Privacy policy

DATA PRIVACY AND PROTECTION POLICY

1. IMPORTANT INFORMATION AND WHO WE ARE

1.1 Purpose of this Privacy Policy
This privacy policy aims to give you comprehensive information on how MPG Enterprises Limited collects and processes your personal data through your use of our websites (including devonbedcentre.co.uk and christiesfurniture.co.uk), when you visit our retail showrooms, contact us via telesales or telephone, interface with our digital customer service chat facilities, or otherwise interact with us electronically. It is critical that you read this privacy policy together with our Terms and Conditions of Sale and any other fair processing notices we may provide on specific occasions.

1.2 Data Controller Details
MPG Enterprises Limited (trading as "Devon Bed Centre" and "Christies Furniture") is the data controller and is legally responsible for your personal data (collectively referred to as "the Company," "we," "us," or "our" in this policy). Our registered office address is c/o MPG Enterprises, Francis Clark, Sigma House, Oak View Close, Edginswell Lane, Torquay, Devon, TQ2 7FF. Our primary retail showroom and principal trading facility is situated at Unit 5, Grace Road West, Marsh Barton, Exeter, Devon, EX2 8PU.

Registered Company Number: 05278523

Value Added Tax (VAT) Number: 7877 496 447

1.3 Third-Party Links and Representations
Our websites may contain hyperlinks to third-party plug-ins, external platforms, or independent software applications (such as third-party live chat widgets or finance applications). Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party platforms and are not responsible for their individual privacy disclosures. If you provide information to us about any person other than yourself, you explicitly warrant that you have obtained their unambiguous permission to disclose their information to us under the terms of this policy.


2. THE DATA WE COLLECT ABOUT YOU

2.1 Categories of Personal Data
Personal data, or personal information, means any information about an individual from which that person can be identified. We may collect, use, store, and transfer different kinds of personal data about you which we have grouped together as follows:

Identity Data: Includes your first name, maiden name, last name, username or similar identifier, marital status, title, and signature.

Contact Data: Includes your billing address, structural delivery address, email address, telephone numbers, and mobile numbers.

Financial Data: Includes masked payment card details, transaction history, loan terms, and specific values of finance requested.

Transaction Data: Includes comprehensive details about payments to and from you, and explicit details of products and services you have purchased from us.

Technical Data: Includes internet protocol (IP) addresses, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our websites.

Special Category Data (VAT Exemptions): We do not actively collect sensitive personal data except where explicitly required to process a Value Added Tax (VAT) exemption request based on a physical or mental disability. In such isolated instances, we will process data relating to your health strictly with your explicit consent and solely to satisfy HM Revenue & Customs (HMRC) statutory documentation requirements.


3. HOW YOUR PERSONAL DATA IS COLLECTED

3.1 Direct Interactions: You may give us your Identity, Contact, and Financial Data by filling in physical or digital forms or by corresponding with us by post, phone, email, live chat, or otherwise. This includes personal data you provide when you purchase furniture or sleep systems in our showrooms, register an account online, subscribe to our promotional publications, enter a competition, complete a survey, or submit a formal product service or repair claim.

3.2 Automated Technologies or Interactions: As you interact with our websites, we may automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar tracking technologies.


4. HOW WE USE YOUR PERSONAL DATA AND LAWFUL BASES

Under the UK General Data Protection Regulation (UK GDPR), we must always establish a valid lawful basis to process your personal data. Most commonly, we rely on the following legal frameworks:

4.1 Performance of a Contract
We process your Identity, Contact, and Transaction Data primarily to fulfill our core contractual obligations arising from any transactions entered into between you and us. This ensures we can successfully process your orders, manufacture bespoke furniture items to your specifications, process invoice payments, and accurately coordinate home delivery services.

4.2 Legitimate Interests
We process your data where it is necessary for our legitimate business interests to conduct and manage our operations, provided that your fundamental privacy rights do not override those interests. Our specific Legitimate Interests include:

Operational Efficiency: Sharing data with selected third-party live chat providers. Chat logs are securely held on specialized servers for a maximum retention period of 12 weeks to facilitate customer service optimization.

Service Extensions: Passing your name and address details to furniture suppliers to process temporary fabric sample requests (deleted immediately after processing), or sharing your details with our external Service Managers and independent third-party technicians to execute structural repairs or home furniture servicing.

Corporate Security: Maintaining system safety, executing advanced data analytics, diagnosing technical website issues, preventing fraudulent transactions, and evaluating the overarching effectiveness of our local advertising campaigns.

4.3 Consent and Electronic Marketing Compliance
Our approach to direct marketing is governed strictly by current UK privacy standards (including the Privacy and Electronic Communications Regulations):

Historical Records: If you executed a commercial purchase from our company prior to 23rd May 2018 and have not explicitly requested to be removed from our marketing lists, we may occasionally transmit postal, SMS, or email marketing detailing relevant showroom promotions based on historical legitimate business engagement.

