Privacy Policy

1. Introduction

JBH Soft Furnishings Ltd (“we”, “us”, “our”, or “JBH”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website at https://jbhacoustics.com/ or interact with our services.

As one of the UK’s leading acoustic solutions providers, we design, manufacture, and install acoustic panels, fabric and art panels, Novawall track systems, and Versa-Tile® products. In the course of our business operations, we may collect and process personal information about our customers, website visitors, and other individuals.

This Privacy Policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It sets out the legal basis for our processing activities, your rights as a data subject, and how you can exercise those rights.

By using our website or services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use our website or services.

2. About Us

Company Name: JBH Soft Furnishings Ltd
Business Type: Limited Company
Registered Address: 1st Floor, 56-60 St John Street, London EC1M 4HG, United Kingdom
Primary Business: Design, manufacture, and installation of acoustic solutions including acoustic panels, fabric and art panels, Novawall track systems, and Versa-Tile® products
Website: https://jbhacoustics.com/
Email: sales@jbhacoustics.com
Geographic Scope: United Kingdom

For any questions regarding this Privacy Policy or our data processing practices, please contact us using the details provided in Section 12 of this document.

3. What Personal Information We Collect

We collect and process various types of personal information depending on how you interact with our website and services. The information we collect includes:

3.1 Information You Provide Directly

Contact Information: When you use our contact forms, create an account, or communicate with us directly, we may collect:

Full name
Email address
Telephone number
Company name and position (if applicable)
Postal address
Project details and specifications
Any other information you choose to provide in your communications

Account Information: If you create a user account on our website, we collect:

Username and password
Account preferences and settings
Profile information you choose to add

Enquiry and Project Information: When you request quotes, consultations, or information about our products and services, we collect:

Details about your acoustic requirements
Project specifications and timelines
Budget information (if provided)
Site location and access requirements
Technical specifications and measurements

3.2 Information We Collect Automatically

Website Usage Data: When you visit our website, we automatically collect certain information through cookies and similar technologies:

IP address and approximate geographic location
Browser type and version
Operating system
Device type and screen resolution
Pages visited and time spent on each page
Referring website or source
Date and time of visits
Search terms used to find our website

Technical Information: We collect technical data to ensure our website functions properly and to improve user experience:

Browser settings and capabilities
Connection speed and type
Error logs and diagnostic information
Performance metrics and loading times

3.3 Information from Third Parties

Third-Party Services: We use various third-party services that may collect information on our behalf:

Web analytics services (such as Google Analytics)
Social media plugins and widgets
Customer relationship management (CRM) systems
Email marketing platforms
Website hosting and content delivery services

Social Media: If you interact with us through social media platforms or use social media features on our website, we may receive information from those platforms in accordance with their privacy policies.

4. How We Use Your Personal Information

We use your personal information for various purposes related to our business operations and to provide you with our services. The specific purposes include:

4.1 Service Provision and Customer Support

Project Management: We use your information to:

Process and respond to your enquiries about our acoustic solutions
Provide quotes and proposals for your projects
Design and manufacture custom acoustic products to your specifications
Coordinate installation services and project timelines
Provide ongoing customer support and after-sales service
Maintain records of your projects for warranty and maintenance purposes

Account Management: If you have created an account with us, we use your information to:

Maintain and manage your user account
Provide access to account-specific features and content
Store your preferences and project history
Enable secure login and account recovery

4.2 Communication and Marketing

Direct Communication: We use your contact information to:

Respond to your enquiries and requests
Send you information about our products and services
Provide updates on your projects and orders
Send important notices about our services or policies

Marketing Communications: With your consent or where we have a legitimate interest, we may use your information to:

Send you newsletters and promotional materials about our products
Inform you about new products, services, or special offers
Invite you to events, webinars, or trade shows
Conduct market research and customer satisfaction surveys

4.3 Website Operation and Improvement

Website Functionality: We use technical information to:

Ensure our website functions properly across different devices and browsers
Provide personalised content and user experience
Remember your preferences and settings
Enable website features such as contact forms and user accounts

Analytics and Improvement: We analyse usage data to:

