Privacy Policy

Ankersen Drake Home Organisation ("the Company," "we", "our", or "us") is committed to protecting the privacy and personal data of our clients (“the Client”, "you" or "your"). This privacy policy explains how we collect, use, store, and protect your personal data in compliance with the UK General Data Protection Regulation (GDPR) and related data protection laws.

This Privacy Policy outlines our general data handling practices. For information specific to how your data is processed as part of a Service Agreement, please refer to your client contract.

1. Data We Collect

We may collect the following categories of personal data:

  • Contact Information: Name, email address, phone number, and postal address.

  • Service Information: Details about the services you request, purchase, or receive.

  • Financial Information: Payment details for invoicing and transactions (note: sensitive payment details are processed securely by third-party providers and not stored by us unless required for billing records).

  • Communication Data: Records of interactions with you, including emails, phone calls, and other correspondence.

We also collect data in the form of photography and videography. Please see Section 9 for details regarding this type of data collection.

We do not knowingly collect data from individuals under the age of 18 without explicit parental consent.

2. How We Use Your Data

We collect and process your personal data for the following purposes:

  • To communicate with you regarding inquiries, bookings, or updates.

  • To deliver the services you have requested or purchased.

  • To issue invoices, process payments, and manage accounts.

  • To comply with legal and regulatory obligations, such as tax and accounting requirements.

  • To improve our services by using aggregated, anonymised data for internal analysis.

For clients under a service agreement, specific data processing practices are detailed in your contract.

3. Lawful Bases for Processing

We process personal data under the following lawful bases as defined by GDPR:

  • Contractual Necessity: When processing is required to perform our agreement with you or take steps at your request prior to entering into an agreement.

  • Legal Obligation: When processing is necessary to comply with applicable laws and regulations.

  • Legitimate Interests: When processing is necessary for our legitimate interests, such as delivering quality services or maintaining business operations, provided these do not override your rights and freedoms.

4. Data Sharing

We will only share your personal data with third parties in the following circumstances:

  • Service Providers: Trusted subcontractors or vendors who assist in delivering our services (e.g., logistics providers, payment processors). These parties are contractually obligated to protect your data and comply with GDPR.

  • Legal Requirements: When disclosure is required by law, court order, or regulatory authority.

  • Client Consent: With your explicit consent, when necessary, for purposes outside the scope of this policy.

We will never sell, rent, or trade your personal data to third parties.

5. Data Storage and Security

We take appropriate technical and organisational measures to safeguard your personal data:

  • Storage: Personal data is stored and encrypted on secure, password-protected servers and is protected against unauthorised access, loss, or misuse. Physical security measures are in place for any hard copies of this data.

  • Access: Only authorised personnel with a legitimate business need have access to your data.

  • Monitoring: Regular audits and security reviews are conducted to maintain data protection standards.

  • Third-Party Systems: Any third-party tools or platforms used to store or process your data are vetted for GDPR compliance.

Despite these measures, no method of transmission or storage is completely secure. We cannot guarantee absolute security but are committed to maintaining high standards of protection.

Data Breach Notification: The Company will notify the Client without undue delay if a breach poses a high risk to their rights or freedoms and report the breach to the Information Commissioner’s Office (ICO) within 72 hours, as required under GDPR.

6. Data Retention

We retain personal data only as long as necessary to:

  • Fulfil the purposes outlined in this policy.

  • Comply with legal and regulatory obligations (e.g., retaining tax records for six years).

For retention practices related to contracted services, refer to your client agreement. After the relevant retention period, your data will be securely deleted or anonymised unless further retention is required for ongoing legal obligations.

7. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  1. Access: To request a copy of the personal data we hold about you.

  2. Correction: To request corrections to inaccurate or incomplete data.

  3. Deletion ("Right to be Forgotten"): To request the deletion of your data at any time, subject to legal and regulatory requirements. This is inclusive of photography and videography.

  4. Restriction: To request the restriction of data processing in certain circumstances.

  5. Objection: To object to processing based on legitimate interests or direct marketing.

  6. Data Portability: To request the transfer of your data to another organisation.

To exercise any of these rights, please contact us using the details provided in Section 8. We will respond to all requests within one month, as required by GDPR.

8. Confidentiality Agreements

If the Client wishes for the Company to sign a Confidentiality Agreement, this must be emailed to the Company and agreed upon ahead of undertaking any contractual agreements with the Client.

9. Photography, Videography, and Marketing Usage

  1. Photography and Videography

    The Company may photograph and video the project at all stages, including upon completion.

  2. Opting Out of Photography and Videography

    If the Client does not wish for project photos and/or videos to be taken, they must notify the Company in writing prior to the commencement of the project.

  3. Usage of Photos and Videos
    These photos and videos may be used by the Company for various business purposes, including but not limited to:

    • Press and publications

    • Online content and social media

    • Marketing and advertising

    • Print materials

  4. Opting Out of Marketing Use

    If the Client does not wish for project photos and/or videos to be used for marketing purposes, they must notify the Company in writing prior to the commencement of the project.

  5. Client Anonymity
    Marketing and social media usage of project photos will not identify Clients unless explicitly agreed otherwise.

  6. Client-Generated Content
    If the Client documents the project and releases it publicly, the Company must be credited appropriately.

  7. Retention and Deletion:

  • Photos and videos may be retained indefinitely for use on the Company’s website, social media, marketing, and promotional materials, as these materials are necessary to demonstrate the Company’s work.

  • The Client retains the right to withdraw their consent for the use of these materials at any time by notifying the Company in writing. Upon receiving such a request, the Company will cease using the relevant materials and remove them from active platforms within 30 days.

  • All photos and videos are securely stored and reviewed periodically to ensure they remain necessary and relevant for the purposes outlined. Materials deemed no longer necessary will be securely deleted.

10. Contact Information

For questions, concerns, or requests about this privacy policy or your personal data, you can contact us at:

  • Data Controller: Ankersen Drake Ltd

  • GDPR Officer Name: Amalie Kirkfeldt Ankersen

  • Email: amalie@ankersendrake.co.uk

  • Phone: 020 4529 4663

  • Address: 114a Netherwood Road, London, W14 0BQ

For clients under a Service Agreement, additional contact details may be provided in your contract.

11. Complaints

If you believe your data rights have been violated, you can lodge a complaint with the Information Commissioner’s Office (ICO):

We encourage you to contact us first to address your concerns directly.

12. Updates to This Policy

We may update this privacy policy to reflect changes in our practices, services, or legal obligations. The latest version will always be available on our website or provided upon request.

Last updated: 22 January 2025