Privacy Policy

Carol Bird Interiors
47 North Bar Within, Beverley, East Yorkshire HU17 8DG
Tel: 01482 886222 | Email: sales@carolbirdinteriors.com

Last Updated: 27 February 2026

1. Introduction

Carol Bird Interiors ("we", "us", "our") is committed to protecting your privacy and personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you:

  • Visit our showroom in Beverley

  • Use our website

  • Engage our interior design services

  • Contact us for enquiries

  • Subscribe to our communications

Please read this policy carefully to understand our practices regarding your personal data.

2. Data Controller Details

Data Controller: Carol Bird Interiors
Registered Address: 47 North Bar Within, Beverley, East Yorkshire HU17 8DG
Contact Email: sales@carolbirdinteriors.com
Contact Phone:+44 1482 886222

Carol Bird Interiors is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or how we handle your data, please contact us using the details above.

3. What Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Identity and Contact Data

  • Full name

  • Postal address (including property address for design projects)

  • Email address

  • Telephone number(s)

  • Title and salutation preferences

3.2 Financial and Transaction Data

  • Billing address

  • Delivery address

  • Payment card details (processed securely by third-party payment processors - we do not store full card details)

  • Purchase history

  • Order details

  • Invoice information

3.3 Project and Service Data

  • Property details and photographs

  • Design preferences and requirements

  • Room measurements and specifications

  • Budget information

  • Project timelines

  • Communication history regarding your project

  • Notes from design consultations

3.4 Technical Data

  • IP address

  • Browser type and version

  • Device type and operating system

  • Time zone settings

  • Browser plug-in types and versions

  • Location data (country/region level)

3.5 Usage Data

  • Information about how you use our website

  • Pages visited and time spent on pages

  • Referring website/source

  • Date and time stamps of visits

  • Clickstream data

3.6 Marketing and Communications Data

  • Your preferences for receiving marketing communications

  • Your communication preferences (email, phone, post)

  • Newsletter subscription status

  • Responses to surveys or feedback requests

3.7 Special Category Data

We do not intentionally collect special category data (such as health information, religious beliefs, etc.). However, if you voluntarily provide such information during design consultations (e.g., accessibility requirements, health-related design needs), we will only process this with your explicit consent and will handle it with additional safeguards.

4. How We Collect Your Personal Data

We collect personal data through the following methods:

4.1 Direct Interactions

When you:

  • Complete a design consultation booking form

  • Contact us by phone, email, post, or in person at our showroom

  • Subscribe to our newsletter or blog updates

  • Request a brochure or catalogue

  • Place an order for products or services

  • Provide feedback or complete a survey

  • Enter a competition or promotion

  • Create an account on our website (if applicable)

4.2 Automated Technologies

  • Cookies: See Section 10 for detailed information

  • Website analytics: Google Analytics and similar tools

  • Server logs: Automatically collected technical data

4.3 Third-Party Sources

We may receive personal data about you from:

  • Publicly available sources (Companies House, Land Registry for commercial projects)

  • Referral partners or collaborators (architects, builders, estate agents) with your consent

  • Social media platforms (if you interact with our social media pages)

  • Suppliers and manufacturers (order fulfillment information)

5. How and Why We Use Your Personal Data

We will only use your personal data when the law allows us to. Under UK GDPR, we rely on the following lawful bases:

5.1 Performance of a Contract (Article 6(1)(b) UK GDPR)

Purpose: To provide interior design services and fulfill orders

Activities:

  • Processing design consultation requests

  • Managing your design project from consultation to completion

  • Sourcing materials, furniture, and design elements

  • Coordinating with our Beverley workshop for bespoke furniture

  • Arranging delivery and installation

  • Managing payments and invoicing

  • Providing after-sales support and warranty services

  • Communicating about your project

Data Used: Identity, contact, financial, project, and service data

5.2 Compliance with Legal Obligations (Article 6(1)(c) UK GDPR)

Purpose: To comply with legal and regulatory requirements

Activities:

