Home / Company / Privacy
Company · Privacy policy

Your data, in plain English.

We're a small UK company that needs to know your name and address to ship you a desk. We'd rather tell you clearly what we collect and why, than hide it in a 4,000-word legal document. This is the full policy — the summary below covers 90% of it.

Last updated · 11 May 2026 · Version · 1.3 · ICO reg · ZB912345
Plain English summary
We collect only what's needed to ship you something and keep the site running. We never sell your data. Here's the short list:
We collect name, email, delivery address, order contents
We keep orders for 6 years — HMRC requires it
We use analytics (Google Analytics, Meta Pixel, Clarity) — only with your consent
You can ask us to delete your data at any time
×
We don't sell or share your data for advertising
×
We don't load tracking scripts until you click "Accept" in the cookie banner
×
We don't send marketing emails unless you opt in
×
We don't build advertising profiles about you
01

Who we are

Deskrove Ltd is the data controller for any personal information we hold about you. We're a UK company registered in England and Wales, trading as Deskrove.

Legal entity
Deskrove Ltd
Company number
14782345
Registered address
London, United Kingdom
ICO registration
ZB912345
VAT number
GB 428 5691 38
Privacy contact
privacy@deskrove.co.uk

We don't have a formal Data Protection Officer because we don't meet the UK GDPR threshold (we're too small and don't do large-scale profiling). For any data question, Anya Petrosyan, our co-founder, is the named point of contact.

02

What we collect

We collect the minimum needed to ship you a product and keep the website running. Every category below has a lawful basis under UK GDPR.

What
Why we need it
Lawful basis
Order informationName, email, delivery address, items ordered, delivery notes
To ship your order, confirm it by email, and handle any warranty or return requests later.
Contract · UK GDPR Art 6(1)(b)
Payment detailsCollected only when we're about to ship — not at reservation
To take payment when your items ship. We use Stripe — we don't see or store your card number ourselves.
Contract · UK GDPR Art 6(1)(b)
Website analyticsPages visited, referring site, country, screen size, session recordings, ad conversion events
To understand what's working on the site and fix what isn't. We use Google Analytics, Meta Pixel, and Microsoft Clarity — loaded only after you consent via the cookie banner.
Consent · UK GDPR Art 6(1)(a)
Support emailsAnything you send us at hello@, returns@, warranty@
To help you with the question you emailed about, and look up the thread later if you follow up.
Contract + legit interest
Marketing email listEmail only — if and when you explicitly opt in
To send occasional updates (new products, important policy changes). Unsubscribe link in every email.
Consent · UK GDPR Art 6(1)(a)
Accounting recordsInvoices, VAT returns, company bookkeeping
Because HMRC requires it. We keep financial records for 6 years after the end of the tax year they relate to.
Legal obligation · Art 6(1)(c)

We do not collect: phone numbers (unless you provide one in delivery notes), date of birth, gender, any "special category" data (health, ethnicity, politics, religion), device fingerprints, or your social media handles.

03

Why we use it

Each piece of data above has one purpose — fulfil your order and keep the website running. We don't use your data for anything you haven't asked for.

  • Fulfilling your order — processing payment, printing the label, emailing tracking, handling warranty claims and returns
  • Running the business — VAT returns, bookkeeping, responding to your questions, preventing fraud
  • Improving the site — analytics (consent-gated) to understand traffic patterns, conversion, and usability issues
  • Keeping you informed — important order updates (always), marketing emails (only if you opt in)
×
We don't profile you for advertising. We don't use your purchase history to target ads on other platforms. We don't share your email with "marketing partners". There is no "marketing partners" list.
04

Who we share it with

We share your data only with processors that help us run the business. Each one is contractually bound to use your data only for the service they provide us.

Processor
What they do for us
Location
Transfer
Postmark
Transactional email — order confirmations, dispatch notifications
United States
UK IDTA
Stripe
Payment processing — card details (not seen by us)
Ireland & US
Adequacy
Google (Analytics)
Website analytics — pageviews, traffic sources, conversion events. Consent-gated.
United States
UK IDTA
Meta (Pixel)
Conversion tracking — measures ad effectiveness. No remarketing. Consent-gated.
United States
UK IDTA
Microsoft (Clarity)
Session recording and heatmaps — helps us see where visitors click and scroll. Consent-gated.
United States
UK IDTA
Netlify
Website hosting — serves the site; processes IP for logs (90d)
US edge network
UK IDTA
Fastmail
Our business email (hello@, etc.) — where your emails to us live
Australia
UK IDTA
DX Freight / DPD / Royal Mail
Shipping — gets your name + address to deliver your order
United Kingdom
UK
Xero
Accounting — invoices and VAT, pulled from order data
United Kingdom
UK

For US-based processors, we rely on the UK International Data Transfer Addendum (IDTA) to the EU Standard Contractual Clauses. For EU-based processors, the UK has an adequacy decision with the EU, so no additional safeguards are required.

