top of page

Privacy Policy

Last updated: 23rd April 2026

 

At Bob's Home Office Furniture, we take your privacy seriously. This notice explains what personal data we collect, how we use it, how long we keep it, and the rights you have under UK data protection law.

We've written this in plain English wherever possible. If anything's unclear, email Bob at bob@bobshomeofficefurniture.co.uk and we'll happily explain.

 

1. Who We Are (Data Controller)

The data controller responsible for your personal data is:

  • Name: Bob Robinson, trading as Bob's Home Office Furniture

  • Address: 43 Garnethill Street, Glasgow, G3 6QD, United Kingdom

  • VAT number: 479 9422 30

  • Email: bob@bobshomeofficefurniture.co.uk

  • Phone: 07737 426343

As a small business, we're not required to appoint a Data Protection Officer. Any queries about this notice or your personal data should be directed to Bob at the address above.

 

2. What Data We Collect

Depending on how you use the Site, we may collect the following:

When you place an order or contact us

  • Name

  • Email address

  • Phone number

  • Billing and delivery address

  • Order details and purchase history

  • Any correspondence you send us

Payment information

We do not see, store, or process your full credit or debit card details. All card payments are handled directly by our payment processor, Wix Payments (operated by Wix.com Ltd), which is PCI-DSS certified. We receive only a transaction confirmation and the last four digits of the card used.

When you browse the Site

  • IP address

  • Browser type and version

  • Device and operating system

  • Pages visited, time spent on pages, and navigation paths

  • Referring website (how you found us)

Most of this browsing data is collected only if you accept non-essential cookies (see Section 7).

 

3. Why We Collect It (Legal Basis)

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following:

  • Contract: To process your order, take payment, arrange delivery, and handle returns or warranty claims.

  • Legal obligation: To keep records for tax and accounting (e.g. HMRC requires us to retain VAT records for 6 years).

  • Legitimate interests: To respond to enquiries, improve our website, prevent fraud, and understand how visitors use the Site — balanced against your rights and freedoms.

  • Consent: For non-essential cookies and analytics tools, collected via our cookie banner. You can withdraw consent at any time.

 

4. How Long We Keep Your Data

We only keep personal data for as long as necessary, with specific retention periods for different types:

  • Order records (name, address, order details, invoices): 6 years from the date of the order, in line with HMRC tax record-keeping requirements.

  • Email correspondence: Up to 2 years after the last contact, unless relevant to an ongoing matter.

  • Website analytics data: Retained as set by Google Analytics (default 14 months) and Microsoft Clarity (default 30 days to 2 years).

  • Cookie consent records: For as long as the cookie is active, or up to 12 months from your last visit.

After the applicable retention period, data is either deleted or anonymised so it can no longer be linked to you.

 

5. Who We Share Your Data With

We do not sell or rent your personal data to anyone, ever. We share limited data only with trusted third parties who help us operate the business. All of them are bound by data processing agreements.

Processors we use

  • Wix.com Ltd — our website platform and hosting provider. Handles site data, contact forms, and operates Wix Payments for card processing.

  • Our manufacturers and couriers — to dispatch and deliver your order, we share the minimum data required (name, delivery address, phone number, order details).

  • Google Analytics (Google LLC) — for website analytics, only if you accept analytics cookies.

  • Microsoft Clarity (Microsoft Corporation) — for pseudonymous session recordings and heatmaps, only if you accept analytics cookies.

  • HMRC and other authorities — where we're required by law (e.g. for tax, fraud prevention, or court orders).

 

6. International Data Transfers

Some of our processors — including Wix, Google, and Microsoft — are based outside the UK (primarily in the United States and Israel). When your data is transferred internationally, we rely on the following safeguards required by UK GDPR:

  • UK-US Data Bridge / EU-US Data Privacy Framework — covers transfers to certified US providers.

  • Standard Contractual Clauses (SCCs) — the UK-approved contractual framework for international transfers.

  • UK International Data Transfer Agreement (IDTA) — where applicable.

Where a provider is based in Israel, the UK recognises Israel as providing adequate data protection, so no additional safeguard is required.

 

7. Cookies & Tracking Technologies

Our Site uses cookies and similar technologies, governed by the Privacy and Electronic Communications Regulations 2003 (PECR) and UK GDPR.

Cookie banner

When you first visit, you'll see a cookie banner with options to Accept or Reject non-essential cookies. Essential cookies (needed for the site to function — e.g. remembering your basket) are always active. Non-essential cookies (analytics, marketing) are only set if you accept them.

You can change your cookie preferences at any time via the cookie settings link in our footer or by clearing your browser cookies for this site.

Cookies we use

  • Essential cookies: Set by Wix to keep the Site running (basket, checkout, login, security). No consent required — they can't be disabled while using the Site.

  • Analytics cookies (Google Analytics): Help us understand how visitors use the Site so we can improve it. Consent required.

  • Session recording (Microsoft Clarity): Records pseudonymous session replays and heatmaps to help us improve usability. Consent required.

You can also manage or block cookies in your browser settings (Chrome, Safari, Firefox, Edge all have their own cookie controls). Blocking essential cookies may stop parts of the Site from working.

 

8. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right to be informed — which this notice exists to provide.

  • Right of access — to request a copy of the data we hold about you.

  • Right to rectification — to have inaccurate or incomplete data corrected.

  • Right to erasure — to have your data deleted in certain circumstances (the "right to be forgotten").

  • Right to restrict processing — to pause how we use your data while a query is resolved.

  • Right to data portability — to receive a copy of your data in a portable format.

  • Right to object — to our use of your data where we rely on legitimate interests.

  • Right to withdraw consent — where we're processing on the basis of consent (e.g. non-essential cookies).

To exercise any of these rights, email bob@bobshomeofficefurniture.co.uk. We'll respond within one calendar month, as required by UK GDPR. These requests are free of charge, though we may charge a reasonable fee or refuse requests that are clearly excessive or repetitive.

Right to complain

If you think we've handled your personal data incorrectly, we'd like the chance to put it right — please email bob@bobshomeofficefurniture.co.uk first.

You also have the right to lodge a complaint with the UK regulator, the Information Commissioner's Office (ICO):

  • Website: https://ico.org.uk

  • Phone: 0303 123 1113

  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

 

9. Data Security

We take data security seriously and use the following measures:

  • HTTPS / SSL encryption — all data transmitted to and from the Site is encrypted in transit.

  • PCI-DSS compliant payment processing — card data is handled by Wix Payments, not stored on our systems.

  • Two-factor authentication — on our Wix admin account and email.

  • Platform-level security — Wix operates ISO 27001 / 27017 / 27018 certified data centres and regular security audits.

Despite these measures, no method of electronic transmission or storage is 100% secure. If we ever discover a personal data breach, we'll notify affected users and the ICO within 72 hours where required under UK GDPR Article 33.

 

10. Automated Decision-Making & Profiling

We do not use automated decision-making or profiling to make decisions about you that have legal or similarly significant effects.

 

11. Children's Data

Our Site and products are directed at adults. We do not knowingly collect personal data from children under 13. If you're aware that a child has provided us with personal data, please contact us at bob@bobshomeofficefurniture.co.uk and we'll delete it.

 

12. Changes to This Notice

We may update this Privacy Policy from time to time to reflect changes to the law, our practices, or the tools we use. The "Last updated" date at the top of this page shows when it was last revised. Material changes will be highlighted, and where appropriate we'll contact you directly.

 

13. Contact Us

If you have any questions about this Privacy Policy, or about how we handle your personal data:

bottom of page