Call us today on 0800 086 2989 Design Studios Open By Appointment Only

Request a Quote Arrange Appointment Request Your Brochure

the ScottishShutter company ...and blinds since 1987

Our Principles

Your data, in safe hands

We are a small Scottish family business inviting ourselves into your home. Looking after the personal information you share with us is part of what we owe you in return.

Est. 1987 BBSA Members 162 Five Star Reviews No Subcontractors Dundee & Edinburgh

When you ask us for a quotation, we end up knowing a fair bit about you. Your name and contact details. The room you are renovating. Photographs of your windows. Sometimes a bank reference when a deposit is paid. Often, over the years, the layout of much of your home.

We think the least we owe you, in return, is to be straightforward about what we hold, how it is looked after, and what you can ask us to do with it.

This page is the plain-English summary. Our full Privacy Policy is the formal document, and our written Data Protection Complaints Procedure sets out exactly what to do if something has gone wrong.

Our credentials

Data protection in the UK is regulated by the Information Commissioner's Office (ICO) under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Data (Use and Access) Act 2025.

ICO Registered

ZB581919

Rocknowe Interiors Limited, trading as The Scottish Shutter Company. Verifiable on the ICO public register.

Data Protection Lead

David Browne

Project Director and named lead for every data protection question, request or complaint. privacy@scottishshutters.co.uk

Reviewed

June 2026

Our policies, processor list and breach plan are reviewed at least annually and after any material change.

The four rules we operate by

UK GDPR sets out seven legal principles. Underneath those, we run our day-to-day work to four practical rules of our own. They are simple, but together they explain almost every decision we make about your data.

1. Collect less

The only personal data we ask you for is the data we genuinely need to give you a useful answer, prepare a quotation, fit your blinds and look after you afterwards. We do not buy lists, we do not enrich data with third-party sources, and we do not ask for information "just in case".

2. Keep it in the right place

Customer information lives in our customer relationship management system (Pipedrive), our accounting system (Xero), our email system (Google Workspace) and our marketing platform (Brevo). Each is purpose-built for that job and runs to enterprise-grade security standards. We do not keep copies of customer data in random spreadsheets, on personal devices, or in the AI tools we use internally.

3. Don't keep it longer than we need to

We keep contract and order records for seven years because HMRC requires us to. We keep enquiry data, where no order is placed, for up to two years and then delete it. Marketing data is kept until you ask us to stop, and then it is deleted promptly. Our full retention schedule sits behind our Privacy Policy.

4. Never trade it

We do not sell your data. We do not rent it. We do not share it with anyone for their own marketing purposes. The only third parties who ever see it are the suppliers and service providers we genuinely need to make your order happen — the people making your shutters, the people processing your payment, and the platforms running our CRM and email.

Who actually sees your data

We are honest about every third party that may touch personal data on our behalf. Each one is contracted as a data processor, which means they may only handle your data on our written instructions and may not use it for their own purposes.

Service	What we use it for	Data location
Pipedrive	Customer relationship management	EU
Xero	Accounting and invoicing	UK / EU
Google Workspace	Email and calendar	EU / US (UK adequacy)
Brevo	Email marketing (consent only)	EU
Stripe	Card payments	EU / US (UK adequacy)
Vercel	Website hosting	EU (London region)
Cloudflare	Content delivery and security	Global edge (UK first)
Sentry	Error monitoring (personal data stripped before transmission)	EU
Manufacturers	Producing your bespoke order (e.g. S:Craft, Luxaflex, MasterBlinds)	UK / EU

We never share your data with any party not listed above for their own marketing purposes.

Artificial intelligence and your data

We use AI tools internally to help us work faster — drafting documents, analysing site survey photographs, sense-checking product specifications. Like any modern small business, we want the benefit of these tools without taking risks with our customers' data.

We operate to a written AI Governance Directive, the short version of which is:

Customer personal data lives in Pipedrive, Xero and our email systems — not in the AI tools we use internally.
Where we ask an AI to help with a real customer matter, we use anonymised references and details, not names, addresses, or contact information.
An automated check runs daily across our internal files and blocks anything that looks like customer-identifiable data from being saved into our shared knowledge store.
No automated decision is ever made about a customer. Every quotation, every survey, every installation decision is made by a named member of our team.

David Browne wrote publicly about this approach in his February 2026 article in The Circular, the monthly magazine of the Entrepreneurs Circle, where he has written a regular column since 2015.

What you can ask us to do

Under UK GDPR you have a set of rights in relation to the personal data we hold about you. You can exercise any of them by emailing privacy@scottishshutters.co.uk or calling 0800 086 2989. We respond within 30 days. There is no charge.

See what we hold

You can ask for a copy of the personal data we hold about you. This is called a "subject access request".

Correct what's wrong

If anything we hold is inaccurate or out of date, we will put it right.

Be forgotten

You can ask us to delete your data. We will, except where the law requires us to keep certain records (such as invoices for HMRC).

Stop marketing

You can withdraw your consent for marketing at any time. We action it the same day. Every marketing email also has a one-click unsubscribe.

Take your data with you

You can ask for a copy of your data in a structured, machine-readable format ("data portability").

Complain

If something has gone wrong, our Data Protection Complaints Procedure explains what to do, and you can always go straight to the ICO.

What happens if something goes wrong

We have a written Data Breach Response Plan that is rehearsed annually. If we ever discovered a data breach that posed a risk to your rights or freedoms, we would notify the Information Commissioner's Office within 72 hours, as the law requires. Where the breach posed a high risk, we would also tell you directly, without undue delay, in plain English.

We have not had a notifiable data breach to date. If we do, we will be open about it.

The full library

For anyone who wants the detail, every formal data protection document is on this website:

Privacy Policy

The formal statement of what we collect, why, and the rights you have.

Cookie Policy

Every cookie on this website, what it does, and how to control it.

Data Protection Complaints Procedure

How to raise a concern about how we have handled your personal data.

Terms & Conditions

The terms that apply when you purchase from us.

All Policies

Privacy, complaints, safeguarding, health & safety, environmental, modern slavery and more.

The Scottish Shutter Company 52-page brochure

Start with our brochure

52 pages of ideas, product details, and real installations from homes across Scotland. Request your copy and take the first step.

Request Your Brochure 0800 086 2989