Your data protection rights explained
Last updated: January 2024
Heritage Furnishings UK is committed to protecting the privacy and security of your personal data. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, which govern how organisations collect, use, and protect personal information.
Heritage Furnishings UK acts as the data controller for personal information collected through this website and our services. This means we determine how and why your personal data is processed and are responsible for its protection.
Contact details:
UK GDPR provides you with specific rights regarding your personal data. We are committed to facilitating the exercise of these rights:
You have the right to know how your personal data is being collected and used. Our Privacy Policy provides detailed information about our data processing activities.
You have the right to request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request. We will respond to valid requests within one month.
If any personal data we hold about you is inaccurate or incomplete, you have the right to request correction. We will address rectification requests promptly.
In certain circumstances, you have the right to request deletion of your personal data. This right applies when:
You may request that we restrict the processing of your personal data in certain circumstances, such as while we verify the accuracy of data you have challenged.
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.
You have the right to object to processing based on legitimate interests, direct marketing, and processing for research or statistical purposes.
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Heritage Furnishings UK does not currently engage in such automated decision making.
To exercise any of these rights, please contact us using the details provided above. We may need to verify your identity before processing your request. There is no fee for most requests, though we may charge a reasonable fee for excessive or unfounded requests.
We will respond to valid requests within one month. This period may be extended by up to two further months for complex requests, in which case we will inform you of the extension and reasons.
We process personal data on the following lawful bases:
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing personal data. These measures are designed to protect against unauthorised or unlawful processing, accidental loss, destruction, or damage.
When we transfer personal data outside the United Kingdom, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements. This may include standard contractual clauses approved by the relevant authorities or transfers to countries with adequate data protection laws.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected individuals without undue delay.
If you are dissatisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
We encourage you to contact us first to resolve any concerns, as we take data protection seriously and wish to address issues directly where possible.
We review our data protection practices regularly and may update this information to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website.