Our Privacy Policy
Introduction
Drakes Display Ltd respects your privacy and is committed to protecting your personal data. Shopfitting Warehouse is a brand and trading name of Drakes Display Ltd.
This privacy policy explains how we collect, use, share and protect your personal data when you visit our website, place an order with us (online, by telephone, by email or in person), open or operate an account with us, or otherwise deal with us. It also explains your rights and how the law protects you.
We deal with both business customers and consumers. Where you deal with us on behalf of a business, this policy applies to your personal data as an individual (for example, as a contact, buyer or director), and to the personal data of sole traders and partners, who are identifiable individuals in law.
We are the controller of your personal data. Please read this policy together with any other privacy notice we may give you on specific occasions, which supplements (and does not override) this policy.
Our website is not directed at children, and we do not knowingly collect personal data relating to children. We do not seek or deliberately collect special category data (sensitive information such as data about health, race or ethnicity, or religious beliefs) or data about criminal convictions and offences.
At a glance
The key points are summarised below; full detail follows in the numbered sections.
| Who we are | Drakes Display Ltd, trading as Shopfitting Warehouse – the controller responsible for your personal data. |
| What we collect | Your contact and account details, order and payment information, credit-account information for business customers, and data about how you use our website. |
| Why we use it | To take and fulfil orders, run accounts and credit, provide customer service, meet our legal duties, and – with your consent or where the law allows – to market to you. |
| Who we share it with | Trusted providers who help us run the business (payments, delivery, IT, marketing and reviews), our professional advisers, and authorities where required. |
| Your choices | You can opt out of marketing at any time, and you can ask to access, correct, delete or move your data, or object to how we use it. |
| Questions or complaints | Email sales@shopfittingwarehouse.co.uk. You can also complain to the Information Commissioner’s Office (ico.org.uk). |
1. Who we are and how to contact us
Controller: Drakes Display Ltd (trading as Shopfitting Warehouse)
Registered office / postal address: 11/13 Bridge Street, Bailie Gate Industrial Estate, Sturminster Marshall, Dorset, BH21 4DB, United Kingdom
Company registration number: 07145595 VAT number: GB 985 1809 78
Email (data protection enquiries): sales@shopfittingwarehouse.co.uk
Telephone: +44 (0)1258 859900
If you have any questions about this policy, or wish to exercise any of your rights, please contact us using the details above.
The law that applies
We process personal data in accordance with the UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003 (PECR), each as amended (including by the Data (Use and Access) Act 2025).
2. The personal data we collect about you
Personal data means any information from which a living individual can be identified. We may collect, use, store and transfer the following categories:
- Identity Data – first name, last name, title, username, and (for business contacts) job title or role.
- Contact Data – billing address, delivery address, email address and telephone numbers.
- Business Contact Data – the name, business address, email, phone and role of individuals who deal with us for a business customer or supplier.
- Financial Data – bank account and payment details. Card payments are handled by our payment providers, and we do not store full card numbers.
- Transaction Data – details of payments and of the products and services you have purchased from us.
- Credit Data – where your business applies for a credit account, information relevant to assessing creditworthiness, including reports from our credit reference provider and limited personal data about associated individuals such as directors. See section 7.
- Technical Data – IP address, login data, browser type, time zone and location settings, device and platform information.
- Profile Data – your username and password, orders, interests, preferences, feedback and survey responses.
- Usage Data – information about how you use our website, products and services.
- Marketing and Communications Data – your marketing and communication preferences (recorded separately for email, SMS and other channels).
- Customer service content – the content of enquiries, messages and reviews you send us. We ask you not to include sensitive information in free-text messages, and we do not deliberately collect it.
We also use Aggregated Data (statistical or demographic data) which does not identify you. If we combine it with your personal data so that it identifies you, we treat the combined data as personal data.
If you do not provide personal data that we need by law or under a contract, we may be unable to perform that contract (for example, to supply goods or open an account).
3. How we collect your personal data
We collect personal data through:
- Direct interactions – when you create an account, place or enquire about an order, request a quotation, apply for a credit account, sign up to marketing, complete a form or survey, leave a review, or contact us.
- Automated technologies – cookies and similar technologies collect Technical and Usage Data as you use our site. See section 6 and our cookie policy.
- Third parties and public sources – our credit reference provider and public sources such as Companies House (for credit assessment); payment, delivery and analytics providers; and, for business development, publicly available business information.
