Privacy Policy

Common Clauses and Definitions

GDPR - Whenever the terms 'The General Data Protection Regulation’ or ‘GDPR' are referred to in this document, it pertains to both The Regulation (EU) 2016/679 (EU GDPR) and The Data Protection Act 2018 (UK GDPR). Should there be a need to invoke other regulations, they will be appropriately and distinctly named.

The Regulation (EU) 2016/679 (EU GDPR) Territorial scope - The territorial scope of the GDPR encompasses the processing of personal data by entities established within the European Union/UK, regardless of where the processing occurs, as well as entities outside the EU/UK that either offer goods or services to individuals within the EU or monitor their behaviour within the Union. It also applies in situations governed by a Member State's public international law. This means the GDPR's reach extends beyond the EU's borders, affecting organisations globally that interact with EU residents.

The Data Protection Act 2018 (UK GDPR) Territorial Scope - The UK GDPR, which came into effect post-Brexit, maintains similar territorial principles. It applies to the processing of personal data by entities established within the United Kingdom. For entities outside the UK, the UK GDPR applies if they offer goods or services to, or monitor the behaviour of, individuals within the UK. It also captures situations dictated by UK international law.

Personal data - As defined by the GDPR and other data protection legislation, personal data refers to any information relating to an identified or identifiable natural person ('data subject'). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. This broad definition encompasses a wide range of information, including but not limited to, names, addresses, email addresses, identification numbers, IP addresses, and cookie identifiers.

Sensitive Type of Data - Under the General Data Protection Regulation (GDPR), ‘sensitive data’ is defined as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Privacy Statement Summary

This Privacy Policy ("Policy") outlines the methods by which Secret Linen Store ("we"/ "us" / "our") gathers, handles and shares your information. This Policy is relevant when we decide the reasons and methods for processing specific personal information, such as details from our website visitors, service users, clients, partners, and others.

Who will use my data?

Secret Linen Store Ltd. registered in England, #0859030, and located at The Bed Quarters, No 5 Durban Business Park, Durban Road, PO22 9FE.

Who are we?

With over 25 years of expertise, we, at the Secret Linen Store, specialise in designing and crafting premium bed linen and home textiles. Our commitment to quality is evident in our meticulous selection of suppliers; we exclusively work with trusted vendors holding OEKO-TEX® Standard 100 certification. Operating in Portugal and the UK, we've cultivated long-standing relationships with our factories, ensuring the highest standards in manufacturing.

Beyond creating exceptional products, we are dedicated to making a positive impact on the planet and society. We invest in understanding and mitigating our environmental footprint, supporting charities, and treating our factory partners fairly.

Our offerings include an exclusive range of bedding, nightwear, towels, and accessories. We prioritise responsibly sourced cotton and offer certified organic options. Our diverse selection caters to various preferences, from soft linen to crisp cotton, featuring unique patterns and colours designed in-house.

Noteworthy practices set us apart. We use high-quality fabrics on both sides of our duvet covers, avoid lower-quality materials on reverses, and ensure all bedding is labelled for easy identification. The design process, led by our creative genius Molly, guarantees unique patterns and premium fabrics.

Our commitment to freshness is evident, with duvets, pillows, and toppers made to order in our Scottish factory. 

We have supported local charities like The Sussex Seabed Restoration project and actively support Choose Love through the sale of certain products.

Our business is B Corp Certified. As a B Corp, we’re part of a global community of businesses that meet high standards of social and environmental impact.

Our focus on impact extends to packaging, minimising plastic use, utilising recycled and compostable materials, and experimenting with fully paper options.

As a family-run business founded by two sisters, our passion lies in transforming bedrooms and ensuring restful nights for our customers. With a dedication to quality, responsibly sourced and unique designs, we invite you to experience the difference that premium bed linen can make in your homes.

What for?