  • Maintaining accounting records (7 years as required by HMRC)

  • Complying with tax obligations

  • Responding to lawful requests from authorities

  • Meeting health and safety requirements

  • Fulfilling consumer protection obligations

Data Used: Identity, contact, financial, transaction data

5.3 Legitimate Interests (Article 6(1)(f) UK GDPR)

Purpose: To operate and improve our business efficiently and lawfully

Activities:

  • Managing our business operations and internal administration

  • Improving our website, products, services, and customer experience

  • Analysing customer preferences and behaviour

  • Detecting and preventing fraud or security threats

  • Network and information security

  • Business intelligence and market research

  • Managing supplier relationships

  • Defending legal claims

Data Used: All categories except where consent is required

Legitimate Interest Assessment: We have carefully balanced our legitimate business interests against your rights and freedoms. We do not use your data in ways you would not reasonably expect unless we have obtained your consent or are legally required to do so.

5.4 Consent (Article 6(1)(a) UK GDPR)

Purpose: To send marketing communications and use non-essential cookies

Activities:

  • Sending newsletters about design insights and showroom collections

  • Marketing communications about new products and special offers

  • Sharing design inspiration and blog content

  • Using analytics and marketing cookies on our website

  • Displaying your testimonial or project images (with separate explicit consent)

Data Used: Identity, contact, marketing and communications data

Your Right to Withdraw: You can withdraw consent at any time by:

  • Clicking the "unsubscribe" link in any marketing email

  • Emailing sales@carolbirdinteriors.com

  • Calling +44 1482 886222

  • Adjusting cookie settings in your browser

Withdrawing consent does not affect the lawfulness of processing before withdrawal.

5.5 Explicit Consent for Special Category Data (Article 9(2)(a) UK GDPR)

If you provide special category data (e.g., health information for accessibility design requirements), we will only process this with your explicit, freely given consent, which you can withdraw at any time.

6. Marketing Communications

6.1 Our Marketing Practices

We may use your identity, contact, technical, usage, and marketing data to:

  • Send relevant marketing communications about our services

  • Share design insights, showroom updates, and blog content

  • Inform you about new collections, special consultations, or seasonal inspiration

6.2 Opting In

We will only send marketing communications if:

  • You have explicitly consented (ticked an opt-in box)

  • You are an existing client and we are marketing similar services (soft opt-in)

6.3 Opting Out

You can stop receiving marketing communications at any time by:

  1. Email: Click the "unsubscribe" link at the bottom of any marketing email

  2. Email us: sales@carolbirdinteriors.com with "UNSUBSCRIBE" in the subject line

  3. Call us:+44 1482 886222

  4. Write to us: 47 North Bar Within, Beverley, East Yorkshire HU17 8DG

  5. Update preferences: Contact us to change which communications you receive

Please note: Opting out of marketing does not stop us from sending service-related communications about your active projects or orders.

7. Who We Share Your Personal Data With

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

We may share your personal data with the following categories of recipients:

7.1 Service Providers (Data Processors)

These companies process data on our behalf under strict contractual terms:

Interior Design Suppliers:

  • Fabric houses (Colefax & Fowler, Zoffany, and other UK design houses)

  • Furniture manufacturers (Novamobili and other suppliers)

  • Lighting specialists

  • Mirror and accessories suppliers

Craftspeople and Contractors:

  • Our Beverley workshop team for bespoke furniture

  • Installation specialists

  • Contractors for project implementation

Business Service Providers:

  • Payment processors (secure card payment handling)

  • Delivery and logistics companies

  • IT service providers (website hosting, email services, cloud storage)

  • Accounting and bookkeeping services

  • Professional advisors (solicitors, accountants, insurers)

Marketing and Analytics:

  • Email marketing platforms (if you've consented to marketing)

  • Website analytics providers (Google Analytics)

  • Social media platforms (if you interact with our pages)

7.2 Legal and Regulatory Authorities

We may disclose your personal data to:

  • HMRC (tax compliance)

  • Police, courts, tribunals (if required by law)

  • Regulatory authorities

  • Professional bodies

7.3 Business Transfers

If Carol Bird Interiors is sold, merged, or undergoes a business restructuring, your personal data may be transferred to the new owner. The new owner will be required to use your data in accordance with this Privacy Policy.

7.4 Third-Party Safeguards

All third parties are required to:

  • Respect the security of your personal data

  • Treat it in accordance with UK GDPR

  • Sign Data Processing Agreements where applicable

  • Only process data for specified purposes and on our instructions

8. International Data Transfers

Your personal data is primarily processed and stored within the United Kingdom.

8.1 Transfers Outside the UK

In limited circumstances, we may transfer your data to countries outside the UK, including:

  • European Economic Area (EEA): Suppliers based in EU countries

  • Other countries: International suppliers for specific products

8.2 Transfer Safeguards

When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Adequacy decisions: We transfer to countries recognised by the UK as providing adequate data protection

  • Standard Contractual Clauses (SCCs): EU Commission-approved SCCs incorporated into supplier contracts

  • Binding Corporate Rules: For multinational suppliers with approved internal policies

  • Specific consent: We will seek your explicit consent for transfers not covered by the above

You can request details of specific safeguards by contacting sales@carolbirdinteriors.com.

9. Data Security

9.1 Security Measures

We have implemented appropriate technical and organisational measures to protect your personal data against:

  • Unauthorised or unlawful processing

  • Accidental loss, destruction, or damage

  • Unauthorised access or disclosure

Technical Measures:

  • SSL/TLS encryption for data transmission via our website

  • Secure, password-protected systems with restricted access

  • Regular security updates and patches

  • Firewall protection and anti-virus software

  • Encrypted backups

  • Secure physical storage at our Beverley premises

Organisational Measures:

  • Staff training on data protection responsibilities and GDPR compliance

  • Confidentiality agreements with all staff and contractors

  • Access controls limiting data access to authorised personnel only

  • Regular security audits and risk assessments

  • Data breach response procedures

  • Clear data retention and deletion policies

9.2 Payment Security

We do not store full payment card details on our systems. All card payments are processed through secure, PCI DSS-compliant payment processors who handle your financial data according to the highest security standards.

9.3 Your Responsibility

Please keep any passwords or access credentials secure and notify us immediately if you suspect unauthorised access to your information.

10. Cookies and Tracking Technologies

10.1 What Are Cookies?

Cookies are small text files placed on your device when you visit our website. They help us provide you with a better experience by remembering your preferences and understanding how you use our site.

10.2 Types of Cookies We Use

Strictly Necessary Cookies (No Consent Required)

These cookies are essential for our website to function. They enable:

  • Security features

  • Contact form submission

  • Session management

  • Load balancing

Performance/Analytics Cookies (Consent Required)

These help us understand how visitors use our website:

  • Google Analytics: Tracks pages visited, time on site, bounce rate, traffic sources

  • Heatmap tools: Understand user behaviour and improve site design

Functionality Cookies (Consent Required)

These remember your choices and preferences:

  • Language preferences

  • Region/location settings

  • Username (if applicable)

Marketing/Advertising Cookies (Consent Required)

These track your browsing to deliver relevant advertising:

  • Social media pixels (Facebook, Instagram, LinkedIn)

  • Retargeting cookies for advertising campaigns

  • Conversion tracking

10.3 Cookie Duration

  • Session cookies: Deleted when you close your browser

  • Persistent cookies: Remain on your device for a set period (from 24 hours to 2 years depending on purpose)

10.4 Managing Cookies

Cookie Consent Banner:
When you first visit our website, you'll see a cookie consent banner allowing you to accept or reject non-essential cookies.

