Last updated: 30 June 2026

Privacy Policy

This policy explains what personal data AssemblePro London collects when you use our website or book a service, why we collect it, and your rights under UK data protection law.

1. Who we are

AssemblePro London is a professional furniture assembly service operating across all London boroughs. We are the data controller for personal information collected through this website.

2. What personal data we collect

When you submit a booking request:

  • Full name
  • Email address
  • Phone number
  • Service address and postcode
  • Service type, furniture details, preferred date and time slot
  • Estimated price range
  • How you heard about us (optional)
  • Any notes you choose to include

When you contact us via the website:

  • Name, email address, phone number
  • Message content

Automatically collected data:

  • IP address (used only for security rate limiting — not linked to your profile)

3. Why we process your data and our lawful basis

UK GDPR (Article 6) requires us to have a valid legal basis for processing personal data. The table below shows the purpose and basis for each type of processing we carry out.

PurposeLawful basis
Processing and confirming your bookingPerformance of a contract — Art. 6(1)(b)
Sending booking confirmation and status update emailsPerformance of a contract — Art. 6(1)(b)
Calling you to arrange the appointmentPerformance of a contract — Art. 6(1)(b)
Responding to general enquiriesLegitimate interests — Art. 6(1)(f)
Security (rate limiting login and booking attempts)Legitimate interests — Art. 6(1)(f)
Improving our service based on booking patternsLegitimate interests — Art. 6(1)(f)

We do not send marketing or promotional emails. If we introduce this in future, we will ask for your separate opt-in consent first.

4. Who we share your data with

We do not sell or rent your personal data. We use the following trusted service providers who process data on our behalf:

Resend

Transactional email delivery (booking confirmations and updates). Data processed in EU/US under appropriate safeguards.

Turso / Cloudflare

Secure database hosting for booking records. Data stored in EU-region servers where available.

We may also disclose personal data if required by law, court order, or to protect the safety of our customers or staff.

5. How long we keep your data

Data typeRetention period
Booking records12 months after the booking date
Contact enquiries6 months from receipt
Security logs (IP / login attempts)30 days, then automatically deleted

After these periods, data is permanently deleted from our systems.

6. Your rights

Under UK GDPR you have the following rights. To exercise any of them, email us at info.pro.service.uk@gmail.com. We will respond within 30 days.

AccessRequest a copy of the personal data we hold about you.
RectificationAsk us to correct inaccurate or incomplete data.
ErasureRequest deletion of your data where there is no longer a lawful reason to retain it.
RestrictionAsk us to limit how we process your data while a dispute is resolved.
PortabilityReceive your data in a machine-readable format to transfer to another provider.
ObjectObject to processing based on legitimate interests. We will stop unless we have compelling grounds.

7. Right to complain to the ICO

If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk

Phone: 0303 123 1113

Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

We would appreciate the chance to resolve any concern directly before you contact the ICO — please reach out to us first at info.pro.service.uk@gmail.com.

8. Security

We protect your data with the following measures:

  • All data transmitted over HTTPS (TLS encryption in transit)
  • Database access restricted to authenticated admin accounts
  • Admin passwords stored using PBKDF2 with 120,000 iterations (industry-standard key derivation)
  • Admin sessions expire automatically after 8 hours
  • Login rate limiting to prevent brute-force attacks

No online system is 100% secure. If you believe your data has been compromised, please contact us immediately.

9. Cookies

This website uses no tracking or advertising cookies. We use a single session-level entry in sessionStorage (not a cookie) to pass your WhatsApp booking link to the confirmation page — this is deleted immediately after use and never leaves your device.

10. Changes to this policy

We may update this policy when our services or legal obligations change. The date at the top of this page will always show when it was last revised. For significant changes, we will notify active customers by email.

Questions about this policy? Email us or use our contact form.

ChatBook Now — Get an Estimate