Our purpose in processing operations in the Secret Linen Store is to manage and facilitate the sales process effectively and efficiently. This involves collecting, storing, and utilising data and information to support various aspects of the sales cycle. Here are some key objectives and purposes of the processing operations in our company:

  • Customer Relationship Management: We gather and maintain customer data, encompassing contact details, purchase history, preferences, and interactions. This information serves as a foundation for building and nurturing strong customer relationships.
  • Sales and Lead Generation: Processing operations aid in identifying potential customers or leads, monitoring their engagement with our company, and facilitating the conversion of leads into satisfied customers.
  • Order Processing: From order entry to inventory management and fulfilment, we carefully handle the entire order processing cycle to ensure swift and efficient delivery of products or services to our customers.
  • Sales Analytics: Data processing is employed to analyse sales trends, customer behaviour, and market conditions. These insights inform strategic decisions regarding pricing, marketing strategies, and product development.
  • Marketing and Advertising: Leveraging customer data enables us to target marketing and advertising efforts more precisely. This personalised approach tailors campaigns and promotions to individual customer preferences.
  • Customer Support: Data processing supports customer support operations by providing quick access to customer data, facilitating prompt issue resolution, and enhancing the overall customer experience.
  • Sales Forecasting: Through the analysis of historical sales data and market trends, we create accurate sales forecasts. This aids in effective inventory management and resource allocation.
  • Compliance: Adherence to data protection and privacy regulations is of great importance in our processing operations. Ensuring compliance with these regulations is integral to our commitment to safeguarding customer information.
  • Reporting: Our data processing operations generate insightful reports and dashboards, providing an inclusive view of our sales performance. This empowers management to make informed decisions and set strategic goals.

In summary, the primary goal of our processing operations is to elevate sales effectiveness, enhance customer satisfaction, and optimise overall business performance by harnessing data and technology across various facets of the sales cycle.

What will happen if I contact you?

When you contact us at Secret Linen Store, we prioritise your privacy and ensure that your personal information is handled with the utmost care and confidentiality. Upon reaching out, our dedicated customer service team will address your inquiries or concerns promptly. Any personal data you provide, such as your name, email, or phone number, will be used solely for the purpose of assisting you and will not be shared with third parties without your explicit consent. Our commitment is to provide you with exceptional service while respecting your privacy and personal information.

How do we collect your data?

We collect your data through various methods, ensuring that each method aligns with our commitment to transparency and compliance with data protection laws.

When you interact with us about our products (via our live chat service on the website), whether as a current customer or a potential one, we directly gather your personal data from you.

When you visit our website, we may collect certain information such as your IP address, browser type, and the pages you visit. We may also use cookies to collect additional information, such as your preferences and interests.

What data will be stored?

At Secret Linen Store, we maintain a range of data to facilitate our sales services for both clients and potential clients. Additionally, we may store data about candidates for work when needed. The specific information we store may vary based on the nature of our interaction with you, but it typically includes the following:

  • Contact Information: We securely store your name, email address, telephone number, and other contact details provided when you reach out to us.
  • Website Usage Data: When you visit our website, we may collect information about your IP address, browser type, and the pages you browse. Additionally, we may utilise cookies to store additional data, such as your preferences and interests.

Ensuring data privacy and security is a top priority for us. All data we store is handled in strict adherence to applicable laws and regulations. We are committed to transparency, providing individuals with clear information about our data storage practices and ensuring they are aware of their rights concerning their personal data. If you have any concerns or inquiries about your data, please don't hesitate to contact us.

What data will be shared?

We understand the importance of privacy and the trust you place in us when sharing your data. The data shared by us is done so with a clear purpose and only under circumstances that necessitate such actions to provide you with our products or to comply with legal obligations. Primarily, the data shared includes information necessary for providing our products to you, as our customers.

Additionally, we may share data with third-party service providers who assist us in operating our website, conducting our business, so long as those parties agree to keep this information confidential. These services include website hosting, data analysis, payment processing, information technology and related infrastructure provision, customer service, email delivery, and auditing services.

We also share data when it is required by law, such as in response to a request from law enforcement or other government authorities, or in the good faith belief that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

It is our policy to be transparent about the data we collect and share. We ensure that any sharing of data is in compliance with applicable data protection laws and our privacy policy, which is designed to protect your privacy rights. We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information for their marketing purposes without your consent.