4. How and why we use your personal data
We only use your personal data when the law allows. We rely on one or more of: performance of a contract; our legitimate interests (where not overridden by your rights); compliance with a legal obligation; and, where required (in particular for marketing and cookies), your consent. The table summarises our main uses and bases; where we rely on legitimate interests we have carried out a balancing assessment, which you can ask us about.
| Purpose / activity | Categories of data | Lawful basis |
|---|---|---|
| Register and administer your account; authenticate users | Identity; Contact; Business Contact; Profile | Performance of a contract Legitimate interests (account administration) |
| Process, fulfil and deliver orders; manage payments, refunds and re-orders; recover sums owed | Identity; Contact; Financial; Transaction | Performance of a contract Legitimate interests (recovering sums due) |
| Assess and periodically review (usually annually) applications for a credit account; credit control | Identity; Contact; Financial; Transaction; Credit | Legitimate interests (assessing and managing credit risk) |
| Manage our relationship and provide customer service, including service messages, courtesy and follow-up contact, and inviting reviews | Identity; Contact; Business Contact; Profile; Marketing & Communications | Performance of a contract Legal obligation Legitimate interests (servicing and improving the relationship) |
| Send marketing by email and SMS about products, services and offers | Identity; Contact; Business Contact; Profile; Marketing & Communications | Consent (consumers) Legitimate interests / existing-customer soft opt-in (business customers) |
| Send web-push notifications | Technical; Marketing & Communications | Consent |
| Send postal marketing (letters and brochures) to existing customers about related products | Identity; Contact; Business Contact | Legitimate interests (marketing similar products to existing customers) |
| Contact business contacts about products and services relevant to their organisation | Identity (where applicable); Business Contact | Legitimate interests (B2B marketing), subject to the channel rules in section 5 |
| Market related products to existing and past business customers | Identity; Contact; Business Contact; Transaction | Legitimate interests / existing-customer soft opt-in; consent where required |
| Deliver, target and measure online advertising; conversion tracking (including enhanced conversions) and profiling for relevance | Identity; Contact; Online identifiers; Usage; Technical; Marketing | Consent (cookies and advertising data-sharing) Legitimate interests (relevance and measurement) |
| Operate, secure and improve our website and business; analytics; fraud prevention | Identity; Contact; Technical; Usage | Legitimate interests Legal obligation |
| Comply with legal, tax and accounting obligations; establish or defend legal claims; business reorganisation | Any, as relevant | Legal obligation Legitimate interests |
Change of purpose. We will only use your personal data for the purposes for which we collected it, unless a new purpose is compatible. If we need to use it for an unrelated purpose, we will notify you and explain the lawful basis. We may process data without your knowledge or consent where required or permitted by law.
5. Marketing, advertising and communications
Email and SMS marketing. How we market to you depends on whether you are a consumer or a business customer. For consumers, our email and SMS marketing is consent-based: we send it only where you have opted in. For business customers, we may also send you marketing about products and services similar to those you have bought or enquired about, unless you ask us not to, and we may send marketing to business email addresses. We record your email and SMS preferences separately, every message includes a simple way to opt out (an unsubscribe link, or replying STOP to a text), and you can stop at any time. We keep our marketing lists up to date and remove contacts who are no longer engaging.
Web-push notifications. If you choose to allow web-push notifications in your browser, we may send you updates and offers. You can withdraw this at any time in your browser settings.
Service and follow-up contact. Separately from marketing, we may contact you about your order or account, and we may make courtesy or follow-up calls to thank you and check everything is in order. These are service communications. If, during such contact, you ask or wish to hear more about our products and services, we are happy to tell you.
Postal marketing. We may send existing customers letters and brochures by post about products related to those they have bought, and information about us. You can ask us to stop sending postal marketing at any time.
Business development. We may contact businesses about products and services relevant to their organisation, including business contacts whose details we hold or obtain from publicly available sources. You can opt out at any time. We do not carry out cold marketing to consumers.
Online advertising and profiling. We work with advertising platforms such as Google, Microsoft and Meta (including Facebook and Instagram) to show you relevant advertising and to measure its effectiveness. This may involve sharing data such as hashed (encoded) email addresses or online identifiers with those platforms to match conversions and build audiences. We rely on the consent you give through our cookie banner for this advertising data-sharing.
Consumers. For consumers, our electronic marketing (email and SMS) is always consent-based; we do not rely on legitimate interests to send consumers electronic marketing.
Your choices. You can opt out of marketing at any time using the unsubscribe link, by replying STOP, by adjusting your preferences, or by contacting us. Opting out of marketing will not stop service communications about a purchase, account or warranty. You have an absolute right to object to direct marketing on any channel, including post.
Profiling and automated decisions. Any profiling we carry out is to make our marketing and website content more relevant. We do not make decisions about you that produce legal effects, or similarly significantly affect you, based solely on automated processing.
We do not sell or rent your personal data to third parties for their own marketing.
6. Cookies and similar technologies
We use cookies and similar technologies to operate our website, remember your preferences, measure performance and (with your consent) deliver advertising. We manage cookie consent through a consent banner, and we place non-essential cookies – including advertising and most analytics cookies – only where you have given consent. Certain strictly necessary cookies, and certain low-risk analytics and functionality cookies that the law now exempts, may be set without consent. You can change your preferences at any time. For details, see our cookie policy.
7. Credit accounts
We offer credit accounts to some eligible limited company customers. When you apply for a credit account, and periodically while the account is open (usually annually, when we review or renew your credit terms), we assess the creditworthiness of the applicant or customer business. To do this we may obtain credit reports from a credit reference provider and may review publicly available sources such as the Companies House register.
