Est. 1997 | Nationwide Service
Legal

Privacy Policy

How Vanda Coatings collects, uses and protects your personal data, in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Last updated: March 2026

1. Who we are

Vanda Coatings is the data controller for personal data collected through this website. We are incorporated in England and Wales (Company No. 4784367) with our registered office at 5a Charnwood Park, Clos Marion, Cardiff, CF10 4LJ.

If you have any questions about how we handle your data, contact us at estimate@vandacoatings.co.uk or by post to the address above.

2. What data we collect

Enquiry and quote request forms

When you submit an enquiry or quote request, we collect:

  • Name
  • Telephone number
  • Email address
  • Company name (optional)
  • Service you are interested in
  • Site location
  • Project description
  • Attribution data: how you arrived on our website (UTM source, medium, campaign, landing page URL, referrer). This helps us understand which channels generate enquiries.

Analytics data (with your consent)

If you accept analytics cookies, we collect information about how you use our website via Google Analytics 4. This includes pages visited, time on site, browser and device type, and approximate location (country and region level only). No personally identifiable information is included in analytics data.

Technical data

Our hosting infrastructure (Cloudflare Pages) automatically processes standard web request data including IP addresses for security and performance purposes. This is handled by Cloudflare as a data processor and is not stored by us.

3. Why we collect it and our lawful basis

Purpose Data Lawful basis (UK GDPR)
To respond to your enquiry and, where relevant, provide a quotation or carry out services Name, phone, email, project details Contract: Article 6(1)(b)
To understand which marketing channels generate enquiries UTM attribution, landing page, referrer Legitimate interests: Article 6(1)(f)
To analyse website usage and improve our site Analytics data (GA4) Consent: Article 6(1)(a)

Where we rely on legitimate interests, we have assessed that our interests do not override your rights and freedoms as the data is limited to aggregated attribution information with no direct marketing use.

4. Who we share your data with

We do not sell, rent or trade your personal data. We share data only with the following processors, each bound by appropriate data processing agreements:

  • Brevo (Sendinblue SAS): our transactional email provider. Enquiry form data is transmitted via the Brevo API to deliver your message to our inbox. Brevo is GDPR-compliant and processes data within the EEA.
  • Cloudflare, Inc.: our website infrastructure and security provider. Cloudflare Pages hosts the site; Cloudflare Turnstile processes form submissions to verify human users. Cloudflare operates under Standard Contractual Clauses for data transfers to the US.
  • Google LLC (Analytics / Ads): if you consent to analytics or marketing cookies, data is shared with Google for website analytics and advertising measurement. Google operates under Standard Contractual Clauses. You can opt out at any time via our Cookie Settings.

5. How long we keep your data

  • Enquiry and contact data: retained for up to 3 years from the date of last contact, then securely deleted. If a project is undertaken, data may be retained for the duration of any warranty or contractual period plus a reasonable additional period.
  • Analytics data: retained by Google in line with our GA4 data retention setting (14 months), after which it is automatically deleted.

6. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you (Subject Access Request)
  • Rectify inaccurate or incomplete personal data
  • Erase your personal data (the "right to be forgotten"), subject to legal retention obligations
  • Restrict the processing of your data in certain circumstances
  • Object to processing based on legitimate interests
  • Data portability where processing is based on consent or contract
  • Withdraw consent at any time where processing is consent-based (e.g. analytics cookies), without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at estimate@vandacoatings.co.uk. We will respond within one calendar month.

7. Cookies

For full details of the cookies and local storage we use, how to manage your preferences and how to withdraw consent, see our Cookie Policy.

8. Security

We take reasonable technical and organisational measures to protect your personal data. All data transmitted via our website is encrypted in transit using HTTPS/TLS. Form submissions are processed over Cloudflare's secure edge infrastructure. We do not store payment card data.

Whilst we take these precautions, no transmission over the internet can be guaranteed to be entirely secure. You submit data at your own risk.

9. Complaints

If you believe we have not handled your personal data lawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection.

We would always welcome the opportunity to address your concerns directly before you approach the ICO, so please contact us first.

10. Changes to this policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. The current version is always available at vandacoatings.co.uk/privacy-policy/. The date at the top of this page indicates when it was last revised.