In all instances, our aim is to ensure that your data is treated with the utmost care and security, and that data sharing is done in a way that respects your privacy and is consistent with our commitment to providing high-quality services.

The specific data that may be shared is contingent upon the services provided and the requirements of those engagements. This typically includes:

  • Contact Information: Such as your name, email address, and phone number to facilitate communication between you, our team, and, when necessary, third-party service providers who are integral to delivering our services.
  • Website Interaction Data: Aggregated or anonymised data regarding how you use our website, which could be shared with analytics and technology service providers to help us improve user experience and service delivery.

It's important to note that any sharing of personal data is conducted with strict adherence to applicable data protection laws and our privacy policy. We ensure that third parties with whom data is shared are committed to maintaining confidentiality and security of the data, and we limit the sharing of data to what is necessary to provide our services or as required by law.

Who do we share data with?

We only share your data with trusted and relevant companies which ensure an adequate level of protection and where there is an appropriate agreement in place which includes obligations in relation to the confidentiality, security and lawful processing of any personal data shared with them.

We may share your data with third party vendors and other service providers in order to perform tasks on our behalf. These third parties are website analytics companies, payment processing providers, CRM services providers, email service providers.

We may transfer your personal information to third parties in connection with a reorganisation, restructuring, merger, acquisition, sale or transfer of assets, or changing services suppliers provided that the receiving party agrees to treat your personal information in a manner consistent with this Privacy Policy.

How long?

At Secret Linen Store, the duration for which we retain data depends on the purpose for which it was collected and our legal and regulatory obligations. We keep personal data for as long as necessary to fulfil the purposes for which it was collected, including for providing our products to you, and as required to comply with our legal obligations.

Once the data is no longer needed for these purposes, we take steps to securely delete or anonymise it. We regularly review our data retention policies to ensure they comply with applicable laws and align with best practices, ensuring that personal data is not kept longer than necessary.

For more information, please contact us about our Data Retention Policy.

Who can access my data?

At Secret Linen Store access to your data is strictly limited to individuals and entities that require it to provide you with our products, support your needs, or comply with legal obligations.

In addition, we collaborate with third-party service providers who support us in diverse aspects of our sales operations, website management, data analysis, and customer service. These providers are given access only to the necessary data required for their services and are bound by contractual agreements to uphold the confidentiality and security of your information, aligning with our rigorous privacy standards.

Furthermore, we may disclose your data when required by law, such as in response to legal requests by public authorities, including to meet national security or law enforcement requirements.

It's important to note that we implement strong security measures and protocols to ensure that any access to your data is secure and in compliance with applicable data protection laws. Our commitment to your privacy means that we continuously evaluate and update our practices to safeguard your information effectively.

How is my data kept secure?

At Secret Linen Store, keeping your data secure is a top priority for us. We employ a range of security measures to protect your data from unauthorised access, disclosure, alteration, or destruction. These measures include advanced technological solutions such as encryption, secure servers, and firewalls to safeguard the digital integrity of your data.

In addition to technological measures, we have strict organisational procedures in place. Our employees are trained in data protection and confidentiality, and access to personal data is limited to those who need it to perform their job functions. We also regularly review and update our security practices to address new and emerging threats.

Furthermore, we ensure compliance with relevant data protection laws and regulations, including the GDPR, which guides our data handling practices. We are committed to continuously improving our data security measures to provide the highest level of protection for your personal information.

About this Privacy Policy

This policy sets out how we will collect, store and process the information that you provide to us, information we collect as a result of our interaction, the information we collect about you from other sources, or information we service about you by using the information we hold.

The General Data Protection Regulation (GDPR) describes how organisations must collect, handle, process, and store personal information. These rules apply regardless of whether data is stored electronically, on paper, or other material. To comply with the law, personal information must be collected and used fairly, stored safely, and not disclosed unlawfully. GDPR is underpinned by eight important principles. These say that personal data must:

  • Be processed fairly and lawfully;
  • Be obtained only for specific, lawful purposes;
  • Be adequate, relevant, and not excessive;
  • Be accurate and kept up to date;
  • Not be held for any longer than is necessary;
  • Be processed in accordance with the rights of the data subjects;
  • Be protected in appropriate ways;
  • Not be transferred outside our borders unless that country or territory also ensures an adequate level of protection.