We don't use: TikTok Pixel, Mailchimp, HubSpot, Zendesk, Intercom, or any ad-tech partners beyond what's listed above.

05

How long we keep it

We keep personal data only for as long as we genuinely need it. After that, it's deleted on a rolling automated schedule.

  • Order records6 years after the end of the tax year the order was placed in. This is the HMRC requirement for financial records; we can't delete it earlier.
  • Support emails3 years from last activity on the thread. Then archived and deleted.
  • Marketing listuntil you unsubscribe or we shut down the list, whichever comes first. Unsubscribing removes you within 48 hours.
  • Website analytics (GA, Pixel, Clarity) — Google Analytics retains data for 14 months (our setting). Meta Pixel and Clarity retain event data per their own policies. You can withdraw consent at any time by clearing site data in your browser.
  • Server logs (Netlify)90 days, then auto-purged. IP addresses, timestamps, page requested.
  • Backups — rolling 30-day backup window. Data deleted from live systems persists in backups for up to 30 more days.
06

Your rights under UK GDPR

You have eight rights under UK GDPR. Here they all are. To exercise any of them, email privacy@deskrove.co.uk — we respond within one calendar month (usually one working day for simple requests).

Right 01
To be informed

You're reading it. This page exists to tell you what we do with your data, and we update it when things change.

Right 02
To access your data

You can ask for a copy of everything we hold on you. We'll send it as a JSON or PDF file within one month. Free.

Right 03
To rectify errors

If we've got something wrong (name spelling, address typo) email us and we'll fix it within 48 hours.

Right 04
To erase your data

You can ask us to delete everything — except what we're required to keep for HMRC (order + invoice records for 6 years).

Right 05
To restrict processing

You can ask us to stop doing certain things with your data (e.g., sending marketing) while keeping the data itself.

Right 06
To portability

You can ask for your data in a machine-readable format (JSON) to take somewhere else. Again — free, one month.

Right 07
To object

You can object to us processing your data based on legitimate interest. In practice this means analytics — object, and we exclude you.

Right 08
Against automated decisions

We don't make automated decisions about you — no algorithmic pricing, no risk scoring, no AI moderation. Nothing to object to yet.

07

Cookies & local storage

We show a consent banner on your first visit. Analytics and tracking cookies are loaded only after you accept. You can reject all non-essential cookies with one click.

Strictly necessary (no consent needed)

Name
Purpose
Type
Expiry
deskrove_cart_v1
Stores your cart contents
localStorage
Until cleared
deskrove_consent
Remembers your cookie choice
localStorage
Until cleared
deskrove_builds
Saved desk configurations
localStorage
Until cleared

Analytics (consent required)

Name
Provider
Purpose
Expiry
_ga
Google
Distinguishes unique visitors
2 years
_ga_*
Google
Maintains session state
2 years
_gid
Google
Distinguishes visitors (24h)
24 hours
_fbp
Meta
Identifies browser for Pixel
90 days
_fbc
Meta
Stores click identifier from ads
90 days
_clck
Microsoft
Clarity user identifier
1 year
_clsk
Microsoft
Clarity session stitching
1 day

To withdraw consent: clear your browser's site data for deskrove.com, or click "Reject all" on the banner next time it appears. No analytics scripts will load until you accept again.

08

Complaints & questions

First — email us at privacy@deskrove.co.uk. Anya or James responds personally within one working day. 90% of privacy issues are resolved this way — usually someone wants their account deleted or their mailing list preference changed, both 2-minute jobs.

Still unhappy? You have the right to complain to the UK's data protection authority:

Authority
Information Commissioner's Office (ICO)
Website
ico.org.uk
Helpline
0303 123 1113 (UK local rate)
Address
Wycliffe House, Water Lane,
Wilmslow, Cheshire SK9 5AF

We'd appreciate you coming to us first — faster, friendlier, and usually enough. But if you don't feel we've handled your concern well, you absolutely have that escalation route.