Privacy Policy
Last updated: March 2026
1. Who We Are
Hestoria ("we", "us", "our") is a luxury dining furniture retailer based in the United Kingdom, specialising in premium stone dining tables, chairs, and coordinated dining sets. We are committed to protecting your personal data and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
For any data protection queries, please contact us at: privacy@hestoria.co.uk
2. What Data We Collect
We may collect the following categories of personal data:
- Identity data: first name, last name
- Contact data: email address, telephone number, postal address
- Transaction data: details about the products you have enquired about or ordered
- Technical data: browser type, IP address, pages visited, and referring website (collected automatically via our website)
- Usage data: information about how you use our website
- Communications data: the content of any messages you send us through our enquiry form
We do not collect or process any special categories of sensitive personal data (such as health, racial origin, or political opinions).
3. How We Collect Your Data
We collect data in the following ways:
- Directly from you when you complete the enquiry form or checkout on our website
- Automatically through cookies and similar technologies when you browse our website
4. How We Use Your Data
We use your personal data for the following purposes, relying on the lawful bases indicated:
| Purpose | Lawful Basis |
|---|---|
| To respond to your enquiry or question | Consent / Legitimate interests |
| To process and fulfil your order | Contract performance |
| To manage our business and website | Legitimate interests |
| To comply with legal obligations | Legal obligation |
5. Cookies
Our website uses cookies to improve your browsing experience and to help us understand how visitors use the site. We use:
- Strictly necessary cookies: Required for the website to function (e.g. your shopping basket and session). These cannot be disabled.
- Functional cookies: Remember your preferences (e.g. saved items). These are only set with your consent.
You can withdraw your cookie consent at any time by clearing your browser cookies or contacting us. Please note that disabling certain cookies may affect website functionality.
6. Data Sharing
We do not sell, rent, or trade your personal data to third parties. We may share your data with:
- Service providers who assist us in operating our website and delivering orders (bound by confidentiality agreements)
- Regulatory authorities or law enforcement where required by law
All third parties are required to respect the security of your data and to treat it in accordance with UK GDPR.
7. Third-Party Service Providers
We use the following third-party services to operate our website and communicate with you:
Resend: We use Resend as our email service provider to deliver form submission notifications and confirmation emails. All data you enter into our forms — including your name, email address, phone number, physical address, and any uploaded documents — is processed and stored on Resend's secure servers in the United States. Resend is certified under the EU–US Data Privacy Framework to ensure compliant international data transfers. Email logs are accessible in our account for up to 30 days. Resend may retain data beyond this period in accordance with their own privacy policy.
8. Data Retention
We retain your personal data for as long as necessary to fulfil the purposes set out in this policy, including to maintain a record of your enquiries and orders should you return to us in the future. In practice, this means we may retain your data indefinitely unless you request its deletion.
You have the right to request deletion of your personal data at any time (see Section 9). Where we are required by law to retain certain records — for example, financial or contractual information — we will retain only what is legally necessary and for the minimum period required.
9. Your Rights
Under UK GDPR, you have the following rights:
- Right of access: Request a copy of the personal data we hold about you
- Right to rectification: Request correction of inaccurate or incomplete data
- Right to erasure ("right to be forgotten"): Request deletion of your data in certain circumstances
- Right to restriction: Request that we limit how we use your data
- Right to data portability: Receive your data in a structured, commonly used format
- Right to object: Object to processing based on legitimate interests
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, please contact us at privacy@hestoria.co.uk. We will respond within one month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
10. Data Security
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. Our website uses HTTPS encryption for all data in transit. Access to personal data is restricted to authorised personnel only.
11. International Transfers
We primarily process your data in the United Kingdom. However, as described in Section 7, our email service provider Resend processes and stores certain form data on servers located in the United States. Resend is certified under the EU–US Data Privacy Framework, providing an appropriate safeguard for international data transfers in accordance with UK GDPR. We do not transfer your data to any other countries outside the UK.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated date. We encourage you to review this page periodically. Continued use of our website after changes constitutes acceptance of the updated policy.
13. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us:
Hestoria
Email: privacy@hestoria.co.uk