Privacy Policy
1. About Us and This Notice
Deckchairstripes Ltd (trading as The Stripes Company) is the data controller for the personal data described in this notice. We are registered in England and Wales under company number 06337324.
Our registered address is:
Brandon House, King Street, Knutsford, Cheshire, WA16 6DX
Our principal trading address and postal address for data protection enquiries is:
Unit 1 Waverton Business Park, Saighton Lane, Waverton, Chester, CH3 7PD
Data Protection Officer (DPO): Maria Hopwood
Email: customerservice@thestripescompany.com
Telephone: 01244 336 387
2. Our Legal Framework
We process personal data in accordance with:
-
the UK General Data Protection Regulation (UK GDPR);
-
the Data Protection Act 2018 (DPA 2018); and
-
the Privacy and Electronic Communications Regulations 2003 (PECR).
Where the Data (Use and Access) Act 2025 (DUAA 2025) applies to our processing activities, we comply with its requirements, including the updated standards for handling subject access requests and the complaints procedure under Section 164A.
Under UK GDPR, we must have a lawful basis before we process your personal data. The lawful bases we rely on are explained in Section 5 of this notice alongside each processing purpose.
3. Personal Data We Collect
We collect the following categories of personal data. The table below sets out what we collect, from whom, and how.
|
Category of Data |
Source |
How Collected |
|
Identity data (name, job title) |
Customers and business clients |
Provided directly when placing orders or making enquiries |
|
Contact data (email address, telephone number, postal address) |
Customers and business clients |
Provided directly at checkout, via contact forms, or by telephone |
|
Transaction and order data (purchase history, payment references) |
Customers |
Generated when you place an order through our website or by telephone |
|
Financial data (payment card details) |
Customers |
Processed at checkout via our third-party payment processor. We do not store full card details. |
|
Technical data (IP address, browser type, device identifiers, pages visited, session duration) |
Website visitors |
Collected automatically via cookies and analytics tools, subject to your consent |
|
Communications data (content of emails, enquiries, and complaints) |
Customers and enquirers |
Provided directly when you contact us |
|
Marketing preferences (opt-in status, communication preferences) |
Customers and subscribers |
Provided directly when you sign up for marketing or update your preferences |
|
Business client data (company name, company contact details, contract terms) |
Business clients |
Provided under contract |
Special category data: We do not knowingly collect or process any special category data (such as health, racial or ethnic origin, or biometric data) through our website or in connection with our products and services. If you disclose special category data to us in the course of an enquiry, we will handle it with appropriate care and will not process it further without a valid condition under Article 9 UK GDPR.
Children: Our website and services are not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data about a child, please contact our DPO immediately using the details in Section 1.
4. Cookies and Website Tracking
We use cookies and similar tracking technologies on our website. A cookie is a small text file placed on your device when you visit our site.
4.1 Cookie Categories We Use
|
Cookie Type |
Purpose |
Legal Basis |
|
Strictly necessary |
Essential to operate the website (e.g. shopping cart, session management) |
No consent required — legitimate interests / contract performance |
|
Analytics / performance |
Measuring how visitors use our site (e.g. Google Analytics) |
Your consent under PECR |
|
Functional |
Remembering your preferences (e.g. currency, language) |
Your consent |
|
Marketing / targeting |
Displaying relevant advertising |
Your consent |
When you first visit our website, you will be presented with a cookie consent banner. You can accept or decline non-essential cookies at that point, or manage your preferences at any time via the cookie settings link in the footer of our website.
You can also control cookies through your browser settings. Please be aware that disabling certain cookies may affect the functionality of our website.
5. How We Use Your Personal Data
The table below sets out each purpose for which we process personal data, the data we use, and the lawful basis we rely on under UK GDPR Article 6.
