Keswick Flooring Ltd Privacy Notice

Who we are

We are the controller of your personal data. Our registration number is ZA214249 with the UK Information Commissioner’s Office (ICO).

Purpose of this Privacy Notice

We take the privacy of your personal data very seriously. Please read this privacy notice carefully as it contains important information on who We are and how and why We collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact Us or the supervisory authority if you have a complaint about Our use of your personal data.
Our websites are intended for adults over the age of 18, and We do not knowingly collect or process children’s personal data.

Our Contact Details

If you have any questions about this privacy notice or the personal data We use about you, please contact Us using the details below:

By email: set up DPO@ emails for each brand  

DPO@ukflooringdirect.co.uk
DPO@flooringsupplies.co.uk

Post:
ATTN: Data Protection Officer
Keswick Flooring Ltd
Unit H1 Pilgrims Walk
Prologis Park
Coventry
CV6 4QG
If you have any concerns about the way We have handled your personal data, you have the right to complain at any time to the ICO, the UK’s regulator for data protection issues, (www.ico.org.uk ). However, We would appreciate the chance to address your concerns before you approach the ICO, so please do contact Us in the first instance.

Changes to the Privacy Notice

We regularly review this privacy notice and will update it where necessary. This privacy notice was last updated on [23 June 2025]. If you continue to use Our website(s) and/or Our services, you are assumed to accept such changes. If you do not accept such changes, you should stop using Our website(s) and/or Our services.
If We make any material changes, We will notify you by email or by means of a notice on Our website(s). We encourage you to periodically review this privacy notice for the latest information on Our privacy practices.

When will this Privacy Notice Apply?

This privacy notice will apply to the personal data We collect and process when you:

• visit any of Our websites: keswickflooring.com; ukflooringdirect.co.uk; trade.ukflooringdirect.co.uk; flooringsupplies.co.uk; flooringmegastore.co.uk
• visit Our showroom;
• provide details to Our staff to enable them to assist with a purchase or enquiry;
• sign up to receive communications from Us;
• create an online account on Our website(s);
• communicate with Our customer service team via telephone or email;
• complete an online web form or engage with Our online chatbot; or
• enter a competition or prize draw.

This privacy notice also applies when We obtain your personal data from a third-party source for marketing purposes.

What is the Lawful Basis for Using Your Personal Data?

Processing of personal data will be lawful only if a lawful basis for processing applies, We have detailed the lawful bases We will rely on:

• where processing is necessary for the performance of a contract which you are party to or to take steps at your request prior to entering a contract;
• for compliance with a legal obligation to which We are subject;
• for the purposes of Our legitimate interests or those of a third party (such as supplier of flooring), but only if your interests, rights or freedoms do not override these; or
• you have consented to the processing of your personal data for the processing detailed in this privacy notice.

The table below sets out the personal data We process, why We use your personal data and the lawful basis We will rely on.
We will only use your personal data for the purposes for which We collected it unless We reasonably consider that We need to use it for another reason, and that reason is compatible with the original purpose in this privacy notice.

Personal Data	What We Use Your Personal Data For	Lawful Basis
Address, email address and phone number*	To contact you about your enquiry or sample order when you have visited Our website(s)	Consent or for Our legitimate interest to ensure We provide the best service to you
	To arrange and facilitate delivery, including any special delivery requirements or restrictions	For the performance of a contract
	To notify you about any changes to Our terms and conditions or this privacy notice	Legal obligation
	To enable Us to identify you and notify you as a winner in a competition that you have entered	For the performance of a contract
Transactional and billing information, including  VAT number (trade accounts only)*	To take payment for purchases	For the performance of a contract
	To prevent and detect fraud against you or Us	For Our legitimate interests or those of a third party, to minimise fraud that could be damaging for Us and for you
	To record and monitor purchases	For Our legitimate interests or those of a third party to minimise fraud that could be damaging for Us and for you
	Other processing necessary to comply with professional, legal and regulatory obligations that apply to Us	To comply with Our legal and regulatory obligations
Your feedback on your experience, interactions with Our teams and personal opinions	To improve Our products and services based on customer feedback	For Our legitimate interests to improve Our products and ensure We deliver the best service to you
IP address using Our Website*	Preventing unauthorised access and modifications to systems	For our legitimate interests or those of a third party, to prevent and detect criminal activity that could be damaging for Us and for you
	To monitor use on Our Website	For Our legitimate interests to analyse Our customer spend and behaviour to improve Our services
Your call to Our customer service team is recorded, including during any automated interactions, such as selecting an appropriate option and being on hold*	To investigate any complaints or disputes effectively To ensure We are constantly providing high standards of customer service	For Our legitimate interests to ensure We are constantly providing a high level of customer service and can appropriately respond to customer queries
Your purchase history*	To analyse customer behaviour and to ensure We send you the most appropriate and relevant information regarding promotional offers	For Our legitimate interests making sure that We can keep in touch with Our customers and send them relevant information about existing orders and new products
Marketing preferences	To maintain a suppression list to ensure We are not sending marketing information to individuals who have opted out	To comply with Our legal and regulatory obligations
	To send marketing communications in your preferred format, including suggestions and recommendations to you about products or services that may be of interest to you,	Consent
Image and videos (via CCTV)*	To provide a safe environment at Our showroom and offices to maintain footage in the case of legal or civil proceedings	For Our legitimate interests to provide a safe and secure environment for Our visitors and to maintain appropriate records in the event that We need to commence or respond to and manage any legal proceedings or requests for footage

We will also send you direct marketing when you order a sample or shop with Us and do not choose to opt out - this is often called a 'soft opt in'. We will use your personal data, preferences and details of your orders to keep you informed by email, web, text, telephone and through Our contact centre about relevant products and services including tailored special offers, discounts, promotions, events, competitions and so on. This is only applicable in the UK.

We may occasionally collect Special Categories of Personal Data about you if We need to know something to treat you appropriately and keep you safe when We visit your home or deliver Our products there. For example, you may have a health condition for which We can make reasonable adjustments to Our sales and delivery process. Or you may wish to provide the contact details of someone you appoint to receive a delivery on your behalf.

What Personal Data must you Provide to Us as part of a Statutory/Regulatory or Contractual Requirement?

In certain circumstances, you may be obliged to provide Us with personal data. If you fail to provide this when requested, We may not be able to fulfil your purchase (in that case, We might have to cancel your order, but We will let you know if that happens) or assist with your enquiry. Where this is the case, We have identified these instances in the table above with an “*”.

Credit card and Debit Card Information

All payment details are sent to and managed securely by Our third-party payment service provider. We will only retain the card type and last four digits as a reference of the purchase.

Promotional Communications and Direct Marketing

When We are permitted to do so, We may use your personal data to send you updates (by email) about Our products and services, including exclusive offers and promotions.

You can opt out of receiving marketing at any point by:

• clicking on the unsubscribe link on all Our emails; or
• emailing us at  DPO@ukflooringdirect.co.uk; DPO@flooringsupplies.co.uk

What are Cookies and How are They Used?

Cookies are small files of letters and numbers stored on your browser or device that enable the cookie owner to recognise the device when it visits websites or uses online services.
Our website(s) may set cookies directly, known as first-party cookies, or may trigger cookies set by other domain names, known as third-party cookies. Whilst We may automatically use some cookies that are strictly necessary to provide the services you request or enable communications, We request your consent for all our other cookie uses. Where We have your consent to do so, We use cookies to collect statistical information about Our website(s) visits. We use this information to provide a better customer experience and to help us improve Our website(s.)

You can see an up-to-date list of the cookies that we use on Our websites in the cookie declaration and manage your preferences. You can also click on this link to view a current up to date list and manage your preferences.

Who do We Share your Personal Information with?

• We will share your personal data with other companies in order for them to fulfil services for Us,  including Our:
• group companies (Nestware Group) and their staff;
• online payment providers;
• CCTV redaction service;
• database system providers;
• digital marketing agencies;
• website platform provider(s);
• website analytic providers;
• social media platform management providers;
• suppliers;
• app providers; and
• outsourced professional service functions, such as lawyers and insurers.
• We only allow Our service providers to handle your personal data on Our behalf if We are satisfied that they will take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they only use your personal data to provide the requested service.
• They cannot use your personal data for their own purposes unless you have a separate agreement with them directly to provide a service in their own right. These might include payment service providers where you have signed up for an account.
• We may share your personal data with Our group companies for their own purposes Where you have consented We may also pass that personal data to Our group companies for their direct marketing purposes.
• In certain circumstances We may disclose and exchange information with law enforcement agencies to comply with our legal and regulatory obligations.
• We may also need to share some personal data with other parties, such as potential buyers of some or all of our business or during a restructuring.
• Your personal data will be anonymised, but this may not always be possible.
• The recipient of the personal data will be bound by confidentiality obligations.

Your own Sharing of Your Personal Data

When you post in any profile, comments, forums, and other interactive features on Our website(s), or share personal data with individuals through Our website(s) or social media platforms, this personal data will be available to other users and in some cases may be publicly available outside of Our website(s) (e.g. on social media platforms).

We are not responsible for the personal data you decide to share publicly.

Automated Decision-Making

Automated decision-making takes place when an electronic system uses personal data to decide without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given Us your consent, it is necessary for a contract between you and Us or is otherwise permitted by law. You also have certain rights to challenge decisions made about you.

We do not carry out automated decision-making in the course of providing Our products and services.

Third Parties Using Your Personal Data

You may be able to access third-party websites, plug-ins and apps from Our website(s). However, We are not responsible for the privacy policies and practices of other websites, plug-ins and apps.

We recommend that you check the privacy notice of each website, plug-in and app and contact the relevant operator or publisher if you have concerns or questions.

Our Access to Your Personal Data Through Social Media Platforms

If you interact with Us on social media platforms, (for example, if you ‘Like’ our Facebook Page or post on our Facebook timeline, or if you mention us in a comment on Trustpilot) We may interact with you and send you information via these platforms.

The personal data We have access to through social media platforms will depend on your personal settings on these platforms. We will have access to all public information on these platforms.

We may also be able to access personal data that others share about you (because they control how that is shared, not you).

Transferring Your Personal Data out of the UK

In some cases, We may need to transfer personal data outside the European Economic Area (EEA) and/or United Kingdom (UK). Where this is the case, We will only share the minimal amount of personal data necessary for the purpose of processing.

Whenever We transfer your personal data out of the EEA and/or UK, We ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We may transfer your personal data to countries for whom there has been an adequacy decision by the European Commission and/or an adequacy regulation granted by the UK Secretary of State (as applicable) confirming that that country provides an adequate level of protection for personal data; or
• We may use specific contracts approved by the European Commission and/or UK Data Protection laws (as applicable) which give personal data the same protection it has within the EEA and/or UK. When We rely on this measure, We will ensure that the third-party can comply with the provisions of such contracts and We have confirmed that the country to which the personal data is transferred provides enforceable data subject rights and effective legal remedies for data subjects are available there; or
• A specific exception applies under applicable data protection law.

Please contact us at DPO@ukflooringdirect.co.uk or DPO@flooringsupplies.co.uk, if you would like further information about the specific mechanism used by Us when transferring your personal data outside of the EEA and/or UK.

We may transfer your personal data outside of the EEA and/or UK:

• to store it;
• to enable Us to provide goods or services to you and fulfil Our contract with you. This includes order fulfilment, processing of payment details, and the provision of support services;
• where We are legally required to do so; or
• to facilitate the operation of Our business(es), where it is in Our legitimate interests, and We have concluded these are not overridden by your rights.

Data Security

We have appropriate security measures to prevent your personal data from being accidentally lost, used, accessed unlawfully, altered, or disclosed without permission. We also restrict access to your personal data to employees, agents, contractors, and other third parties who have a genuine business need to access it. They can only process your personal data in an authorised manner and they are bound by confidentiality.

We also have procedures to handle any suspected personal data breaches. We will inform you and any applicable regulator of a suspected breach where We are legally required to do so.

How Long Will You Use My Personal Data?

We will only keep your personal data for as long as necessary to provide the products and services you have requested, or for other essential purposes such as complying with legal obligations, resolving disputes, and enforcing Our agreements.

We retain certain categories of data for the following periods:

1. Email Marketing: Until you request to unsubscribe or withdraw your consent to be contacted, you may receive communications whilst Our systems update;
2. General CCTV footage: 14 days;
3. Call centre data: 12 months;
4. Account data: will be anonymised indefinitely if you request that your account is deleted.

Sometimes, We will anonymise your personal data (so it cannot be linked to you) for research or statistical purposes. If We do this, We can use this information indefinitely without telling you again.

Your Rights Relating to your Personal Data

You have a number of rights relating to how We use your personal data. These are as follows:

The Right of Access (‘Data Subject Access Request’)

You have the right to know how We are using your personal data, a right to see a copy of the personal data We hold about you and a right to be provided with additional information, for example, about how and why We are using your personal data and who it is being shared with.

The Right of Erasure ('Right to be Forgotten')

In certain circumstances, you can ask Us to delete your personal data where there is no good reason for Us to hold or use this anymore, where:

• We are using your personal data because you provided Us with your consent to use it in this way and you withdraw your consent; or
• where you have challenged Our use of your personal data and there is no good reason for Us to process it.

This does not apply to all of your personal data, as We may need to still keep your personal data, for example, to comply with laws.

The Right to Rectification

If you think that any of the personal data that We hold about you is wrong or incomplete then you have the right to tell Us and We have to ensure that the personal data We have is reviewed and if necessary, amended to ensure it is correct.

The Right to Restriction

You have the right to request that We restrict the processing of your personal data. This right enables you to ask Us to suspend the processing of your personal data so:

• We can establish if the personal data that We hold is accurate;
• We can investigate any objection you have made about the use of your personal data; or 
• if We have no justification for keeping it any longer, you may ask Us to put the processing on hold but retain the personal data in case you need this, for example, for legal reasons.

The Right to Objection

You have the right to tell Us about any concerns regarding the processing of your personal data and to ask Us to stop using your personal data. This includes objection to marketing.

The Right to Portability

In certain circumstances, you have the right to get your personal data from Us in a way that is accessible and machine-readable, and you also have the right to ask Us to transfer your personal data to another organisation. This only applies to personal data that you have provided to Us and which is held electronically. We only have to comply with this right if it is technically feasible to provide this personal data in a commonly used format, for example, a CSV file.

If you would like to exercise any of those rights, please contact Us at  DPO@ukflooringdirect.co.uk or DPO@flooringsupplies.co.uk,