Made to Measure
United Kingdom
Betterwalls

Privacy

Last Updated: October 2025

1. Controller

The controller within the meaning of the UK General Data Protection Regulation (UK GDPR) and other data protection provisions is:

Vision Consulting AG
Compliance
Bächausstrasse 61
CH-8806 Bäch SZ
Switzerland

Email: dataprotection@vision.ch
Phone: +41 44 560 94 30
Website: www.betterwalls.co.uk

Note: Vision Consulting AG has not appointed a data protection officer as there is no legal obligation to do so.

1b. Data Transfer to Switzerland

The processing of your data is carried out in part by the controller in Switzerland. Switzerland has an adequacy decision from the UK Government under the UK GDPR, which ensures an adequate level of data protection equivalent to that provided under UK law.

2. General Information on Data Processing

2.1 Scope of Processing of Personal Data

We generally only process personal data of our users to the extent necessary to provide a functional website as well as our content and services. The processing of personal data is regularly carried out only with the user's consent. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of data is permitted by law.

2.2 Legal Bases for Processing

Where we obtain consent from the data subject for processing operations involving personal data, Art. 6(1)(a) UK GDPR serves as the legal basis.

For the processing of personal data necessary for the performance of a contract to which the data subject is party, Art. 6(1)(b) UK GDPR serves as the legal basis. This also applies to processing operations required for pre-contractual measures.

Where processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6(1)(c) UK GDPR serves as the legal basis.

Where processing is necessary for the purposes of legitimate interests pursued by our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override those interests, Art. 6(1)(f) UK GDPR serves as the legal basis for processing.

2.2a Data Processing

We engage external service providers to provide our services (e.g., Shopify, Google Analytics, payment service providers, shipping service providers). We have concluded contracts pursuant to Art. 28 UK GDPR (data processing agreements) with all data processors who process personal data on our behalf. These contracts ensure that processing is only carried out according to our instructions and that an adequate level of protection is guaranteed.

2.3 Data Erasure and Storage Duration

The personal data of the data subject will be erased or blocked as soon as the purpose of storage ceases to apply. Storage may also occur if provided for by UK legislation or regulations to which the controller is subject. Data will also be blocked or erased when a storage period prescribed by the aforementioned standards expires, unless there is a need for continued storage of the data for the conclusion or performance of a contract.

3. Provision of the Website and Creation of Log Files

3.1 Description and Scope of Data Processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device. The following data is collected:

  • Information about the browser type and version used
  • The user's operating system
  • The user's Internet service provider
  • The user's IP address
  • Date and time of access
  • Websites from which the user's system reaches our website (referrer URL)
  • Websites accessed by the user's system via our website
  • Amount of data transferred
  • Message about successful retrieval

The data is also stored in our system's log files. This data is not stored together with other personal data of the user.

3.2 Legal Basis and Purpose of Data Processing

The legal basis for the temporary storage of data and log files is Art. 6(1)(f) UK GDPR.

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. Storage in log files occurs to ensure the functionality of the website. The data also serves to optimise the website and ensure the security of our information technology systems. Data is not evaluated for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing pursuant to Art. 6(1)(f) UK GDPR.

3.3 Storage Duration

The data is erased as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for website provision, this occurs when the respective session has ended. In the case of data storage in log files, this occurs after no more than seven days. Extended storage is possible. In this case, the users' IP addresses are erased or anonymised so that assignment to the accessing client is no longer possible.

3.4 Right to Object and Removal

The collection of data for website provision and storage of data in log files is absolutely necessary for website operation. Consequently, users have no right to object.

4. Use of Cookies

4.1 Description and Scope of Data Processing

Our website uses cookies. Cookies are text files that are stored in or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that enables unique identification of the browser when the website is accessed again.

We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to be identified even after a page change.

