Last Updated: 12th May 2026
1. Introduction
Welcome to Norfolk Window Film (norfolkwindowfilm.co.uk). We respect your privacy and are committed to protecting your personal data. This policy explains how we handle your information when you visit our website, book a service, or interact with us.
2. The Data We Collect
We collect and process the following:
- Identity & Contact Data: Name, email, phone, and address provided via our secure booking system.
- Optional Visual Data: At your discretion, you may choose to provide images of window panes or installation sites to assist us in preparing for your service.
- Transaction Data: Details about payments (processed securely via PayPal).
- Technical Data: IP address, browser type, and location data used for security and site functionality.
3. How We Use Your Data
We use your information to:
- Process Payments: Facilitating secure transactions via encrypted gateways.
- Fulfill Services: Processing bookings and reviewing any imagery you provide to aid your installation.
- Communicate: Sending booking confirmations and service updates.
- Marketing & Case Studies: On occasion, we may invite you to feature your installation as a “Case Study.” We will only use images or details of your project for marketing purposes where you have provided separate, explicit written consent to do so.
- Securing the Website: Protecting against unauthorized access and fraudulent activity.
4. Data Hosting, Security & Transfers
Primary UK Hosting: Our website files and core databases are maintained by a specialist UK‑based hosting provider, ensuring your primary records remain stored within the UK. This supports our obligations under UK GDPR for data minimisation and localised storage.
Site Performance & Caching: We utilise caching technology to improve website loading speeds and provide a better user experience. This may involve storing temporary copies of web pages. These cached files are stored locally on our secure server and do not contain sensitive personal identity data. The legal basis for this processing is our legitimate interest in delivering a fast and reliable website.
Image Optimisation: We use secure image‑optimisation services to improve site speed and performance. This may involve temporary processing of uploaded images to ensure efficient file delivery. Only the minimum data required for optimisation is processed, and files are deleted automatically once optimisation is complete.
Site Protection & Data Integrity: To protect your information, we utilise advanced security monitoring and firewall protection. These tools process technical data (such as IP addresses, browser information, and request patterns) to detect, block, and investigate malicious activity. This processing is carried out under our legitimate interest in maintaining the security and integrity of our website.
Security Log Retention: Security logs are retained only for as long as necessary to maintain the security and integrity of our website. Retention periods vary depending on system activity and threat levels but typically range from a few hours to several weeks. These logs are also used to prevent fraudulent submissions.
Backup Systems: Automated backup systems are in place to ensure that your booking data can be recovered in the event of a system failure. Backups are stored securely using encrypted cloud‑based storage services and are retained for a maximum of two months before being automatically overwritten. This retention period ensures operational continuity while minimising the amount of personal data held.
Booking & Transaction Records: Booking information, service history, and associated transaction data are retained for up to six years. This retention period is required to meet our legal obligations for tax, accounting, and fraud‑prevention purposes, and to resolve any contractual queries that may arise.
International Service Partners: We work with select global service partners for specialised operational tasks. Where these partners process personal data, transfers are protected by standard contractual clauses or equivalent legal safeguards. These partners support the following functions:
- Secure Payments: Payment processing is handled by a global payment provider operating under strict financial and data‑protection standards.
- Spam Protection: We use automated verification tools to ensure form submissions are legitimate and to prevent fraudulent bookings. These tools may process technical data such as IP addresses and form content solely for the purpose of detecting spam.
- Calendar Integration: We sync booking data with secure cloud‑based calendar services to manage our service schedule.
- Marketing Analytics: We use advertising and analytics services to measure the effectiveness of our marketing. Non‑essential analytics and advertising cookies are only activated with your consent, as outlined in our Cookie Policy, see section 6.
5. Payment Security & PCI Compliance
We are a Level 4 Merchant compliant with PCI-DSS standards. We do not store or transmit card information on our own servers. All financial data is handled directly by PayPal using secure tokenization technology.
6. Cookies
We use cookies for:
- Functionality: To manage the booking process and maintain site performance (including caching preferences).
- Marketing: We use Google Ads cookies to track the effectiveness of our advertising. You can manage these via the consent banner on our site or through your browser settings.
Learn more on our Cookie Policy page. (including caching preferences).
7. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including meeting legal, accounting, and security obligations. Retention periods are:
| Data Type | Retention Period | Purpose / Legal Basis |
|---|---|---|
| Booking & Transaction Records | Up to 6 years | Required for tax, accounting, fraud‑prevention, and resolving contractual queries. |
| Security Logs | A few hours to several weeks | Detecting, blocking, and investigating malicious activity. |
| Backups | Up to 2 months | System recovery and operational continuity. |
| Optional Installation Imagery | Retained only until the installation has been completed and the imagery is no longer required for planning or quotation purposes. | Used only when customers voluntarily provide images for installation planning or quotation purposes. |
| Optional Case‑Study Imagery | Retained until consent is withdrawn or the imagery is no longer required for marketing purposes. | Used for portfolio, marketing, or case‑study purposes with explicit consent. |
| Financial Records | Up to 6 years | HMRC compliance and accounting obligations. |
| Marketing Preferences | 2 years of inactivity | Managing marketing communications, upon consent only. |
8. Your Legal Rights
Under UK law, you have the right to request a copy of, correction of, or erasure of your personal data. You also have the right to object to or restrict certain processing activities.
9. Contact Us
For any privacy-related questions, please contact us at: info@norfolkwindowfilm.co.uk
