Privacy Policy
How The Good Veranda Company collects, uses and protects your personal data, plus the cookies and tracking technologies used on this website.
Last updated: 9 April 2026
Contents
1. Introduction
The Good Veranda Company (“we”, “us”, “our”) is committed to protecting your privacy and being transparent about how we handle your personal data. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over it.
We believe in full transparency. Wherever possible, this policy is written in plain English. If anything is unclear, please get in touch and we’ll be happy to explain.
This policy applies to personal data we collect through our website (thegoodverandacompany.co.uk), email, phone, WhatsApp, our online chat widget, and during in-person interactions such as surveys and installations.
2. Who We Are (Data Controller)
The data controller responsible for your personal data is:
- Name: The Good Veranda Company
- Address: 4th Floor, 14 Museum Place, Cardiff, CF10 3BH
- Email: info@thegoodverandacompany.co.uk
- Phone: 0800 654 6964
3. What Data We Collect
We only collect personal data that’s necessary to provide you with quotes, answer your enquiries, and deliver installations to the standard we’d want for ourselves.
3.1 Data you give us directly
When you submit an enquiry or place an order with us, we collect:
- Your name (first and last)
- Your email address
- Your phone number
- Your location or delivery address (town, postcode, or full address depending on the stage)
- Details about your project (dimensions, product preferences, requirements)
- Any additional information you choose to share in the “Additional Information” field on our contact forms
- How you heard about us (optional)
3.2 Data collected automatically
When you visit our website, we automatically collect certain technical information:
- Your IP address (anonymised)
- Device type, browser, and operating system
- Pages you view and time spent on each page
- Referring website (if any)
- Approximate geographic location (country and region, not street-level)
This data is used to understand how the website is performing, fix technical issues, and improve the content we publish. See the Cookies section below for full details.
3.3 What we don’t collect
- We do not store credit or debit card details. Payments are made by bank transfer or on invoice — we never ask for card numbers and we don’t store any card information on our systems.
- We do not collect special category data (e.g. health, ethnicity, religion).
- We do not knowingly collect data from children under 16.
4. How and Why We Use Your Data
We use the data you provide for the following purposes only:
4.1 Responding to enquiries and providing quotes
When you submit a contact form, call us, message us on WhatsApp, or use the online chat, we use your contact details to respond, answer your questions, and provide information about our products and services.
4.2 Processing orders and delivering projects
If you place an order, we use your data to arrange surveys, confirm specifications, manage manufacturing and delivery, schedule installation, and handle after-sales support.
4.3 Communicating with you about your project
We’ll use your email, phone, or WhatsApp to keep you informed throughout your project. This is an essential part of delivering the service — one of our core principles is that we don’t go silent once an order is placed.
4.4 Legitimate business operations
We use aggregated, non-identifiable data about how people use our website to improve the site’s design, fix broken pages, and write better content. We do not use this for third-party advertising profiling.
4.5 Marketing (only if you opt in)
We do not add you to marketing lists by default. If you want to hear from us about new products, guides, or offers, you’d need to actively opt in (for example, by ticking a box). You can unsubscribe at any time using the link in any marketing email.
4.6 Legal and regulatory compliance
We may retain and use your data where required to comply with legal obligations — for example, keeping records for HMRC tax purposes or responding to lawful requests from authorities.
5. Lawful Basis for Processing
Under the UK GDPR, we must have a lawful basis for processing your personal data. The basis depends on the context:
- Contract (Article 6(1)(b)): When we’re processing an enquiry or delivering a project you’ve ordered, we rely on the necessity of performing the contract with you.
- Legitimate interests (Article 6(1)(f)): For responding to general enquiries, improving our website, and keeping basic records, we rely on our legitimate interest in running the business efficiently. We’ve assessed this against your rights and believe the impact on your privacy is minimal.
- Consent (Article 6(1)(a)): For marketing communications and any cookies that are not strictly necessary, we rely on your consent. You can withdraw consent at any time.
- Legal obligation (Article 6(1)(c)): Where we’re required to keep data for tax, accounting, or other legal reasons.
6. Who We Share Your Data With
We do not sell your personal data to third parties. We share your data only where it’s necessary to provide our services, and only with trusted suppliers who are bound by their own data protection obligations.
6.1 Our data processors
The following third-party services process data on our behalf:
- Brevo (sendinblue.com) — hosts our contact forms, CRM, email newsletters, online chat widget, and meeting scheduler. Data submitted via any form on our website is sent to Brevo for processing. Brevo’s privacy policy.
- Cloudflare (cloudflare.com) — provides hosting, DNS, and security for our website. Cloudflare’s privacy policy.
- Google Workspace — we use Google for email and calendar, so emails you send us are stored in Google’s systems.
- Installation partners — if we contract an installation team to fit your structure, we’ll share your name, address, phone number and installation details with them so they can complete the job. They’re bound by confidentiality and data protection requirements.
6.2 International transfers
Some of our processors (including Brevo and Cloudflare) may store data on servers located outside the UK or EEA. Where this is the case, we ensure there are appropriate safeguards in place — typically Standard Contractual Clauses approved by the UK Information Commissioner’s Office or an adequacy decision from the UK government.
6.3 Legal disclosures
We may disclose your data if required by law — for example, in response to a court order, a lawful request from a regulator, or to protect the rights, property or safety of our business or others.
7. Cookies and Tracking Technologies
In plain English: Our website sets a small number of cookies to make the site work properly and to help us understand how visitors use it. We’ve chosen to explain this transparently in this policy rather than show you a banner every time you visit. You can block or delete cookies at any time through your browser settings.
7.1 What cookies are
Cookies are small text files stored on your device when you visit a website. They allow the site to remember things like your preferences, recognise returning visitors, and help the site work correctly. We also use similar technologies like local storage and tracking pixels, which we collectively refer to as “cookies” in this policy.
7.2 Cookies used on this website
| Cookie | Set by | Purpose | Duration |
|---|---|---|---|
| __cf_bm | Cloudflare | Essential — bot management and security. Helps protect the site from malicious traffic. | 30 minutes |
| tgvc_vid | The Good Veranda Company (first-party) | Analytics — anonymous visitor ID that lets us see how you use the site (pages viewed, features used, quoter activity). If you later submit a form, this browsing history is linked to your contact record so our team can give you better-informed, more helpful responses. This cookie is set by us directly and is not shared with any third party. | 12 months |
| sib_cuid | Brevo (tracking SDK) | Analytics — similar to above but managed by Brevo, our CRM and email platform. Tracks pages viewed and links browsing history to your contact record after form submission. | 12 months |
| brevo_conversations (various) | Brevo (chat widget) | Functional — enables the live chat widget to work, remembers whether you’ve seen a welcome message, and preserves the chat state across page navigation. | Session to 12 months |
| _uetmsclkid, _uetvid | Microsoft Advertising | Analytics — Microsoft’s Universal Event Tracking tag. Helps us measure how well our Microsoft/Bing advertising campaigns are performing by tracking which pages visitors view after clicking an ad. We do not use this data for remarketing or cross-site profiling. | Up to 13 months |
| _ga, _ga_0XFS8NZZC0 | Google Analytics 4 | Analytics — helps us understand which pages people visit, where visitors come from, and how the site is performing. We use Google Analytics in its standard configuration with IP anonymisation enabled. We do not use Google Analytics for advertising, remarketing, or cross-site tracking. | Up to 13 months |
7.3 No advertising or profiling cookies
We don’t use Facebook Pixel or any third-party advertising or remarketing cookies. We don’t track you across other websites. The cookies above are the only ones you’ll encounter on this site.
7.4 How analytics scripts load
Google Analytics loads asynchronously on every page so we can measure overall site performance and understand how visitors find and use the site. The Brevo chat widget loads after you first interact with the page (for example, by scrolling, clicking, or touching the screen) to keep the site fast.
7.5 How to control cookies
You can control cookies through your browser settings. Most browsers let you:
- See which cookies are stored and delete them individually or all at once
- Block cookies from specific websites or block third-party cookies entirely
- Enable “Do Not Track” or private/incognito browsing which blocks most cookies automatically
Blocking or deleting cookies will not prevent you from using our website, but some features (like the chat widget) may not work as expected.
For detailed instructions, see your browser’s help pages: Chrome, Firefox, Safari, Edge.
8. How Long We Keep Your Data
We only keep personal data for as long as we need it for the purposes described in this policy, or as required by law.
- Enquiries that don’t result in an order: up to 24 months from last contact, after which we delete or anonymise them.
- Completed projects: we keep customer records for 7 years after completion, as required by HMRC for tax purposes, and to support warranty claims over the life of the product.
- Marketing subscribers: until you unsubscribe, or we lose contact (unopened emails for 12+ months may trigger removal).
- Website analytics data: up to 12 months.
9. How We Keep Your Data Secure
We take data security seriously and have implemented physical, electronic, and procedural safeguards to protect your information:
- Data is stored on reputable cloud providers (Cloudflare, Brevo, Google) with industry-standard encryption at rest and in transit.
- Access to customer data is restricted to people who need it to do their jobs.
- We use strong, unique passwords and multi-factor authentication wherever it’s available.
- We don’t store credit or debit card details on our systems.
- We review our security practices periodically and update them as needed.
10. Your Rights
Under UK GDPR, you have the following rights over your personal data:
- Right of access: You can ask for a copy of the personal data we hold about you.
- Right to rectification: If any data we hold is incorrect or incomplete, you can ask us to correct it.
- Right to erasure (“right to be forgotten”): You can ask us to delete your personal data in certain circumstances.
- Right to restrict processing: You can ask us to limit how we use your data in certain circumstances.
- Right to data portability: You can ask us to provide your data in a structured, commonly-used format so you can move it elsewhere.
- Right to object: You can object to processing based on our legitimate interests.
- Right to withdraw consent: Where we rely on consent, you can withdraw it at any time.
To exercise any of these rights, please email us. We’ll respond within one month.
To protect your security, we may ask you to verify your identity before we release data or make changes.
10.1 Complaints to the ICO
If you believe we’ve mishandled your personal data and we haven’t been able to resolve your concerns, you have the right to complain to the UK Information Commissioner’s Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
We’d much rather hear from you first so we can try to put things right — please give us the opportunity to resolve any issues before escalating to the ICO.
11. Changes to This Policy
We may update this Privacy Policy from time to time — for example, when we change how we use data, add a new third-party service, or update our cookies. The “Last updated” date at the top of this page will reflect the most recent revision. For significant changes, we’ll make a prominent notice on the website.
12. Contact Us
If you have any questions about this Privacy Policy or how we handle your personal data, please get in touch:
- Email: info@thegoodverandacompany.co.uk
- Phone: 0800 654 6964
- Post: The Good Veranda Company, 4th Floor, 14 Museum Place, Cardiff, CF10 3BH