Skip to main content
Sash Bespoke

Legal

Privacy Policy

How we collect, use, and protect your personal information

Last updated: 11 April 2026

1. Introduction

Sash Bespoke ("we", "our", or "us") operates the website sashbespoke.co.uk. We are committed to protecting and respecting your privacy.

This privacy policy explains how we collect, use, store and protect your personal information when you visit our website or enquire about our bespoke timber sash windows and doors services. It also describes your privacy rights and how the law protects you.

This policy applies to all personal data we process about you, whether collected through our website, phone, email, or in-person consultations.

2. Information We Collect

Information You Provide Directly

When you contact us through our enquiry forms, we collect:

  • Personal details: First name, last name, email address, phone number
  • Address information: Street address, city, county, postcode, country
  • Business information: Company name (optional)
  • Project details: Project type (residential/commercial), window count, door count, additional project information

Information Collected Automatically

When you visit our website, we automatically collect:

  • Technical information: IP address, browser type and version, operating system
  • Usage data: Pages visited, time spent on pages, referring website
  • Device information: Device type, screen resolution, timezone

3. How We Use Your Information

We process your personal data for the following purposes:

PurposeLawful Basis (GDPR)
Responding to your enquiries and providing quotesLegitimate interest, Contractual necessity
Managing customer relationships and projectsContractual necessity, Legitimate interest
Website analytics and improvementConsent (via cookie banner)
Legal compliance and record keepingLegal obligation
Security and fraud preventionLegitimate interest

4. Cookies and Tracking Technologies

We use cookies to enhance your experience on our website. Our cookie consent banner allows you to choose which types of cookies to accept:

Types of Cookies We Use

  • Strictly Necessary Cookies: Essential for website functionality and security. These cannot be disabled.
  • Analytics Cookies: Help us understand how visitors use our website (Google Analytics). Requires your consent.
  • Marketing Cookies: May be used for future marketing purposes. Requires your consent.

You can manage your cookie preferences at any time through your browser settings or our cookie consent banner when it appears. Disabling certain cookies may impact website functionality.

5. Third-Party Services

We use the following third-party services to operate our website and business:

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your data in the following limited circumstances:

  • Service Providers: Trusted third parties who assist in operating our website and conducting business (email services, analytics)
  • Legal Requirements: When required by law, court order, or governmental authority
  • Business Protection: To protect our rights, property, or safety, or that of our customers
  • Business Transfer: In the event of a merger, acquisition, or sale of business assets

All third parties are required to maintain appropriate security measures and use your data only for the specified purposes.

7. Data Retention

We retain your personal data for the following periods:

  • Active enquiries and projects: Until project completion plus 6 years (for warranty and tax purposes)
  • Inactive enquiries: 3 years from last contact
  • Analytics data: 26 months (Google Analytics default retention)
  • Cookie consent records: 2 years from last visit

After these periods, we will securely delete or anonymize your personal data unless we are legally required to retain it longer.

8. Your Rights

GDPR Rights (EU Residents)

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right to Access: Request a copy of your personal data we hold
  • Right to Rectification: Correct any inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interest
  • Right to Withdraw Consent: Withdraw consent for cookie/analytics tracking
  • Right to Lodge a Complaint: Contact your local Data Protection Authority

UK GDPR Rights (UK Residents)

UK residents have the same rights as listed above under UK GDPR. You can also lodge complaints with the Information Commissioner's Office (ICO).

How to Exercise Your Rights

To exercise any of these rights, please contact us at enquiries@sashbespoke.co.uk. We will respond within 30 days of receiving your request. We may need to verify your identity before processing your request.

9. International Data Transfers

Some of our third-party service providers may process your data outside the UK/EU. Where this occurs, we ensure appropriate safeguards are in place:

  • Google Analytics: Processes data in various locations with appropriate safeguards under Google's data processing terms
  • Other Services: We use providers that comply with Standard Contractual Clauses (SCCs) or operate in countries with adequacy decisions

10. Children's Privacy

Our website and services are not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13.

If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information. If you believe a child has provided us with personal information, please contact us immediately.

11. Security Measures

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

  • Encryption of data in transit using TLS/SSL
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Staff training on data protection
  • Secure data storage and backup procedures

While we strive to protect your personal data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your information using industry best practices.

12. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We will notify you of any material changes by posting the updated policy on our website with a revised "Last updated" date. For significant changes, we may also notify you by email or through a notice on our website.

We encourage you to review this policy periodically to stay informed about how we protect your privacy.

13. Contact Us

If you have any questions about this privacy policy, your personal data, or wish to exercise your rights, please contact us:

Sash Bespoke

Email: enquiries@sashbespoke.co.uk

Website: sashbespoke.co.uk

We aim to respond to all privacy-related enquiries within 30 days. For urgent matters, please indicate this in your email subject line.