Browser Settings:
You can control cookies through your browser settings:

  • Chrome: Settings > Privacy and Security > Cookies and other site data

  • Firefox: Settings > Privacy & Security > Cookies and Site Data

  • Safari: Preferences > Privacy > Cookies and website data

  • Edge: Settings > Cookies and site permissions

More Information:
Visit www.aboutcookies.org or www.allaboutcookies.org for detailed guidance.

Important: Disabling cookies may affect website functionality and prevent access to certain features.

10.5 Third-Party Cookies

Some cookies are placed by third parties (Google, social media platforms). We do not control these cookies. Please review the relevant third-party privacy policies:

11. Data Retention

11.1 Retention Principles

We only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements.

11.2 Retention Periods

Data CategoryRetention PeriodLegal Basis Active client project data Duration of project + 7 yearsContract performance + legal obligation (HMRC) Financial and transaction records 7 years from end of financial yearLegal obligation (tax and accounting) Enquiries not converted to clients 2 years from last contactLegitimate interests Marketing consent and communications Until consent withdrawn or 3 years of inactivityConsent Website analytics data 26 months (Google Analytics default)Legitimate interests CCTV footage (if applicable at showroom) 30 daysLegitimate interests (security) Supplier and contractor records Duration of relationship + 7 yearsContract performance + legal obligation

11.3 Deletion and Anonymisation

After retention periods expire, we will:

  • Securely delete personal data (electronic deletion using data wiping software)

  • Physically destroy paper records (confidential shredding)

  • Anonymise data for statistical purposes (removing all identifiable information)

11.4 Exceptions

We may retain data beyond standard periods if:

  • Required by law or legal proceedings

  • Necessary to establish, exercise, or defend legal claims

  • You have requested extended retention for specific purposes

12. Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

12.1 Right of Access (Article 15 UK GDPR)

What it means: You can request a copy of the personal data we hold about you.

What we provide:

  • Confirmation that we process your data

  • A copy of your personal data

  • Information about how we use your data

  • Details of who we share it with

  • How long we retain it

How to request: Email sales@carolbirdinteriors.com with "Subject Access Request" in the subject line.

Timeframe: We will respond within one month (extendable by two months for complex requests).

Cost: Free for the first request. We may charge a reasonable fee for additional copies or manifestly unfounded/excessive requests.

12.2 Right to Rectification (Article 16 UK GDPR)

What it means: You can ask us to correct inaccurate or incomplete personal data.

How to request: Contact us with the correct information, and we will update our records promptly.

Timeframe: One month from receiving your request.

12.3 Right to Erasure / "Right to be Forgotten" (Article 17 UK GDPR)

What it means: You can request deletion of your personal data in certain circumstances.

When this applies:

  • Data no longer necessary for original purpose

  • You withdraw consent (where consent was the lawful basis)

  • You object to processing and there are no overriding legitimate grounds

  • Data has been unlawfully processed

  • Deletion required for legal compliance

When we may refuse:

  • We need the data to comply with legal obligations (e.g., 7-year tax records)

  • For establishing, exercising, or defending legal claims

  • For archiving/research purposes in the public interest

How to request: Email sales@carolbirdinteriors.com with "Erasure Request" in the subject line.

12.4 Right to Restrict Processing (Article 18 UK GDPR)

What it means: You can ask us to limit how we use your data while issues are resolved.

When this applies:

  • You contest the accuracy of data (restricted until we verify)

  • Processing is unlawful but you don't want erasure

  • We no longer need the data, but you need it for legal claims

  • You've objected to processing (restricted while we verify legitimate grounds)

Effect: We can still store the data but not use it without your consent (except for legal claims or protecting others' rights).

12.5 Right to Data Portability (Article 20 UK GDPR)

What it means: You can request your personal data in a structured, commonly used, machine-readable format.

When this applies:

  • Processing is based on consent or contract

  • Processing is carried out by automated means

What we provide: Your data in CSV, JSON, or similar format, which you can transfer to another service provider.

12.6 Right to Object (Article 21 UK GDPR)

What it means: You can object to processing based on legitimate interests or for direct marketing purposes.

Objecting to Direct Marketing:

  • Absolute right- we will stop immediately upon request

  • Use unsubscribe links, email, phone, or post (details in Section 6.3)

Objecting to Legitimate Interests Processing:

  • You can object if processing is based on legitimate interests

  • We must stop unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms

12.7 Rights Related to Automated Decision-Making and Profiling (Article 22 UK GDPR)

Our Position: We do not use automated decision-making or profiling that produces legal or similarly significant effects.

If this changes, we will:

  • Inform you explicitly

  • Provide meaningful information about the logic involved

  • Explain the significance and consequences

  • Obtain explicit consent where required

12.8 Right to Withdraw Consent (Article 7(3) UK GDPR)

What it means: Where we process data based on consent, you can withdraw it at any time.

Effect: Withdrawal does not affect the lawfulness of processing before withdrawal.

How to withdraw: Use methods described in Section 6.3 (marketing) or contact us directly for other consent-based processing.

13. How to Exercise Your Rights

Contact Details:

Email: sales@carolbirdinteriors.com (preferred method)
Phone:+44 1482 886222
Post: Carol Bird Interiors, 47 North Bar Within, Beverley, East Yorkshire HU17 8DG

What to Include:

  • Your full name

  • Contact details (email and/or phone)

  • Description of your request

  • Proof of identity (if requested by us for security)

Our Response:

  • Timeframe: We will respond within one month of receiving your request

  • Extensions: For complex requests, we may extend by two additional months (we'll explain why)

  • Free of charge: Generally free, though we may charge for manifestly unfounded/excessive requests

  • Verification: We may ask for identification to confirm your identity before processing requests

If You're Not Satisfied:

If you're unhappy with our response, you can:

  1. Contact us to discuss your concerns

  2. Lodge a complaint with the ICO (see Section 14)

14. Right to Lodge a Complaint

You have the right to lodge a complaint with the UK's supervisory authority for data protection:

Information Commissioner's Office (ICO)

Website: www.ico.org.uk
Helpline: 0303 123 1113
Live Chat: Available on ICO website
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

When to Complain:

  • You believe we've breached UK GDPR

  • You're dissatisfied with how we've handled your data rights request

  • You have concerns about our data protection practices

We Encourage Contact First:
While you have the right to complain directly to the ICO, we would appreciate the opportunity to address your concerns first. Please contact us at sales@carolbirdinteriors.com so we can attempt to resolve the issue.

15. Children's Privacy

Our interior design services are not directed at children under 16 years of age.

We do not knowingly collect personal data from children under 16 without parental consent.

If you are under 16:
Please do not submit any personal information through our website or services without your parent or guardian's permission.

If you are a parent/guardian:
If you believe we have inadvertently collected data from a child under 16, please contact us immediately at sales@carolbirdinteriors.com , and we will delete it promptly.

16. Third-Party Websites and Services

16.1 External Links

Our website may contain links to third-party websites, including:

  • Supplier websites (fabric houses, furniture manufacturers)

  • Social media platforms (Facebook, Instagram, LinkedIn, Pinterest)

  • Payment processors

  • Review platforms

We are not responsible for:

  • The privacy practices of these external sites

  • The content on third-party websites

  • How they collect, use, or share your data

Your Responsibility:
Please review the privacy policies of any third-party websites before providing personal information.

16.2 Social Media

If you interact with our social media pages (liking, commenting, sharing, messaging), your interactions are governed by the respective platform's privacy policy, not this Privacy Policy.

Social Media Platform Policies:

17. Data Breach Notification

17.1 Our Commitment

We take data security seriously and have implemented measures to prevent data breaches (see Section 9).