4.2 Cookie Categories

We use the following categories of cookies on our website:

Necessary Cookies (Technically Required)

  • Purpose: Basic website functionality, session management, shopping cart, checkout
  • Legal basis: Art. 6(1)(f) UK GDPR (legitimate interest)
  • Storage duration: Session cookies (deleted after closing the browser) or up to 30 days

Preference Cookies

  • Purpose: Storage of user settings (language, region)
  • Legal basis: Art. 6(1)(a) UK GDPR (consent)
  • Storage duration: Up to 12 months

Statistics Cookies

  • Purpose: Analysis of user behaviour, website optimisation
  • Legal basis: Art. 6(1)(a) UK GDPR (consent)
  • Storage duration: Up to 24 months

Marketing Cookies

  • Purpose: Display of personalised advertising, tracking across multiple websites
  • Legal basis: Art. 6(1)(a) UK GDPR (consent)
  • Storage duration: Up to 24 months

4.3 Specific Cookie List

The following cookies are used on our website:

Shopify Cookies (necessary):

  • _shopify_s: Session ID, 1 day
  • _shopify_y: Persistent shop ID, 1 year
  • cart: Shopping cart information, 14 days
  • cart_sig: Shopping cart signature, 14 days
  • secure_customer_sig: Customer login signature, 20 years
  • storefront_digest: Shop authentication, 2 years

Google Analytics Cookies (statistics, only with consent):

  • _ga: Client ID to distinguish users, 2 years
  • _gid: Client ID to distinguish users, 24 hours
  • _gat: Request rate throttling, 1 minute

Facebook Cookies (marketing, only with consent):

  • _fbp: Facebook pixel tracking, 3 months
  • fr: Facebook advertising ID, 3 months

Google Ads Cookies (marketing, only with consent):

  • _gcl_au: Google Ads conversion tracking, 90 days
  • IDE: Google DoubleClick, for ad targeting and remarketing, 13 months
  • test_cookie: Tests browser cookie support, 15 minutes
  • Conversion cookie: Specific cookie for each conversion action, 30 days

4.4 Legal Basis and Purpose of Data Processing

The legal basis for processing personal data using technically necessary cookies is Art. 6(1)(f) UK GDPR. The legal basis for processing personal data using cookies for analytical purposes, where the user has given consent, is Art. 6(1)(a) UK GDPR.

The purpose of using technically necessary cookies is to simplify website use for users. Some functions of our website cannot be offered without the use of cookies. For these functions, it is necessary for the browser to be recognised even after a page change.

User data collected through technically necessary cookies is not used to create user profiles. Analytical cookies are used to improve the quality of our website and its content. Through analytical cookies, we learn how the website is used and can continually optimise our offering.

These purposes also constitute our legitimate interest in processing personal data pursuant to Art. 6(1)(f) UK GDPR.

4.5 Storage Duration, Right to Object and Removal

Cookies are stored on the user's computer and transmitted from there to our site. Therefore, you as a user have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to use all functions of the website in full.

You can adjust your cookie settings at any time via our cookie banner.

5. Google Analytics

5.1 Scope of Processing of Personal Data

We use Google Analytics on our website, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses cookies that enable analysis of your use of the website.

The information generated by the cookie about your use of this website is usually transferred to and stored on a Google server in the USA. We have activated IP anonymisation on this website. As a result, your IP address will be truncated by Google within the United Kingdom or other countries with appropriate data protection standards.

Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services relating to website and Internet usage to the website operator.

5.2 Legal Basis for Processing Personal Data

The legal basis for using Google Analytics is Art. 6(1)(a) UK GDPR (consent). Use only occurs if you have previously given your consent via our cookie banner.

5.3 Purpose of Data Processing

The use of Google Analytics serves to analyse our website and optimise our online presence.

5.4 Storage Duration

Data sent by us and linked to cookies is automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

5.5 Right to Object and Removal

You can prevent the storage of cookies by setting your browser software accordingly. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout

As an alternative to the browser plugin, you can revoke your consent via our cookie banner or click this link to prevent collection by Google Analytics within this website in the future (the opt-out only works in this browser and only for this domain). An opt-out cookie will be stored on your device. If you delete your cookies in this browser, you must click this link again.