Understand how visitors use our website
Identify popular content and services
Improve website performance and user experience
Develop new features and services
Troubleshoot technical issues

4.4 Legal and Business Operations

Compliance and Legal Requirements: We may use your information to:

Comply with legal obligations and regulatory requirements
Respond to legal requests and court orders
Protect our rights and interests in legal proceedings
Prevent fraud and ensure security

Business Operations: We use information for:

Internal record keeping and administration
Financial management and accounting
Quality assurance and training purposes
Business planning and analysis

5. Legal Basis for Processing

Under the UK GDPR, we must have a lawful basis for processing your personal information. We rely on the following legal bases:

5.1 Legitimate Interests (Article 6(1)(f))

We process most of your personal information based on our legitimate interests, which include:

Business Operations: Managing our business effectively, including customer relationship management, project coordination, and service delivery
Marketing and Communication: Promoting our products and services to existing and potential customers who have shown interest in acoustic solutions
Website Improvement: Analysing website usage to improve user experience and develop better services
Security: Protecting our website, systems, and business from security threats and fraudulent activity

We have conducted legitimate interest assessments to ensure that our interests do not override your fundamental rights and freedoms.

5.2 Contract Performance (Article 6(1)(b))

We process your personal information when it is necessary for:

Service Delivery: Fulfilling our contractual obligations when you engage us for acoustic solutions
Pre-contractual Activities: Processing your enquiries and providing quotes before entering into a contract

5.3 Consent (Article 6(1)(a))

We rely on your consent for:

Marketing Communications: Sending you promotional emails and newsletters (you can withdraw consent at any time)
Cookies: Using non-essential cookies on our website (you can manage cookie preferences)
Special Circumstances: Any processing that requires explicit consent under applicable law

5.4 Legal Obligation (Article 6(1)(c))

We may process your information when required by law, including:

Tax and Accounting: Maintaining records for HMRC and other regulatory requirements
Health and Safety: Complying with workplace health and safety regulations
Legal Proceedings: Responding to court orders or legal requests

6. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. However, we may share your information in the following circumstances:

6.1 Service Providers and Business Partners

We work with trusted third-party service providers who assist us in operating our business and website. These may include:

Technology Service Providers:

Website hosting and maintenance companies
Cloud storage and backup services
Email service providers
Customer relationship management (CRM) systems
Analytics and marketing platforms

Business Service Providers:

Professional advisors (lawyers, accountants, consultants)
Insurance providers
Banking and payment processing services
Logistics and delivery companies
Installation contractors and subcontractors

All service providers are required to maintain the confidentiality and security of your information and are prohibited from using it for any purpose other than providing services to us.

6.2 Legal Requirements

We may disclose your information if required by law or in response to:

Court orders or legal proceedings
Requests from law enforcement or regulatory authorities
Legal obligations under UK or EU law
Protection of our rights, property, or safety, or that of others

6.3 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our business, your personal information may be transferred to the new owner, subject to appropriate safeguards and notification.

6.4 International Transfers

Some of our service providers may be located outside the UK. When we transfer your personal information internationally, we ensure appropriate safeguards are in place, such as:

Adequacy decisions by the UK government
Standard contractual clauses approved by the UK authorities
Binding corporate rules or certification schemes

7. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, and protect our legitimate interests.

7.1 Retention Periods

Customer and Project Information:

Active customer records: Retained for the duration of our business relationship plus 7 years for accounting and legal purposes
Project documentation: Retained for 10 years to support warranty claims and potential future work
Quotations and proposals: Retained for 3 years or until the project is completed

Website and Marketing Data:

Website analytics data: Retained for 26 months (Google Analytics default)
Marketing communications: Retained until you unsubscribe or withdraw consent
Contact form submissions: Retained for 3 years unless converted to active enquiries

Account Information:

User accounts: Retained for the duration of account activity plus 2 years after last login
Account preferences: Deleted when account is closed

Legal and Compliance Records:

Records required by law: Retained for the minimum period required by applicable legislation
Legal proceedings: Retained until resolution plus applicable limitation periods

7.2 Deletion and Anonymisation

When retention periods expire, we will:

Securely delete personal information from our systems
Anonymise data where possible for statistical or research purposes
Ensure complete removal from backup systems within reasonable timeframes

8. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and provide website functionality.

8.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. They help us recognise your device and remember information about your visit.

8.2 Types of Cookies We Use

Essential Cookies:

Session management cookies for website functionality
Security cookies to protect against fraud and abuse
Load balancing cookies to ensure website performance

Analytics Cookies:

Google Analytics cookies to understand website usage
Performance monitoring cookies to identify technical issues
User behaviour tracking to improve website design

Marketing Cookies:

Social media integration cookies
Advertising and remarketing cookies (with consent)
Email marketing tracking cookies

8.3 Managing Cookies

You can control cookies through your browser settings:

Accept All Cookies: Allow all cookies for full website functionality
Block All Cookies: Disable all cookies (may affect website performance)
Selective Blocking: Choose which types of cookies to accept

To manage cookies in popular browsers:

Chrome: Settings > Privacy and security > Cookies and other site data
Firefox: Settings > Privacy & Security > Cookies and Site Data
Safari: Preferences > Privacy > Cookies and website data
Edge: Settings > Cookies and site permissions

8.4 Third-Party Cookies

Some cookies are set by third-party services we use:

Google Analytics: Tracks website usage and performance
Social Media Platforms: Enable social sharing and integration
Marketing Platforms: Support email marketing and customer communication

9. Your Rights Under UK GDPR

As a data subject under UK GDPR, you have several important rights regarding your personal information:

9.1 Right of Access (Article 15)

You have the right to request:

Confirmation of whether we process your personal information
Access to your personal information
Information about how we use your data
Details of who we share your information with
How long we retain your information

9.2 Right to Rectification (Article 16)

You can request that we:

Correct inaccurate personal information
Complete incomplete personal information
Update outdated information

9.3 Right to Erasure (Article 17)

You may request deletion of your personal information when:

The information is no longer necessary for the original purpose
You withdraw consent and there is no other lawful basis
Your information has been unlawfully processed
Deletion is required for legal compliance

9.4 Right to Restrict Processing (Article 18)

You can request that we limit how we use your information when:

You contest the accuracy of the information
Processing is unlawful but you prefer restriction to deletion
We no longer need the information but you need it for legal claims
You have objected to processing pending verification of our legitimate interests

9.5 Right to Data Portability (Article 20)

You have the right to:

Receive your personal information in a structured, commonly used format
Transfer your information to another service provider
Request direct transfer where technically feasible

9.6 Right to Object (Article 21)

You can object to processing based on:

Legitimate Interests: You can object to processing for legitimate interests
Direct Marketing: You can object to marketing communications at any time
Automated Decision-Making: You can object to automated processing with legal effects

9.7 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects, including profiling.

9.8 Right to Withdraw Consent

Where we rely on consent, you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

9.9 Exercising Your Rights

To exercise any of these rights:

Contact Us: Use the contact details in Section 12
Provide Identification: We may request proof of identity for security
Specify Your Request: Clearly state which right you wish to exercise
Response Time: We will respond within one month of receiving your request

10. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction.

10.1 Technical Security Measures

Website Security:

SSL/TLS encryption for data transmission
Secure hosting infrastructure with regular security updates
Firewall protection and intrusion detection systems
Regular security monitoring and vulnerability assessments

Data Storage Security:

Encrypted data storage systems
Secure backup procedures with encryption
Access controls and authentication systems
Regular security audits and penetration testing

10.2 Organisational Security Measures

Access Controls:

Role-based access to personal information
Regular review of user access permissions
Secure authentication procedures
Logging and monitoring of data access

Staff Training and Policies:

Regular data protection training for all staff
Clear data handling policies and procedures
Confidentiality agreements for all personnel
Incident response procedures

Vendor Management:

Due diligence on third-party service providers
Contractual data protection requirements
Regular review of vendor security practices
Data processing agreements with all processors

10.3 Data Breach Response

In the event of a data breach:

Detection: We monitor for potential security incidents
Assessment: We evaluate the risk to individuals’ rights and freedoms
Notification: We notify the ICO within 72 hours if required
Communication: We inform affected individuals without undue delay if high risk
Remediation: We take immediate steps to contain and remedy the breach

11. Children’s Privacy

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal information from children under 16 without appropriate parental consent.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately using the details in Section 12. We will take steps to remove such information from our systems.

If we become aware that we have collected personal information from a child under 16 without parental consent, we will take immediate steps to delete that information.

12. Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please use the following contact details:

JBH Soft Furnishings Ltd
Data Protection Enquiries

Email: sales@jbhacoustics.com
Postal Address:
JBH Soft Furnishings Ltd
1st Floor
56-60 St John Street
London EC1M 4HG
United Kingdom

Website: https://jbhacoustics.com/

When contacting us about data protection matters, please include:

Your full name and contact details
Clear description of your enquiry or request
Any relevant reference numbers or account details
Proof of identity (if exercising data subject rights)

We aim to respond to all data protection enquiries within 5 working days and to formal requests within one month as required by UK GDPR.

13. Complaints and Regulatory Authority

13.1 Internal Complaints

If you are not satisfied with how we have handled your personal information or responded to your requests, please contact us first using the details in Section 12. We will investigate your complaint and work to resolve any issues.

13.2 Information Commissioner’s Office (ICO)

You have the right to lodge a complaint with the UK’s supervisory authority for data protection:

Information Commissioner’s Office (ICO)
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk/
Email: casework@ico.org.uk

The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

13.3 When to Contact the ICO

You can contact the ICO if:

You are unhappy with how we have processed your personal information
You believe we have breached data protection law
We have not responded to your requests within the required timeframes
You are not satisfied with our response to your complaint

14. Changes to This Privacy Policy

14.1 Policy Updates

We may update this Privacy Policy from time to time to reflect:

Changes in our business practices
Updates to legal requirements
New technologies or services
Feedback from customers and stakeholders

14.2 Notification of Changes

When we make significant changes to this Privacy Policy:

Website Notice: We will post a prominent notice on our website
Email Notification: We may send email notifications to registered users
Effective Date: Changes will be clearly marked with an effective date

14.3 Minor Changes

For minor changes that do not materially affect your rights:

We will update the “Last Updated” date at the top of this policy
Changes will take effect immediately upon posting

14.4 Your Continued Use

Your continued use of our website and services after changes take effect constitutes acceptance of the updated Privacy Policy. If you do not agree with changes, please discontinue use of our services.

15. Additional Information

15.1 Third-Party Websites

Our website may contain links to third-party websites, social media platforms, or other online services. This Privacy Policy does not apply to these external sites. We recommend reviewing the privacy policies of any third-party sites you visit.

15.2 Professional Advice

This Privacy Policy is designed to comply with UK data protection law as of the date shown. However, laws and regulations may change, and this policy should not be considered as legal advice. For specific legal guidance, please consult with qualified legal professionals.

15.3 Business Context

As a leading provider of acoustic solutions in the UK, we understand the importance of maintaining confidentiality and trust in our business relationships. This Privacy Policy reflects our commitment to protecting your personal information while delivering high-quality acoustic products and services.

15.4 Industry Standards

We strive to maintain data protection practices that meet or exceed industry standards for businesses in the construction and manufacturing sectors. We regularly review our practices against current best practices and regulatory guidance.

16. Definitions

Data Controller: The person or organisation that determines the purposes and means of processing personal data. JBH Soft Furnishings Ltd is the data controller for the personal information we collect.

Data Processor: A person or organisation that processes personal data on behalf of a data controller.

Data Subject: An individual whose personal data is being processed.

Personal Data: Any information relating to an identified or identifiable individual.

Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.

Special Category Data: Sensitive personal data including information about health, race, religion, political opinions, or sexual orientation.

UK GDPR: The UK General Data Protection Regulation, which came into effect on 1 January 2021 following the UK’s departure from the European Union.

This Privacy Policy was last updated on 30 June 2025.

This privacy policy has been prepared to comply with UK data protection law including the UK GDPR and Data Protection Act 2018. It should be reviewed regularly and updated as necessary to reflect changes in business practices and legal requirements.