Website Privacy Notice




1.             INTRODUCTION  


This privacy notice provides you with details of how we collect and process your personal data through your use of our website.


This notice is governed by the EU General Data Protection Regulation (the "GDPR") from 25 May 2018 and until 25 May 2018 is governed by the Data Protection Act 1998. It seeks to provide you with information about:


  • what personal data is;


  • the personal data we may collect and hold about you;


  • how we collect your personal data;


  • the purpose for which we use your personal data;


  • how long we keep your personal data for;


  • the circumstances and safeguards in place for when we might share your personal data;


  • how we go about ensuring that your personal data is secure; and


  • your rights and what to do if we get something wrong.


2.             WHO WE ARE


HOMEFAIR BLINDS & SHUTTERS LTD the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice). This just means that we determine the purposes and ways in which we process personal data.


As a data controller, we take your privacy and our responsibilities very seriously. This is our privacy notice. It provides you with details the type of personal data we hold, the way in which we collect it and how we process it through your use of our website. When you use our website ( you may be asked to provide personal data, for example when you purchase a product or service, sign up to our newsletter or take part in a prize draw or competition. This website is not intended for children and we do not knowingly collect data relating to children. By using our website and providing us with your data, you warrant to us that you are over 13 years of age.


Full name of legal entity: HOMEFAIR BLINDS & SHUTTERS LTD


Postal address:            7-10 Chevychase Court

Seaham Grange Ind. Estate


County Durham



Email address:



3.             WHAT IS PERSONAL DATA?


Any information that can identify you as an individual is known as ‘Personal Data’. This does not include any anonymised data.


Under current legislation, there is also a special category of ‘Sensitive Data’. Sensitive data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, your health as well as genetic and biometric data. In order to process sensitive data we need your explicit consent.




We may securely process the following types of personal data about you:





Full name or any previous names, your username, marital status, title, date of birth and gender.


Addresses for billing and/or delivery, your email address and any telephone numbers.



Bank account and payment card details.



Details about payments you have made, what products and/or services you have purchased and other related details of any purchases you have made


This may include any log in details you have provided, your internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.


It may also include your username and password, purchases or orders, your interests, preferences, feedback and survey responses.


This may include information about how you use our website, products and services.


This may include your preferences in receiving marketing communications from us and our third parties and your communication preferences.


We may also process what is known as aggregated data from your personal data. As this data does not reveal your identity it is not classed as ‘Personal Data’. An example of this might be if we were analyse our website usage data which allows us to see what percentage of users visit which pages or use which features. If we subsequently link the aggregated data with other data which would then identify you, then it becomes personal data and is treated accordingly.


5.             SENSITIVE DATA


We do not collect any Sensitive Data about you. We do not collect any information about criminal convictions and offences.


Please note that there are certain times when we may be required to collect personal data under the terms of a contract between us or where we are required to do so by law. Should you not provide us with that data when requested, it is unlikely that we will be able to keep our end of any contract between us (for example, to deliver goods or services to you). This may mean we have to cancel a product or service you have ordered. You will, of course, be notified in advance when that might be the case.




There are a variety of ways in which we might collect your personal data.





You may provide your data to us in a number of ways. For example, by filling in forms (either on our website or otherwise) by writing to us, telephoning us or emailing us including when you:


  • order our products or services;
  • create an account on our site;
  • subscribe to our service or publications;
  • request resources or marketing be sent to you;
  • enter a competition, prize draw, promotion or survey; or
  • give us feedback.


As you browse and use our website certain technical data might be recorded about the device and equipment you are using, your browsing and your usage. We collect this data by using cookies, server logs and similar technologies. This happens on most website you use and so we may also receive similar technical data about you if you visit other websites that also use our cookies.  We have set out our cookie policy below.


We may also occasionally receive your personal data from external third parties and public sources. We have tried to capture these third parties here:


  • analytics providers such as Google based outside the EU;


  • search information providers such as Google based outside the EU.





