Privacy Policy

Effective Date: 01 August 2025
Version: 1.0

1. Introduction and Scope

MJ Bespoke (“we,” “our,” or “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, process, and safeguard your personal information when you visit our website mjbespoke.co.uk or engage with our services.

This policy applies to all personal data processing activities conducted by MJ Bespoke and complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

Data Controller Information:

  • Company: MJ Bespoke
  • Registered Address: 9 Church Street, Rothersthorpe, Northampton NN7 3JD, United Kingdom
  • Contact Email[email protected]
  • Data Protection Contact[email protected]

2. Information We Collect

2.1 Personal Data You Provide Directly

When you interact with our website or services, we may collect the following categories of personal data:

Contact and Communication Data:

  • Full name and title
  • Email address
  • Telephone number(s)
  • Postal address
  • Company name and position (if applicable)

Enquiry and Project Data:

  • Details of your enquiry or service requirements
  • Project specifications and preferences
  • Budget information (if provided)
  • Timeline requirements
  • Communication preferences
  • Any additional information you choose to share

Technical Communication Data:

  • IP address (anonymised)
  • Communication timestamps
  • Device information used for contact

2.2 Information Collected Automatically

Website Analytics Data (Anonymous): Through Google Analytics 4, we collect anonymous statistical information including:

  • Page views and session duration
  • Traffic sources and referral data
  • Geographic location (country and city level only)
  • Device type, browser, and operating system
  • User journey and interaction patterns
  • Search terms used to find our website

Technical Data:

  • Browser type and version
  • Time zone setting and location
  • Browser plug-in types and versions
  • Operating system and platform

2.3 Cookies and Similar Technologies

We use the following types of cookies:

Strictly Necessary Cookies: Essential for website functionality Analytics Cookies: Google Analytics cookies for anonymous usage statistics Preference Cookies: To remember your settings and preferences

For detailed information about our cookie usage, please refer to our Cookie Policy.

3. Legal Basis for Processing

We process your personal data under the following legal bases as defined by UK GDPR:

Article 6(1)(a) – Consent: Where you have provided explicit consent for specific processing activities

Article 6(1)(b) – Contract Performance: Processing necessary for the performance of a contract or to take pre-contractual steps

Article 6(1)(f) – Legitimate Interests: We have legitimate business interests in:

  • Responding to enquiries and providing customer service
  • Improving our services and website functionality
  • Maintaining business records and ensuring service quality
  • Preventing fraud and ensuring website security

We have conducted a Legitimate Interest Assessment (LIA) to ensure our interests do not override your fundamental rights and freedoms.

4. How We Use Your Information

4.1 Primary Processing Purposes

  • Service delivery: Responding to enquiries and providing bespoke services
  • Communication: Keeping you informed about your project or enquiry
  • Quality assurance: Ensuring high standards of service delivery
  • Legal compliance: Meeting our legal and regulatory obligations

4.2 Secondary Processing Purposes

  • Website improvement: Analysing website usage to enhance user experience
  • Business development: Understanding market needs and service demand
  • Security: Protecting against fraud, spam, and security threats

4.3 Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects concerning you or significantly affects you.

5. Data Sharing and Third-Party Processors

5.1 Data Sharing Policy

We do not sell, rent, trade, or otherwise transfer your personal information to third parties for their marketing purposes. Your data remains confidential and is processed solely for the purposes outlined in this policy.

5.2 Third-Party Service Providers

We work with the following categories of processors:

Analytics Providers:

  • Google Analytics (Google LLC) – for anonymous website analytics
  • Data processing governed by Google’s Privacy Policy and our Data Processing Agreement

Technical Service Providers:

  • Web hosting services (with appropriate data processing agreements)
  • Email service providers (with GDPR-compliant terms)

All third-party processors are carefully vetted and bound by data processing agreements that ensure GDPR compliance.

5.3 Legal Disclosure

We may disclose your personal information if required by law, court order, or governmental authority, or to protect our legal rights and interests.

6. International Data Transfers

All personal data processing is conducted within the United Kingdom. Where any data is processed outside the UK (such as through cloud services), we ensure:

  • Adequate levels of protection as determined by the UK authorities
  • Appropriate safeguards including Standard Contractual Clauses
  • Regular monitoring of transfer arrangements

7. Data Retention and Deletion

7.1 Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

Enquiry Data: Up to 24 months from last contact to allow for follow-up opportunities Active Project Data: Duration of project plus 7 years for business records Completed Project Data: Up to 7 years post-completion for warranty and legal purposes Marketing Preferences: Until consent is withdrawn Website Analytics: As per Google Analytics retention settings (maximum 26 months)

7.2 Secure Deletion

When retention periods expire, we securely delete or anonymise personal data using industry-standard methods to prevent recovery.

8. Your Data Protection Rights

Under UK GDPR, you have comprehensive rights regarding your personal data:

8.1 Right of Access (Article 15)

Request confirmation of processing and a copy of your personal data

8.2 Right to Rectification (Article 16)

Request correction of inaccurate or incomplete personal data

8.3 Right to Erasure (Article 17)

Request deletion of personal data in specific circumstances

8.4 Right to Restrict Processing (Article 18)

Request limitation of processing in certain situations

8.5 Right to Data Portability (Article 20)

Receive your data in a structured, machine-readable format

8.6 Right to Object (Article 21)

Object to processing based on legitimate interests

8.7 Rights Related to Automated Decision Making

Right not to be subject to automated decision-making (currently not applicable)

8.8 Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time

Exercising Your Rights: To exercise any rights, contact us at [email protected] with:

  • Clear identification of the right you wish to exercise
  • Sufficient information to verify your identity
  • Specific details about the data concerned

We will respond within one month of receiving a valid request.

9. Data Security Measures

9.1 Technical Safeguards

  • Encryption: Data encrypted in transit and at rest using industry-standard protocols
  • Access Controls: Role-based access with multi-factor authentication
  • Network Security: Firewalls, intrusion detection, and regular security monitoring
  • Regular Updates: Systems kept current with security patches

9.2 Organisational Measures

  • Staff Training: Regular data protection training for all personnel
  • Data Processing Policies: Comprehensive internal procedures
  • Incident Response: Established breach notification and response procedures
  • Regular Audits: Periodic security and compliance assessments

9.3 Data Breach Response

In the unlikely event of a data breach, we will:

  • Assess and contain the breach within 72 hours
  • Notify the ICO where required by law
  • Inform affected individuals if there is a high risk to their rights
  • Implement measures to prevent recurrence

10. Cookies and Online Tracking

10.1 Cookie Categories

Essential Cookies: Required for basic website functionality Analytics Cookies: Google Analytics for anonymous usage statistics Functional Cookies: Enhance website functionality and user experience

10.2 Cookie Management

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality.

10.3 Do Not Track Signals

We respect Do Not Track browser settings where technically feasible.

11. Children’s Privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will take steps to delete it promptly.

12. Updates to This Policy

12.1 Policy Changes

We may update this privacy policy to reflect changes in our practices or legal requirements. Material changes will be communicated through:

  • Website notification
  • Email notification (where we have your consent)
  • Prominent notice on our homepage

12.2 Version Control

Each version of this policy is dated and versioned for transparency.

13. Complaints and Regulatory Contact

13.1 Internal Complaints

For any concerns about our data handling practices, contact us at [email protected]. We are committed to resolving issues promptly and transparently.

13.2 Regulatory Authority

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

ICO Contact Information:

  • Website: ico.org.uk
  • Telephone: 0303 123 1113
  • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

14. Contact Information

For any questions about this privacy policy or our data protection practices:

Primary Contact:

  • Email: [email protected]
  • Address: 9 Church Street, Rothersthorpe, Northampton NN7 3JD, United Kingdom
  • Response Time: We aim to respond to all privacy-related enquiries within 48 hours

Data Protection Queries: For specific data protection rights or concerns, please mark your communication “Data Protection Enquiry” for priority handling.

This privacy policy demonstrates our commitment to transparency and data protection best practices. We regularly review our procedures to ensure continued compliance with evolving data protection requirements.