top of page

Interior Solutions 

Privacy Policy and Privacy Notice

As an interior design practice and as an employer we process the data of individuals. In this policy/notice we aim to explain when and why we collect personal information about you. We also aim to explain how we use your personal information/data, the conditions under which we may disclose it to others if this is appropriate, and how we keep your personal information/data secure. 

This policy/notice does not apply to any websites that may have a link to ours. If you are dealing with other organisations in relation to the same matter with which you are dealing with us, you should contact them directly if you wish information in relation to how they deal with your personal information/data.


We take your privacy very seriously. When we use your personal information/data we are regulated under the General Data Protection Regulation (GDPR) which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information/data for the purposes of the GDPR. Our use of your personal information/data is subject to your instructions, the GDPR, other relevant UK and EU legislation and our professional duty of confidentiality. 

Who we are:

Data is collected, processed and stored by Interior Solutions. We are the ‘data controller’ of the personal information you provide to us. 

Interior Solutions trading address is 26 Bridge Road, Edinburgh, EH13 0LQ.  

Our Data Protection Officer (“DPO”) is Nicola Allan who can be contacted by email at 

What Information/Data we may use: 

The exact information we will request from you or use in relation to you will depend on what your relationship with us is (for example whether you are an employee, a client, a third party service provider or supplier, or another third party), in the case of clients what you have asked us to do, and in the case of third party service providers and suppliers what we are dealing with you on. 

There are two types of personal information/data that we may ask you to provide: 

  • Personal data: this is general information that you supply about yourself – such as your contact details, full name, address, previous addresses, date of birth, employment details, national insurance number, previous employment details, insurance details, financial information.

  • Sensitive personal data: this is more sensitive information and may include information relating to: your health; your sexual orientation; your political or philosophical views or opinions; your racial or ethnic origin; your religion and religious views; any trade union membership; biometric and genetic data. 

In the majority of cases personal data will be restricted to basic information and information needed to complete ID checks, process employment matters and progress transactions for clients.


Where we will obtain Information/Data from: 

We may obtain information about you from a number of sources, including: 

  • You may provide us with information in response to questions from us 

  • You may volunteer the information about yourself 

  • You may provide information relating to someone else – if you have the authority to do so 

  • We may obtain information from public sources such as Companies House, the Land Register, or Tribunal and Court records 

  • Information may be passed to us by third parties 


Why we need your Information/Data:

Again this will depend on what your relationship with us is (for example whether you are an employee, a client, or a third party service provider or supplier, or another third party), in the case of clients what you have asked us to do, and in the case of third party service providers and suppliers what we are dealing with you on. 

For employees, the main reason to ask you to provide us with personal information/data is to allow us to employ you, to allow us to process your employment salary and any other benefits, to allow us to continue to monitor your work and performance and employment needs, to allow us to arrange any insurance that is to be in place and to carry out any reference or other employment checks that are appropriate. We may also require to retain some your personal information/data for a period after your employment ends for the purposes of our accounts and in order that we can deal with any post-employment issues that may arise. 

For third party service providers and suppliers, the main reason to ask you to provide us with personal information/data is to allow us to verify your identity, to have details of who we are contracting with, and to allow us to progress our contractual relationship with you. Again we may also require to retain some your personal information/data for a period after our relationship with you ends for the purposes of our accounts and in order that we can deal with any post-relationship issues that may arise. 

For clients and potential clients, the main reason for asking you to provide us with your personal information/data is to allow us to carry out the work required of us, to have details of who we are contracting with, to enable us to communicate with you, and to allow us to progress our contractual relationship with you. Again we may also require to retain some your personal information/data for a period after our relationship with you ends for the purposes of our accounts and in order that we can deal with any post-relationship issues that may arise. 

Who has access to your Information/Data: 

We have a data protection regime in place in order to achieve the effective and secure processing of your personal data. We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes. 

How we protect your Information/Data: 

We recognise that your information is valuable and we take all reasonable measures to protect it whilst it is in our care. 

We adopt a high threshold when it comes to confidentiality obligations and we seek to ensure that both internal and external parties have agreed and do protect confidentiality of all information. 

We use computer safeguards such as firewalls, passwords, virus protection software and malware software; and we enforce, where possible, physical access controls to our buildings and files to keep data safe. 

How long we will keep your Information/Data for: 

Your personal information will be retained, usually in computer or manual files, only for as long as necessary to fulfil the purposes for which the information was collected.

What your rights are: 

Under GDPR, you are entitled to access your personal information/data. This is also known as a right to access. If you wish to make a request, please do so in writing to our DPO; or contact the person who has been dealing with you. 

A request for access to your personal information/data means you are entitled to a copy of the data we hold on you – such as your name, address, contact details, date of birth, information regarding your health etc.- but it does not mean you are entitled to the documents that contain this data. 

Under certain circumstances you also have the following rights: 

  • The right to be informed:  which is fulfilled by way of this privacy policy/notice and any further explanation we give as to how we use your personal information/data 

  • The right to rectification:  you are entitled to have personal information/data rectified if it is inaccurate or incomplete 

  • The ‘right to be forgotten’: you have the right to request the deletion or removal of your personal information/data where there is no compelling reason for its continued processing. This right can apply in the following specific circumstances: 

- Where the personal information/data is no longer necessary in regards to the purpose for which it was originally collected 

- Where consent is relied upon as the lawful basis for holding your information/data and you withdraw your consent 

- Where you object to the processing and there is no overriding legitimate interest for continuing the processing 

- The personal information/data was unlawfully processed
- Where you object to the processing for direct marketing purposes 

  • The right to object: you have the right to object to processing based on legitimate interests; and direct marketing. This right can apply in the following circumstances: 

