top of page
banner1.png.png

Privacy Policy

Privacy Policy

Privacy Policy for Magic Restore Ltd

Magic Restore Ltd ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with:

  • The UK General Data Protection Regulation (UK GDPR)

  • The Data Protection Act 2018

  • The Privacy and Electronic Communications Regulations (PECR)

This policy applies to all personal data collected through our website (www.magic-restore.co.uk), email, telephone, WhatsApp, social media, and in-person interactions.

1. Who We Are

Business Name: Magic Restore Ltd
Company Number 16931526 

Registered office: 3 Meesons Court, Grays, RM17 5BF
Phone: 07388 034099
Email: Support@magic-restore.co.uk
Website: www.magic-restore.co.uk

Data Controller: Magic Restore Ltd is the data controller responsible for your personal data. This means we determine how and why your personal information is processed.

ICO Registration: Magic Restore Ltd complies with UK data protection laws and operates under lawful processing bases as outlined in this policy.

2. What Personal Information We Collect

We collect and process the following categories of personal data:

2.1 Information You Provide Directly

Contact Information:

  • Full name

  • Telephone number (mobile and/or landline)

  • Email address

  • Property address (where repair/restoration services are required)

  • Correspondence address (if different from service location)

Service-Related Information:

  • Description of repair/restoration work required

  • Photos or videos of damaged surfaces (sent via email, WhatsApp, or uploaded via website)

  • Preferred appointment dates and times

  • Access requirements and special instructions

  • Property type (residential, commercial, rental)

Financial Information:

  • Billing address

  • Invoice details

  • Payment method (bank transfer details, card details processed securely through third-party payment processors)

  • VAT number (if applicable for business clients)

Communication Records:

  • Emails sent and received

  • Text messages and WhatsApp communications

  • Phone call records (date, time, duration - not audio recordings)

  • Website contact form submissions

  • Social media messages (via Facebook, Instagram, etc.)

2.2 Information Collected Automatically

Website Usage Data: Our website (hosted on Wix) automatically collects:

  • IP address

  • Browser type and version

  • Device type (desktop, mobile, tablet)

  • Operating system

  • Pages visited and time spent on each page

  • Referring website/source

  • Date and time of visit

  • Cookies and similar tracking technologies (see Section 10)

Analytics Data: We use analytics tools (including Wix Analytics and potentially Google Analytics) to understand:

  • Website traffic patterns

  • Popular content and services

  • User navigation paths

  • Geographic location (country/region level, not precise location)

2.3 Information from Third Parties

We may receive information about you from:

  • Google My Business reviews (publicly available)

  • Social media platforms (when you contact us or interact with our content)

  • Payment processors (transaction confirmation data)

  • Professional references (for commercial contracts)

  • Property managers or landlords (when instructed to carry out work on their behalf)

 

2.4 Sensitive Personal Data

We do not intentionally collect sensitive personal data (also known as "special category data") such as:

  • Health information

  • Racial or ethnic origin

  • Religious beliefs

  • Political opinions

  • Trade union membership

  • Genetic or biometric data

  • Sexual orientation

If you provide such information voluntarily (for example, mentioning accessibility requirements), we will handle it with extra care and only use it for the specific purpose you provided it.

3. How We Use Your Personal Information

We use your personal data only for legitimate business purposes and in accordance with UK data protection laws.

3.1 Primary Business Purposes

To Provide Our Services:

  • Respond to enquiries about repair and restoration services

  • Assess damage from photos/videos and provide accurate quotations

  • Schedule appointments and arrange site visits

  • Carry out agreed repair and restoration work

  • Communicate regarding project progress, delays, or changes

  • Provide aftercare advice and maintenance recommendations

To Fulfill Contractual Obligations:

  • Issue invoices and process payments

  • Maintain warranty and service records

  • Handle complaints or warranty claims

  • Provide proof of work completion

For Business Administration:

  • Maintain accurate business records

  • Comply with accounting and tax obligations

  • Manage insurance requirements

  • Handle legal claims or disputes

  • Respond to regulatory enquiries

To Improve Our Services:

  • Analyze website usage to improve user experience

  • Gather feedback to enhance service quality

  • Identify popular services and common repair types

  • Develop training materials based on actual projects

  • Improve quotation accuracy

For Marketing (with consent where required):

  • Send updates about our services (only with prior consent)

  • Share before-and-after photos on website/social media (only with explicit consent)

  • Request Google My Business or Trustpilot reviews (legitimate interest)

  • Send appointment reminders and follow-up communications (legitimate interest)

3.2 We Do NOT Use Your Data For:

  • Selling or renting to third parties for their marketing

  • Unsolicited marketing without consent

  • Automated decision-making or profiling

  • Purposes unrelated to our business services

4. Legal Basis for Processing Your Data

Under UK GDPR, we must have a lawful basis to process your personal data. We rely on the following:

4.1 Consent

We process data based on your consent when:

  • You submit an enquiry via our website contact form

  • You provide photos/videos for quotation purposes

  • You agree to receive marketing communications

  • You consent to before-and-after photos being published

You can withdraw consent at any time by contacting us (see Section 14).

4.2 Contract Performance

We process data to fulfill our contractual obligations when:

  • You request a quotation (pre-contractual steps)

  • You engage us to perform repair/restoration services

  • We issue invoices and process payments

  • We provide warranty service or aftercare

4.3 Legitimate Interests

We process data based on legitimate business interests when:

  • Sending appointment confirmations and reminders

  • Maintaining business records for operational efficiency

  • Improving our website and services

  • Preventing fraud or misuse of services

  • Requesting reviews after service completion

  • Responding to enquiries received via phone, email, or social media

We always balance our legitimate interests against your privacy rights.

4.4 Legal Obligation

We process data to comply with legal requirements:

  • Tax and accounting obligations (HMRC requirements)

  • Health and safety regulations

  • Insurance record-keeping

  • Responding to court orders or regulatory investigations

5. Who We Share Your Information With

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

We may share your data with the following categories of recipients, only when necessary:

5.1 Essential Service Providers

Website Hosting:

  • Wix.com Ltd (website hosting and infrastructure)

  • Data stored on Wix servers (location: EU/EEA data centers)

  • Subject to Wix's own privacy policy and UK GDPR compliance

Payment Processors:

  • Third-party payment gateways for secure card transactions

  • We do not store full card details; payment processors handle this securely

Email and Communication:

  • Email service providers (Gmail, Outlook, etc.)

  • WhatsApp (Meta Platforms Ireland Limited) for business messaging

  • Subject to their respective privacy policies

Cloud Storage:

  • Secure cloud storage for photos, documents, and business records

  • UK or EU-based servers where possible

Accounting Software:

  • Accounting and invoicing platforms for financial record-keeping

  • Subject to their data protection compliance

5.2 Professional Advisors

When necessary, we may share data with:

  • Accountants and bookkeepers (for tax compliance)

  • Legal advisors (for contract or dispute resolution)

  • Insurance providers (for claims or liability coverage)

  • Business consultants (under strict confidentiality agreements)

5.3 Subcontractors (Rare Circumstances)

Occasionally, we may engage specialist subcontractors for specific projects. When this occurs:

  • We only share necessary contact and project information

  • Subcontractors are bound by confidentiality obligations

  • We remain responsible for data protection compliance

5.4 Legal and Regulatory Authorities

We may disclose data when legally required:

  • HMRC (tax authorities)

  • Information Commissioner's Office (ICO)

  • Police or law enforcement (with valid legal authority)

  • Courts or tribunals (in legal proceedings)

  • Health and Safety Executive (for safety investigations)

5.5 Business Transfers

In the unlikely event of a business sale, merger, or acquisition:

  • Your data may be transferred to the new owner

  • You will be notified of any such transfer

  • The new owner must continue to protect your data under UK GDPR

6. International Data Transfers

We primarily store and process data within the United Kingdom and the European Economic Area (EEA).