We will only ever process or use your personal data when we are legally allowed to do so. Whilst there are a number of other legally permissible reasons to process your personal data, the following are the main reasons that we rely upon to do so:


  • To be able to comply with our legal and regulatory obligations;
  • To be able to perform any contract that might exist between us; and
  • Necessity in both our and your legitimate interests (or those of a third party) provided that your fundamental rights do not override those interests.

Another basis upon which it would be legally permissible for us to process your data would be where you have explicitly consented. Generally, we do not rely on your consent as a legal ground for processing your personal data. However, where we intend to send marketing communications to you via email or text message, we will ask you to consent in advance. You will have the right to withdraw consent to any such marketing at any time by emailing us at





We want to share with you:


  • the ways in which we intend to use your personal data; and
  • the legal grounds upon which we will process your personal data (including the nature of our legitimate interest in doing so where applicable).


The following table provides this information. We have also explained what our legitimate interests are where relevant.









To record your details as a new customer.


·         To identity

·         To contact


To be able to fulfil our obligations under a contract or proposed contract with you.


To fulfil your order with us including:

(a)   manage payments, fees and charges

(b)   collect and recover money owed to us


·         To identity

·         To contact

·         Financial

·         Transactional

·         Marketing and Communications


To be able to fulfil our obligations under a contract or proposed contract with you.

Necessary for our legitimate interests to recover debts owed to us


To be able to manage and develop our relationship with you, which will include for example:

(a)   notifying you about changes to our terms or privacy policy

(b)   Asking you to leave a review or take a survey


·         To identity

·         To contact

·        Electronic & Profile information

·        Marketing and Communications


To be able to fulfil our obligations under a contract or proposed contract with you.

To enable us to be able to comply with a legal obligation.

Necessary for our legitimate interests to ensure our records are up to date and to better understand how customers and potential customers use our website, products and services.


To allow you to be able to enter a prize draw, competition or to complete a survey


·         To identity

·         To contact

·        Electronic & Profile information

·         Usage

·        Marketing and Communications


To be able to fulfil our obligations under a contract or proposed contract with you.

Necessary for our legitimate interests to better understand how customers and potential customers use our website, products and services, to improve those products and services and in turn grow our business.

To administer and protect our business and our site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)


·         To identity

·         To contact

·         Technical data


Necessary for our legitimate interests to enable us to run our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise

To enable us to be able to comply with a legal obligation.


To ensure that any content and advertisement aimed at you is relevant and what you want to see and to measure and understand the effectiveness of our advertising.


·         To identity

·         To contact

·         Electronic & Profile information

·         Usage

·        Marketing and Communications

·        Technical data


Necessary for our legitimate interests to to better understand how customers and potential customers use our website, products and services, to develop those products and services and in help our marketing strategy and in turn grow our business.


To use data analytics to improve our website, products/services, marketing, customer relationships and experiences


·         Technical data

·         Usage


Necessary for our legitimate interests to determine the types of customers for our products and services, to keep our site updated and relevant, to develop our business and to inform our marketing strategy


To make appropriate suggestions and recommendations to you about goods or services that may be of interest to you.


·         Identity

·         Contact

·         Technical

·         Usage

·         Profile


Necessary for our legitimate interests to develop our products/services and grow our business




As you will see, we may process your personal data on the basis of more than one lawful ground, depending on the specific purpose for which we are using it. Please email us at if you need more details about the specific legal ground we are relying on to process your personal data in relation to any of the data set out in the table above.


9.             CHANGE OF PURPOSE  


Whilst we will only use your personal data for the purposes for which we collected it sometimes the purpose might change. Such change will either be compatible with the original purpose or for an entirely new purpose.


Compatible with an existing purpose: If we reasonably think that we need to use your personal data for another reason but that reason is compatible with the original purpose then we are entitled to do so. You are entitled to find out more about our thought process and why we consider that the processing for the new purpose is compatible with the original purpose. If you would like us to explain why we think that then please email us at


A new purpose: If we need to use your personal data for a purpose that is different or unrelated to the original purpose for which we collected the data, we will notify you and we will explain the legal ground upon which we intend to then process the data.


By law: We may process your personal data without your knowledge or consent where this is required or permitted by law.




Unless you have opted out of receiving marketing from us (which you can do at any time), you will receive marketing communications from us if you have either:


  • requested information from us or purchased goods or services from us; or
  • if you provided us with your details and ticked the box at the point of entry of your details for us to send you marketing communications; and


We will always get your express opt-in consent before we share any of your personal data with any third party for marketing purposes.


At any time and for any reason (which you do not have to provide), you can ask us or third parties to stop sending you marketing messages. You can do this by emailing us at at any time.


Where you opt out of receiving our marketing communications, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.




We have referred above to third parties with whom we might share your personal data.

Below is a list of other third parties who we may share your personal data with and for the purposes set out in the table in paragraph 6 above:


  • HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
  • Professional advisers such as lawyers, bankers, auditors and insurers who may provide consultancy, banking, legal, insurance and accounting services.
  • Service providers who provide, for example, IT and system administration services.
  • Third parties to whom we sell, transfer, or merge parts of our business or our assets.

Any third parties to whom we transfer your data may only process your personal data for specified purposes and in accordance with our instructions. Such third parties are required to respect the security of that personal data and to comply with the law.




Occasionally our processing of your data outside the European Economic Area (EEA).


Some of our third parties service providers are based outside the European Economic Area (EEA). This means that when they process your personal data it inevitably means that such data is transferred outside of the EEA. Such transfers have been prohibited unless we meet certain criteria prescribed by European law when making such a transfer. As a result, we do our best to ensure that the same level of security of data is in place by ensuring at least one of the following safeguards is implemented:


·         the country to which your personal data is proposed to be transferred having been deemed by the European Commission to provide an adequate level of protection for personal data; or

·         the use of certification mechanisms approved by the European Commission, specific contracts or codes of conduct which give personal data the same protection it has in Europe; or

·         in the case of third parties based in the US, where they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.

Please email us at if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

If none of the above safeguards is available, we may instead request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.


13.          DATA SECURITY  


We have taken a number of steps to ensure and protect the security of your personal data.


  • Security Measures: we have put in place appropriate security measures and data protection policies to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed;
  • Training: we have trained our staff to understand their data protection obligations and to ensure they are fully aware and understand their legal obligations, our data protection policies and security measures;
  • Limited access: we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.


We have also put in place a response procedure in the event of any actual or suspected personal data breach. We will notify you and any applicable body of any such reportable breach within the legal time period for doing so.




We will only ever keep your personal data for as long as we need it to be able to fulfil the purposes for which we collected it in the first place. This will include any reporting requirements, legal requirements or accounting requirements.


When we think about how long we should keep or retain your data, we think about:


  • the amount, nature, and sensitivity of the personal data;
  • the potential risk of loss, damage or harm from any disclosure, loss, misuse or unauthorised use of your personal data;
  • the purposes for which we process your personal data and whether we can achieve those purposes without needing your personal data, and
  • the applicable legal requirements, for example we have to keep basic information about our customers for six years after they cease being customers for tax purposes.


You have the legal right to ask us to delete your data in certain circumstances. Please see the section below entitled ‘Your Legal Rights’ for further information.


We may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. This is because you can no longer be identified from the anonymised data.


15.          THIRD-PARTY LINKS  


Through your use of our website you will have access to links, plug-ins and applications that are not under our control. When you click on those links or open the connection associated with those links it may be that the third party that does control them collects and shares your personal data. We cannot be responsible their privacy statements. When you leave our website, please ensure you read the privacy notice of each website you visit as there may be significant differences that affect you.


16.          COOKIE POLICY


When you visit our website cookies are used to collect information so that your experience with the website can be improved in the future.




Cookies are used by most websites. They are not harmful, and they do not invade your privacy. They are small text files saved to your computer that store information about the way in which you have used a particular website. When you re-visit that website it will access the ‘cookie’ and tailor your use of that website based upon how you have used it in the past. Cookies may also be used for other legitimate purposes like marketing or analytics.




Broadly speaking there are two types of cookie; sessions cookies and persistent cookies. They each behave differently.


A persistent cookie is one that is saved as a text file on your PC and remains there even after you have closed your browser. It is then accessed again once you re-visit the same website. We use persistent cookies for Google Analytics. Persistent cookies are stored until they expire, which can range from several minutes to many years


A session cookie is a temporary file that is not saved permanently on your PC. It is created during your web session and is automatically deleted when you close your browser. They may store some anonymised data but no personal data is ever stored by a session cookie. Session cookies exist for the duration of a visit and are erased when you close the web browser.




The cookies we use on our website can be grouped into the following categories:


Essential or Strictly Necessary cookies: Some of the cookies on our website are essential for us to be able to provide you with the service you have requested, for example to be able to buy our goods and/or services. You may not be able to use our website without these cookies. They cannot therefore be turned off. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.


Website functionality cookies: These cookies enable you to browse our website and use certain features by allowing our website to remember the choices you make and provide enhanced features. The information these cookies collect is usually anonymised.


Performance cookies: These cookies enable us to monitor and improve the performance of our website. For example, they allow us to count visits, identify traffic sources and see which parts of the site are most popular.


Find out more about cookies here:



There will be options available in your browser’s settings that enable you to control the way in which cookies are stored on your computer. This will prompt you when cookies are being used, enable you to refuse any individual cookies or block some or all cookies. Please note though that if you disable or refuse cookies, some parts of this website may become inaccessible or not work properly.




We use cookies to track your use of our website. This enables us to understand how you use the site and track any patterns with regards how you are using our website. This helps us to develop and improve our website as well as products and / or services in response to what you might need or want.


17.          YOUR LEGAL RIGHTS  


Current data protection laws provide you with certain rights. These include the right, in certain circumstances, to:


  • request access to your personal data;
  • request correction of your personal data;
  • request erasure of your personal data;
  • object to processing of your personal data;
  • request restriction of processing your personal data;
  • request transfer of your personal data; and
  • right to withdraw consent.


You can find more information about your rights here:

If you wish to exercise any of the rights set out above or have any queries, please email us at


Generally, fees for access to your personal data (or in the exercise of any of your other rights) can no longer be charged. You will therefore not have to pay any fee to exercise your rights, including to access your own personal data. However, if your request is clearly unfounded, repetitive or excessive we may either decide to charge a reasonable fee or we may refuse to comply with your request. We will always explain to you our reasons for doing so.


In order to help us we may need to confirm your identity and ensure that you have the right to access the data you are requesting or exercise any of your other rights. In order to do that, we may need to request specific information from you as a security measure to ensure that we are not disclosing personal data to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request in order to speed up our response.


Legitimate requests will generally be dealt with in one calendar month. Sometimes it may take a bit longer if there are numerous requests or if the request is a little more complex than usual. We will always try to keep you up to date with our progress.




It is very important that any personal data we hold about you is correct and is current i.e. is up to date. You have the right to correct us if any information we hold is incorrect or out of date. Please tell us if at any time your personal information changes or if we just have it wrong by emailing us at




Sometimes, we might get something wrong. If we do, we want to put it right. We would really appreciate it if you would contact us first to try and resolve the issue if you ever have any cause to be unhappy with any aspect of the way in which we collect and use your data. However, if you remain unhappy please note that you always have the right to make a more formal complaint through the Information Commissioner’s Office (ICO) is the UK supervisory authority for data protection issues and their website is at We will work with ICO to ensure that any such complaint is dealt with to your complete satisfaction and in as short a time as possible.