Privacy Policy

Last revised: July 2025

About us

RIBBONS & BOWS LTD (“Ribbons & Bows”, “we”, “us” or “our”) is a limited liability company registered in England and Wales under company number 16496960 and with a registered address at Kemp House, 128 City Road, London, United Kingdom, EC1V 2NX.

We provide domestic and commercial cleaning and styling services (collectively referred to as “Services”) to people, businesses or organisations upon their written or spoken request via this website, ribbonsandbows.uk (“Website”), our marketing channels, our business materials or our contact details. From time to time, we may expand or reduce our business, which may involve adding or removing any of those communications at any time without any notice to you.

Our Services, Website, marketing channels and business materials are not intended for children, and we do not knowingly collect data relating to children.

About this Policy

Throughout this Privacy Policy (“Policy”), any visitor or user of our Website, our marketing channels, our business materials or our contact details, and any person, business or organisation who commissions our Services, will be collectively referred to as “Client”, “you” or “your”.

This Policy explains how and why we collect, store, use, and share your personal data. It also describes your rights regarding your personal data and how to contact us if you have any questions, would like to exercise your rights, or have a complaint. If you would like to contact us about anything related to this Policy, please email us at enquiries@ribbonsandbows.uk.

When we use your personal data, we must do so in accordance with our obligations under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and all other relevant legislation relating to data privacy (collectively referred to as “the Data Protection Laws”).

Under the Data Protection Laws, RIBBONS & BOWS LTD is the controller and is responsible for your personal data. We will only process your data in accordance with the Data Protection Laws, our legal and regulatory obligations, and by your instructions (unless those instructions are overridden by our legal and regulatory obligations).

This Policy relates to personal information that we process during our business. This includes information that we collect and process in order to provide our Services to the Client, to operate our business (including our marketing activities) and information that we collect through your use of this Website, our marketing channels, our business materials or through other interactions with our team members.

In this Policy, the terms “personal data” and “special category of personal data” shall have the meanings given to them in the Data Protection Laws. Under the Data Protection Laws, special category data means information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data and data concerning health, sex life or sexual orientation.

Changes

We may change this Policy from time to time, and any amended policy will be published on our Website without any notice to you. We recommend that you regularly review our Policy before interacting with us.

Whose personal data do we collect

We may collect various types of personal data about you through the use of our Website, our marketing channels, our business materials, contacting us, visiting us, commissioning us and through other interactions that you have with us, if you are:

(a) a visitor, which may be any person, business or organisation browsing the internet;

(b) a prospect, which may be any person, business or organisation potentially interested in our Services;

(d) a subcontractor, which may be any person or business whom we instruct to provide services to our Client;

(e) a service supplier, which may be any business that provides us with their services; or

(f) an affiliate or a referrer, which may be any person, business or organisation participating in our affiliate or referral marketing programs.

Personal data we collect about you

We may collect various types of personal data and other information about you through the use of our Website, our marketing channels, our business materials, contacting us, visiting us, commissioning us and through other interactions that you have with us, including:

(a) identity data, which may include your name, gender, date of birth, marital status, job title, and place of work;

(b) contact data, which may include your postal address, email address, telephone numbers, mobile phone numbers and social media handles;

(d) technical data, which may include your internet protocol (IP) addresses, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website;

(e) profile data, which may include your username and password (where applicable), your interests, preferences, feedback, survey and questionnaire responses;

(f) usage data, which may include your information about how you use our Website and Services;

(g) marketing and communications data, which may include your preferences in relation to the marketing communications that you would like to receive from us and how you would like to receive them; or

(h) other information, which may include any information relating to any enquiry or query that you have or information in any correspondence you send to us or otherwise voluntarily provide to us or any personal, professional, financial and business information that you voluntarily provide to us in relation to the matter of providing our Services to you and completing the commissioned work for you.

Your personal data and other information about you are required for us to provide our Services. If you do not provide the personal data and other information we request about you, it may delay or prevent us from providing our Services.

We also collect, use and share aggregated data, such as statistical or demographic data, for any purpose. This data, however, does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of clients using a particular service we provide.

We do not collect any special categories of personal data about you, which include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. Nor do we collect any information about criminal convictions and offences.

How is your personal data collected

We will collect your personal data and other information directly from your interactions with us and also during the course of providing our professional Services to you. This information will typically be provided by you. However, we may also collect information about you, including through:

(a) direct interactions, where you may give us your identity, contact data and other information by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes data and information you provide when you:

instruct us in relation to a matter;
complete a survey or questionnaire;
subscribe to any marketing communications we offer;
request marketing communications to be sent to you;
join our affiliate or referral marketing programs;
request and/or accept our event invitation;
commission us to do any work for you;
buy or renew our Service subscription; or
give us some feedback.

(b) automated technologies or interactions. As you interact with our Website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data using cookies, server logs and other similar mainstream technologies. We may also receive technical data about you if you visit other websites employing our cookies. Details on how we use cookies are outlined in our Cookie Policy and available on this Website.

(c) third parties or publicly available sources, which may include various third parties and public sources as set out below:

analytics providers (such as Google), social media platforms and other marketing service providers based inside or outside the UK;
providers of technical systems (such as an email system, project management system or payment processor system) based inside or outside the UK;
publicly available print or online sources (such as Companies House) based inside or outside the UK;
your agent, representative, consultants and other professionals we may engage with in relation to your matter and with your consent.