However, some third-party service providers (such as Wix) may transfer data internationally. When this occurs:

We ensure adequate protection through:

  • UK GDPR adequacy decisions (for countries deemed to provide adequate protection)

  • Standard Contractual Clauses (SCCs) approved by UK authorities

  • Service providers' own UK GDPR compliance measures

Specific International Transfers:

  • Wix.com Ltd: Data may be transferred to Wix data centers worldwide, subject to Wix's GDPR-compliant safeguards

  • Meta Platforms (WhatsApp): Data processed under Meta's GDPR compliance framework

  • Google (if using Google Analytics): Subject to Google's data processing agreements

You have the right to request information about specific international transfers affecting your data.

7. How We Protect Your Information

We implement appropriate technical and organizational security measures to protect your personal data against:

  • Unauthorized access or disclosure

  • Accidental loss or destruction

  • Malicious attacks or data breaches

  • Misuse or alteration

7.1 Security Measures Include:

Technical Security:

  • Encrypted data transmission (SSL/TLS) on our website

  • Secure password-protected email accounts

  • Regular software updates and security patches

  • Firewall and anti-virus protection on business devices

  • Secure cloud storage with access controls

  • Regular data backups

Organizational Security:

  • Limited access to personal data (only authorized personnel)

  • Confidentiality obligations for anyone accessing data

  • Clear data handling procedures

  • Secure disposal of physical documents (shredding)

  • Incident response procedures for potential breaches

Physical Security:

  • Secure storage of physical records (locked filing cabinets)

  • Password-protected mobile devices used for business

  • Secure disposal of electronic devices (data wiping)

7.2 Data Breach Procedures

While we implement strong security measures, no system is completely secure.

In the event of a data breach:

  • We will assess the risk to your rights and freedoms

  • If high risk, we will notify the ICO within 72 hours

  • We will inform affected individuals without undue delay

  • We will take immediate steps to contain and remedy the breach

  • We will document the breach and our response

8. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes outlined in this policy.

8.1 Retention Periods

Enquiries Not Converted to Work:

  • Contact details and correspondence: 12 months

  • Photos/videos sent for quotation: 12 months

  • Deleted securely after this period unless consent to keep for future contact

Completed Projects:

  • Customer contact details: 7 years (tax and accounting requirement)

  • Project details and photos: 7 years (warranty and insurance purposes)

  • Invoices and financial records: 7 years (HMRC requirement)

  • Communication records: 7 years (contract and dispute resolution)

Marketing Consent:

  • Active marketing lists: Ongoing while consent remains

  • Reviewed annually; inactive contacts removed after 3 years

  • Immediate removal upon consent withdrawal

Website Analytics:

  • Anonymized usage data: 26 months (standard analytics retention)

  • Cookie data: See Section 10

8.2 Secure Deletion

After retention periods expire:

  • Data is securely and permanently deleted

  • Physical documents are shredded

  • Electronic files are overwritten or professionally wiped

  • Backups are purged according to scheduled cycles

8.3 Exceptions to Deletion

We may retain data beyond standard periods if:

  • Required by law or regulation

  • Subject to ongoing legal proceedings

  • Necessary to defend legal claims

  • You have specifically requested retention

9. Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

9.1 Right of Access

You can request a copy of the personal data we hold about you (commonly known as a "Subject Access Request" or SAR).

What we'll provide:

  • Confirmation of whether we process your data

  • Copy of your personal data in a commonly used format

  • Information about how we use your data

  • Details of who we've shared it with

  • How long we'll keep it

Timescale: Within 1 month of your request (extendable by 2 months for complex requests)

Cost: Free (unless requests are manifestly unfounded or excessive)

9.2 Right to Rectification

If your personal data is inaccurate or incomplete, you can request correction.

