Who We Are

The Rug Cleaning Shop is a trade supply brand operated by The Rug Laundry Ltd, a company registered in England and Wales. Our registered address is:

We are the data controller responsible for your personal data. If you have any questions about this policy or how we handle your data, please contact us using the details above.

Data We Collect

Depending on how you interact with our website and services, we may collect the following categories of personal data:

Identity and Contact Data

• Full name and business name
• Email address
• Telephone number
• Billing and delivery address

Transaction Data

• Details of products purchased
• Order history and value
• Payment information (processed securely — we do not store card details)

Technical Data

• IP address
• Browser type and version
• Pages visited and time spent on site
• Referring website
• Device type and operating system

Communication Data

• Enquiries submitted via our contact form
• Email correspondence with our team
• Marketing email preferences

How We Collect Your Data

We collect data through the following means:

• Direct interactions — when you place an order, register an account, submit an enquiry, or sign up for our email list
• Automated technologies — when you browse our website, we automatically collect technical data through cookies and similar technologies
• Third parties — we may receive data from payment processors (such as Stripe or PayPal), analytics providers (such as Google Analytics), and delivery partners

How We Use Your Data

We use your personal data for the following purposes:

• To process and fulfil your orders, including dispatch and delivery
• To manage your customer account
• To communicate with you about your orders or enquiries
• To send marketing communications where you have given consent or we have a legitimate interest to do so
• To improve our website, products and services through analytics
• To comply with legal and regulatory obligations
• To prevent fraud and maintain the security of our systems

We will never sell your personal data to third parties or use it for purposes unrelated to the above.

Legal Basis for Processing

Under the UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:

• Contract — processing is necessary to fulfil your order or provide the service you have requested
• Legal obligation — processing is necessary to comply with our legal obligations, such as tax and accounting requirements
• Legitimate interests — processing is in our legitimate business interests, such as improving our website and preventing fraud, provided these interests are not overridden by your rights
• Consent — where you have given us explicit consent, such as signing up to receive marketing emails. You may withdraw this consent at any time

Sharing Your Data

We may share your personal data with the following categories of third parties where necessary:

• Payment processors — to securely process your payment transactions (e.g. Stripe, PayPal)
• Delivery and logistics partners — to fulfil and deliver your orders
• IT and website service providers — including our hosting provider and WooCommerce/WordPress platform
• Email marketing platforms — where you have consented to receive marketing communications
• Analytics providers — such as Google Analytics, to help us understand how our website is used
• Legal and regulatory authorities — where required by law

All third-party service providers are required to take appropriate security measures to protect your data and are only permitted to process it for the specific purposes we instruct.

Cookies

Our website uses cookies — small text files placed on your device — to improve your browsing experience and help us understand how the site is used. We use the following types of cookies:

• Essential cookies — required for the website to function, including your shopping cart and account login
• Analytics cookies — to collect information about how visitors use the site (e.g. Google Analytics). This data is anonymised and aggregated
• Marketing cookies — used to deliver relevant advertising and track the effectiveness of campaigns, only where you have given consent

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. When you first visit our site, you will be presented with a cookie consent banner allowing you to manage your preferences.

How Long We Keep Your Data

We retain your personal data only for as long as is necessary for the purposes it was collected. Our standard retention periods are:

• Order and transaction data — 7 years, in accordance with HMRC requirements
• Customer account data — for the duration of your account, plus 2 years after the last transaction
• Marketing consent records — until you withdraw consent, plus a reasonable period thereafter
• Enquiry and correspondence data — 2 years from the date of last contact
• Technical and analytics data — up to 26 months, in line with Google Analytics default settings

After the relevant retention period, your data will be securely deleted or anonymised.

Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

• Right of access — to request a copy of the personal data we hold about you
• Right to rectification — to request that we correct inaccurate or incomplete data
• Right to erasure — to request that we delete your personal data in certain circumstances
• Right to restrict processing — to request that we limit how we use your data in certain circumstances
• Right to data portability — to receive your data in a structured, machine-readable format
• Right to object — to object to our processing of your data where we rely on legitimate interests
• Right to withdraw consent — to withdraw consent for marketing communications at any time, via the unsubscribe link in any email or by contacting us directly

To exercise any of these rights, please contact us at hello@therugcleaningshop.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk if you believe we have not handled your data correctly.

Data Security

We take the security of your personal data seriously and have appropriate technical and organisational measures in place to protect it against unauthorised access, loss, destruction or alteration. These measures include:

• SSL encryption on all pages of our website (HTTPS)
• Secure payment processing — we do not store card details on our servers
• Access controls limiting who within our organisation can access personal data
• Regular security monitoring of our systems

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and contact you directly where required.

Third-Party Links

Our website may contain links to third-party websites, including our parent brand The Rug Laundry and our supplier Protima. We are not responsible for the privacy practices of those websites and encourage you to read their privacy policies before providing any personal data to them.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or the services we offer. When we make significant changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email.

We encourage you to review this policy periodically to stay informed about how we are protecting your data.

Contact Us

If you have any questions, concerns or requests regarding this Privacy Policy or how we handle your personal data, please get in touch: