposes for which we originally collected the personal data
  • The lawful grounds on which we based our processing
  • The types of personal data we have collected
  • The amount and categories of your personal data
  • If the purpose of processing your personal data could be reasonably fulfilled by any other means

Who will we share your personal data with?

Graham’s The Family Dairy may share your personal data with third parties or with other organisations and individuals where:

  • There is a legal obligation to do so
  • Where it is requested by a public or regulatory authority – such as the police, the courts and any other central or local government bodies, or HM Revenue & Customs (HMRC) – and we may lawfully disclose it, for example for the prevention and detection of crime
  • Where we are bound by any code of practice
  • With our suppliers or distributers in the event we can't deliver your order ourselves or we receive a complaint from you
  • Where it is a requirement in administrating our relationship with you
  • Where we have a legitimate interest to doing so

In providing our services to you, we may require the services of other (third) parties such as:

  • Specialist consultants
  • Auditors and accountants
  • Banking services and payment providers
  • Administration services providers
  • IT systems maintenance and IT hosting providers
  • Delivery suppliers; and
  • Professional legal services.

We may be required to share your personal data with them in order for them to fulfil the contracts we have in place with you, with them or when they need it to provide advice to us.

We may also share your personal data with separate legal entities within Graham’s The Family Dairy Group or the prospective buyer of any part of our business or assets that we may sell where it is in our legitimate interests to do so and for the fulfilment of our contract or agreement with you.

International transfers

We will not transfer your personal data outside the United Kingdom.

Data Security

At Graham’s The Family Dairy, we are serious about taking the appropriate measures to protect your personal data.

We limit access to our buildings to those who require access – using passes and other technology. We also have a risk framework in place including the appropriate policies and procedures required to keep your data secure. We apply controls and access restrictions across all of our technology platforms and review and test these at regular intervals.

Where passwords are required by you to access secure platforms as part of the service we provide, it is your responsibility to keep these passwords secure.

Links to other websites

Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Notice. You should exercise caution and look at the privacy notices applicable to the website in question.

Your rights

Under data protection law you have a number of rights in relation to the personal data that we hold about you. These rights might not apply in every circumstance. You can exercise your rights by contacting us at any time using the details set out at the beginning of this Privacy Notice.

Please note that although we take your rights seriously, there may be some circumstances where we cannot comply with your request such as where complying with it would mean that we couldn't comply with our own legal or regulatory requirements. In these instances we will let you know why we cannot comply with your request.

When you contact us to exercise one of these rights, we may need to ask you for specific information to confirm your identity.  This is a security measure to ensure that your personal data is not disclosed to any person who does not have the right to receive it.  We may also contact you to ask for more information about your request to speed up our response.

You have the following rights as a data subject:

  • Right of access: You have the right to request access to the personal data held by us as a data controller and certain details of how we use it. We will usually provide your personal data to you in writing unless you request otherwise. Where your request has been made electronically (e.g. by email), a copy of your personal data will be provided to you by electronic means where possible.
  • Right of rectification: Where you feel that the information we hold about you is inaccurate or incomplete, you can contact us and ask us to update or amend it.
  • Right to be forgotten: In certain circumstances, you are entitled to request deletion of your personal data. For example, where we no longer need your personal data for the original purpose we collected it for or where you have exercised your right to withdrawn consent. Whilst we will assess every request, there are other factors that will need to be taken into consideration. For example we may be unable to erase your information as you have requested because we have a regulatory obligation to keep it.
  • Right to restrict processing: In certain circumstances, you are entitled to ask us to stop using your personal data, for example where you think that the personal data we hold about you may be inaccurate or where you think that we no longer need to use your personal information.
  • Right to data portability: In certain circumstances, you can request that we transfer personal data that you have provided to us to a third party.
  • Right to object to processing: In certain cases you have the right to object to our processing, this arises in relation to where we process your personal data based on our legitimate business interests. Where we do so, you can object to such processing, unless our purpose outweighs any prejudice to your privacy rights.
  • Right to object to direct marketing: You have control over the extent to which we market to you and you have the right to request that we stop sending you marketing messages at any time.  You can do this either by clicking on the "unsubscribe" button in any email that we send to you or by contacting us using the details set out in this privacy notice. Please note that even if you exercise this right because you do not want to receive marketing messages, we may still send you service related communications where necessary.
  • The right to withdraw your consent: Where we rely on your consent in order to process your personal data, you have the right to withdraw such consent to further use of your personal data.
  • Rights related to automated decision making and profiling:  In the order process on our Web Shop we use a postcode system that identifies whether your delivery address is within the area that we can serve. Should your postcode fall outside our serviced area then we cannot serve you and you will be informed of this directly in the order process. When we use your personal data to make decisions on an automated basis and where this has a legal or significant impact on you, you have the right to have access to an individual who can review and reconsider the decision. Please contact us via the contact details provided in this Privacy Notice if you wish to discuss. This right applies where you have given us your explicit consent and where it is necessary for the entry into or performance of a contract with you. We do not carry out any other forms of automated decision making. If this changes in the future, we will provide you with an updated notice setting out our decision-making process.