Examples:

  • Updating your phone number or email address

  • Correcting misspelled name or wrong address

  • Updating property details

Timescale: Within 1 month of verification

9.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances:

When applicable:

  • Data no longer necessary for original purpose

  • You withdraw consent (and there's no other legal basis)

  • You object to processing (and there's no overriding legitimate interest)

  • Data processed unlawfully

  • Legal obligation requires deletion

When NOT applicable:

  • We need the data to comply with legal obligations (e.g., tax records)

  • Data is necessary to defend legal claims

  • Contract fulfillment requires the data

Timescale: Within 1 month of verification

9.4 Right to Restrict Processing

You can ask us to limit how we use your data in certain situations:

When applicable:

  • You contest the accuracy of data (restriction while we verify)

  • Processing is unlawful but you don't want deletion

  • We no longer need the data but you need it for legal claims

  • You've objected to processing (restriction pending verification)

Timescale: Within 1 month

9.5 Right to Data Portability

You can request your data in a structured, machine-readable format to transfer to another service provider.

Applies to:

  • Data you provided to us

  • Processing based on consent or contract

  • Processing carried out by automated means

Timescale: Within 1 month

9.6 Right to Object

You can object to processing based on:

Legitimate Interests:

  • We must demonstrate compelling legitimate grounds

  • Or we must stop processing

Direct Marketing:

  • You can object at any time (we must comply immediately)

Automated Decision-Making:

  • Not applicable (we don't use automated decision-making)

9.7 Right to Withdraw Consent

Where processing is based on consent:

  • You can withdraw consent at any time

  • Withdrawal doesn't affect lawfulness of prior processing

  • Easy withdrawal process (as easy as giving consent)

9.8 How to Exercise Your Rights

Contact us:

We may require:

  • Proof of identity (to prevent unauthorized disclosure)

  • Clarification of your request

  • Reasonable verification before actioning

10. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to improve functionality and user experience.

10.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us:

  • Remember your preferences

  • Understand how you use our site

  • Improve website performance

  • Provide relevant content

10.2 Types of Cookies We Use

Strictly Necessary Cookies:

  • Essential for website functionality

  • Enable core features (navigation, security)

  • Cannot be disabled

  • No consent required under PECR

Performance/Analytics Cookies:

  • Track website usage and performance

  • Help us understand visitor behavior

  • Identify popular pages and services

  • Wix Analytics and potentially Google Analytics

  • Anonymized where possible

  • Consent required under PECR

Functionality Cookies:

  • Remember your preferences and choices

  • Enhance user experience

  • Consent required under PECR

Marketing/Targeting Cookies:

  • We currently do not use third-party advertising cookies

  • Any future use would require explicit consent

10.3 Wix-Specific Cookies

Our website is hosted on Wix, which automatically sets certain cookies:

Wix Cookies Include:

  • Session management cookies

  • Security and anti-fraud cookies

  • Load balancing cookies

  • Analytics cookies (Wix Analytics)

For detailed information: Wix Cookie Policy

10.4 Third-Party Cookies

We may use:

  • Google Analytics (website traffic analysis)

  • Facebook Pixel (if running Facebook ads - currently not active)

  • Social media plugins (Facebook, Instagram share buttons)

Third parties have their own privacy policies:

10.5 Managing Cookies

You can control cookies through:

Browser Settings: Most browsers allow you to:

  • Block all cookies

  • Accept only first-party cookies

  • Delete cookies after each session

  • Receive alerts when cookies are set

Browser-Specific Instructions:

  • Chrome: Settings > Privacy and Security > Cookies

  • Firefox: Settings > Privacy & Security > Cookies and Site Data

  • Safari: Preferences > Privacy > Cookies and Website Data

  • Edge: Settings > Cookies and Site Permissions

Website Cookie Banner:

  • We provide a cookie consent banner on first visit

  • You can manage preferences through the banner

  • Preferences are remembered via a cookie

Opt-Out Tools:

Impact of Disabling Cookies:

  • Some website features may not work properly

  • Your preferences won't be remembered

  • We can't track website improvements

  • Strictly necessary cookies will still function

10.6 Cookie Retention

  • Session cookies: Deleted when you close your browser

  • Persistent cookies: Typically 26 months for analytics

  • Preference cookies: Until you clear them or change settings

11. Third-Party Links and Services

Our website and communications may contain links to external websites and third-party services:

Examples:

  • Google My Business page

  • Social media profiles (Facebook, Instagram)

  • Payment processor websites

  • Supplier websites

  • Industry association websites

Important:

  • We are not responsible for third-party privacy practices

  • External sites have their own privacy policies

  • We recommend reviewing their policies before sharing data

  • Links do not imply endorsement of privacy practices

Third-Party Services We Use:

12. Children's Privacy

Our services are not directed at children under 18.