Modern Transactions: For all transactional data captured after 23rd May 2018, the Company will only transmit digital marketing communications (emails and SMS) if you have actively and unambiguously provided affirmative opt-in consent to receive such material.

The Right to Opt-Out: You retain an absolute, unrestricted right to withdraw your marketing consent or object to direct marketing profiles at any time. Because our automated messaging systems do not utilize interactive opt-out hyperlinks or direct SMS reply functionality, you can execute your opt-out request instantly by calling our Exeter showroom directly on 01392 255906, or by transmitting an explicit written opt-out request via email to our customer service desk. Once received, your details will be manually removed from our marketing broadcasts without delay.


5. DISCLOSURES OF YOUR PERSONAL DATA

5.1 Internal and Third-Party Processors
To ensure the seamless delivery and long-term protection of your furniture purchases, we are required to share specific elements of your personal data with the following authorized third parties:

Logistics and Delivery Contractors: Your Identity and Contact Data will be securely transmitted to our independent delivery crews, freight networks, and transport operators to facilitate accurate home delivery routing.

Direct-to-Consumer Furniture Suppliers: Where your items are dispatched directly from a manufacturer's factory, or where the external manufacturer holds direct structural responsibility for the product warranty, your full contact details will be transferred to them. They will store this information for the full duration of the commercial guarantee to ensure compliance with product warranties.

5.2 Third-Party Data Controllers (Finance Applications)

If you elect to utilize a promotional finance agreement to fund your furniture purchase, the Company acts strictly as a credit broker and will facilitate the application process by transferring your information to our authorized third-party finance providers. Our primary integrated finance provider is Novuna Personal Finance (a trading style of Mitsubishi HC Capital UK PLC).

Please note that these finance entities operate as independent, third-party data controllers. They are fully responsible for the personal data you choose to provide to them. They will execute independent credit searches, interface with accredited Credit Reference Agencies (CRAs), maintain automated scoring footprints, and establish an independent financial relationship with you. We retain records indicating only the identity of your chosen finance provider, the underlying loan terms, and the net monetary value of the credit request.


6. DATA SECURITY AND RETENTION

6.1 Security Provisions
We have put in place robust, appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and manufacturers who have a legitimate business need to know.

6.2 Retention Timelines
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or statutory reporting requirements. For core bed, mattress, and cabinet furniture transactions, we maintain your Identity, Contact, and Transaction Data for the full duration of your comprehensive product guarantee (up to 10 years, as detailed in your product paperwork). This extended retention ensures we can honour all voluntary structural promises, manage fabric stain claims, and deploy technical service managers to your property if issues arise down the line.


7. YOUR LEGAL RIGHTS UNDER UK GDPR

Under specific circumstances, you possess clear statutory rights under the UK General Data Protection Regulation and the Data Protection Act 2018 in relation to your personal data. You have the right to:

Request Access to your personal data (commonly known as a "data subject access request"). This enables you to receive a comprehensive copy of the personal data we hold about you and check that we are lawfully processing it.

Request Correction of the personal data that we hold about you. This enables you to have any incomplete, inaccurate, or outdated data we hold about you completely rectified.

Request Erasure of your personal data. This enables you to ask us to delete

or remove personal data where there is no valid, continuing legal or contractual reason for us continuing to process or retain it.

Object to Processing of your personal data where we are relying on a Legitimate Interest framework and there is something about your particular situation which makes you want to object to processing on this ground.

Request Restriction of Processing of your personal data. This enables you to ask us to suspend the processing of your personal data in specific scenarios, such as establishing its factual accuracy.

Request the Transfer of your personal data to yourself or to an independent third-party provider in a structured, commonly used, machine-readable format.

Withdraw Consent at Any Time where we are relying strictly on explicit consent to process your personal data (such as sensitive VAT health documentation or voluntary marketing opt-ins).

If you wish to exercise any of the statutory rights outlined above, please contact our administrative offices directly via telephone on 01392 255906 or submit a formal written request to our Marsh Barton trading address. You will not have to pay a fee to access your personal data; however, we reserve the right to charge a reasonable administrative fee or refuse to comply if your request is manifestly unfounded, repetitive, or excessive.

7.2 Right to Lodge a Complaint
You possess the absolute statutory right to make a formal complaint at any time to the Information Commissioner's Office (ICO), the official UK supervisory authority tasked with overseeing data protection compliance issues(www.ico.org.uk). We would, however, profoundly appreciate the opportunity to address and resolve any of your data privacy concerns internally before you approach the regulatory authority, so please contact our showroom management team in the first instance.