Data Privacy

Shining Windows - Data Protection and Privacy Policy

Clause 28: Our Commitment to Your Privacy

28.1. Shining Windows is committed to protecting the privacy and security of your personal data. This policy outlines our procedures for collecting, using, and protecting your information and explains your rights under UK data protection law.

28.2. The Data Controller responsible for your personal data is Matthew McDaid, trading as Shining Windows ("we," "us," or "our"), of The Firtrees, 6 Wood Lane, Hartwell, Northampton, Northamptonshire, NN7 2HG.
Clause 29: The Personal Data We Collect

29.1. We collect and process personal data that is necessary for us to provide our services and manage our business operations.

The types of personal data we may collect include:

29.1.1. Identity Data: Your first name and last name.

29.1.2. Contact Data: Your billing address, service address, email address, and telephone numbers.

29.1.3. Financial Data: Payment card details for processing transactions. We do not store any payment card or banking information on our systems.

29.1.4. Transaction Data: Details about payments to and from you and a history of the services you have purchased from us.

29.1.5. Technical Data: Information collected via cookies when you use our website, such as your IP address and browsing history, to enhance your user experience.

Clause 30: How We Use Your Personal Data

30.1. We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Purpose of use to register you as a new client and form a contract.

To provide our services to you, including scheduling, service
delivery, and managing payments.

To manage our relationship with you, including sending service
reminders and requesting feedback.

To improve our website, customer service, and business
operations.

To send you marketing communications or manage your
enrolment in our Loyalty Programme.

Type of Data Used

Identity, Contact Identity, Contact, Financial, Transaction Identity, Contact, Transaction Technical, Transaction Identity, Contact Our Lawful Basis for Processing Performance of a contract with you.

Performance of a contract with you.

Performance of a contract; Legitimate Interest
to improve our services.

Legitimate Interest to develop our business.
Explicit Consent from you.

22

Clause 31: Data Sharing and Third Parties

31.1. We will never sell or rent your personal data to third parties for marketing purposes.

31.2. We may have to share your data with trusted third-party service providers who are essential for our business to function, including:

31.2.1. Payment Processors (e.g., Wix Payments, Stripe) to securely handle your payments.

31.2.2. Accounting Software Providers for invoicing and financial record-keeping.

31.2.3. IT and System Administration providers who support our website and booking system.

31.2.4. All our third-party partners are required to respect the security of your personal data and to treat it in accordance with the law.

Clause 32: Data Security

32.1. We have put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. We are committed to ensuring your information is secure.

Clause 33: Data Retention

33.1. We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. By law, we have to keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for seven years after they cease being customers for tax purposes.

Clause 34: Your Legal Rights Under UK GDPR

34.1. Under data protection law, you have a number of rights regarding your personal data. You have the right to:

34.1.1. Request access to your personal data.

34.1.2. Request correction of the personal data that we hold about you.

34.1.3. Request erasure of your personal data in certain circumstances.

34.1.4. Object to processing of your personal data.

34.1.5. Request restriction of processing your personal data.

34.1.6. Request the transfer of your personal data to you or to a third party.

34.1.7. Withdraw consent at any time where we are relying on consent to process your personal data.

34.2. To exercise any of these rights, please contact us using the details below.

23

Clause 35 Website Cookies

35.1. Our website uses "cookies" to enhance your experience. A cookie is a small file placed on your computer's hard drive. In compliance with the Privacy and Electronic Communications Regulations (PECR), we will obtain your active, affirmative, and prior opt-in consent for any cookies that are not strictly necessary for our website to operate. A simple notice stating "by continuing to use this site, you agree to cookies" is not legally sufficient, and we do not use this method. You can set your browser to refuse all or some browser cookies.

Clause 36: Our Use of Artificial Intelligence (AI)

36.1. To enhance our efficiency and the quality of our communications, our business utilizes Google Gemini AI (a paid Google Workspace tool). This technology may be used to assist in drafting communications and analysing business data. We want to be completely transparent about this. All client data remains within our secure systems and is handled at all times in accordance with this privacy policy. Clause 37: How to Contact Us

37.1. If you have any questions about this privacy policy or wish to exercise any of your legal rights, please do not hesitate to contact us:

37.1.1. Email: info@shiningwindows.co.uk

37.1.2. Postal Address: The Firtrees, 6 Wood Lane, Hartwell, Northampton, Northamptonshire, NN7 2HG