5.6 Data Transfer to Third Countries

Google processes your data in the USA. The USA has been recognised by the UK Government as providing adequate protection for personal data under the UK GDPR through the UK-US Data Bridge. Google LLC participates in the UK Extension to the EU-US Data Privacy Framework. More information can be found at: https://www.dataprivacyframework.gov/

More information about data protection at Google Analytics can be found at: https://support.google.com/analytics/answer/6004245

6. Social Media Plugins

6.1 Facebook Social Plugins

Our website uses so-called social plugins ("plugins") of the social network Facebook, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook").

The plugins are marked with a Facebook logo (white "f" on blue tile or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin".

When you access a page of our website that contains such a plugin, your browser establishes a direct connection to Facebook's servers. The content of the plugin is transmitted directly to your browser by Facebook and integrated into the website.

Through the integration of the plugins, Facebook receives the information that you have accessed the corresponding page of our website. If you are logged into Facebook, Facebook can assign the visit to your Facebook account. If you interact with the plugins, for example by clicking the "Like" button or leaving a comment, the corresponding information is transmitted directly from your browser to Facebook and stored there.

Legal basis: Art. 6(1)(a) UK GDPR (consent via cookie banner)

Purpose: Integration of social network functions, enabling content sharing

Data transfer: Facebook processes data in part in the USA and Ireland. Meta Platforms Ireland Limited is subject to Irish and UK data protection law. For transfers to the USA, Meta relies on the UK Extension to the EU-US Data Privacy Framework and standard contractual clauses.

Objection: If you do not want Facebook to collect data about you via our website, you must log out of Facebook before visiting our website. You can also completely block Facebook plugins with add-ons for your browser.

More information about the purpose and scope of data collection and its processing by Facebook can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/

6.3 Google Tag Manager

We use Google Tag Manager, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

Description and scope: Google Tag Manager is a tag management solution that allows us to manage so-called website tags via an interface. Tags are small code elements on our website that serve, among other things, to measure traffic and visitor behaviour, capture the impact of online advertising and social channels, use remarketing and targeting to audiences, and test and optimise websites.

Google Tag Manager itself (which implements the tags) is a cookieless domain and does not collect personal data. The Tag Manager triggers other tags, which in turn may collect data. This collection is performed by the tools integrated via the Tag Manager (e.g., Google Analytics, Facebook Pixel).

Legal basis: Art. 6(1)(f) UK GDPR (legitimate interest in efficient management and optimisation of our marketing tools)

Purpose: Central management and implementation of analysis and marketing tags without direct code changes

Data transfer: The Tag Manager can transfer technical information (IP address, browser, device) to Google servers in the USA. Google participates in the UK Extension to the EU-US Data Privacy Framework.

Objection: You cannot directly disable the Tag Manager, but you can deactivate the individual services integrated via the Tag Manager (e.g., Google Analytics, Facebook Pixel) via our cookie banner.

More information about Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

6a. Meta Pixel (Facebook Pixel)

We use the "Meta Pixel" (formerly "Facebook Pixel") on our website, a service provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta").

6a.1 Description and Scope of Data Processing

The Meta Pixel is a code snippet integrated into our website that captures various actions by visitors. The following data is collected and transmitted to Meta:

  • Technical information: IP address, browser type, operating system, device type
  • Visited URLs and timestamps
  • Interactions on the website (page views, clicks, products added to cart, purchases)
  • HTTP referrer (previous website)
  • Cookie data and device IDs
  • For logged-in Facebook users: Assignment to your Facebook profile

The Meta Pixel sets cookies (see Section 4.3: _fbp, fr) that enable recognition of your browser on subsequent visits.

6a.2 Uses of the Meta Pixel

We use the Meta Pixel for the following purposes:

Conversion tracking: Measuring the effectiveness of our Facebook and Instagram advertising campaigns by capturing conversions (e.g., purchases, registrations)

Custom Audiences: Creating audiences based on website visitors for targeted advertising on Facebook and Instagram

Remarketing: Displaying personalised advertising to people who have already visited our website

Lookalike Audiences: Creating audiences similar to our existing customers

Advertising campaign optimisation: Automatic optimisation of ad delivery to people most likely to perform the desired action

6a.3 Legal Basis

The legal basis for using the Meta Pixel is Art. 6(1)(a) UK GDPR (consent). Processing only occurs if you have given your consent via our cookie banner.

6a.4 Data Transfer to Third Countries

Meta also processes the collected data on servers in the USA and Ireland. Meta Platforms Ireland Limited is based in Ireland and subject to Irish data protection law. For transfers to the USA, Meta relies on the UK Extension to the EU-US Data Privacy Framework and standard contractual clauses. More information: https://www.dataprivacyframework.gov/

Additionally, we have concluded standard contractual clauses with Meta pursuant to Art. 46 UK GDPR.

6a.5 Storage Duration

Meta stores data collected via the pixel for different periods:

  • Event data (e.g., page views, purchases): 90 days
  • Custom Audiences: Up to 180 days after last activity or until deletion by us
  • Cookies: Up to 90 days (cookie _fbp)

6a.6 Right to Object and Opt-Out Options

You have several options to prevent data collection by the Meta Pixel:

1. Cookie banner: Reject marketing cookies in our cookie banner or revoke your consent.

2. Facebook settings: If you have a Facebook account, you can disable personalised advertising in your ad settings:

  • Facebook: https://www.facebook.com/settings?tab=ads
  • Instagram: Via the app under Settings → Ads

3. Browser settings: Block cookies from Meta in your browser settings or use browser add-ons such as "Facebook Container" (Firefox).

4. Log out of Facebook: Log out of Facebook before visiting our website to prevent direct assignment to your profile.

More information about the Meta Pixel and data protection:

  • Meta Privacy Policy: https://www.facebook.com/privacy/explanation
  • Meta Pixel data usage: https://www.facebook.com/business/help/742478679120153
  • Meta Cookie Policy: https://www.facebook.com/policies/cookies/

6b. Google Ads Conversion Tracking

We use Google Ads conversion tracking, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"), to measure the effectiveness of our Google Ads advertising campaigns.

6b.1 Description and Scope of Data Processing

When you click on one of our Google ads, a conversion tracking cookie is stored on your device. These cookies expire after 30 days and are not used for personal identification.

If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognise that you clicked on the ad and were redirected to this page.

Data collected:

  • Cookie ID
  • Timestamp of the ad click
  • Pages visited on our website
  • Actions performed (e.g., purchases, registrations)
  • IP address (truncated)
  • Technical information (browser, device, operating system)

Each Google Ads customer receives a different cookie. Cookies cannot therefore be tracked across the websites of Google Ads customers.

6b.2 Purpose of Use

The information obtained using the conversion cookie serves to:

  • Create conversion statistics (e.g., how many users make a purchase after clicking on an ad)
  • Measure the success of our advertising campaigns
  • Optimise our advertising campaigns
  • Calculate the cost per conversion

6b.3 Legal Basis

The legal basis for using Google Ads conversion tracking is Art. 6(1)(a) UK GDPR (consent). Processing only occurs if you have given your consent via our cookie banner.

6b.4 Data Transfer to Third Countries

Google also processes your data on servers in the USA. Google LLC participates in the UK Extension to the EU-US Data Privacy Framework. More information: https://www.dataprivacyframework.gov/

6b.5 Storage Duration

Conversion cookies have a storage duration of 30 days. Conversion statistics are stored by Google for different periods, typically for 90 days.

6b.6 Right to Object and Opt-Out Options

You can prevent participation in conversion tracking in various ways:

1. Cookie banner: Reject marketing cookies in our cookie banner or revoke your consent.

2. Browser settings: Set your browser to block cookies from the domain "googleadservices.com".

3. Google Ads settings: Disable personalised advertising in your Google account settings:
https://adssettings.google.com/

4. Browser plugin: Install the Google Analytics Opt-out Browser Add-on:
http://tools.google.com/dlpage/gaoptout

5. Additional opt-out options:
- Digital Advertising Alliance: http://www.aboutads.info/choices/
- Network Advertising Initiative: http://www.networkadvertising.org/choices/

More information about Google Ads and data protection:

  • Google Ads Privacy Policy: https://policies.google.com/privacy
  • Google Ads Conversion Tracking: https://support.google.com/google-ads/answer/1722022

7. Shopify E-Commerce Platform

Our website is hosted on the Shopify e-commerce platform. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (or if you are resident in North America, Shopify Inc., 151 O'Connor Street, Ground floor, Ottawa, Ontario, K2P 2L8, Canada).

7.1 Scope of Data Processing

Shopify processes the following data to provide the e-commerce infrastructure:

  • Order data (products, quantities, prices)
  • Customer data (name, address, email, phone number)
  • Payment information (however, not permanently stored by us)
  • Technical data (IP address, browser, device)
  • Usage behaviour (pages visited, clicks, dwell time)

7.2 Legal Basis and Purpose

Legal basis: Art. 6(1)(b) UK GDPR (performance of contract) and Art. 6(1)(f) UK GDPR (legitimate interest in reliable hosting and e-commerce infrastructure)

Purpose: Provision of the online shop, order processing, payment processing, shipping processing, customer support

7.3 Shopify Analytics

Shopify automatically collects analytics data about the use of our shop:

  • Number of visitors and page views
  • Dwell time and bounce rates
  • Conversions and cart abandonments
  • Product views and purchases
  • Geographic origin of visitors

This data serves to optimise our shop offering and improve the user experience.

Legal basis: Art. 6(1)(f) UK GDPR (legitimate interest in shop optimisation)

7.4 Storage Duration

Shopify stores your data as long as you have a customer account with us or we are legally obliged to retain it (e.g., tax and accounting retention periods of up to 6 years under UK law).

7.5 Data Transfer to Third Countries

Shopify processes data on servers in Canada and the USA. For UK customers, Shopify International Limited in Ireland processes the data primarily. Shopify participates in the UK Extension to the EU-US Data Privacy Framework and has concluded standard contractual clauses.

More information about data protection at Shopify can be found at: https://www.shopify.com/legal/privacy

8. Payment Service Providers

8.1 PayPal

We offer payment via PayPal on our website. The provider is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

If you pay with PayPal, your entered payment data will be transmitted to PayPal. The data transfer to PayPal is based on Art. 6(1)(b) UK GDPR (performance of contract) and only to the extent necessary for payment processing.

PayPal may also transfer data to the USA. PayPal relies on standard contractual clauses and participates in the EU-US Data Privacy Framework.

More information about data processing by PayPal can be found in PayPal's privacy policy: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

8.2 Shopify Payments

We use Shopify Payments as an additional payment service provider. Shopify Payments is provided by Shopify International Limited or Shopify Inc. and works with various payment service providers (e.g., Stripe).

When paying via Shopify Payments, your payment data is transmitted encrypted via a secure connection. We ourselves do not store credit card data. Payment data is transmitted directly to the payment service providers and processed there.

Legal basis: Art. 6(1)(b) UK GDPR (performance of contract)

Purpose: Secure processing of online payments

Data transfer: Shopify Payments may transfer data to the USA and Canada. Shopify participates in the UK Extension to the EU-US Data Privacy Framework and relies on standard contractual clauses.

More information: https://www.shopify.com/legal/privacy

9. Shipping Service Providers

To process shipping, we pass your data to the following shipping service providers:

9.1 Royal Mail

Provider: Royal Mail Group Limited, 185 Farringdon Road, London, EC1A 1AA, United Kingdom

Data transmitted: Name, delivery address, phone number (optional), email address (for shipment tracking), parcel contents (product description)

Legal basis: Art. 6(1)(b) UK GDPR (performance of contract)

Purpose: Delivery of ordered goods within the UK

Storage duration: According to statutory retention periods in transport law

Privacy notices: https://www.royalmail.com/privacy-notice

9.2 DPD UK

Provider: DPD Group UK Limited, Roebuck Lane, Smethwick, West Midlands, B66 1BY, United Kingdom

Data transmitted: Name, delivery address, phone number (optional), email address (for shipment tracking)

Legal basis: Art. 6(1)(b) UK GDPR (performance of contract)

Purpose: Delivery of ordered goods

Privacy notices: https://www.dpd.co.uk/content/privacy-notice.jsp

9.3 Evri (formerly Hermes UK)

Provider: Evri Group Limited, Hermes House, Waterside Drive, Langley, Berkshire, SL3 6EZ, United Kingdom

Data transmitted: Name, delivery address, phone number (optional), email address (for shipment tracking)

Legal basis: Art. 6(1)(b) UK GDPR (performance of contract)

Purpose: Delivery of ordered goods

Privacy notices: https://www.evri.com/privacy-policy

9.4 Swiss Post (for international shipments)

Provider: Swiss Post Ltd., Wankdorfallee 4, 3030 Bern, Switzerland

Data transmitted: Name, delivery address, phone number (optional), email address (optional)

Legal basis: Art. 6(1)(b) UK GDPR (performance of contract)

Purpose: Delivery of ordered goods to Switzerland and other international shipments

Privacy notices: https://www.post.ch/en/pages/footer/data-protection

10. Newsletter

10.1 Description and Scope of Data Processing

You have the option to subscribe to our newsletter via our website. The newsletter is sent via Shopify. The following data is transmitted to us during registration:

  • Email address (mandatory)
  • IP address of the accessing computer
  • Date and time of registration

Your consent to process this data is obtained during the registration process and reference is made to this privacy policy.

After your registration, you will receive an email to confirm your registration (double opt-in procedure). You will only be added to the newsletter distribution list after confirmation by clicking the link in this email.

10.2 Legal Basis and Purpose of Data Processing

The legal basis for processing data after registration for the newsletter by the user, where consent has been given, is Art. 6(1)(a) UK GDPR.

The collection of the email address serves to deliver the newsletter. The collection of the IP address and the time of registration serves to trace possible misuse of a data subject's email address at a later date and serves as proof of the consent given.

10.3 Storage Duration

The data is erased as soon as it is no longer necessary for the purpose for which it was collected. The user's email address is therefore stored as long as the newsletter subscription is active.

10.4 Right to Object and Removal

The newsletter subscription can be cancelled by the affected user at any time. For this purpose, there is a corresponding link in every newsletter. This also enables revocation of consent to the storage of personal data collected during the registration process.

11. Registration and Customer Account

11.1 Description and Scope of Data Processing

You have the option to register on our website and create a customer account. The following data is collected:

  • Email address (mandatory)
  • Password (stored encrypted)
  • Title, first and last name
  • Address (billing address, optionally delivery address)
  • Phone number (optional)
  • Date of birth (optional)
  • IP address and time of registration

Your consent to process this data is obtained during the registration process.

11.2 Legal Basis and Purpose of Data Processing

The legal basis for processing data where consent has been given is Art. 6(1)(a) UK GDPR. If registration serves to fulfil a contract or implement pre-contractual measures, an additional legal basis is Art. 6(1)(b) UK GDPR.

Registration is necessary to provide certain content and services on our website. A customer account enables you in particular to:

  • Place orders without re-entering your data
  • View your order history
  • Manage your address data
  • Save your settings

11.3 Storage Duration

The data is erased as soon as it is no longer necessary for the purpose for which it was collected. This is the case when you delete your customer account. Extended storage may occur if we are legally obliged to retain data (e.g., accounting retention periods of 6 years under UK law for order data).

11.4 Right to Object and Removal

You can delete your customer account at any time. Contact us at the contact details provided or use the account deletion function in your customer area.

11a. Order Processing and Contract Performance

11a.1 Description and Scope of Data Processing

When purchasing products in our online shop, the following personal data is collected and processed as part of order processing:

Mandatory information:

  • Title, first and last name
  • Billing address (street, house number, postcode, city, country)
  • Email address
  • Order data (ordered products, quantities, prices, order number, order date)

Optional information:

  • Different delivery address
  • Phone number
  • Date of birth
  • Company data (for commercial orders)

Automatically captured data:

  • IP address
  • Date and time of order
  • Payment information (however, not permanently stored by us but transmitted directly to payment service providers)

The data is required to process your purchase contract. Without this data, we cannot process and execute your order.

11a.2 Legal Basis for Data Processing

The legal basis for processing data as part of order processing is Art. 6(1)(b) UK GDPR (performance of contract). Processing is necessary to fulfil the purchase contract.

