GDPR Privacy Notice

This GDPR Privacy Notice explains how The Bespoke Painting Company collects, uses, stores, and protects personal data. It also explains your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who we are (Data Controller)

The Bespoke Painting Company is the data controller for the personal data we collect and process.

How to contact us

If you have any questions about this notice or how we handle your data, please contact us using the contact details shown on our website.

The personal data we collect

We may collect and process the following categories of personal data:

  • Identity and contact details: name, email address, telephone number, postal address

  • Project and property details: site address, access arrangements, photos you send us, notes about requirements and preferences

  • Communications: emails, messages, call notes, and enquiry form submissions

  • Financial and transaction details: invoices, payment status, and payment method details (card payments are handled by our payment providers)

  • Website usage data: IP address, device/browser information, pages visited, and similar analytics data (where cookies/analytics are used)

We aim to collect only the information we need to provide our services and run our business.

How we collect your data

We collect data when you:

  • Contact us by phone, email, message, or via our website

  • Request a quote or book a consultation

  • Engage us to carry out painting and decorating services

  • Make a payment or receive an invoice

  • Visit our website (via cookies and similar technologies)

Our lawful bases for processing

Under UK GDPR, we must have a lawful basis to use your personal data. Depending on the situation, we rely on one or more of the following:

  • Contract: where processing is necessary to provide a quote, schedule work, deliver services, and manage the project

  • Legitimate interests: to run our business effectively (for example, responding to enquiries, keeping records, improving services, preventing fraud, and ensuring network and information security)

  • Legal obligation: where we must keep certain records (for example, tax and accounting)

  • Consent: where you have given clear permission (for example, optional marketing messages, or certain cookies)

How we use your personal data

We use your personal data to:

  • Respond to enquiries and provide quotes

  • Arrange and deliver consultations and on-site work

  • Communicate with you about scheduling, access, and project progress

  • Prepare and issue invoices, take payments, and keep accounting records

  • Manage our relationship with you and provide customer support

  • Improve our website and services (where analytics are used)

  • Send service updates and, where permitted, marketing communications

Marketing

We may contact you with information about our services where permitted by law.

You can opt out of marketing at any time by contacting us or using any unsubscribe option we provide.

Sharing your personal data

We do not sell your personal data.

We may share personal data with trusted third parties only where necessary, such as:

  • Payment providers (to process card payments)

  • Accountants/bookkeepers (for financial administration)

  • Suppliers/contractors (where required to deliver services, and only the information they need)

  • IT and website providers (hosting, email, security, analytics)

We may also disclose personal data where required by law, court order, or to protect our rights and prevent fraud.

International transfers

We aim to keep data within the UK. Some service providers (for example, email, cloud storage, analytics) may process data outside the UK.

Where personal data is transferred internationally, we will ensure appropriate safeguards are in place, such as UK adequacy regulations or approved contractual protections.

Data security

We take appropriate technical and organisational measures to protect personal data, which may include:

  • Access controls and password protection

  • Limiting access to those who need it for their role

  • Confidentiality obligations for staff and contractors

  • Secure handling of payment information via payment providers

Data retention

We keep personal data only for as long as necessary for the purposes it was collected, including to satisfy legal, accounting, or reporting requirements.

Retention periods vary depending on the type of data and our obligations.

Your data protection rights

Under UK GDPR you have rights including:

  • Right of access: request a copy of the personal data we hold about you

  • Right to rectification: ask us to correct inaccurate or incomplete data

  • Right to erasure: ask us to delete your data in certain circumstances

  • Right to restrict processing: ask us to limit how we use your data in certain circumstances

  • Right to object: object to processing based on legitimate interests or for direct marketing

  • Right to data portability: request transfer of your data to you or another provider (where applicable)

  • Right to withdraw consent: where we rely on consent, you can withdraw it at any time

To exercise any of these rights, please contact us.

Cookies

Our website may use cookies and similar technologies. You can control cookies through your browser settings. Some cookies are necessary for the website to function properly.

Complaints

If you are unhappy with how we handle your personal data, please contact us first so we can try to resolve it.

You also have the right to lodge a complaint with the UK supervisory authority:

  • Information Commissioner’s Office (ICO)

Updates to this notice

We may update this GDPR Privacy Notice from time to time. The latest version will be published on our website.