|
Purpose |
Data Used |
Lawful Basis |
|
Processing and fulfilling orders (including payment, delivery, and returns) |
Identity, contact, transaction, financial data |
Performance of a contract (Article 6(1)(b) UK GDPR) |
|
Customer service and responding to enquiries and complaints |
Identity, contact, communications data |
Legitimate interests (Article 6(1)(f) UK GDPR) — to resolve queries and maintain customer relationships |
|
Maintaining financial and tax records |
Identity, contact, transaction, financial data |
Legal obligation (Article 6(1)(c) UK GDPR) — compliance with UK tax legislation and accounting obligations |
|
Sending marketing communications (email newsletters, promotional offers) |
Identity, contact, marketing preference data |
Consent (Article 6(1)(a) UK GDPR) where required by PECR; otherwise legitimate interests for existing customers |
|
Analysing website usage to improve our site and services |
Technical data (via analytics cookies) |
Consent (Article 6(1)(a) UK GDPR) under PECR |
|
Managing business-to-business client relationships and contracts |
Business client data, identity, contact, transaction data |
Performance of a contract (Article 6(1)(b)); legitimate interests (Article 6(1)(f)) |
|
Detecting and preventing fraud and ensuring website security |
Technical data, identity, transaction data |
Legitimate interests (Article 6(1)(f) UK GDPR) — to protect our business and customers |
|
Compliance with legal obligations (including responding to law enforcement requests) |
Any data relevant to the obligation |
Legal obligation (Article 6(1)(c) UK GDPR) |
5.1 Legitimate Interests
Where we rely on legitimate interests as our lawful basis, we have carried out a balancing test to ensure our interests are not overridden by your rights and freedoms. You have the right to object to processing based on legitimate interests — see Section 8 for details.
5.2 Marketing
We will only send you direct marketing communications if you have opted in to receive them, or (for existing customers) where we have a legitimate interest in contacting you about products or services similar to those you have previously purchased, and you have not opted out.
You can withdraw your consent or opt out of marketing at any time by clicking the unsubscribe link in any marketing email, or by contacting our DPO using the details in Section 1. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.
6. Automated Decision-Making and Profiling
We do not make decisions about you solely by automated means that produce legal or similarly significant effects. We may use analytics data to improve our website and product range, but these processes do not result in automated individual decisions that affect you directly.
If this changes in the future, we will update this notice and, where required, seek your consent or provide you with information about your rights under Article 22 UK GDPR.
7. Who We Share Your Data With
We do not sell your personal data. We share your data only in the following circumstances:
|
Recipient Category |
Purpose of Sharing |
Safeguard / Basis |
|
Payment processors (e.g. Stripe, PayPal, or equivalent) |
Processing card payments and fraud checks |
Contractual necessity; processor contracts in place |
|
Delivery and logistics partners (e.g. Royal Mail, courier services) |
Fulfilling and delivering orders |
Contractual necessity |
|
IT and hosting service providers |
Website hosting, email, and CRM system operation |
Legitimate interests; data processing agreements in place |
|
Analytics providers (e.g. Google Analytics) |
Website performance analysis |
Your consent (cookies); data processing agreements in place |
|
HMRC and other regulatory bodies |
Compliance with tax and legal obligations |
Legal obligation |
|
Law enforcement or courts |
Where required by law or court order |
Legal obligation |
All third parties who process data on our behalf are bound by data processing agreements that require them to keep your data secure and to process it only on our documented instructions. We do not permit them to use your data for their own purposes.
7.1 International Transfers
We keep personal data within the UK. Where any of our service providers process data outside the UK (for example, some cloud hosting and analytics providers), we ensure that appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA) or equivalent approved transfer mechanisms, before any transfer takes place.
8. How Long We Keep Your Data
We retain personal data only for as long as necessary for the purposes for which it was collected, and in accordance with our legal obligations. The table below sets out our standard retention periods.
|
Category of Data |
Retention Period |
Rationale |
|
Customer order and transaction records |
7 years from transaction date |
HMRC requirement under the Taxes Management Act 1970 |
|
Customer contact and identity data |
Duration of relationship plus 3 years |
Legitimate interests (potential disputes); limitation periods under Limitation Act 1980 |
|
Marketing consent records |
Until opt-out plus 3 years |
Ability to demonstrate consent was obtained and to defend potential complaints |
|
Customer purchase history (for warranty / returns purposes) |
10 years from purchase |
Consumer protection obligations; potential claims |
|
Website analytics data (cookied sessions, IP logs) |
Up to 26 months |
Industry standard; reviewed on cookie consent renewal cycle |
|
Communications data (enquiries, complaints, email correspondence) |
3 years from resolution |
Legitimate interests; limitation period for contractual claims |
|
Business client contract data |
Duration of contract plus 7 years |
Legal and contractual obligations |
At the end of the applicable retention period, your data is securely deleted or anonymised so that it can no longer be associated with you.