11a.3 Data Disclosure

Your order data will be passed on to the following recipients to the extent necessary for contract performance:

  • Shipping service providers (Royal Mail, DPD UK, Evri, Swiss Post): Name, delivery address, phone number (optional), email address (for shipment tracking)
  • Payment service providers (PayPal, Shopify Payments): Name, billing address, email address, payment information
  • Shopify (e-commerce platform): All order data for technical processing (see Section 7)

Data is not passed on to other third parties unless we are legally obliged to do so (e.g., to tax authorities) or you have expressly consented.

11a.4 Storage Duration

Your order data is stored for the duration of contract processing. After completion of the contract, the data is stored for the duration of statutory retention periods:

  • Accounting records: 6 years under the Companies Act 2006
  • Tax records: 6 years under HMRC requirements (Income and Corporation Taxes Act 1988)
  • VAT records: 6 years under VAT Act 1994

After expiry of these periods, the data will be erased unless you have consented to extended storage or we are obliged to store data for longer for legal reasons (e.g., pending legal disputes).

11a.5 Right to Object and Removal

The collection and processing of data is absolutely necessary for the performance of the purchase contract. Without this data, we cannot process your order. An objection to data processing as part of contract performance is therefore not possible as long as the contractual relationship exists.

After expiry of statutory retention periods, you can request deletion of your order data at any time.

12. Contact Form and Email Contact

12.1 Description and Scope of Data Processing

Our website has a contact form that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. This data typically includes:

  • Name
  • Email address
  • Subject
  • Message
  • IP address and time of submission

Alternatively, contact is possible via the provided email address. In this case, the user's personal data transmitted with the email is stored.

The data is not disclosed to third parties in this context. The data is used exclusively for processing the conversation.

12.2 Legal Basis and Purpose of Data Processing

The legal basis for processing data where consent has been given is Art. 6(1)(a) UK GDPR. The legal basis for processing data transmitted in the course of sending an email is Art. 6(1)(f) UK GDPR. If the email contact aims to conclude a contract, an additional legal basis is Art. 6(1)(b) UK GDPR.

Processing personal data serves solely to handle the contact. In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data.

12.3 Storage Duration

The data is erased as soon as it is no longer necessary for the purpose for which it was collected. For personal data from the contact form input mask and data sent by email, this is the case when the respective conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the matter in question has been conclusively resolved.

Extended storage may occur if statutory retention periods exist.

12.4 Right to Object and Removal

The user can revoke their consent to process personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. Please contact us at the contact details provided.

All personal data stored in the course of contact will be erased in this case, provided no statutory retention periods prevent this.

13. Product Reviews

If you submit a product review on our website, the following data is stored:

  • Your name or pseudonym (as provided by you)
  • Email address (not published)
  • Review text
  • Star rating
  • Review date
  • IP address (for abuse prevention)

Legal basis: Art. 6(1)(a) UK GDPR (consent) and Art. 6(1)(f) UK GDPR (legitimate interest in genuine customer reviews)

Purpose: Publication of customer opinions, improvement of product quality, building trust

Storage duration: Reviews are stored permanently until you request deletion or we must remove the review for legal reasons.

13a. IMPORTANT: Your Right to Object

You have the right to object to the processing of your personal data at any time!

Pursuant to Art. 21 UK GDPR, you can object in particular to:

  • Objection to direct marketing: If your data is processed for advertising purposes, you can object at any time without stating reasons. After your objection, we will no longer use your data for advertising purposes.
  • Objection to processing based on legitimate interest: If processing is based on Art. 6(1)(f) UK GDPR (legitimate interest), you can object on grounds relating to your particular situation. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms.

How to object:

Email: dataprotection@vision.ch
Phone: +41 44 560 94 30
In writing: Vision Consulting AG, Compliance, Bächausstrasse 61, CH-8806 Bäch SZ, Switzerland

To object to the newsletter: Click the unsubscribe link in each newsletter.

To object to cookies and tracking: Adjust your settings in the cookie banner or use your browser settings.

