Privacy Policy

1. Who we are and scope of this policy

DahliaHouse operates the website at dahliahouse.co.uk (the Site). We are the controller of the personal data we collect through the Site and related communications. This Privacy Policy explains how we collect, use, disclose and protect your personal data when you visit or interact with the Site, subscribe to updates, make enquiries, or otherwise communicate with us.

This policy is intended to comply with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). If you are located in the European Economic Area (EEA), we will also comply with the EU GDPR where it applies.

2. Personal data we collect

2.1 Data you provide to us

  • Contact details: name, email address, phone number.
  • Account details (if we offer account features): username, password, profile information.
  • Enquiry and correspondence data: the content of your messages, support requests, and feedback.
  • Marketing preferences: your subscriptions and choices about receiving communications.
  • Transaction details (if purchases or bookings are offered): the products/services selected, order information, billing details. Payment card details are processed by our payment provider and not stored in full by us.
  • Event or newsletter registrations: your registration details and attendance information.

2.2 Data collected automatically

  • Usage data: pages viewed, links clicked, the time and duration of visits, referring URLs.
  • Device and technical data: IP address, browser type and version, device identifiers, operating system, screen resolution, language settings.
  • Cookie and similar technology data: identifiers, consent preferences, and information used to operate and improve the Site. See section 4 for details.

2.3 Data from third parties

  • Service providers and partners: analytics information, anti-fraud signals, payment status, or fulfilment updates.
  • Publicly available sources: information made public by you (for example, via professional profiles) where relevant to a specific interaction with us.

3. Purposes and legal bases for processing

We only process personal data where we have a lawful basis under the UK GDPR and, where applicable, the EU GDPR. The purposes and legal bases include:

  • Providing and operating the Site, features, and services you request (Legal basis: performance of a contract or steps prior to entering a contract; UK GDPR Art. 6(1)(b)).
  • Responding to enquiries, providing customer support, and communicating with you (Legal basis: performance of a contract or legitimate interests in running our business and responding to requests; Art. 6(1)(b) or 6(1)(f)).
  • Sending you marketing communications where permitted and in line with your preferences (Legal basis: your consent for electronic marketing where required; or our legitimate interests in promoting our services where consent is not required under PECR; Art. 6(1)(a) or 6(1)(f)). You can opt out at any time.
  • Improving the Site, products, and user experience, including analytics and performance monitoring (Legal basis: your consent for non-essential cookies/analytics; or our legitimate interests where consent is not required; Art. 6(1)(a) or 6(1)(f)).
  • Security, fraud prevention, and diagnostics, including protecting the integrity of our systems (Legal basis: legitimate interests; Art. 6(1)(f)).
  • Compliance with legal obligations, regulatory requirements, and responding to lawful requests (Legal basis: compliance with a legal obligation; Art. 6(1)(c)).
  • Establishing, exercising, or defending legal claims (Legal basis: legitimate interests; Art. 6(1)(f)).

We do not intentionally collect special category data through the Site. Please do not provide sensitive information (e.g., health, biometric, or information about your racial or ethnic origin, political opinions, religious beliefs, or sexual orientation) via our forms.

We do not carry out decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you. We may use limited profiling to tailor marketing content, but only with your consent where required and with the ability to opt out.

4. Cookies and similar technologies

We use cookies and similar technologies to operate the Site, remember your preferences, analyse traffic and performance, and, where enabled, provide personalised content or marketing.

Categories of cookies we may use:

  • Strictly necessary cookies (essential): required for the Site to function and for security. These do not require consent.
  • Performance/analytics cookies: help us understand how visitors use the Site to improve it. These are used with your consent where required.
  • Functional cookies: remember your settings and choices to enhance your experience. These are used with your consent where required.
  • Advertising/targeting cookies: used to deliver relevant advertisements or measure campaign effectiveness. These are used with your consent.

Consent management: When you first visit the Site, you may be presented with a cookie banner allowing you to accept or reject non-essential cookies and to change your preferences at any time. Essential cookies will operate regardless of consent.

Cookie retention: Session cookies expire when you close your browser. Persistent cookies typically last from 1 day to 24 months unless you delete them earlier via your browser settings.

Browser controls: You can set your browser to block or delete cookies. Doing so may affect the availability and functionality of some parts of the Site.

