Windowflowers Limited


Windowflowers Ltd (“we” or “us””) are committed to protecting and respecting your privacy.

This Privacy Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

This Privacy Policy explains:

  • The scope of this Privacy Policy
  • Information that we may collect from you
  • Information that we collect automatically from you
  • How we store your personal data
  • How we use your information
  • Access to your information
  • Your rights relating to your data
  • Data Retention
  • Children’s Privacy
  • Changes to this Privacy Policy
  • How to contact us

For the purpose of the data protection legislation, the data controller is Windowflowers Ltd Grove Road, Burnham, Slough, Berkshire SL1 8DT and our nominated representative for this purpose is Miranda Arkell.

Scope of this Privacy Policy

The following types of information are covered by the scope of this Privacy Policy:

  • Personal information we collect through all websites operated by us including, but not limited to (“Website”).
  • Personal information we collect about you in the course of doing business with you, such as when you engage with us as a customer, potential customer, supplier, service provider, professional advisor, consultant or other third party in relation to the provision of our Services, and the operation of our business generally. This includes sales, marketing, business contact, transactions, support services or registration activities conducted by us.

This policy applies to the processing of personal data relating to customers, prospects, suppliers, business partners, vendors and other end users, the extent of which is determined and controlled by us in our sole discretion.

This Privacy Policy does not include any personal information that our customers and their end users input or upload into third party software such as Sage or Microsoft Excel. Please refer to the Privacy Policy of these software vendors for further information on their data collection policies.

Information We May Collect from You

Through your interaction with us, we may collect and process the following data about you for specific and lawful purposes:


  • Information that you provide by filling in forms on our website (“our site”). This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services.
  • We may also ask you for Information that we collect automatically during visits to our website, including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
  • Information customers and potential customers provide when engaging in or conducting business with us. The types of information we may collect includes, but is not limited to, names, email addresses, postal addresses, contact details, job titles, transactional information, usage information, financial/billing information, account information, correspondence and any other information you may choose to provide.
  • You may also choose to provide personal information, such as contact details and job titles, when you attend sales and marketing events, take part in surveys, or through other sales and marketing interactions we may have with you.
  • When you contact our support desk for service support we may record personal information such as contact details, e-mail addresses, phone numbers and job titles.
  • If you contact us, we may keep a record of that correspondence.
  • Telephone calls made to or received from ourselves may be recorded.
  • Details of interactions you have with us.
  • When you sign or review an electronic document that we send to you, for example a customer registration form, sales order, sales contract or Direct Debit Mandate
  • We also may collect information related to your company, location, or other demographic information that does not personally identify you. To the extent permitted by applicable law, we reserve the right to combine other information as defined above with personal information that you submit.
  • We may also obtain data from third parties, which may include business partners, managing agents, partners with which we offer co-branded services or engage in joint marketing activities, and publicly-available sources such as government databases or other data in the public domain. We protect data obtained from third parties according to this Privacy Policy, plus any additional restrictions imposed by the source of the data.

How We Store Your Personal Data

Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:

  1. processing is fair, lawful and transparent
  2. data is collected for specific, explicit, and legitimate purposes
  3. data collected is adequate, relevant and limited to what is necessary for the purposes of processing
  4. data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
  5. data is not kept for longer than is necessary for its given purpose
  6. data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
  7. we comply with the relevant GDPR procedures for international transferring of personal data


We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect about you. We implement a variety of security measures to maintain the safety of your personal information when you submit, or access your personal information.

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or business service providers. Our business service providers include Sage, Worldpay and JungleDisk. Such staff maybe engaged in things such as (a )the provision of services in connection with a contract between you and us or one of our partners and (b )the processing of your payment details. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

All information you provide to us is stored on our or our business service providers secure servers. Any payment transactions will be encrypted..

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

How We Use Your Information

We may use information held about you in the following ways:


  • To ensure that content from our website is presented in the most effective manner for you and for your computer.
  • To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
  • Where the processing is necessary prior to entering into a contract, for example to allow us to provide you with a quotation which you have requested.
  • To carry out our obligations arising from any contracts entered into between you and us.
  • To process and complete business transactions and send related information, including transaction confirmations and invoices
  • To send information to our customers about their account, contract, service alerts or updates, and other administrative or service-related communications
  • To notify you about changes to our service.
  • To respond to your comments, questions, and requests and provide customer service and support
  • To carry out research and development to improve our services that we offer.
  • We may also use your data to provide you with information about goods and services which may be of interest to you and we may contact you about these.
  • If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) or postal communication with information about goods and services similar to those which were the subject of a previous sale to you.
  • If you are a new customer we will contact you by electronic or postal communication only if you have consented to this.
  • To display cases studies and/or personal testimonials of satisfied customers on our website in addition to other endorsements. With your consent we may post your testimonial along with your name and company name.
  • With other business partners that are involved in providing business services.
  • To carry out other legitimate business purposes, as well as other lawful purposes about which we will notify our customers.

Disclosure of your Personal Information

We may disclose your personal information to any member of our group, which means our ultimate holding company and its subsidiary.

We do not sell your personal information to any third parties; however, we may share your personal information with third parties as follows:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If Windowflowers Ltd. or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply and agreements; or to protect the rights, property, or safety of us, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Access to Information Held About You

You have the right to access personal information held about you and to have your personal data rectified if it is inaccurate or incomplete. You may request access to the data held about you and correct the personal information we hold about you by contacting us at

We will normally comply with your data access request at no cost. However, if the request is manifestly unfounded or excessive, or if it is repetitive, we may contact you requesting a fee. The fee will be determined at the relevant time and will be set at a level which is reasonable in the circumstances. Before we provide personal information to you, we may require you to verify your identity by providing us with identification documentation.

We will respond to your access request without delay and at least within 30 days. Where requests are complex or numerous, we may contact you to inform you that an extension of time is required. The maximum extension period is two months.

Your Rights Relating to Your Data

You have the following rights in relation to the personal data we hold about your under data protection law:

  1. the right to access;
  2. the right to rectification;
  3. the right to erasure;
  4. the right to restrict processing;
  5. the right to object to processing;
  6. the right to data portability;
  7. the right to complain to a supervisory authority; and
  8. the right to withdraw consent.

You have the right to have any inaccurate personal data that we hold about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

In some circumstances you have the right to the erasure of your personal data without undue delay, for example where the personal data is no longer necessary in relation to the purposes for which it was collected or processed, if you withdraw consent to consent-based processing, if the processing is for direct marketing purposes; or where the personal data has been unlawfully processed. However, there are exclusions of the right to erasure, including where processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims.

You have the right to ask us not to process your personal data for direct marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to object to such processing by checking certain boxes on the forms we may use to collect your data. You can also choose to change your marketing choices at any time by contacting us at  Please note that if you do opt-out of receiving marketing- related emails from us, we may still send you important administrative messages, and you cannot opt-out from receiving account-related or other administrative messages.

Where the legal basis for our processing of your personal data is:

  1. consent; or
  2. that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract,

and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

Data Retention Period

We will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law, for legal, tax or regulatory reasons, or other legitimate and lawful business purposes.

Children’s Privacy

Our website, products and services are all directed to people who are at least 16 years old or older. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information as quickly as possible.

Changes to our Privacy Policy

We reserve the right to change, modify, add or remove portions of this Privacy Policy from time to time and at our sole discretion, but will alert you that changes have been made by indicating on this Policy the date it was last updated.

When you visit this website, you are accepting the current version of this Policy as posted on our website at that time. Our use of the information we collect is subject to the Privacy Policy in effect at the time such information is used. We recommend that users revisit this Privacy Policy on occasion to learn of any changes. Any changes we may make to our privacy policy in the future will be posted on our website and, where appropriate, notified to you by e-mail.

How to Contact Us

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to If you have any complaints regarding our compliance with this Privacy Policy, you should contact us in the first instance. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with this Privacy Policy.


Last Updated: May 2018

error: This content is protected!