Menu Icon

Privacy and Cookies

At John Horsfall Ltd, we take your privacy seriously and will only use your personal information to administer your account and to provide the products and services you have requested from us.

We will never sell or give away your data and we promise to keep your details safe and secure.

 

  1. Who we are

John Horsfall & Sons (“we”, “our”, “us”) is registered in England & Wales (company number 05267248) with registered office at Birkby Grange, Birkby Hall Road, Huddersfield, HD2 2XB.

We are the data controller for the personal data we collect when you visit our website, create an account, or otherwise engage with us as a customer or business contact.

The purpose of this policy is to explain how we collect, use, store and protect personal data, and to outline your rights under UK data protection law.

 

  1. Personal data we collect

We collect and process personal data in connection with your use of our website, account creation, purchases, enquiries and marketing. This may include:

  • Identity and contact data: name, job title (for B2B contacts), company name, billing and delivery addresses, email address and telephone number.
  • Account data: usernames, passwords (stored in encrypted or hashed form) and other security-related information.
  • Order and transaction data: products purchased, order history, invoices, delivery details and payment confirmation (we do not store full payment card details).
  • Marketing and communications data: marketing preferences, consent status and communication history.
  • Technical data: IP address, browser type and version, time zone setting, location data, cookies and usage data (e.g. via Google Analytics).
  • Other information: any data you choose to provide, such as feedback, survey responses or reviews.

 

  1. How we use your personal data

We use personal data for the purposes set out below, relying on the lawful bases identified in each case:

  • Order fulfilment and account management – to process orders, arrange delivery, handle returns, manage accounts and provide customer support (lawful basis: contract).
  • Marketing communications – to send information about our products, services or events where we have a lawful basis to do so (lawful basis: legitimate interests for B2B marketing, or consent where required). You may opt out at any time.
  • Business improvement and analytics – to understand how our website and services are used and to improve them (lawful basis: legitimate interests).
  • Legal and regulatory compliance – to meet accounting, tax, consumer protection and other legal obligations (lawful basis: legal obligation).
  • Business protection – to protect against fraud, misuse of systems and other risks (lawful basis: legitimate interests, subject to your right to object at any time).

 

  1. How long we keep your data

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law.

  • Customer account and order-related data is typically retained for up to 7 years to meet accounting, tax and warranty obligations.
  • Marketing contact details are retained until you opt out or withdraw consent, after which a minimal record is kept, ensuring you are not contacted again.

 

  1. Sharing your data

We may share personal data with:

  • Trusted third-party service providers who support our business operations (such as payment providers, couriers, IT and marketing platforms), under appropriate contractual safeguards.
  • Regulatory or law enforcement authorities, as required by law.
  • A buyer or successor organisation in the event of a business sale or restructuring.

Where personal data is transferred outside the UK, appropriate safeguards are in place in accordance with UK GDPR.

 

  1. Your rights

You have rights under UK GDPR, including the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request the deletion of your personal data in certain circumstances.
  • Restrict or object to how we process your personal data.
  • Request data portability, where applicable.

 

You may object at any time to processing based on legitimate interests or to direct marketing. We do not use solely automated decision-making that produces legal or similarly significant effects. Limited profiling may be used for analytics or marketing purposes.

To exercise your rights, please get in touch with us using the details in Section 10. We will normally respond within one month. You also have the right to complain to the Information Commissioner’s Office (ICO).

 

  1. Cookies and analytics

Our website uses cookies and similar technologies to improve functionality, analyse website usage and support marketing activities. Where required, non-essential cookies (such as analytics and marketing cookies) are only placed after you have provided consent via our cookie banner. You can change or withdraw your preferences at any time through the banner or your browser settings.

For further information, please see our separate Cookie Policy.

 

  1. Data security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss or misuse. Where required, we will notify affected individuals and the ICO of any personal data breach in accordance with legal obligations.

 

  1. Policy updates

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any updates will be published on this page, and the “last updated” date will be revised accordingly.

 

  1. Contact us

If you have any questions or requests regarding this policy or how we process personal data, please contact: info@johnhorsfall.com.

 

Last updated: December 2025