We do not knowingly:

  • Collect data from children

  • Market services to children

  • Allow children to submit enquiries

If we discover:

  • We've inadvertently collected data from a child

  • We will delete it immediately

  • Parents/guardians should contact us if concerned

Properties with children:

  • We may visit properties where children live

  • We only collect data about the property owner/occupier

  • We do not collect information about children

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

  • Changes in law or regulation

  • New business practices

  • Technological developments

  • Feedback from the ICO or customers

When we update this policy:

  • We will update the "Last updated" date at the top

  • Significant changes will be highlighted on our website

  • We may notify you via email for material changes

  • We encourage periodic review of this policy

Version History:

  • Current version: May 2026

  • Previous version: [If applicable]

Your continued use of our services after changes constitutes acceptance of the updated policy.

14. Contact Us and Complaints

14.1 General Enquiries

For questions about this Privacy Policy or how we handle your data:

Magic Restore Ltd
Company Number 16931526 

Phone: 07388 034099
Email: Support@magic-restore.co.uk
Website: www.magic-restore.co.uk

We aim to respond to all enquiries within 5 working days.

14.2 Exercising Your Rights

To exercise your data protection rights (access, rectification, erasure, etc.):

Submit a request via:

Include in your request:

  • Your full name and contact details

  • Description of your request

  • Proof of identity (for security)

  • Reference number (if applicable)

Response timescales:

  • Acknowledgment: Within 5 working days

  • Full response: Within 1 month

  • Extensions: Up to 2 additional months for complex requests (we'll explain why)

14.3 Complaints

If you're unhappy with how we've handled your data:

Step 1: Contact Us First

Step 2: Contact the ICO If you remain dissatisfied, you can lodge a complaint with the UK's supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

ICO Helpline: 0303 123 1113
Website: https://ico.org.uk
Report a concern: https://ico.org.uk/make-a-complaint

You have the right to lodge a complaint at any time, though we hope to resolve issues directly with you first.

15. Our Commitment to Data Protection

Magic Restore Ltd is committed to:

✓ Transparency: Clear communication about data practices
✓ Lawfulness: Processing data only with proper legal basis
✓ Minimization: Collecting only necessary information
✓ Accuracy: Keeping data up-to-date and correct
✓ Security: Protecting data with appropriate safeguards
✓ Accountability: Taking responsibility for compliance
✓ Respect: Honoring your data protection rights

We will:

  • Regularly review and update our data practices

  • Provide staff training on data protection

  • Conduct privacy impact assessments when needed

  • Document our processing activities

  • Respond promptly to your requests and concerns

  • Maintain compliance with UK GDPR and Data Protection Act 2018

Appendix: Definitions

Data Controller: The entity that determines how and why personal data is processed (Magic Restore Ltd)

Data Processor: An entity that processes data on behalf of the controller (e.g., Wix, payment processors)

Data Subject: The individual whose personal data is being processed (you)

Personal Data: Information relating to an identified or identifiable individual

Processing: Any operation performed on personal data (collection, storage, use, disclosure, deletion)

Consent: Freely given, specific, informed agreement to processing

Legitimate Interests: Processing necessary for legitimate business purposes, balanced against individual rights

Special Category Data: Sensitive data requiring extra protection (health, race, religion, etc.)

UK GDPR: The UK's version of GDPR, effective post-Brexit

ICO: Information Commissioner's Office (UK data protection supervisory authority)

PECR: Privacy and Electronic Communications Regulations (covering cookies, marketing communications)

Last updated: May 2026

Magic Restore Ltd
Professional Hard Surface Repair & Restoration
Serving London, Essex, and Kent

📞 07388 034099
✉️ Support@magic-restore.co.uk
🌐 www.magic-restore.co.uk

bottom of page