Privacy Policy

Effective Date: 10/12/2025
Last Updated: 12/12/2025

1. Introduction

Welcome to Ashley & Lewis Heritage Paint & Papers (“we”, “us”, “our”). We are committed to protecting your personal information and respecting your privacy rights in accordance with the UK GDPR, EU GDPR, and applicable UK/EU data protection laws.

This Privacy Policy explains:

  • What personal data we collect
  • Why we collect it
  • How we use it
  • Your rights regarding your data

By using our website https://ashleylewis-paint.com (the “Site”) and our services, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is:

Ashley & Lewis Heritage Paint & Papers 
45 Farncombe St, Farncombe, Godalming, GU7 3LH
Company registration number: 09109181
Company VAT number: 190414130
Email: sales@ashleylewis-paint.com

If you have any questions about this Privacy Policy or how we handle your data, please contact us using the details above.

3. What Personal Data We Collect

We may collect and process the following types of personal data about you:

3.1 Information you provide to us directly

  • Contact details: name, email address, phone number, billing and shipping address.
  • Account information: username, password, order history, preferences.
  • Order information: products purchased, order dates, payment method (processed via our payment providers), delivery details.
  • Communications: information contained in enquiries you submit to us, feedback, reviews, or when you contact our support.
  • Marketing preferences: your preferences for receiving marketing from us.

3.2 Information collected automatically

  • Technical data: IP address, browser type and version, device identifiers, time zone setting, operating system, and platform.
  • Usage data: information about how you use our Site, such as pages visited, products viewed, search queries, clickstream data.
  • Cookies and similar technologies: we use cookies and similar technologies to remember your preferences, keep items in your basket, and analyse how our Site is used. For more information, please see our Cookie Policy.

3.3 Information from third parties

  • Payment providers: limited information from payment gateways (such as confirmation of payment), not full card or bank details.
  • Analytics and marketing tools: information from analytics providers (such as Google Analytics) to help us understand how visitors use our Site.

4. Legal Basis for Processing

We process your personal data only where we have a lawful basis to do so under data protection laws. These bases are:

  • Performance of a contract: where processing is necessary to process your orders, deliver your purchases, and provide customer service.
  • Consent: where you have given us clear consent, for example, to receive email marketing or to the use of non-essential cookies.
  • Legal obligation: where processing is necessary to comply with our legal obligations, such as accounting, tax or regulatory requirements.
  • Legitimate interests: where processing is necessary for our legitimate business interests, provided your rights do not override those interests (for example, to improve our Site, prevent fraud, or protect our business).

5. How We Use Your Personal Data

We may use your personal data for the following purposes:

  • To process and fulfil your orders, including managing payments, shipping, and returns.
  • To create and manage your account on our Site.
  • To communicate with you about your orders, account, or customer service queries.
  • To send you marketing communications where you have consented to receive them (or where we are otherwise permitted by law).
  • To personalise your experience on our Site, including showing you products and content that may be of interest.
  • To monitor and improve our Site, products, and services.
  • To protect the security of our systems and prevent fraud or misuse.
  • To comply with legal obligations and resolve disputes.

6. Cookies and Tracking Technologies

Our Site uses cookies and similar technologies to provide essential functionality (such as keeping your basket updated), to understand how the Site is used, and to support marketing activities.

Some cookies are strictly necessary for the operation of the Site and are set without your consent. All other cookies (such as analytics or advertising cookies) will only be set with your explicit consent via our cookie banner or preference centre.

You can manage your cookie preferences at any time through the cookie banner or settings on our Site, or by adjusting your browser settings. Please refer to our separate Cookie Policy for more detailed information.

7. Who We Share Your Data With

We may share your personal data with the following categories of recipients:

  • Payment processors: to process your payments securely (e.g., Stripe).
  • Delivery and logistics partners: to deliver your orders (e.g., courier and postal services).
  • IT and hosting providers: to host our Site and support our IT systems.
  • Analytics and marketing partners: to help us analyse Site traffic and deliver relevant advertising where applicable.
  • Professional advisers: such as accountants, auditors, or legal advisers where necessary.
  • Authorities: law enforcement, regulators, or courts where we are required to do so by law or to protect our legal rights.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. They are not permitted to use your personal data for their own purposes and may only process it for specified purposes and in accordance with our instructions.

8. International Transfers

Some of our service providers may be located outside the UK or European Economic Area (EEA). Where we transfer personal data outside the UK/EEA, we will ensure that appropriate safeguards are in place, such as:

  • Transfers to countries that have been deemed to provide an adequate level of data protection; or
  • Use of standard contractual clauses approved by the European Commission or UK authorities.

You can contact us for more information about the safeguards we use for international transfers.

9. Data Retention

We will retain your personal data only for as long as necessary to fulfil the purposes for which we collected it, including to satisfy any legal, accounting, or reporting requirements. This generally means:

  • Order and transaction data: retained for a minimum of 6 years for tax and accounting purposes (or longer if required by law).
  • Account data: retained while your account remains active. If you close your account, we may still retain some information where required by law or for legitimate business purposes.
  • Marketing data: retained until you withdraw your consent or unsubscribe from our marketing communications.

10. Your Rights

Under data protection laws, you have the following rights in relation to your personal data:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to request correction of any inaccurate or incomplete data.
  • Right to erasure: to request deletion of your personal data where there is no good reason for us to continue processing it (subject to legal obligations).
  • Right to restrict processing: to request that we suspend the processing of your personal data in certain circumstances.
  • Right to object: to object to processing based on our legitimate interests or for direct marketing.
  • Right to data portability: to request that we transfer your personal data to you or to a third party in a structured, commonly used, machine-readable format.
  • Right to withdraw consent: where we rely on consent to process your data (for example, marketing), you can withdraw your consent at any time.

To exercise any of these rights, please contact us at sales@ashleylewis-paint.com. We may need to verify your identity before responding to your request.

You also have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner’s Office (ICO).

11. Security of Your Data

We take reasonable technical and organisational measures to protect your personal data from unauthorised access, use, disclosure, alteration, or destruction. These measures include the use of secure servers, encryption where appropriate, access controls, and regular review of our security practices.

However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

12. Children

Our Site is not intended for children under the age of 16, and we do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us so that we can delete that information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we do, we will revise the “Last Updated” date at the top of this page.

We encourage you to review this Privacy Policy regularly to stay informed about how we process your personal data.

If you have any questions about this Privacy Policy, please contact us at sales@ashleylewis-paint.com.