We take these responsibilities seriously; this document describes our approach to data protection.

This policy helps to protect us from data security risks, including:

  • Breaches of confidentiality. For instance, information being given out inappropriately;
  • Failing to offer choice. For instance, all individuals should be free to choose how the company uses data relating to them;
  • Reputational damage. For instance, the company could suffer if hackers successfully gained access to sensitive data;
  • Any other risks inherent in the collection, storage, or processing of your data.

Who We Are And How To Contact Us

Secret Linen Store is a Limited Company registered in England, #08590307, VAT #171 0307 50, and the Data Protection Lead is Daniel Mears. You can contact us on the following email address: or write to us at Secret Linen Store, The Bed Quarters, No 5 Durban Business Park, Durban Road, PO22 9FE.

Who this privacy policy applies to

This policy relates to data subjects of Secret Linen Store including customers, suppliers, partners, employees, and all other individuals. Processing of your data is required in order to offer you our products and services and to run our company. It applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside of the GDPR. This can include:

  • Names of Individuals;
  • Contact details;
  • Postal addresses;
  • Email Addresses;
  • Telephone numbers;
  • Billing and payment information;
  • Login data;
  • Professional qualifications and educational background;
  • Employment history and work experience;
  • And other information as required.

What this policy applies to

This section describes the lawful basis for processing your data and applies to the information about yourself that you choose to provide us with or that you allow us to collect. This includes:

  • The Information you provide when you contact us;
  • When you contact us in order to discuss buying our products;
  • Information we collect about how you use the website;
  • Information relating to the products we offer to you and other transactions including financial and other personal information required to complete these transactions;
  • Information that is given and stored as part of our ongoing relationship;
  • Information we collect as a result of our interaction;
  • information we collect for the purposes of employment
  • information you share with us for the purposes of recruitment

We do not routinely collect or process sensitive data about you. However, where this is the case we will ensure we take appropriate precautions to protect your data.

How your information will be used

We will only use your personal data for the purposes for which we collected it and as you would reasonably expect your data to be processed and only where there is a lawful basis for such processing, for example:

Purpose/Activity Type of data Lawful basis for processing
To register you as a new customer

a. Identity
b. Contact

a. Performance of a contract with you
b. Consent

To manage our ongoing relationship with you which will include notifying you about changes to our terms, services or privacy policy, to maintain our records a. Identity
b. Contact
c. Profile
d. Marketing and Communications
a. Performance of a contract with you
b. Necessary to comply with a legal obligation
c. Necessary for our legitimate interests to keep our records updated and to study how customers use our services
d. Consent
To administer and protect our business and our site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) a. Identity
b. Contact
c. Technical
a. Necessary for our legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise (legal requirements)
b. Necessary to comply with a legal obligation
c. Consent
To use data analytics to improve our website, services, marketing, customer relationships and experiences a. Technical
b. Usage
a. Necessary for our legitimate interests to define types of customers for our services, to keep our site updated and relevant, to develop our business and to inform our marketing strategy
b. Consent
To make suggestions and recommendations to you about products that may be of interest to you


a. Identity
b. Contact
c. Technical


a. Necessary for our legitimate interests to develop our products and grow our business
b. Consent
To perform our legal obligations arising from labour regulations


a. Identity
b. Contact
c. Financial
d.Employment history
e. Personal data required by applicable labour laws

a. Applicable laws regulating labour rights
b. Contract of Employment
To organise and lead process of recruitment To organise and lead process of recruitment a. Identity
b. Contact
c. Data shared in CV
a. Consent


We will use your data for the purpose it was collected and where we have your consent or an appropriate lawful basis we may use your personal information to provide you with marketing information about services, promotions and offers that may be of interest to you. This document explains how you can change whether to receive this information. Please note that, even if you choose not to receive this information, we may still use your personal information to provide you with important services communications, including communications in relation to any services we provide to you.