How do we use your personal data

We will only use your personal data if we have a legal ground for doing so. Which legal ground we rely on will depend on the type of information that we are processing and for what purpose. Most commonly, we will rely on one of the following grounds:

(a) to comply with our legal and regulatory obligations;

(b) for the performance of our contract with you or to take steps at your request before entering into a contract;

(d) where you have given us your consent.

Our “legitimate business interests” include providing our Services, complying with legal and regulatory obligations, recruiting, training and developing our team, promoting our business through advertising and marketing communications, ensuring network and information security, and carrying out other administrative and operational functions. We may process your personal data where such processing is necessary in order to pursue our legitimate interests, provided that our right to do so is not overridden by your own rights and interests.

We will always treat your personal data with the utmost respect and never sell or share it with third parties for marketing or illegitimate purposes.

Using your personal data for marketing communications

We may use your personal data to send you marketing communications by email, telephone or post about our Services and/or occasional sales offers that might interest you.

You have the right to ask us to stop sending you our marketing communications (to 'opt-out') at any time by:

(a) sending an email to enquiries@ribbonsandbows.uk;

(b) using the “unsubscribe” link in our marketing emails; or

Who do we share your personal data with

We routinely share your personal data with trusted third parties acting as processors:

(a) subcontracted professionals or suppliers whom we instruct to provide services to you on your behalf or refer you to, e.g., carpet cleaners, window cleaners, housekeepers or florists;

(b) our external service providers that we use to make our business more efficient and discoverable, e.g., administration services, accounting services, sales agents, marketing agencies or website optimisation agencies; or

(c) our technical system providers that we use to make our business more efficient, e.g., banking system, accounting software (FreeAgent), payment processing system (Square), appointment booking system (Square), cloud storage system (Google), email system (Google), project management system (Notion), website hosting platform (Google) or email marketing system (MailerLite).

We only allow the processors to handle your personal data if we are satisfied they take appropriate measures to protect it. We also impose contractual obligations on them to ensure they can only use your personal data to provide services to us and to you, and in accordance with the Data Protection Laws.

We may disclose and exchange information with HM Revenue & Customs, law enforcement agencies and regulatory bodies based in the UK to comply with our legal and regulatory obligations.

We may also need to share some of your personal data with other parties, such as potential buyers of some or all of our business or during a restructuring. Usually, information will be anonymised, but this may only be possible sometimes. Confidentiality obligations will bind the recipient of the information.

Data security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed unauthorised, altered or disclosed. We limit access to your personal data to all third parties who have a genuine business need to access it, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Where is your personal data held

Your personal data and other information may be held at our offices and those of our third-party subcontractors, suppliers, service providers, technical system providers and others, as described above. This means that some of your personal data and other information may be held in the UK, the EEA, the USA or elsewhere. We only do business with trusted mainstream third parties with appropriate security standards in place.

How long will your personal data be kept

We will hold onto your personal data and other information for as long as necessary to fulfil the purpose for which it was collected. If you have commissioned any work from us, we will keep your personal data after we have finished our contractual obligations. We will do so for one of these reasons:

(a) to respond to any questions, complaints or claims made by you or on your behalf;

(b) to show that we treated you fairly; or

Typically, we will retain our client matter records for six (6) years following the termination of any particular matter. We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply to different types of data.

Transferring your personal data out of the UK

Where we transfer your personal data to countries outside of the UK, we will ensure it is protected in line with the UK’s Data Protection Laws. This may include:

(a) the country being recognised by the UK Government as providing adequate protection for personal data, or

(b) the use of standard contractual clauses approved by the UK Information Commissioner’s Office (ICO).

In other circumstances, the law may permit us to otherwise transfer your personal data to countries outside the UK. In all cases, however, any personal data transfer will comply with the Data Protection Laws.

What are your rights

Under the Data Protection Laws, you have the following rights, which you can usually exercise free of charge:

(a) request data access: the right to be provided with a copy of your personal data;

(b) request data correction: the right to require us to correct any mistakes in your personal data;

at any time to your personal data being processed for direct marketing (including profiling); or
in certain other situations, to our continued processing of your personal data, e.g., processing carried out for the purpose of our legitimate interests.

(d) request restriction of data processing: the right to require us to restrict processing of your personal data, in certain circumstances, e.g., if you contest the accuracy of the data;

(e) prevent automated data processing: the right to prevent your personal data from being used to make decisions about you without people being involved, including automated individual decision-making and profiling;

(f) request data portability: the right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party, in certain situations;

(g) request data erasure: the right to require us to delete your personal data in certain situations; or

(h) withdraw data consent: the right to withdraw consent at any time when we rely on consent to process your personal data. However, if you withdraw your consent, we may not be able to provide certain Services to you.

For further information on each of those rights, including the circumstances in which they apply, please see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

We may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

How to complain

We hope that we can resolve any query or concern you may raise about our use of your personal data and other information. The Data Protection Laws also give you the right to lodge a complaint with a supervisory authority in the UK if you believe your data has been used unlawfully.

The supervisory authority in the UK is the Information Commissioner’s Office (ICO), which may be contacted at https://ico.org.uk/concerns.

How to contact us

Please contact us by post, email or telephone if you have any questions about this Privacy Policy, your personal data or other information we hold about you. Our contact details are shown below:

Full name of legal entity: RIBBONS & BOWS LTD

Name or title of data privacy officer: Konstantina Kralj, Director

Postal address: Kemp House, 128 City Road, London, United Kingdom, EC1V 2NX

Email address: enquiries@ribbonsandbows.uk

We try to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.

Page updated

Report abuse

Privacy Policy

Clients who require trust, consistency & refined care — enquire now.