Privacy Policy

Last updated: [13th June 2026]

This privacy policy explains how Bespoke by Braemar collects, uses, and protects your personal data when you use our website or contact us about our services. It is written in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1.  Who we are

Bespoke by Braemar is a bespoke carpentry and joinery business based in Sussex, UK. We are the data controller for any personal data we collect about you.

Contact: Jordan Lane  |  bespokebybraemar@gmail.com  |  bespokebybraemar.co.uk

2.  What personal data we collect

We collect the following categories of personal data:

  • Contact details — your name, email address, phone number and postal address when you contact us via the website enquiry form, by email, or by phone

  • Project information — details about your property and the work you are enquiring about

  • Communications — records of correspondence between us, including emails and notes from site visits

  • Financial information — invoice and payment records (we do not store card details; payments are processed externally)

  • Website usage data — anonymised analytics data about how visitors use our website, collected via cookies (see our Cookie Policy)

We do not collect any special category data (such as health information or ethnic origin) and we do not collect data from children under the age of 16.

3.  How and why we use your data

Category: Contact Details

Purpose: To respond to your enquiry and discuss your project

Legal basis: Legitimate Interests

Retention: Until project is complete + 6 years

—-

Category: Project information

Purpose: To prepare quotations, CAD drawings and carry out the agreed works

Legal basis: Contract performance

Retention: 6 years after project completion

—-

Category: Financial records

Purpose: To issue invoices, record payments and comply with tax law

Legal basis: Legal obligation

Retention: 6 years (HMRC requirement)

—-

Category: Communications

Purpose: To manage the client relationship and resolve any disputes

Legal basis: Legitimate interests

Retention: 6 years after last contact

—-

Category: Website analytics

Purpose: To understand how visitors use our site and improve it

Legal basis: Consent

Retention: 26 months (Google Analytics)

4.  Who we share your data with

We do not sell, rent or trade your personal data. We may share it only in the following limited circumstances:

  • Service providers — we use a small number of trusted third-party tools to run the business, including Google (Gmail, Google Analytics), our website platform (Squarespace), and accounting software (Quickbooks). These providers act as data processors on our behalf and are bound by data processing agreements

  • Legal requirements — we may disclose data if required to do so by law, court order, or a regulatory authority

  • Professional advisers — our accountant or solicitor may have access to relevant records where necessary

All third-party providers we use are either based in the UK or operate under UK-adequate data transfer safeguards.

5.  How we keep your data secure

We take the security of your personal data seriously. Measures we have in place include:

  • Password-protected devices and accounts

  • Use of reputable, encrypted email and cloud services

  • Physical documents stored securely and disposed of confidentially when no longer needed

  • Limiting access to personal data to only those who need it

No method of electronic transmission or storage is 100% secure. In the unlikely event of a data breach that affects your rights, we will notify you and the ICO as required by law.

6.  How long we keep your data

We keep personal data only for as long as necessary. Our standard retention periods are set out in the table in section 3. The key periods are:

  • Client and project records: 6 years after project completion (to comply with contract law and HMRC requirements)

  • Enquiries that did not result in a project: 12 months from last contact, unless you ask us to delete sooner

  • Website analytics data: 26 months (Google Analytics default)

When data is no longer required, we delete it securely.

7.  Your rights

Under the UK GDPR you have the following rights:

  • Right of access — to request a copy of the personal data we hold about you

  • Right to rectification — to ask us to correct inaccurate or incomplete data

  • Right to erasure — to ask us to delete your data, where we have no legal obligation to retain it

  • Right to restriction — to ask us to limit how we process your data in certain circumstances

  • Right to data portability — to receive your data in a structured, machine-readable format

  • Right to object — to object to processing based on legitimate interests

  • Rights related to automated decision-making — we do not use automated decision-making or profiling

To exercise any of these rights, please contact us at enquiries@bespokebybraemar.co.uk. We will respond within one calendar month. There is no charge for making a request.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office at ico.org.uk or on 0303 123 1113.

8.  Cookies

Our website uses cookies. Please see our separate Cookie Policy at bespokebybraemar.co.uk/cookie-policy for full details of what cookies we use and how to manage your preferences.

9.  Links to other websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to read their privacy policies before providing any personal data.

10.  Changes to this policy

We may update this privacy policy from time to time. Any changes will be posted on this page with a revised date. We encourage you to check back periodically. Where changes are significant, we will make reasonable efforts to notify you directly.

11.  Contact us

If you have any questions about this privacy policy or how we handle your data, please contact:

Bespoke by Braemar

Jordan Lane

bespokebybraemar@gmail.com