A company’s credit information is information about the business and is generally not personal data. However, in carrying out these checks we may process limited personal data about individuals associated with the business, such as directors, where that information appears on or alongside the company’s record or in public sources. We rely on our legitimate interests in assessing and managing credit risk before and during the provision of trade credit.
We do not share information about your account or payment performance back to credit reference agencies, and we do not use fraud prevention agencies or automated credit-scoring for this purpose.
8. Who we share your personal data with
We may share your personal data with the following categories of recipient, for the purposes set out in section 4:
- Payment providers – who process payments for your online and telephone orders. These providers are independent controllers of the payment data they handle and process it under their own terms.
- Our website and IT providers – including our website and order-management platforms, customer-service and CRM tools, and hosting and security providers.
- Delivery and logistics partners – our carriers (parcel carriers and pallet networks) and, where an order is fulfilled directly, the supplier and their carriers shipping to you.
- Marketing, advertising and analytics providers – our email/SMS platform, advertising platforms such as Google, Microsoft and Meta, and supporting advertising and analytics tools.
- Review platforms – such as Trustpilot and Judge.me, to invite and display reviews of our products and services.
- Our credit reference provider – where your business applies for or holds a credit account (see section 7).
- Professional advisers, regulators and authorities – lawyers, accountants, auditors, insurers and bankers; and HM Revenue & Customs, the courts and other authorities where required by law.
- Purchasers or investors – if we sell, transfer or reorganise our business, the new owner may use your data as described in this policy.
Where a third party processes personal data on our behalf, we require it to act only on our instructions and to keep the data secure and confidential, and we usually have written data-processing agreements in place. Some recipients, including our payment providers, delivery partners, and review platforms, act as independent controllers and handle your personal data in accordance with their own privacy policies.
9. International transfers
Most of our core systems keep your data in the UK or the European Economic Area (EEA). Our website platform, for example, stores order and customer data at rest in Europe, and the EEA is covered by the UK’s own adequacy regulations, so no additional safeguard is needed for those transfers.
Some of our providers – in particular certain marketing, advertising, customer-service and analytics tools – process data in the United States or other countries outside the UK. Where we transfer personal data outside the UK to a country without UK adequacy, we rely on an appropriate safeguard, namely:
- a UK adequacy decision for the destination; or
- for the United States, the UK–US Data Bridge (the UK Extension to the EU–US Data Privacy Framework) where the recipient is certified; or
- the UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses.
10. Data security
We have put in place appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, alteration or disclosure. We limit access to those who need it, under a duty of confidentiality, and we have procedures to deal with any suspected personal data breach and to notify you and any regulator where legally required.
11. How long we keep your personal data
We keep your personal data only for as long as necessary for the purposes we collected it for, including to satisfy legal, tax, accounting and reporting requirements and to establish or defend legal claims. In general, we keep basic customer information (Identity, Contact, Financial and Transaction Data) for six years after the end of our relationship. Marketing contacts are kept until you opt out (with a suppression record), and unengaged marketing contacts are removed after a maximum of 12 months. We may keep certain data longer where a legal claim is live or anonymise it for research or statistics.
12. Your legal rights
Subject to certain conditions, you have the right to: request access to your personal data; request correction; request erasure; object to processing based on our legitimate interests, and object at any time to direct marketing; request restriction of processing; request transfer (portability); and withdraw consent at any time (without affecting earlier processing).
No fee usually required. You will not normally have to pay a fee. We may charge a reasonable fee, or refuse to act, if a request is manifestly unfounded or excessive.
Time limit. We aim to respond within one month. If we need to verify your identity or ask you to clarify your request, the one-month period does not begin until we have that information. We may extend by up to two months for complex or numerous requests and will tell you if so.
13. How to make a request or complaint
If you wish to exercise any right, or you are unhappy with how we have handled your personal data, please contact us first using the details in section 1. We will acknowledge a data protection complaint within 30 days and take appropriate steps to respond and keep you informed.
You also have the right to complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk or on 0303 123 1113. We would appreciate the chance to address your concerns first.
14. Changes to this policy
The version number and date at the bottom show the current version. We may update this policy from time to time; the current version is always on our website, and we will tell you about material changes where appropriate. Previous versions are available on request.
Keeping your data accurate. Please let us know if your personal data changes during your relationship with us.
15. Third-party links
Our website may include links to third-party websites, plug-ins and applications. We do not control these and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.
16. Glossary of lawful bases
- Performance of a contract – processing necessary to perform a contract with you, or to take steps at your request before entering into one.
- Legitimate interests – our interest in running our business well, balanced against your interests, rights and freedoms.
- Legal obligation – processing necessary to comply with a legal or regulatory obligation.
- Consent – your clear, specific, informed and freely given agreement, which you can withdraw at any time.
Version June 2026. Last updated: 15 June 2026