Privacy Policy
Last updated: May 2026
Sigma Shopfronts and Shutter Limited (“we”, “us”, or “our”) is committed to protecting and respecting your privacy. This policy explains what personal data we collect, how we use it, and your rights in relation to it. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Please read this policy carefully. By using our website or contacting us, you acknowledge that you have read and understood this policy.
1. Data Controller
The data controller responsible for your personal data is:
Sigma Shopfronts and Shutter Limited
Company No: 16794487
West Midlands, United Kingdom
Email: sales@sigmashopfronts.com
If you have any questions about this privacy policy or how we handle your data, please contact us at the address above.
2. What Personal Data We Collect
We collect personal data through three main channels:
2.1 Contact Form
When you submit an enquiry through our contact form, we collect:
- Full name
- Email address
- Telephone number (if provided)
- Location or site address
- Service of interest (e.g. aluminium shopfronts, roller shutters, security grilles)
- The content of your message
2.2 Chatbot Conversations
Our website features an AI-powered chatbot to assist with initial enquiries. If you use it, we collect:
- The content of your conversation with the chatbot
- Any contact details or project information you provide during the conversation
Conversation data is processed by Anthropic’s Claude AI (see Section 5).
2.3 Analytics and Cookies
When you visit our website, we may automatically collect:
- IP address (anonymised where possible)
- Browser type and version
- Device type and operating system
- Pages visited and time spent on each page
- Referring URL
- Cookie identifiers (see Section 7)
3. How We Use Your Personal Data
We use your personal data for the following purposes:
- Responding to enquiries — to reply to your questions, requests for information, or site survey requests.
- Preparing and sending quotations — to produce accurate, tailored quotes for shopfront installation, repair, or maintenance work.
- Fulfilling contracts — to manage and perform the services you have engaged us to provide.
- Improving our services and website — to analyse how visitors use our site and identify areas for improvement.
- Legal and regulatory compliance — to comply with our obligations under applicable law.
We will not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
4. Legal Basis for Processing
Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on:
Legitimate Interests (Article 6(1)(f))
Processing enquiry and chatbot data to respond to potential customers and improve our services. We have balanced our interests against your rights and determined this processing is necessary and proportionate.
Contractual Necessity (Article 6(1)(b))
Processing data necessary to fulfil a contract you have entered into with us, or to take steps at your request before entering a contract (such as preparing a quotation).
Consent (Article 6(1)(a))
Where we place non-essential cookies or use analytics tools, we will ask for your consent. You may withdraw consent at any time by adjusting your cookie preferences.
Legal Obligation (Article 6(1)(c))
Processing necessary to comply with a legal obligation to which we are subject, such as tax and accounting requirements.
5. Third-Party Service Providers
We share your data with the following trusted third-party providers solely to operate our business and deliver our services. Each provider is contractually obligated to handle your data securely and only as instructed.
| Provider | Purpose | Data Transferred |
|---|---|---|
| Vercel Inc. | Website hosting and deployment | IP address, request logs |
| Neon Technologies | Database storage for form submissions and chatbot logs | Contact form data, chatbot conversation data |
| Resend Inc. | Transactional email delivery (sending enquiry notifications) | Name, email address, message content |
| Anthropic PBC | AI chatbot processing (Claude) | Chatbot conversation content |
| Google LLC | Website analytics (Google Analytics) | Anonymised IP, page views, device data |
We do not sell your personal data to any third party. We do not share your data with any other organisations except where required by law or with your explicit consent.
Some of our service providers are based outside the United Kingdom. Where data is transferred internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the ICO.
6. How Long We Keep Your Data
We retain your personal data only for as long as is necessary for the purposes for which it was collected:
- Enquiries that do not result in a contract: Up to 12 months from receipt, after which they are securely deleted.
- Enquiries that result in a contract: For the duration of the contract and for 6 years thereafter, in accordance with the Limitation Act 1980.
- Chatbot conversation logs: Up to 90 days, unless the conversation leads to an enquiry or contract, in which case the relevant data is retained as above.
- Analytics data: Up to 26 months, as per Google Analytics default retention settings.
- Financial and accounting records: 6 years from the end of the relevant tax year, as required by HMRC.
7. Cookie Policy
Our website uses cookies — small text files placed on your device — to improve functionality and analyse usage. The types of cookies we use are:
Strictly Necessary Cookies
Required for the website to function correctly (e.g. session management). These cannot be disabled.
Analytics Cookies
Set by Google Analytics to help us understand how visitors interact with our website. These are only placed with your consent. You may opt out at any time.
You can control and delete cookies through your browser settings. For more information about cookies and how to manage them, visit www.allaboutcookies.org.
8. Your Rights Under UK GDPR
Under UK data protection law, you have the following rights in relation to your personal data:
Right of Access
You have the right to request a copy of the personal data we hold about you (a Subject Access Request).
Right to Rectification
You may request that we correct any inaccurate or incomplete personal data we hold about you.
Right to Erasure (“Right to be Forgotten”)
You may request that we delete your personal data in certain circumstances (e.g. where it is no longer necessary for the purpose for which it was collected).
Right to Data Portability
Where processing is based on consent or contractual necessity, you may request that we provide your data in a structured, commonly used, machine-readable format.
Right to Object
You have the right to object to processing based on legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.
Right to Restrict Processing
You may request that we restrict processing in certain circumstances, such as while we verify the accuracy of your data following a rectification request.
Right to Withdraw Consent
Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, please contact us using the details in Section 9. We will respond within one calendar month. We may need to verify your identity before processing your request.
9. Contact Us About Your Data
To make a data subject request, raise a concern, or ask any question about this privacy policy, please contact us:
Sigma Shopfronts and Shutter Limited
Data Enquiries
Email: sales@sigmashopfronts.com
We will acknowledge your request within 5 working days and respond in full within one calendar month. If your request is particularly complex or we receive a high volume of requests, we may extend this period by a further two months, but we will notify you if this is the case.
10. Right to Complain to the ICO
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Website: www.ico.org.uk
Helpline: 0303 123 1113
We would, however, appreciate the opportunity to address your concerns before you contact the ICO. Please do get in touch with us first.
11. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. Any changes will be posted on this page with an updated “Last updated” date. We encourage you to review this policy periodically.
Continued use of our website or services after changes are posted constitutes your acceptance of the revised policy.