9. Security of Your Personal Data
We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, loss, or disclosure. These measures include:
-
encryption of data in transit using TLS/HTTPS;
-
access controls limiting access to personal data to authorised personnel on a need-to-know basis;
-
regular review of our information security policies and practices;
-
staff training on data protection and information security responsibilities; and
-
use of reputable and vetted third-party processors who are contractually bound to maintain equivalent security standards.
No transmission over the internet is completely secure. Whilst we take all reasonable steps to protect your data, we cannot guarantee the security of data transmitted to our website, and any transmission is at your own risk.
10. Your Data Protection Rights
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018), you have the following rights in relation to your personal data. These rights are not absolute and may be subject to exemptions, which we will explain to you if any limitation applies to your request.
|
Right |
What It Means in Practice |
|
Right to be informed |
You have the right to be told how we collect and use your personal data. This notice fulfils that obligation. |
|
Right of access (Subject Access Request) |
You have the right to request a copy of the personal data we hold about you, along with information about how we process it. We will respond within one calendar month of receiving your request. This may be extended by a further two months in complex cases, and we will notify you if an extension is necessary. |
|
Right to rectification |
You have the right to ask us to correct personal data that is inaccurate or incomplete. We will act on such requests without undue delay. |
|
Right to erasure ('right to be forgotten') |
You have the right to ask us to delete your personal data in certain circumstances — for example, where the data is no longer necessary for the purpose for which it was collected, or where you withdraw consent and there is no other lawful basis. This right does not apply where we are required to retain data by law. |
|
Right to restrict processing |
You have the right to ask us to pause processing of your data in certain circumstances, for example while the accuracy of data is contested or while an objection to processing is being considered. |
|
Right to data portability |
Where we process your data by automated means on the basis of your consent or a contract, you have the right to receive that data in a structured, commonly used, and machine-readable format, and to have it transmitted to another controller where technically feasible. |
|
Right to object |
You have the right to object to processing based on legitimate interests (including profiling) and to processing for direct marketing purposes. Where you object to direct marketing, we will cease processing immediately. Where you object to processing based on legitimate interests, we will stop unless we can demonstrate compelling legitimate grounds that override your rights. |
|
Rights in relation to automated decision-making |
You have the right not to be subject to solely automated decisions that produce legal or similarly significant effects. As noted in Section 6, we do not currently carry out such processing. |
|
Right to withdraw consent |
Where we rely on your consent as the lawful basis for processing, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. |
10.1 How to Exercise Your Rights
To exercise any of these rights, please contact our DPO:
-
Email: customerservice@thestripescompany.com
-
Post: Data Protection Officer, Unit 1 Waverton Business Park, Saighton Lane, Waverton, Chester, CH3 7PD
-
Telephone: 01244 336 387
We may need to verify your identity before we can process your request. We will not charge a fee for handling requests unless they are manifestly unfounded or excessive, in which case we may charge a reasonable fee or decline the request.
10.2 Complaints
If you are unhappy with how we have handled your personal data, we encourage you to contact our DPO in the first instance so that we can try to resolve the matter. Under DUAA 2025 Section 164A, you also have the right to use our internal complaints procedure before escalating to the ICO.
You also have the right to lodge a complaint directly with the Information Commissioner's Office (ICO) at any time:
-
Website: www.ico.org.uk
-
Telephone: 0303 123 1113
-
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
11. Links to Third-Party Websites
Our website may contain links to other websites. We have no control over the content or privacy practices of those websites. We recommend that you review the privacy policy of any website you visit via a link on our site. We accept no responsibility or liability for third-party websites or their privacy practices.
12. Changes to This Privacy Notice
We review this privacy notice at least annually and may update it from time to time to reflect changes in our processing activities, legal requirements, or best practice. The current version will always be published on our website.
We will notify you of material changes to this notice where we are required to do so by law, or where we consider it appropriate to do so. We recommend that you review this notice periodically.
This Policy was last updated in April 2026
13. Contact Us
For all data protection enquiries, subject access requests, or complaints, please contact:
Data Protection Officer: Maria Hopwood
Email: customerservice@thestripescompany.com
Telephone: 01244 336 387
Postal address: Unit 1 Waverton Business Park, Saighton Lane, Waverton, Chester, CH3 7PD