Privacy Policy

This Privacy Policy explains how Royale Reflections (“we”, “us”) collects, uses, and protects your personal data when you use our website, make a booking, or contact us. We process personal data in accordance with the UK GDPR and Data Protection Act 2018.

1) Who we are (Data Controller)

Royale Reflections, Chigwell, Essex. For privacy queries, contact: [your email].

2) What data we collect

• Identity & contact: name, phone number, email, address, postcode.
• Booking details: selected services, session time, road/postcode, notes.
• Vehicle details (if applicable): registration, make, model.
• Payment info: handled by our payment provider (we don’t store card numbers on our servers).
• Communications: emails/SMS related to bookings, feedback, quotes.
• Technical data: IP address, device/browser data, and cookies (see Cookies below).

3) How we use your data (lawful basis)

• To provide services & manage bookings (contract).
• To send confirmations & service updates (contract/legitimate interests).
• To handle customer support & quotes (contract/legitimate interests).
• To take payments & issue receipts (contract/legal obligation).
• To improve our website & services (legitimate interests, analytics).
• Marketing (optional): only with your consent; you can opt out anytime.

4) Sharing your data

We only share data with essential service providers (e.g., payment processor, email/SMS provider, web hosting) under contracts that protect your information. We do not sell your personal data.

5) International transfers

If a supplier stores data outside the UK, we ensure appropriate safeguards (e.g., ICO-approved mechanisms or Standard Contractual Clauses).

6) Data retention

We keep booking and invoice records for up to 6 years (legal/accounting). Other data is kept only as long as necessary for the purposes above, then securely deleted or anonymised.

7) Your rights

• Access a copy of your data.
• Correct inaccurate data.
• Delete data (where applicable).
• Restrict or object to processing.
• Data portability (where applicable).
• Withdraw marketing consent at any time.

To exercise these rights, contact [your email]. You can also complain to the ICO: ico.org.uk.

8) Security

We use administrative, technical, and physical measures to protect your data. Access is limited to staff who need it to perform their role.

9) Cookies & analytics

We use essential cookies for site functionality and may use analytics to understand site usage. Where required, we’ll present a cookie banner for consent and provide options to manage preferences.

10) Children

Our services are not directed to children. We do not knowingly collect data from anyone under 16.

11) Changes to this policy

We may update this policy from time to time. We’ll post the new version here with the updated date above.