Contacting Us and Your Right to Making a Complaint

If you wish to speak to us or question anything in this notice relating to how we collect, store or process your personal data, please email us at or write to our Data Protection Coordinator at Graham’s The Family Dairy, Airthrey Kerse Farm, Henderson Street, Bridge of Allan, FK9 4RW

At Graham’s The Family Dairy, we hope you don’t need to make a complaint about how we process your personal data or how a complaint has been handled. If you feel you do wish to complain, you have the right to file a complaint with the UK Information Commissioner's Office (ICO) if you believe that we have breached data protection laws when using your personal data.

You can visit the ICO's website at for more information.  Please note that lodging a complaint will not affect any other legal rights or remedies that you have.

  • Check the content. You should assume that if a particular use of personal data is not correctly identified and explained in this Privacy Notice, it is unlikely that you will be able to continue such use of personal data. Therefore, you must review this in detail to ensure that your uses of personal data are appropriately reflected.

  • Check whether you may be required to include specific information by a third party. For example, a particular credit reference agency or anti-fraud association may require specific wording to be included.

  • Consider where to include this notice and consider using a layered approach (click through format).

Cookie Policy

Who are we?

In this Cookie Policy references to ‘we’ or ‘us’ or ‘our’, are references to Graham’s The Family Dairy Group Limited, a company registered in Scotland (company No. 317473 (Scotland)) with its registered offices at Airthrey Kerse Farm, Henderson Street, Bridge of Allan, FK9 4RW.

When using our Doorstep Delivery Web Shop, this Cookie Policy should be read alongside, and in addition to, the Website terms and conditions and our Privacy Notice.


This policy was last updated on 20-07-2020

What is a cookie?

Cookies are small text files that are placed on your computer or mobile device by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

We use cookies for a variety of reasons, such as to:

  • estimate our audience size and usage patterns;
  • track your preferences;
  • speed up your searches;
  • recognise you when you return to our website;
  • allow you to use our website in a way that makes your browsing experience more convenient; and
  • improve and update our website.

Different types of cookies

There are different types of cookies:

Strictly necessary

These are cookies that are required for the operation of a website. They include, for example, cookies that enable users to log into secure areas of a website, use a shopping cart or make use of e-billing services.

Functionality cookies

These are used to recognise users when they return to a website. They enable the personalisation of content, the recognition of users and remember user preferences (for example, their choice of language or region).

Analytical/performance cookies

These types of cookies allow providers to recognise and count the number of visitors and to see how visitors move around their website when they are using it. This assists providers in improving the way their website works, for example, by ensuring that users are finding what they are looking for easily.

Targeting cookies

These cookies record a user’s visit to a website, the individual pages visited and the links followed. If the cookie is set by a third party (for example, an advertising network) which also monitors traffic on other websites, this type of cookie may also be used to track a user’s movements across different websites and to create profiles of their general online behaviour. Information collected by tracking cookies is commonly used to serve users with targeted online advertising.

Third party cookies

When you visit our website you may notice some cookies that are not related to us. When you visit a page that contains embedded content, for example from YouTube, you may be sent cookies from these websites. We do not control the setting of such cookies and we advise you to check the third-party websites for more information about these cookies and how to manage them.

What cookies do we use and why?

The cookies we use on the Doorstep Delivery Web Shop are mainly for security to enable the system to recognise logged in users. All session and authentication cookie data is encrypted.

The cookies currently in use on the Doorstep Deliver Web Shop:
Cookie namePurposeDurationStrictly Necessary Y/NDomain SourceCategory
ARRAffinityThe ARRAffinity cookie is a 1 way SHA2 hash of the internal VIP that the client should be affinized to. This cookie is added to let the frontEnd loadbalancer know which internal IP the request should be routed to. The cookie doesn't hold any security or sensitive information.1 Year (sliding expiration during user session)YStrictly Necessary / Functional
Nop AntiForgeryAuthenticates form data posts and makes sure they come from the current customers computer.1 Year (sliding expiration during user session)YStrictly Necessary / Functional
Nop AuthenticationA shop authentication cookie for the current user.1 Year (sliding expiration during user session)YStrictly Necessary / Functional
Nop CustomerA unique customer identifier (GUID).  Used internally by the shop.1 Year (sliding expiration during user session)YStrictly Necessary / Functional
Nop SessionInformation about the users current session.1 Year (sliding expiration during user session)
Strictly Necessary / Functional

Managing Cookies

Blocking/Deleting Cookies

You block cookies by adjusting your browser settings (guidance provided below). Please note however that blocking cookies may mean you are not be able to access all or parts of our site and it may result in elements of our site(s) performing badly.

Changing your cookie settings

Please note that internet browsers allow you to change your cookie settings. These settings are usually found in the 'options' or 'preferences' menu of your internet browser. In order to understand these settings, the following links may be helpful. Otherwise you should use the 'Help' option in your internet browser for more details.


Information about cookies

Useful information about cookies can be found at: