Privacy policy

Twin Palms Design Studio

Privacy Policy

Last updated: April 2026  |  twinpalmsdesign.com  |  lucy@twinpalmsdesign.com

Twin Palms Design Studio is operated by Lucy Carse, a sole trader based in Norfolk, UK. This Privacy Policy explains what personal data we collect from you, how we use it, and your rights in relation to it.

We take your privacy seriously and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1.  Who We Are

Data controller: Lucy Carse, trading as Twin Palms Design Studio.

Contact: lucy@twinpalmsdesign.com

Website: twinpalmsdesign.com

2.  What Data We Collect

We may collect and process the following categories of personal data:

•          Identity data: your name and, where relevant, the names of other people in your household.

•          Contact data: your email address, telephone number and postal address.

•          Project data: information you provide about your home, your design preferences, your lifestyle, and your budget through our Design Debrief questionnaire or other communications.

•          Financial data: payment information processed via our payment provider. We do not store full card details.

•          Communication data: records of correspondence between us, including emails and messages.

•          Technical data: IP address, browser type, and usage data collected automatically when you visit our website. See our Cookies Policy below.

We do not collect any special category data (such as health information, ethnicity or political opinions) unless you voluntarily share such information as part of a design brief, in which case it is used solely to inform your design service.

3.  How We Use Your Data

We use your personal data for the following purposes:

•          To deliver the interior design services you have booked, including providing design recommendations, sourcing products and placing orders on your behalf.

•          To communicate with you about your project, respond to enquiries and manage our client relationship.

•          To process payments and maintain financial records.

•          To send you marketing communications, where you have given your consent to receive them. You may withdraw this consent at any time.

•          To comply with our legal obligations.

We will not use your personal data for any purpose other than those stated above without notifying you first.

4.  Our Legal Basis for Processing

We process your data on the following legal bases:

•          Contract: processing is necessary to deliver the services you have requested.

•          Legal obligation: processing is required to comply with our legal and regulatory obligations (e.g. tax and accounting records).

•          Legitimate interests: processing is necessary for our legitimate business interests, such as improving our services and communicating with clients.

•          Consent: where we send you marketing communications or use non-essential cookies, we rely on your consent.

5.  Who We Share Your Data With

We do not sell your personal data. We may share it with the following third parties where necessary to deliver our services:

•          Payment processors (e.g. Stripe or similar) to handle transactions securely.

•          Email marketing platforms (e.g. MailerLite) where you have subscribed to our mailing list.

•          Trade suppliers, where we place orders on your behalf as part of an E-Design+ project.

•          Cloud storage and productivity tools (e.g. Google Workspace, Notion) used to manage project files.

All third-party providers we use are required to handle your data securely and in accordance with applicable data protection law.

6.  How Long We Keep Your Data

We retain client data for 6 years following completion of a project, in accordance with our legal and accounting obligations. After this period, your data will be securely deleted.

Where you have subscribed to our mailing list, we will retain your contact details until you unsubscribe or withdraw your consent.

 

7.  Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

•          Right of access: you may request a copy of the personal data we hold about you.

•          Right to rectification: you may ask us to correct any inaccurate data.

•          Right to erasure: you may ask us to delete your data in certain circumstances.

•          Right to restrict processing: you may ask us to pause processing of your data in certain circumstances.

•          Right to data portability: you may ask us to transfer your data to another provider in a structured format.

•          Right to object: you may object to our processing of your data where we rely on legitimate interests as our legal basis.

•          Right to withdraw consent: where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at lucy@twinpalmsdesign.com. We will respond within one month.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8.  Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss or destruction. Our website uses SSL encryption. Client files are stored in password-protected cloud accounts.

9.  Links to Other Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to read their privacy policies.

10.  Changes to This Policy

We may update this Privacy Policy from time to time. The current version is always available at twinpalmsdesign.com. We will notify active clients of any material changes.