5. Sharing your personal data

We may share your personal data with:

  • Service providers acting as processors who provide hosting, IT support, security, email delivery, analytics, content management, payment processing, customer support tools, and marketing services. We require processors to protect your data and only process it under our instructions.
  • Professional advisers (lawyers, auditors, insurers) where necessary for our legitimate interests and compliance.
  • Authorities, regulators, and law enforcement where we are legally required to do so or to protect rights, safety, and property.
  • Successors: in connection with a business transaction (e.g., merger, acquisition, or restructuring), your data may be transferred under appropriate safeguards and continuity of protection.

We do not sell your personal data.

6. International data transfers

Your personal data may be transferred outside the United Kingdom and the European Economic Area if our service providers or partners are located there or store data in those locations. Where such transfers occur, we ensure appropriate safeguards are in place, such as:

  • Adequacy regulations or decisions confirming the destination provides an equivalent level of protection.
  • Approved transfer mechanisms, including the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, and/or EU Standard Contractual Clauses, supplemented with additional measures where needed.

You can contact us for more information about our transfer safeguards.

7. Data retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Typical retention periods are:

  • Enquiries and correspondence: up to 24 months after the last interaction, unless needed longer for ongoing support or legal purposes.
  • Account information: for the life of the account and up to 24 months after closure, with some records retained longer where required by law.
  • Marketing preferences and contact details: until you unsubscribe or object; we may retain a suppression record to respect your opt-out.
  • Transaction records and invoices: 6 years from the end of the financial year in which the transaction occurred (to meet tax and statutory obligations).
  • Security logs and diagnostic data: typically 12 months, unless needed longer for investigation or legal reasons.
  • Cookies: see Section 4 for typical durations.

8. Your rights

Subject to applicable law, you have the following rights regarding your personal data:

  • Access: to obtain a copy of your personal data and information about how we process it.
  • Rectification: to correct inaccurate or incomplete data.
  • Erasure: to request deletion of your data in certain circumstances.
  • Restriction: to request we limit processing in certain circumstances.
  • Portability: to receive your data in a structured, commonly used, machine-readable format and to request we transfer it to another controller where technically feasible.
  • Objection: to object to processing based on our legitimate interests, including profiling; and to object at any time to processing for direct marketing.
  • Withdraw consent: where processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

These rights may be subject to conditions and exemptions. We will respond to valid requests within one month, or inform you if an extension is needed for complex requests.

9. How to exercise your rights

To exercise your rights or to make a privacy-related request, contact us using the details in Section 12. We may need to verify your identity before fulfilling your request. If you are acting on behalf of another individual, we may require proof of authority.

10. Data security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include, as appropriate:

  • Encryption in transit (TLS) and, where appropriate, at rest.
  • Access controls, least-privilege principles, and authentication safeguards.
  • Secure development and change management practices.
  • Regular monitoring, logging, and vulnerability management.
  • Staff training and confidentiality commitments.
  • Vendor due diligence and data processing agreements with our processors.
  • Incident response procedures to investigate and notify, where required, of personal data breaches.

No method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we continually work to protect your data.

11. Children’s privacy

The Site is not directed to children under 13 years old, and we do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided personal data to us, please contact us and we will take appropriate steps to delete such information. Where consent is relied upon for users under 13 in the UK, consent should be provided by a parent or guardian.

12. Data controller and DPO contact

DahliaHouse is the data controller for personal data processed via dahliahouse.co.uk.

Data Protection Officer (DPO) contact:

  • Email: privacy@dahliahouse.co.uk

General privacy enquiries can also be sent to the same email address. We encourage you to include “Privacy Request” in the subject line and to describe your request with sufficient detail.

13. Complaints

If you have concerns about how we process your personal data, please contact us first so we can try to resolve your concerns. You also have the right to lodge a complaint with the UK regulator, the Information Commissioner’s Office (ICO):

  • Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • Helpline: 0303 123 1113
  • Website: ico.org.uk

If you are located in the EEA, you can complain to your local supervisory authority.

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in laws, technologies, or our practices. If we make material changes, we will take appropriate steps to inform you, consistent with the significance of the changes (for example, by displaying a notice on the Site). Please review this policy periodically.

15. Effective date

Last updated: 16 December 2025

About The Editorial Team Terms of Service Legal Notice Privacy Policy Sitemap Contact
© 2025 DahliaHouse