Privacy Policy | Data Protection & GDPR Compliance

Information We Collect

We collect information that you provide directly to us when you contact us, request a quote, or use our services. This includes:

Name and contact information (email address, phone number, postal address)
Project details and specifications for custom blind orders
Payment information processed through secure third-party payment processors
Communication preferences and correspondence history

We also automatically collect certain information when you visit our website, including:

IP address and browser type
Pages visited and time spent on pages
Referring website addresses
Device information and operating system

How We Use Your Information

We use the information we collect to:

Process and fulfill your orders for custom blinds
Communicate with you about your orders, quotes, and inquiries
Schedule measurements and installations
Provide customer support and respond to your questions
Send you marketing communications if you have opted in
Improve our website and services based on usage patterns
Comply with legal obligations and protect our rights

Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

Contractual necessity: Processing necessary to fulfill orders and provide services you have requested
Legitimate interests: Processing for business operations, website improvement, and fraud prevention
Consent: Processing based on your explicit consent for marketing communications and non-essential cookies
Legal obligation: Processing required to comply with applicable laws and regulations

Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

With service providers who assist in operations (payment processing, delivery services, IT support)
When required by law or to respond to legal process
To protect our rights, property, or safety, or that of our customers
In connection with a business transfer, merger, or acquisition

All third-party service providers are contractually obligated to protect your information and use it only for specified purposes.

Data Protection

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit using SSL/TLS protocols
Secure storage systems with access controls
Regular security assessments and updates
Employee training on data protection practices
Limited access to personal data on a need-to-know basis

Your Rights and Options

Under GDPR and applicable data protection laws, you have the following rights:

Right of access: Request copies of your personal data
Right to rectification: Request correction of inaccurate or incomplete data
Right to erasure: Request deletion of your personal data under certain circumstances
Right to restrict processing: Request limitation of how we process your data
Right to data portability: Request transfer of your data to another service provider
Right to object: Object to processing based on legitimate interests
Right to withdraw consent: Withdraw consent for processing where consent is the legal basis

To exercise these rights, please contact us using the information provided in the Contact section below.

International Data Transfers

Your information may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

Standard contractual clauses approved by the European Commission
Adequacy decisions by the European Commission
Other legally recognized transfer mechanisms

Data Retention Periods

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Specific retention periods include:

Order and transaction records: 7 years for accounting and tax purposes
Customer correspondence: 3 years from last contact
Marketing consent records: Until consent is withdrawn
Website analytics data: 26 months

Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will take steps to delete such information.

Third-Party Services

Our website uses third-party services that may collect and process your information:

Google Ads Conversion Tracking: Tracks conversions from advertisements. Data is processed according to Google's privacy policy.
Google Ads Remarketing: Uses cookies to show relevant advertisements to visitors. You can opt out through Google Ads Settings.
Google Analytics: Analyzes website usage and visitor behavior. Data is anonymized and aggregated.
Google Maps API: Provides location services if used on our website. Subject to Google's privacy policy.

These services have their own privacy policies. We encourage you to review them.

Cookie Usage

We use cookies and similar technologies to enhance your browsing experience, analyze site traffic, and personalize content. For detailed information about our cookie practices, please see our Cookies Policy.

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the updated policy on our website and updating the effective date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

Contact Information

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Gharvynnchak
Unit A12, The Embankment Business Park
Heaton Mersey, Stockport SK4 3GN
Great Britain
Phone: +44 161 442 9500
Email: chat@gharvynnchak.world