- An objection to stop processing personal information/data for direct marketing purposes is absolute – we must stop processing where you object to this or withdraw your consent to this 

- Where you have an objection on grounds relating to your particular situation
In these circumstances we must stop processing your personal information/data unless: 

ï We can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms; or 

ï  The right to restrict processing: you have the right to request the restriction or suppression of your information/data. When processing is restricted, we can store the information/data but not use it. This right may apply in the following circumstances: 

- Where you contest the accuracy of the personal information/data – we should restrict the processing until we have verified the accuracy of the information/data in question 

- Where you object to the processing (where it was necessary for the performance of a public interest or purpose of legitimate interests), and we are considering whether our legitimate grounds override your right 

- Where processing is unlawful and you request restriction 

How to complain about the use of personal information/data, or object to the use or processing of personal information/data: 

If you wish to raise a complaint on how we have handled your personal information/data or other matters arising from this privacy policy/notice, or if you wish to object to the use or processing of your personal information/data or exercise a right in relation thereto, you can contact our DPO who will deal with the matter further. Our current DPO is Nicola Allan and she can be contacted by email at 

If you are not satisfied with our response or believe we are not processing your personal information/data legally, you can complain to the Information Commissioner’s Office (ICO).


Marketing data: 

Marketing is an important part of businesses in the modern world. We are extremely conscious that people do not want to be bombarded with direct marketing. We therefore take a limited and appropriate approach to direct marketing. We may therefore in some circumstances contact you for the purpose of direct marketing, but we would hope that this is not intrusive, and if you ever felt that it was we would be grateful for your feedback on this in order that we can better serve our clients and potential clients. We may use your personal information/data that we have collected in accordance with this privacy policy/notice to contact you about our services, special offers etc. which we feel may interest you. The direct marketing communications may be provided to you by social media channels, email or post. We will never send marketing communications via SMS or call you without your specific consent; nor do we ever pass on or sell your details to a third party.


How we collect personal data for Marketing purposes: 

The following are examples, although not exhaustive, of how we collect your personal information: 

  • You providing your personal information to us through an enquiry, instructing us to do work on your behalf, or otherwise 

  • You signing-up to receive one of our e-newsletters 

  • You submitting an online enquiry 

  • You following/liking/subscribing to our social media channels 

  • The use of ‘cookies’ on our website –  see below:

Cookie Policy 

This cookie policy is designed to inform you about what cookies are, how we use them, and how you can manage them if you choose to. We're giving you this information as part of our initiative to comply with the new recent legislation on how cookies should be used.  

What are Cookies 

Cookies are small text files held on your computer. They allow us to give you the best browsing experience possible and mean we can understand how you use our site. Some cookies have already been set. You can delete and block cookies but parts of our site won't work without them. By using our website you accept our use of cookies.  

Types of cookies we use:

Like many websites, we make use of session cookies and persistent cookies, neither of which collect any personally identifiable information.  

Session Cookies
We use session cookies, which only last for the duration of your visit, to enable us to identify that the same person is moving from page to page. Session cookies are deleted the moment you close your browser. An example of how we use session cookies is when we maintain your shopping basket when you move from page to page on our site.  

Persistent Cookies
Some cookies we use are persistent, in that they remain on your computer even after you leave our site. These remain on your computer after you have visited our site, meaning the site can remember your settings for when you return. Another reason we use persistent cookies is to help us record visitor trends over time which helps us monitor traffic and what parts of the website are more popular than others.  

3rd Party Cookies
From time to time we will embed 3rd party content onto our site which may also use various cookies. These include sites such as Facebook and Twitter, whose cookie usage policy you can view on their own websites.  

Below is a list of the main cookies we use, and what we use them for.  

ASP.NET_SessionId cookie 
This cookie allows our web servers to respond to your actions on the website such as "Add to basket" or browsing the website. The website wouldn't work for you without it.  

Login cookie 
This cookie allows our web servers to store information about your login details so that you do not need to login each time you visit the site.  

Google Analytics
Google Analytics allows us to track how popular our site is and to record visitor trends over time. Google Analytics uses a cookie to help track which pages are accessed. Google Analytics requires us to pass to Google your IP address (but no other information) – We understand that Google uses this information to prepare site usage reports for us, but Google may also share this information with other Google services. In particular, Google may use the data collected to contextualize and personalize the ads of its own advertising network. However as a firm we will not use your IP address for direct marketing. 


The cookie contains no personally identifiable information, but it does use your IP address to determine where in the world you are accessing the site from, and to track page visits within the site.  


Managing your cookies 

You have a number of options when it comes to receiving cookies. You can set your browser either to reject all cookies, to allow only ‘trusted’ sites to send them, or to accept only those cookies from websites you are currently using.

We recommend that you don’t block all cookies because parts of our website rely on them to work properly.  

If we collect your personal information/data and may wish to use it for marketing purposes, you will be provided the opportunity to ‘opt in’ to receiving marketing communications from us. We do hope you will ‘opt in’ as we hope that you will find our communications limited, informative, and of benefit to you going forwards, but this is entirely your choice.

If you do choose to ‘opt in’ to receiving marketing communications, you do of course then have the option of ‘opting out’ at any time, and we will ensure that there is an ‘opt out’ facility available for you to access easily from any marketing communication sent to you.


How we protect your personal information in the context of Marketing:

We will only ever use non sensitive basic personal contact information to contact individuals with marketing materials; such as name, address, email. Sensitive information or specific details will never be used to target marketing communications. 

We hope that this privacy policy/notice is clear and helpful. If you have any queries in this respect please contact our DPO on 

Additional help in accessing this privacy policy/notice:

If you would like this policy in another format (for example, large print) please contact our DPO by email at, or contact our office. 

May 2018

bottom of page