14. Rights of the Data Subject

If personal data concerning you is processed, you are a data subject within the meaning of the UK GDPR and you have the following rights vis-à-vis the controller:

14.1 Right of Access (Art. 15 UK GDPR)

You can request confirmation from us as to whether personal data concerning you is being processed by us. If such processing exists, you can request the following information from us:

  • the purposes for which personal data is processed
  • the categories of personal data being processed
  • the recipients or categories of recipients to whom personal data concerning you has been or will be disclosed
  • the envisaged period for which personal data concerning you will be stored
  • the existence of a right to rectification or erasure of personal data concerning you
  • the existence of a right to restriction of processing or a right to object to such processing
  • the existence of a right to lodge a complaint with a supervisory authority
  • all available information about the source of the data if personal data is not collected from the data subject
  • the existence of automated decision-making including profiling and meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject

You have the right to request information about whether personal data concerning you is transferred to a third country or an international organisation. In this context, you can request to be informed about the appropriate safeguards pursuant to Art. 46 UK GDPR relating to the transfer.

14.2 Right to Rectification (Art. 16 UK GDPR)

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is inaccurate or incomplete.

14.3 Right to Restriction of Processing (Art. 18 UK GDPR)

You can request restriction of processing of personal data concerning you under the following conditions:

  • if you contest the accuracy of personal data concerning you for a period enabling the controller to verify the accuracy of the personal data
  • the processing is unlawful and you oppose the erasure of personal data and request restriction of use instead
  • the controller no longer needs the personal data for processing purposes, but you require it for the establishment, exercise or defence of legal claims
  • if you have objected to processing pursuant to Art. 21(1) UK GDPR and it is not yet clear whether the controller's legitimate grounds override your grounds

14.4 Right to Erasure (Art. 17 UK GDPR)

You can request that the controller erase personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay where one of the following grounds applies:

  • Personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed
  • You withdraw consent on which processing is based pursuant to Art. 6(1)(a) or Art. 9(2)(a) UK GDPR, and there is no other legal ground for processing
  • You object to processing pursuant to Art. 21(1) UK GDPR and there are no overriding legitimate grounds for processing, or you object to processing pursuant to Art. 21(2) UK GDPR
  • Personal data concerning you has been unlawfully processed
  • Erasure of personal data concerning you is necessary for compliance with a legal obligation under UK law to which the controller is subject

The right to erasure does not exist where processing is necessary:

  • for exercising the right of freedom of expression and information
  • for compliance with a legal obligation or for the performance of a task carried out in the public interest
  • for the establishment, exercise or defence of legal claims

14.5 Right to Notification (Art. 19 UK GDPR)

If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom personal data concerning you has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right vis-à-vis the controller to be informed about these recipients.

14.6 Right to Data Portability (Art. 20 UK GDPR)

You have the right to receive personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data was provided, where:

  • processing is based on consent pursuant to Art. 6(1)(a) UK GDPR or Art. 9(2)(a) UK GDPR or on a contract pursuant to Art. 6(1)(b) UK GDPR and
  • processing is carried out by automated means

In exercising this right, you further have the right to have personal data concerning you transmitted directly from one controller to another, where technically feasible.

14.7 Right to Object (Art. 21 UK GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) UK GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process personal data concerning you unless the controller can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

14.8 Right to Withdraw Data Protection Consent (Art. 7(3) UK GDPR)

You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

14.9 Right to Lodge a Complaint with a Supervisory Authority (Art. 77 UK GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the UK if you consider that the processing of personal data concerning you infringes the UK GDPR.

The supervisory authority for the United Kingdom is:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
Phone: 0303 123 1113
Email: casework@ico.org.uk
Website: https://ico.org.uk

15. Data Security

We use the widespread SSL (Secure Socket Layer) procedure in conjunction with the highest encryption level supported by your browser when you visit our website. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is encrypted by the closed display of the key or lock symbol in your browser's lower status bar.

We also employ appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continually improved in line with technological developments.

16. Currency and Amendment of This Privacy Policy

This privacy policy is currently valid and dated October 2025.

Due to the further development of our website and offerings or due to changed legal or official requirements, it may become necessary to amend this privacy policy. The current privacy policy can be accessed and printed from the website at https://www.betterwalls.co.uk/pages/privacy at any time.