Request an Appointment

Overview

This privacy notice (the ‘Notice’) applies to visitors to our website and to customers and prospective customers of ShuttersUp Ltd. It sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data (e.g. name or address) changes during your relationship with us so that we can update our records.

This Notice explains:

  • Who We are;
  • Your rights;
  • What personal information we collect;
  • How we use your personal information;
  • Who we share your information with and why;
  • How we keep your information secure;
  • How long we keep your information; and
  • How to contact us

Who we are

For the purposes of data protection laws, We (ShuttersUp) are the Data Controller. ShuttersUp Ltd is registered in England and Wales under company number 07350964, with our registered office at Onega House, 112 Main Road Sidcup, Kent, England, DA14 6NE. ShuttersUp provides shutters and blinds to homes across the South East of England, and prides itself on delivering the best in shutter design, quality shutters and expert installation.

Your legal rights

You have the right to ask us:

Whether we are processing your personal information and the purposes (the right to be informed) – this is delivered through ‘fair processing information’ such as this Notice;

For a copy of the personal information that we hold about you (the right of access);

To update or correct your personal information (the right to rectification);

To delete your information (the right to erasure); and

To restrict processing of your personal information where appropriate (the right to restrict processing).

In certain circumstances you also have the right to:

  • object to the processing of your personal information (the right to object);
  • object to automated decision making and profiling (the right not to be subject to automated decision- making including profiling); and
  • request that information about you is provided to a third party in a commonly used, machine readable form (the right to data portability).

Exercising your rights

For information about your individual rights, including how to correct, restrict, delete, make changes to your personal information or if you wish to request a copy of the personal information we hold about you, please contact us at [email protected]

Fees

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). In some cases, we may charge a reasonable fee if your request for access is clearly unfounded or excessive, or if you request multiple copies of the information. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it. If you are not satisfied with our response or for more information about your data protection rights you can visit the website of your local Data Protection Authority.

  • In the UK, please see the Information Commissioner’s Office (ICO) website.

What personal information we collect

“Personal data” means any information about an individual from which that person can be identified directly or indirectly. We will collect personal data relating to you which includes data, such as your full name, email address and telephone number, job title, department, preferences and our communications with you.

Information you provide

We will collect personal data relating to you that you provide when you:

  • fill in a contact form on our website;
  • contact us about products and/or services;
  • subscribe to any of our services;
  • respond to a survey;
  • request to download guides or other resources on our website;
  • attend events;
  • engage with us via our social media channels;
  • opt-in (consented) to receive marketing communications from Us; and/or
  • apply for employment.

Information We collect about you

The type of personal information we collect will depend on the purpose for which it is collected and may include:

  • Information about you to help identify you and manage your relationship with ShuttersUp (e.g., Name, Address, Email Address(es), Postcode, Telephone Number(s), Title, Gender);
  • Information about your account with us (e.g. Account number, Customer ID or Number of past engagements with Us, personal preferences, order history etc.);
  • Copies of documentation (e.g. statements, letters, invoices, correspondence);
  • Economic & financial information (e.g. payment card numbers, bank details, payment history,  we also collect a certain amount of data on behalf of financial institutions concerning the purchase of devices financed by a loan (e.g. payslips, proof of address, etc.)
  • Audio & Visual information when we are recording interactions with you, or when you visit one of our premises (e.g. call recordings or Closed Circuit Television “CCTV”);
  • Marketing / Communications Data (e.g. information relating to Marketing and external communications such as marketing campaigns, opt in information and preferences); Where we have used consent as our lawful basis to contact you, this may be withdrawn at any time;
  • Lifestyle information (e.g. window types and measurements, photographs of windows);
  • Information about your website visit, Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; including the full Uniform Resource Locators (URL) clickstream to, through and from our Website (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number;
  • Employment and educational information (e.g. employer details, relevant professional qualifications, etc).

