GDPR Policy
This page sets out how Willow Curtains Ltd approaches UK GDPR responsibilities for enquiry, customer and business contact data.
Data controller: Willow Curtains Ltd, Unit 4, Symmetry Park, Stratton Business Park, Biggleswade, Bedfordshire, SG18 8YY.
1. Purpose of this policy
This GDPR Policy explains the principles Willow Curtains Ltd follows when handling personal data. It applies to data collected through the website, direct enquiries, customer communications, supplier discussions and related business administration.
2. Data protection principles
We aim to process personal data lawfully, fairly and transparently; collect data for clear purposes; keep data adequate and relevant; maintain accuracy where practical; retain data only as needed; and protect data using reasonable security measures.
3. Categories of data
Relevant data may include contact details, company details, project or order information, email records, quotation records, delivery or billing information and website usage data. We do not request special category personal data through the website.
4. Rights requests
Individuals can request access, correction, deletion, restriction, portability or objection. Requests should be sent to kamal@willowcurtains.co.uk. We may need to verify identity before releasing or changing personal information.
5. Access request handling
When a valid request is received, we will review relevant systems and correspondence, assess whether exemptions apply, and respond within the statutory timeframe wherever possible. Complex requests may require clarification.
6. Erasure and retention
Data can be erased where it is no longer needed and no lawful reason exists to retain it. Some records may need to be kept for legal, tax, accounting, dispute handling or contract purposes.
7. Data portability
Where applicable, data provided by the individual and processed by automated means based on consent or contract can be supplied in a structured format.
8. Processors and suppliers
Where third-party service providers process data on our behalf, they should do so only for the relevant purpose and subject to suitable confidentiality, security and processing expectations.
9. Breach management
If a data incident occurs, we will assess the nature of the incident, the data involved, the likely impact and whether notification to individuals or the Information Commissioner’s Office is required.