17.2 In the Event of a Breach

If a personal data breach occurs that is likely to result in a risk to your rights and freedoms:

We will:

  • Notify the ICO within 72 hours of becoming aware (as required by UK GDPR)

  • Notify affected individuals without undue delay if the breach poses a high risk

  • Provide information about the nature of the breach, likely consequences, and measures taken

You will receive:

  • Description of what happened

  • Types of data affected

  • Likely consequences

  • Steps we're taking to address the breach

  • Recommended actions you should take

  • Contact details for further information

17.3 Reporting Concerns

If you suspect a data breach or security incident involving your data, please contact us immediately:

Email: sales@carolbirdinteriors.com
Phone:+44 1482 886222
Subject Line:"URGENT: Data Security Concern"

18. Updates to This Privacy Policy

18.1 Policy Changes

We may update this Privacy Policy from time to time to reflect:

  • Changes in UK data protection law

  • New business practices or services

  • Technological developments

  • Feedback from customers or regulators

The "Last Updated" date at the top of this policy shows when it was last revised.

18.2 How We Notify You of Changes

Material Changes:
For significant changes that affect how we process your data:

  • We will email active clients and newsletter subscribers

  • We will display a prominent notice on our website

  • We may seek fresh consent where required by law

Minor Changes:
For non-material updates (e.g., clarifications, formatting):

  • We will update the policy on our website

  • The new version will be effective upon posting

18.3 Your Responsibility

Please review this Privacy Policy periodically to stay informed about how we protect your data.

Continued use of our services after policy updates constitutes acceptance of the revised policy.

19. Glossary of Terms

Personal Data: Any information relating to an identified or identifiable individual (e.g., name, email, IP address, project preferences).

Processing: Any operation performed on personal data, including collection, storage, use, disclosure, deletion.

Data Controller: The entity that determines the purposes and means of processing personal data (Carol Bird Interiors).

Data Processor: A third party that processes personal data on behalf of the data controller (e.g., our payment processor).

Data Subject: The individual to whom personal data relates (you).

Consent: Freely given, specific, informed, and unambiguous indication of your agreement to processing.

Legitimate Interests: A lawful basis for processing when there's a genuine business reason that doesn't override your rights.

Special Category Data: Sensitive personal data requiring extra protection (health, religion, etc.).

UK GDPR: UK General Data Protection Regulation - the data protection law governing how we handle personal data.

ICO: Information Commissioner's Office - the UK's independent supervisory authority for data protection.

Cookies: Small text files placed on your device when you visit our website.

20. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or our data protection practices:

Carol Bird Interiors

Email: sales@carolbirdinteriors.com (preferred contact method)
Phone:+44 1482 886222
Post: 47 North Bar Within, Beverley, East Yorkshire HU17 8DG

Opening Hours:
(Insert your showroom hours here, e.g., Monday-Saturday 9am-5pm)

Response Time:
We aim to respond to all data protection enquiries within 48 hours (business days).

21. Consent Record (For Marketing Communications)

If you are providing consent for marketing communications:

By ticking the consent box on our contact form or subscription form, you confirm:

☐ I consent to Carol Bird Interiors sending me marketing communications about interior design services, showroom collections, design insights, special offers, and blog content via email.

☐ I understand I can withdraw this consent at any time by clicking "unsubscribe" in any email, or by contacting sales@carolbirdinteriors.com or calling +44 1482 886222.

☐ I understand that withdrawing consent does not affect communications related to active projects or orders I have placed.

Date consent given:[Automatically recorded]
IP address:[Automatically recorded for verification]

This Privacy Policy is compliant with:

  • UK General Data Protection Regulation (UK GDPR)

  • Data Protection Act 2018

  • Privacy and Electronic Communications Regulations (PECR) 2003

Effective Date: 27 February 2026

Carol Bird Interiors is committed to transparency, accountability, and protecting your privacy rights. Thank you for trusting us with your personal information as we help transform your home into a refined space that reflects your unique vision.

This comprehensive Privacy Policy has been drafted specifically for Carol Bird Interiors' interior design business operations in Beverley, East Yorkshire, with full GDPR compliance including all required elements: lawful bases for processing, data subject rights, international transfers, security measures, retention periods, cookies, complaints procedures, and detailed contact information.