We may also collect information about you from other sources such as:

  • external third parties (e.g. credit reference agencies to verify your identity and to check financial soundness, event coordinators where our attendance at a stand is present); and
  • from Cookies. (Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the website owners). Our website uses cookies and similar technologies to improve your experience and analyse website traffic. You can control cookie preferences through your browser settings. For more details, please see our Cookie Policy

How we use your personal information

We may use your personal data in the provision and administration of the services that you have requested and/or to respond to your queries. Where you don’t provide us with certain information, we may be unable to process your order.

We may also use your personal data to meet our legal obligations, to deal with any complaints and for the enforcement of our terms and conditions.

We may use your personal data for our legitimate business interests which include security purposes, improvements to our website, improvements to our solutions and services and for general marketing purposes and internal monitoring and reporting. We will not do so though where our interests are outweighed by your interests, rights and freedoms.

We process your information for the following purposes

To perform our contract with you and to support and maintain that relationship. This includes the following:

  • to register you as a potential or new customer;
  • to process and deliver your appointments and order including managing payments, fees and charges and collecting and recovering any monies owed to Us;
  • recording specific needs or adjustments you have or may require from time to time such as text to speech, large print or medical reasons which allow us to better assist with your understanding of our products and services;
  • as part of our recruitment activities.

To comply with legal and regulatory requirements. These requirements include the following:

  • confirming your identity for regulatory purposes;
  • detecting and preventing fraud;
  • to fulfil our data protection obligations.

For specific business purposes to enable us to provide you with appropriate products and services and a secure experience. Our business purposes include the following:

  • to manage our relationship with you which will include notifying you about changes to our terms or notice and/or asking you to leave a review or take a survey;
  • to send you newsletters, to keep you updated on new products or services or to recommend other goods or services that may be of interest to you, to let you know about special offers and to invite you to our events;
  • to administer and protect our business and our Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
  • to use data analytics to improve and develop our Website, products/services, marketing, customer relationships and experiences.
  • monitoring or recording communications (such as telephone and video calls) with you to resolve any queries or issues and also for training and quality purposes.

We use tools including Google Ads, Meta Pixel, WhatConverts and related measurement and advertising technologies to understand how visitors use our website, to measure the effectiveness of our advertising, and to improve the relevance of our marketing. These tools may collect or receive information such as your IP address, browser type, device information, pages viewed and referral information, on-site actions and referral information.

In connection with Google measurement and advertising services, we may use Google tag gateway or similar first-party tagging technology so that certain Google tag requests are delivered through our own domain or trusted website infrastructure before information is passed to Google. This helps us improve the reliability of analytics and advertising measurement and reduce data loss caused by browser restrictions or network-level blocking. It does not change the purposes for which we use your information.

Where required by law, we only use cookies, tags, pixels and similar technologies for analytics and advertising where you have given your consent through our cookie banner or preference centre. If you decline or withdraw consent, we will not activate non-essential cookies or similar technologies that rely on consent.

We may use your personal data to promote our products and services, to measure the effectiveness of our advertising, and to make our advertising more relevant. This may include:

  • showing you advertisements on platforms such as Google and Meta;
  • measuring whether our advertising leads to website visits, enquiries, appointments or sales;
  • using cookies, pixels and similar technologies on our website, where required by law and subject to your consent choices; and
  • securely uploading hashed (cryptographically scrambled) customer or prospect information, such as email addresses and phone numbers, to create or suppress matched audiences on advertising platforms such as Google Ads Customer Match and Meta Custom Audiences.

These platforms may compare the information we provide with information they already hold about their users in order to:

  • show relevant advertisements to existing or prospective customers;
  • exclude existing customers from certain campaigns;
  • measure advertising performance; and
  • create similar or lookalike audiences of people who may be interested in our products and services.

We do not sell your personal data to advertising platforms. We only use these tools where we consider we have an appropriate lawful basis and, where required, valid consent.

Your Right to Object:

You have an absolute right to object to your personal data being used for direct marketing, including having your data uploaded to Google or Meta for matched audiences. If you wish to opt out of this specific processing, please contact us at [email protected].

We use tools including Mailchimp (Intuit Inc.) and Twilio to communicate by email, WhatsApp and SMS. When you subscribe, your contact information is stored on secure servers in the United States. The suppliers participate in the Data Privacy Framework, and we have implemented Standard Contractual Clauses to ensure adequate protection.

We may utilise AI technologies and Internet of Things “IoT” data, including machine learning, to perform some activities e.g.analytics, customer profiling, or support automation.  Where this is the case, the output is subject to human oversight and review, and we will not include your personal data in any data analytics with a third party model without making you aware. Where we are using publicly available models for general business purposes, we will give you the option of being anonymised or omitted from the data provided. We will always endeavour to utilise AI technologies in line with legislation, regulatory guidance and governmental policy.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. We may also process your personal data as part of an acquisition or sale. Should this happen, you’ll be notified about any change to processing or data controller arising as a result of this activity.

You have the right to object to us processing your personal information for some of the business purposes listed above but, if you do so, this may impact on our ability to provide some or all of our services to you. If We need to Use your personal data for an unrelated purpose, We will notify you and We will explain the legal basis which allows Us to do so.

Please note that We may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Our legal basis for processing your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances (our ‘Lawful Bases’):

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.
  • Where you have given us your explicit consent to do so.

The table below describes the ways we plan to use your personal data (the ‘Purposes’), and which of the legal bases we rely on to do so.

Purpose / Activity

Type of Data Used

Lawful Basis for Processing

To register you as a new customer and process your order (including managing payments and arranging installation)

Identity, Contact, Financial

Performance of a contract with you

To manage our relationship with you (e.g., notifying you about changes to our terms, asking you to leave a review)

Identity, Contact

Performance of a contract with you

Legal obligation (updating terms)

Legitimate interests (keeping our records updated and studying how customers use our products)

To administer and protect our business and website (e.g., troubleshooting, data analysis, system maintenance)

Identity, Contact, Technical

Legitimate interests (running our business, providing IT services, network security)

To deliver relevant website content and marketing to you and operate analytics and advertising technologies on our website (including cookies, tags, pixels and similar technologies)

Identity, Contact, Usage, Technical

Consent (where required by law, e.g., for email newsletters, non-essential cookies, tags, pixels and similar technologies)

Legitimate interests (to develop our products/services and grow our business)

To process your job application

Identity, Contact, Employment History

Legitimate interests (assessing your suitability for a role)

To measure advertising effectiveness, improve our marketing and deliver targeted advertising on third-party platforms (for example, Google Customer Match or Meta Custom Audiences)

Identity, Contact, Marketing / Communications, Usage, Technical (including, where applicable, hashed identifiers such as hashed email addresses or phone numbers)

Legitimate interests (to promote our products/services, increase brand awareness, and grow our business)

How we keep your information secure

We’re committed to ensuring the confidentiality of the personal information that we hold, and we continue to review our security controls and related policies and procedures to ensure that your personal information remains secure.

When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that personal information is kept secure and prevented from unauthorised or accidental access, processing, copying, modification, erasure, loss or use.

We also utilise UK International Data Transfer Agreements and EU Standard Contractual Clauses for transfers outside of the United Kingdom or European Economic Area.

In limited circumstances, data may be accessed by employees outside of our usual operating locations.  In these circumstances, we ensure there are appropriate information security measures in place to safeguard your information.

Where we transfer personal data outside the United Kingdom or the European Economic Area (for example, to service providers such as Google, Meta, WhatConverts, or Mailchimp), we use one of the following safeguards approved under UK data protection law:

  • the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses (SCCs), which are approved contractual mechanisms ensuring that transferred data remains protected; or
  • where the recipient is in the United States and certified under the UK Extension to the EU–US Data Privacy Framework (DPF), we rely on that certification as an appropriate safeguard.
  • Copies of these safeguards are available on request by contacting our Data Protection Contact at [email protected]

We will take all reasonable steps to ensure that your personal data is treated securely and in accordance with this Notice.

Who we share your information with and why

We will not sell your personal data and generally do not give your personal data to third parties but there are some exceptions. We may share your personal data in the following ways (as appropriate):

  • Companies appointed by ShuttersUp (these third parties may be based in countries outside the UK or EU)
    • with third parties or service providers who provide additional data about you in order to enhance our ability to design and develop new products and services that can be marketed and sold which meet the needs of our identified consumer groups and are targeted accordingly;
    • with debt collection agencies for tracing and recovery of debts;
    • with payment service providers to allow payments to be completed;
    • with our accountants to produce tax statements and in support of statutory reporting;
    • with our appointed legal or regulatory advisers or auditors;
    • with information technology and information security providers, including website hosting, content delivery, tag delivery and other web infrastructure providers that help us operate our website and support first-party delivery of analytics and advertising technologies on our domain;
    • website infrastructure and content delivery providers to support first-party delivery of analytics and advertising tags on our domain;
    • with third parties or service providers to conduct market research on our behalf, to help us improve and develop the products and services we provide to you and our other customers;
    • with a prospective buyer (or its advisors), for due diligence purposes, if we are considering a sale of any or all or part of our business. For example, in the event of a merger, acquisition, divestiture, change of control or liquidation of ShuttersUp or part of its business (or in anticipation of such an event), we may share your personal data as part of that transaction where required in order to fulfil our obligations in this Notice.
  • Organisations and parties appointed by you or authorised by you
  • Statutory authorities
    • for the purposes of the prevention or detection of offences, and/or the apprehension or prosecution of offenders, We may share any personal data that We collect with law enforcement, other public or private sector agencies, governmental or representative bodies in accordance with the relevant legislation in order to comply with any legal obligation or as otherwise permitted by law. This will include public authorities, insurance companies, finance companies and/or other agencies.
  • Advertising Partners
    • We share limited, hashed data with platforms like Google and Meta (Facebook/Instagram) to serve relevant advertising and measure its effectiveness. We may also allow certain measurement or advertising tag requests relating to Google services to be delivered through our own domain or trusted web infrastructure before information is passed to Google. In certain circumstances, such as when creating Meta Custom Audiences, we and Meta act as Joint Data Controllers..

Credit Reference Agencies

In the UK, if you purchase a product or service from Us using finance or consumer credit, we obtain your credit file from credit reference agencies. In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). We will also perform these checks periodically while you have a relationship with us.

To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.

We will use this information to:

  • Verify your identity and address;
  • Assess your creditworthiness and whether you can afford to take the product;
  • Verify the accuracy of the data you have provided to us;
  • Prevent criminal activity, fraud and money laundering;
  • Manage your account(s);
  • Trace and recover debts; and
  • Ensure any offers provided to you are appropriate to your circumstances.

We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.

When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders. If you are making a joint application or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.

The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at www.experian.co.uk/crain. CRAIN is also accessible from each of the three CRAs – clicking on any of these three links will also take you to the same CRAIN document:

  • TransUnion www.transunion.co.uk/legal/privacy-centre/pc-credit-reference
  • Equifax www.equifax.co.uk/crain
  • Experian www.experian.co.uk/legal/crain/

Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. Where processing is based on your consent, We shall only process your personal data until such time as you withdraw your consent.

To determine the appropriate retention period for personal data, We consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which We process your personal data and whether We can achieve those purposes through other means, and the applicable legal requirements.

How to contact us

If you have questions about this notice, or need further information about our privacy practices, or wish to raise a complaint about how we have handled your personal data, you can contact us on [email protected] using DATA PROTECTION in the subject field, for further investigation.
If you are unhappy with how we have handled your data, you can also complain to the Information Commissioner’s Office at www.ico.org.uk.

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.