You will only receive marketing communications from us if you have:

  • Requested information from us;
  • If you provided us with your details and ticked the box at the point of entry of your details for us to send you marketing communications;
  • You have not opted out of receiving marketing;
  • Where we have an appropriate lawful basis.

We will get your express opt-in consent before we use or share your personal data with any third party for marketing purposes.

How to change your preferences

We operate in line with the GDPR data protection guidelines. We respect your rights and will respond to any request for access to personal information and requests to delete, rectify, transfer, data, and to stop the processing. We will also advise you on how to complain to the relevant authorities if needed. Where possible any requests or objections should be made in writing to the Data Controller, or you can visit our website, call, or email us to contact us to exercise your rights, make a complaint, or change your preferences at any time.

Opting out at a later date

Where you give your consent for us to process your data, for example when you agree to us sending you marketing information or where you agree to us processing financial data, you can contact us to amend or withdraw your consent at any time. You can also choose to object to processing and request deletion of your data. We respect all user rights as defined in GDPR. If you have any comments or wish to complain please contact us at

How we store and process your data

Your data will be collected, stored and processed securely, where we transfer your data internationally, we will ensure we take appropriate precautions to protect this data. Your data will normally be stored for up to as long as necessary in order to meet our legal obligations and protect our interests. For more information, please contact us about our Data Retention Policy.

We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to find out more about how the processing for the new purpose is compatible with the original purpose, please email us. If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground of processing.

We may be legally obliged to disclose your personal information without your knowledge to the extent that we are required to do so by law; in connection with any ongoing or prospective legal proceedings; in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.

Our obligations

We are a Data Controller. In relation to the information that you provide to us, we are legally responsible for how that information is handled. We will comply with the GDPR in the way we use and share your personal data.

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:

  • Request access to your personal data;
  • Request correction of your personal data;
  • Request erasure of your personal data;
  • Object to processing of your personal data;
  • Request restriction of processing your personal data;
  • Request transfer of your personal data;
  • Object to profiling
  • Right to withdraw consent.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We aim to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Third Parties

We may have to share your personal data with selected third parties in order to meet our obligations to you and for the purposes described in this document:

  • Service providers who provide IT and system administration services;
  • Third parties including data processors, suppliers, service providers, equipment providers, and other third parties as required to run and grow our business;
  • Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, credit scoring, banking, legal, fraud protection, insurance and accounting services;
  • Social media companies;
  • Government organisation, regulators, other legal authorities and other relevant jurisdictions who require reporting of processing activities in certain circumstances;
  • Third parties to whom we sell, transfer, or merge parts of our business or our assets;
  • Other companies as required to meet our obligations to you and run our business.

We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.


We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

Where required under GDPR will report any breaches or potential breaches to the appropriate authorities within 24 hours and to anyone affected by a breach within 72 hours. If you have any queries or concerns about your data usage, please contact us.

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Processing of children's information

We do not knowingly collect or maintain Personally-Identifying Information from anyone under the age of 13, unless or except as permitted by law. Any person who provides Personally-Identifying Information through the Website represents to us that he or she is 13 years of age or older. If we learn that Personally-Identifying Information has been collected from a user under 13 years of age on or through the Website, then we will take the appropriate steps to cause this information to be deleted.

If you are the parent or legal guardian of a child under 13 who has become a member of the Website or has otherwise transferred Personally-Identifying Information to the Website, please contact the Company using our contact information below to have that child's account terminated and information deleted.


A cookie is a small file that asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

As well as your ability to accept or reject cookies, we also require your permission to store cookies on your machine, which is why when you visit our site, you are presented with the ability to accept our terms of use, including the storage of cookies on your machine.

Contacting us, exercising your information rights and Complaints

If you have any questions or comments about this Privacy Policy, wish to exercise your information rights in connection with the personal data you have shared with us, or wish to complain, please contact our Data Protection Lead. We aim to process data protection requests within 30 days, SAR responses are usually free, but we reserve the right to charge for excessive or unfounded requests. We fully comply with Data Protection legislation and will assist in any investigation or request made by the appropriate authorities.

If you remain dissatisfied, then you have the right to apply directly to your local data protection authority. You can find the list at: