StonelineLast updated: 21 January 2025
This Privacy Policy (“Policy”) describes how Stoneline Construction Materials UK Ltd (“Stoneline”, “we”, “us” or “our”) collect, use, disclose, and otherwise process personal data and the rights and choices individuals have regarding such personal data.
Table of Contents
1. Scope 1
2. Important Information and Who We Are 2
3. The Types of Personal Data We Collect About You 2
4. Our Purposes and Legitimate Basis for Collecting and Processing 5
5. Disclosures of Personal Information 8
6. International Data Transfers 9
7. Aggregate and De-identified Information 9
8. Marketing 9
9. Cookies and Other Tracking Technologies 10
10. Manage Your Privacy Preferences 10
11. Data Security 10
12. Data retention 10
13. Third-Party links 11
14. Your legal rights 11
15. Complaints 12
16. Changes to the Privacy Policy 12
17. Contact Us 12
1. Scope
This Policy applies to the personal data Stoneline collects and processes related to your use of our website available at https://stoneline.co.uk/ (the “Site”), online and offline services, and other products and services we make available to you (collectively, “Services”).
It is important that you understand who we are, how we use your personal data and that we take our obligations in this regard very seriously. You should read this page in full, but below are the key highlights:
• Stoneline provides high-quality natural stone products and design services to support architectural and construction projects. Our Services include, but are not limited to, product selection guidance, seamless delivery coordination, and dedicated support before and after your purchase, ensuring a smooth and tailored experience.
• Stoneline collects and uses personal information when you visit our Site, contact us to inquire about our products and Services, visit our showrooms, purchase our products, use our pre-sales or post-sales Services, or visit our stands at events. Additionally, it describes any personal information we may receive from other sources relevant to providing and improving our Services to you.
• We are committed to responsibly managing your personal data across all interactions, whether online or in person. If you do not agree with the collection, use, or disclosure of your personal information as described in this Privacy Policy, please do not access or otherwise use our Site or Services.
In some cases, additional or separate privacy policies may be provided for certain Services, programmes or events that we offer. In those circumstances, the policies provided should be interpreted as a supplement to the information contained in this Policy. If you have any questions about us processing your personal data, contact us via our Digital Form.
2. Important Information and Who We Are
Stoneline Construction Materials UK Ltd, located at 32-134 Lots Road, Unit 008, London, SW10 0RJ, is the data controller and is responsible for determining the purposes and methods of processing your personal information. We process personal data in compliance with applicable data protection laws, including the General Data Protection Regulation (EU GDPR) and the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) as outlined in the Data Protection Act 2018 (UK GDPR).
3. The Types of Personal Data We Collect About You
The personal data we collect about you varies based on your interactions with our Site, Services and products. This information is obtained directly from you, from authorised third-party sources, and automatically through your use of the Sites and Services, as detailed further below.
3.1. Information you provide to us
You may provide us with your personal data through various means, including (i) when you correspond with us via telephone, email, or other electronic means or in writing; (ii) when you or your organisation purchase our products (“customer”); (iii) when you or your organisation request further information about our products and Services (“prospects”); (iv) when you visit our showrooms (“visitor”); or (v) when you visit our stands at events (“attendee”).
| Information Category | Description |
| Identity Information | First name, last name, signature, ID details |
| Contact Information | Email address, telephone number, postal address, shipping address |
| Customer Transaction Data | Details of your purchases, sample requests, and order fulfillment (such as order number, transaction number, subtotal, purchase amount, currency, product details and quantity, single item price, category, and tax); payments to and from you, return information, shipping information (including delivery confirmation), customer order details, customer project details (e.g., project specifications, delivery timelines), interior design requirements, installation preferences, material preferences, correspondence or communications regarding orders, and any additional notes relevant to custom requests or design consultations. |
| Proffesional Information | Professional information about you (customer, prospects or attendees) or your organisation such as company name, address, job title, position, and other creditentials. |
| Visual Data | Footage collected through CCTV cameras, capturing visual recordings of visitors on our premises. |
| Marketing and Communication Data | Your preferences in receiving marketing from us and our third parties and your communication preferences |
| Customer Support Data | Records of your inquiries or feedback, any follow-up correspondence, and information on after-sales services such as delivery coordination, installation, warranty requests, and ongoing maintenance. |
| Additional information you submit to us | Responses to surveys, feedback, information shared through forms or other submissions on the Site. |
3.2 Information Collected Automatically
When you or your organisation browse, or otherwise interact with our Site, we may automatically collect device and usage data about your equipment, browsing actions, and patterns. This information helps us enhance the user experience, improve our Services, and ensure the security and integrity of the Site.
| Information Category | Description |
| Device and Browsing Data | Browser type and version, time zone setting, approximate location, browser plug-in types and versions, operating system, platform, device type, device ID, internet protocol (IP) address, and other unique device identifiers. |
| Usage Data | Information about how you interact with the Site, including pages viewed, features accessed, time spent on the Slatform, navigation patterns, search queries, and traffic data. |
| Information from cookies and similar technologies | Some device and service information are collected through the use of cookies and similar technologies. Please see our Cookie Policy for further details. |
3.3. Information we obtain from third parties
We may receive personal data about you and your organisation from various third parties and public sources as set out below:
| Information Category | Description |
| Public Available Company Information | We may receive personal information such as identity, professional information, contact information from publicly available sources (e.g., Companies House). |
| Social Media Information | We may collect information from social media platforms if you interact with us through those platforms. This may include your profile information, public posts, and other details made available to us based on your privacy settings on the social media platform.
|
| Prospect Information | We may receive lead and prospect information, such as names, email addresses, and contact details, from third parties about individuals who may be interested in engaging with us (e.g., when you attend an event, we may obtain your information from the event organiser) |
4. Our Purposes and Legitimate Basis for Collecting and Processing
We use your personal data to develop, operate and deliver our Services, to provide you with a secure and efficient experience, and for our legal obligations. The law requires us to have a legal basis for collecting and using your personal data.
We have outlined below, in a table format, a detailed description of the various ways we intend to use your personal data and the corresponding legal bases we rely on for each use. Each table focuses on a different process, ensuring transparency in how we handle your information.
4.1. Customer Relationship and Service Management
| Our Purpose | Personal Information | Legal Basis for Processing |
| To establish and manage contract with our Customers | Identity, Contact, Customer Transaction, Professional, Customer Support, and additional information you submit to us. | Performance of our contract with you where necessary to fulfil the terms of our contract or agreement, or to take steps leading to such a contract. |
| Daily operations. To provide and operate our Services, respons to your enquiries, fulfill your request, communicate with you, gather feedback and support day-to-day operations. | Identity, Contact, Professional, Customer Transaction, Customer Support, and additional information you submit to us. | Performance of our contract with you where necessary to fulfil the terms of our contract or agreement; For our legitimate interest in efficiently optimising and organising our business operations. |
| Customer support. To provide Customer with our sale support services (such as delivery, installation, warranty requests, maintenance and any repairs relating to products purchased) | Identity, Contact, Professional, Customer Transaction, Customer Support, and additional information you submit to us. | Performance of our contract with you where necessary to fulfil the terms of our contract or agreement; For our legitimate interest in efficiently optimising and organising our business operations. |
| Processing orders and deliveries. To process yor orders, transactions and sample request, facilitate communication regarding your orders, sample request and updates, and manage your returns or exchanges. This includes generating invoices, ensuring timely delivery. | Identity, Contact, Customer Transaction, Customer Support, and Professional Information. | Performance of our contract with you where necessary to fulfil the terms of our contract or agreement, or to take steps leading to such a contract; For our legitimate interest in efficiently optimising and organising our business operations. |
| Risk and fraud management. To monitor transactions, and prevent fraudulent activities. This also includes ensuring applicable laws and internal policies to safeguard our business. | Identity, Contact, Professional, Customer Transaction. | We have a legitimate interest in conducting our activities in a lawful manner and protecting our rights and interests. |
| Legal and regulatory compliance. To comply with legal and regulatory responsibilities, including compliance with data protection laws such as GDPR, conducting audits, maintaining records, and responding to lawful requests such as subpoenas or regulatory inquiries. | Identity, Contact, Customer Transaction, Professional Information. | Legal obligation, where we need to comply with EEA, Swiss or UK law; In all other cases, we have a legitimate interest in ensuring that our business practices comply with applicable law in the jurisdictions where we operate and do business. |
| Marketing and communications. To inform our customers and prospects about new services, promotions, or updates related to our Services. This includes sending marketing communications, managing promotional campaign. | Contact, professional, marketing and communication, customer transaction information (if applicable) | We have a legitimate interest in promoting our products and Services in order to expand our outreach and customer base. |
| General Business and Operational Support. To support the effective administration of our organisation, including evaluating or undertaking corporate transactions such as mergers, acquisitions, or financing activities (including accounting, auditing, compliance, and recordkeeping necessary for business operations). | Identity, Contact, Professional, Customer Transaction, Customer Support, Transaction, Device and Browsing, and Usage information. | For our legitimate interest in efficiently optimising and organising our business operations. |
4.2 When you browse our Site
| Our Purpose | Personal Information | Legal Basis for Processing |
| To provide functionality, analyse performance, and improve usability and effectiveness of the Site. | Technical, Usage Data and Information from cookies and similar technologies | We have a legitimate interest in conducting our activities in a lawful manner and protecting our rights and interests. |
| Customisation and personalisation. To tailor the functionality of our Site and Services; optimise user experience, provide personalised recommendations. | Device and Browsing, Usage Information, and Information from Cookies and Similar Technologies. | Consent, where required by law (such as where we obtain consent via cookies and other tracking technologies) |
| Marketing and communications. To inform our customers and prospects about new services, promotions, or updates related to our Services. This includes sending marketing communications and newsletters. | Contact, professional, marketing and communication, preferences, device and browsing information, and Information from cookies and similar technologies, and Usage Information. | Consent, where required by law (such as where we obtain consent via cookies and other tracking technologies); In all other cases, we have a legitimate interest in promoting our products and Services in order to expand our outreach and customer base. |
| To identify you when you visit our Site | Information from cookies and similar technologies | Consent, where required by law (such as where we obtain consent via cookies and other tracking technologies) |
| Risk and fraud management. To prevent fraudulent activities. This also includes ensuring applicable laws and internal policies to safeguard our business. | Identity, Contact, Professional, Customer Transaction. | We have a legitimate interest in conducting our activities in a lawful manner and protecting our rights and interests. |
4.3. Product Inquiries and Initial Sales Coordination with Prospective Clients
If you have made an enquiry about our company, products, or Services, your personal information (including Identity, Contact, Customer Transaction (if applicable), Customer Support, and any additional information you provide) will be processed to respond to your enquiry or take other requested steps. This processing is based on our legitimate interest in managing customer interactions and providing accurate information.
4.4 Security in Our Premises
We may collect and process video footage from CCTV cameras in our showrooms to ensure the security and safety of our property, personnel, and visitors. This processing is based on our legitimate interest in maintaining a secure environment. The system is only deployed when necessary and with prior notification to data subjects. CCTV footage is subject to a defined retention period, after which it will be securely deleted unless required otherwise by law.
4.5. Event and Exhibition Engagement
Stoneline participates in various events as an exhibitor to inform Customers and Prospects about our products and services and to foster customer relationship management. During these events, Stoneline may process attendees’ personal data for follow-up purposes regarding our offerings. For example, if an attendee consents to have their badge scanned at a Stoneline stand, we may collect and use their contact information in accordance with this Privacy Policy and applicable data protection laws.
| Our Purpose | Personal Information | Legal Basis for Processing |
| To manage Customer and Prospect Relationships | Identity, Contact, and Professional Information. | We have a legitimate interest in promoting our products and Services in order to expand our outreach and customer base. |
| To send marketing communications | Identity, Contact, Professional, Marketing and Communication | We have a legitimate interest in promoting our products and Services in order to expand our outreach and customer base. |
5. Disclosures of Personal Information
We may share your personal information where necessary with the parties listed below for the purposes set out in Section 4 Our Purposes and Legal Bases for Collecting and Processing for which we will use your personal data above.
• Vendors and Service Providers: We may share your personal data with third parties that we use in connection with the running of our business, including web and mobile anlaytics services, hosting and software providers, IT and cloud partners, sales and marketing product providers, digital advertising service providers, card processing and payment service providers, CRM provider, courier or portal service providers.
• Law Enforcement: We may disclose your personal data to courts, law enforcement agencies, regulatory bodies, or government officials when required by law or when necessary to establish, exercise, or defend a legal or equitable claim.
• Legal, Financial, and Professional Advisors: We may share your personal data with our legal advisors, consultants, audit firms, and other professional advisors.
• Business Management: We may share your personal data with any third party to whom we sell, transfer, or merge parts of our business or assets. Alternatively, we may seek to acquire or merge with other businesses. If such a change occurs, the new owners may use your personal data in accordance with this Policy.
When we share information with third-party service providers in this capacity, we require them to use your information on our behalf in accordance with our instructions and terms and only process as necessary for the purpose of the contract.
6. International Data Transfers
In some cases, your personal data may be transferred to countries outside of the United Kingdom (UK) and European Economic Area (EEA). The laws in those countries may not provide the same level of data protection compared to the country in which you initially provided your personal information.
We will only transfer your information outside of the UK when we have ensured that your privacy will be adequately safeguarded through all the necessary and appropriate legal, organisational and technical measures to protect your personal information. Furthermore, as regards the transfer of personal information to countries outside the UK, we have entered Standard Contractual Clauses (SCCs) approved by the ICO for international transfer of personal information to controllers or processors established in third countries as the case may be.
We operate on a global scale. To provide the products and services you request, we may transfer your personal data to Stoneline Türkiye (Turkey). For instance, if you request a product sample, we will share relevant personal information with Stoneline Türkiye solely to fulfill your request.
7. Aggregate and De-identified Information
We may collect and use aggregated data, such as statistical or demographic information, for any purpose. While aggregated data may be derived from your personal data, it is not considered personal data because it does not directly or indirectly reveal your identity. However, if we combine or link aggregated data with your personal data in a manner that allows for your direct or indirect identification, we will treat the combined data as personal data and handle it in accordance with this Privacy Policy.
8. Marketing
We may send you and your organisation promotional communications, such as emails, to inform you about updates, special offers, or other information related to our Site and Services. Our Services are primarily offered directly to companies and professionals, enabling them to benefit from tailored solutions. You can opt out of receiving such promotional communications at any time by following the unsubscribe instructions provided in each message or by contacting us directly.
Please note that even if you opt-out of promotional communications, we may still send you service-related messages that are necessary for the operation of your account or our services.
9. Cookies and Other Tracking Technologies
We use cookies, pixel tags, and other tracking technologies to automatically collect information about browsing activity, device type, and similar information within Site and Services. These technologies are used generally to remember your preferences, settings, and customisations for a more personalised experience, to understand how our Sites and Services are used and improve functionality, performance, and content, and to enhance security and support authentication processes. For more information about the cookies we use and how to change your cookie preferences, please see Cookie Policy.
10. Manage Your Privacy Preferences
If you do not wish to accept cookies, you can adjust your browser settings to refuse all cookies or only third-party cookies, and you can also delete cookies that have already been placed. Please note that these settings need to be applied separately for each browser and device you use. Visitors to our Site who disable cookies will be able to browse the Site, but some features may not function. For more information about managing cookies, please see our Cookie Policy.
11. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to employees, agents, contractors, and other third parties who have a legitimate business need to know. These parties will only process your data based on our instructions and in accordance with this Privacy Policy.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
12. Data retention
We will retain your personal data only for as long as reasonably necessary to fulfil the purposes for which it was collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, accounting or other requirements.
In some circumstances you can ask us to delete your data: see paragraph 14 below for further information.
13. Third-Party links
Our Site may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site, we encourage you to read the privacy policy of every website you visit.
14. Your legal rights
To the extent permitted by applicable data protection laws and regulations, you have the following rights in relation to your personal data:
• Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
• Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
• Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
• Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you.
• Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:
(i)If you want us to establish the data's accuracy;
(ii)Where you believe our use of the data is unlawful but you do not want us to erase it;
(iii)Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
(iv)You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
If you wish to exercise any of the rights set out above, please refer to Section 17 Contact us.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
15. Complaints
We are committed to addressing any concerns you may have regarding the handling of your personal data and are here to help resolve them.
You have the right to make a complaint at any time to your local data protection authority, such as the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). For a list of EEA data protection supervisory authorities and their contact details, see here. We would, however, appreciate the chance to deal with your concerns before you approach the relevant data protection authority so please contact us in the first instance.
16. Changes to the Privacy Policy
We reserve the right to update this Policy at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal data.
17. Contact Us
If you have questions, comments, or requests regarding this Privacy Policy, please feel free to contact our Privacy Team via [email protected] or by writing to us at Stoneline, Privacy Team, 132-134 Lots Road, Unit 008, London, England, SW10 0RJ.