Website and customer privacy notice for Nifty Fixes NE Ltd trading as Nifty Fixes North East
Nifty Fixes NE Ltd, trading as Nifty Fixes North East, is the data controller for the personal data covered by this privacy policy unless we tell you otherwise.
Registered company name: Nifty Fixes NE Ltd
Trading name: Nifty Fixes North East
Company number: 16397211 (England and Wales)
Registered office: Office 3 Armadillo Self Storage, 5 Industry Road, Newcastle upon Tyne, NE6 5XB
Email: hello@niftyfixesne.co.uk
Telephone: 07956 011 072
This privacy policy explains how we collect, use, store, share and otherwise process personal data when you:
This policy sits alongside any separate service contract, quotation, estimate, B2C terms, B2B terms, guarantee wording or invoice terms that may also apply to your booking or job.
Please avoid sending sensitive personal data unless it is genuinely necessary. If health, disability or other special category information needs to be shared so that we can attend safely or make reasonable adjustments, please limit it to what is relevant.
Under the UK GDPR we must have a lawful basis for processing personal data. The main ways we use personal data are set out below.
| Purpose | Typical use | Lawful basis normally used |
|---|---|---|
| Enquiries and quotations | To respond to enquiries, review photos, discuss scope, arrange surveys and prepare estimates or quotations. | Contract steps before entering into a contract and, in some cases, legitimate interests. |
| Bookings and service delivery | To schedule, attend, carry out works, liaise with occupiers or site contacts, issue reports or certificates and provide aftercare. | Contract and legitimate interests for efficient job administration. |
| Payments and accounts | To issue invoices, take or reconcile payments, keep accounts and manage debt recovery where necessary. | Contract, legal obligation and legitimate interests. |
| Job records and evidence | To keep work records, progress notes, photos, certificates, warranty history and evidence for disputes or insurance matters. | Legitimate interests and, where required, legal obligation. |
| Health, safety and site management | To assess risks, manage access, record hazards, protect staff and customers, and deal with incidents. | Legal obligation and legitimate interests. |
| Customer service and complaints | To handle complaints, guarantee claims, quality checks, refund issues, data protection requests and general support. | Legal obligation and legitimate interests. |
| Website operation and security | To operate the website, record consent choices, manage sessions, prevent abuse, troubleshoot problems and protect the site. | Legitimate interests and, where a PECR exemption applies, strictly necessary operation. |
| Analytics, media and marketing | To measure website use, operate non-essential plugins, process online payment tools, and send marketing where permitted. | Consent where required under PECR and UK GDPR, and in limited business-to-business contexts legitimate interests where lawful. |
Service messages such as appointment confirmations, quotation follow-ups, job administration messages, invoice communications and guarantee responses are not treated in the same way as promotional marketing.
Where we send promotional email or text messages to individuals, we will do so only where we have valid consent or where the PECR soft opt-in rules are available and properly applied. For corporate business contacts, we may contact relevant people where permitted by law, but we will respect opt-out requests.
You have the right to object to direct marketing at any time. If you opt out, we will stop sending marketing messages. We may keep a minimal suppression record so that we can honour your opt-out in future.
We do not sell personal data. We may share personal data only where it is reasonably necessary for the purposes described in this policy, including with:
This may include providers or platforms used for website hosting and security, WordPress and Elementor website tooling, consent tools, analytics, PayPal online payments, Zoho email, Love VoIP telephony, and Nextcloud, S3 or related backup and storage arrangements hosted with MassiveGRID.
Some third parties act only as processors on our instructions. Others, such as payment providers or social media platforms that you choose to use, may act as separate controllers under their own privacy notices.
Some service providers may store or access personal data outside the United Kingdom. Where this involves a restricted transfer under UK data protection law, we aim to ensure an appropriate safeguard is used, such as UK adequacy regulations, the International Data Transfer Agreement, the UK Addendum to standard contractual clauses, or another lawful transfer mechanism.
We do not keep personal data for longer than we reasonably need it. The exact period depends on the purpose, the type of record and any legal, accounting, warranty or dispute requirements.
| Record type | Typical retention approach |
|---|---|
| General enquiries that do not proceed | Usually up to 12 months after the last meaningful contact, unless a longer period is needed to deal with a dispute or repeat enquiry. |
| Quotations and estimate files | Usually up to 18 months after issue if the work does not proceed, then deleted or minimised unless needed for legal or accounting reasons. |
| Customer job files, reports, certificates and work photos | Usually at least 7 years after completion, and longer where reasonably needed for warranty, insurance, dispute, safety or limitation purposes. |
| Invoices, accounting and tax records | Usually 6 years plus the current financial year, or longer where the law requires. |
| Marketing consent and suppression records | Kept for as long as needed to evidence consent or honour an opt-out request. |
| Cookie or consent records | Kept for the period set by the consent tool or as long as reasonably needed to demonstrate compliance. |
We use reasonable technical and organisational measures designed to protect personal data. This includes controls around access, password and account management, backups, secure platforms, and limiting information to people who need it for the relevant task. No internet-based transmission or storage system is completely secure, but we take data protection and confidentiality seriously.
Depending on the circumstances, you may have the right to access, correct, erase, restrict, object to certain processing, ask for portability of certain data where applicable, and withdraw consent at any time where we rely on consent.
You can exercise your rights by contacting us. We may need to verify identity before disclosing or changing personal data. We usually respond without undue delay and within one month, although the law allows certain extensions or exceptions in some cases.
If you have a concern about how we use personal data, please contact us first at hello@niftyfixesne.co.uk. We aim to provide an accessible route for privacy complaints and to deal with them appropriately.
You also have the right to complain to the Information Commissioner's Office (ICO).
We may update this privacy policy from time to time. The latest version published on the website applies from the last updated date shown on the page.