Legal

Privacy Policy

Website: Bespokeacornunits Effective date: 14 April 2026 Version: 1.0

1. Introduction

Bespoke operates the website at https://bespokeacornunits.com/ (the “Site”). This Privacy Policy explains how we collect, use, store, share, and protect personal data when you browse the Site, use the product catalogue and configurator, and submit an enquiry about a bespoke furniture product.

This Policy is intended to comply with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, and, where relevant, the Privacy and Electronic Communications Regulations 2003 (“PECR”).

2. Data We Collect

We collect personal data that you provide directly when you interact with the Site, particularly when you submit an enquiry through our forms.

The personal data we currently collect includes:

  • First name
  • Last name
  • Email address

Depending on how the form is completed, we may also process details of the product you are interested in, the configuration options you selected, and the content of your enquiry message.

We also process limited technical information collected automatically when you visit the Site, such as your IP address, browser type, device type, pages visited, session identifiers, and general usage data needed for security, performance, and core website functionality. When you submit a form on the Site, we may also use Cloudflare Turnstile to help distinguish legitimate users from automated submissions. In connection with this security check, certain technical and behavioural signals may be processed, such as IP address, browser and device characteristics, and interaction data necessary to assess whether a request is made by a human or an automated system.

3. Purpose of Processing and Legal Basis

We process your name, surname, email address, selected product configuration, and enquiry details in order to respond to your request, discuss specifications, prepare a quotation, and manage pre-contract communications.

The legal basis for this processing is:

  • Contract / pre-contract steps: where your enquiry relates to taking steps at your request before entering into a contract.
  • Legitimate interests: where we need to operate the Site, respond to commercial enquiries, and improve our service offering.
  • Legal obligation: where processing is required to comply with applicable laws or lawful requests.
  • Consent: where we rely on your consent for optional cookies or similar tracking technologies.

We process essential technical and session data to keep the Site secure, prevent abuse, detect technical issues, and maintain service continuity. This is generally based on legitimate interests and, for strictly necessary cookies, the applicable PECR exemption. We also process technical and anti-abuse related data through Cloudflare Turnstile in order to protect the Site, our forms, and our services from spam, fraud, and automated misuse. The legal basis for this processing is our legitimate interests in maintaining the security, integrity, and availability of the Site and preventing abusive or malicious activity.

4. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected.

  • Enquiry records: up to 24 months from the last meaningful contact.
  • Security and technical logs: up to 12 months, unless longer retention is required for investigation or legal purposes.
  • Cookie and consent records: for the duration of the relevant cookie and, where necessary, for up to 12 months to demonstrate compliance.
  • Contract-related records: longer where required for performance of a contract, warranty issues, tax, accounting, or legal claims.

5. Third-Party Sharing

We do not sell your personal data. We may share personal data only where necessary with trusted service providers and professional advisers.

Categories of recipients may include:

  • Hosting and cloud infrastructure providers
  • Email delivery providers
  • IT support and security providers
  • Professional advisers, including legal and accounting advisers
  • Regulators, courts, law enforcement, or public authorities where legally required

Where form protection is enabled, we may also share limited technical and security-related data with Cloudflare, Inc. and its affiliated entities in connection with the operation of Cloudflare Turnstile, which we use to protect our forms against spam and automated abuse.

6. Cookies and Tracking

The Site may use cookies and similar technologies for essential functionality, security, session handling, and user preference management.

If we use optional analytics or marketing cookies, these will only be used where required consent has been obtained. Users can manage cookie preferences through the cookie banner or browser settings, although disabling some cookies may affect site functionality.

7. Your Rights

Under the UK GDPR, you may have the right to:

  • Request access to your personal data
  • Request rectification of inaccurate or incomplete data
  • Request erasure of your personal data in certain circumstances
  • Request restriction of processing
  • Object to processing based on legitimate interests
  • Request data portability where applicable
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise your rights, contact us at sales@bespokeacornunits.com. We may ask for information to verify your identity before processing your request.

8. International Data Transfers

Some service providers may process personal data outside the United Kingdom. Where that happens, we will ensure appropriate safeguards are in place, such as adequacy regulations, the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or other lawful transfer mechanisms.

This may include transfers related to third-party infrastructure, security, hosting, or anti-abuse providers, including Cloudflare services where used.

9. Security Measures

We use appropriate technical and organisational measures to protect personal data against unauthorised access, misuse, loss, destruction, or alteration. These measures may include HTTPS/TLS encryption, access controls, secure passwords, system updates, server hardening, backups, and restricted administrator access.

While we take reasonable steps to protect personal data, no online system can be guaranteed to be completely secure.

These measures may include HTTPS/TLS encryption, access controls, secure passwords, system updates, server hardening, backups, restricted administrator access, and anti-bot or anti-abuse protections such as Cloudflare Turnstile on selected forms.

10. Children’s Privacy

The Site is not intended for children under the age of 18. We do not knowingly collect personal data from minors. If we become aware that personal data from a child has been collected without proper authority, we will delete it as soon as reasonably practicable.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the Site, legal requirements, or our data practices. When we make material changes, we will update the effective date at the top of this page and, where appropriate, provide a prominent notice on the Site.

12. Contact / Data Protection Contact

If you have any questions about this Privacy Policy, your personal data, or your privacy rights, please contact:

Email: sales@bespokeacornunits.com