Privacy policy

Last updated: May 14, 2025

Denaventures Ltd is committed to protecting your privacy, in full compliance with the UK Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR). This Privacy Policy describes how we collect, use, share and protect your personal data when you use the DenaHome website or interact with us. It also outlines your rights under UK data protection laws and how you can exercise those rights. By using our Site or providing personal information to us, you acknowledge that you have read and understood this Privacy Policy. We may update this policy from time to time; we will post any updated changes on this page with the revised date.

Who We Are and Contact Information

Denaventures Ltd is the company that operates the DenaHome site. Under data protection laws, Denaventures Ltd is the “data controller”, meaning that it determines the purposes and means of processing your personal data collected through DenaHome. Our registered office address is: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom. If you have any questions about this Privacy Policy or your personal data in general, or if you wish to exercise your rights, you can contact us by e-mail at info@denahome.co or by writing to us at the above postal address (addressee: Privacy Officer).

Personal Data We Collect and Purposes of Use

We collect personal data necessary to provide our services to you and to comply with our legal obligations. The types of data we collect and the purposes for which we use it are outlined below:

  • Identity and Contact Information: Information such as your first name, last name, e-mail address, phone number and billing/mailing address. We use this data to identify you, create an account at your request, process your orders, contact you about your purchases or inquiries, and provide customer support. For example, we use your name and address to ship your products to you, and your email or phone to communicate order confirmation and updates.
  • Delivery Information: Your delivery address and special delivery instructions, if any, are used to prepare and deliver your orders to you through our contracted shipping/courier partners. This information is collected and used only to fulfill your orders.
  • Account Information (Optional): If you choose to register for an account on our site, we collect your login information such as username and password. This allows us to protect your account login, allow you to view your order history, save your preferences and manage your settings. Note: Creating an account is completely optional; you can always shop as a guest if you wish.
  • Payment Information: When you make a purchase, your payment information, such as your credit/debit card number, is transmitted directly to our secure payment infrastructure. Payments are processed securely through a third party payment processor called Stripe. Your card information is processed by Stripe over fully encrypted connections and for security reasons, our company does not store your full card information on its servers. This means that the information needed to complete your payment, such as the amount, card type, billing address, is shared with Stripe, but not your full card number or CVV code is stored on our servers. Stripe is a PCI-DSS certified organization that complies with the payment industry's strict security standards. Once the payment transaction is complete, we only receive confirmation that the payment was successful and, where necessary, a transaction ID. 
  • Usage Data and Technical Information: When you visit our site, some technical data such as your IP address, device and browser type, your navigation information within the site may be collected automatically. We obtain such data through cookies and similar technologies. This information may be used for our site to perform basic functions (e.g. remembering your cart or keeping you logged in), to improve our services (e.g. understanding which pages receive more attention), and to ensure site security/prevent fraudulent activity. For example, we may use your IP address to protect your account by detecting unusual login attempts. The data obtained in this context is not used to produce anonymous statistics or to analyze individual user behavior other than to ensure security.
  • Contact and Support Data: When you contact us via channels such as email, phone or live support, we use the messages you transmit and the contact information you provide to contact you and resolve your issue. For example, we may retain the content of a customer service contact and our responses for a reasonable period of time to answer future questions or to evaluate the quality of our service (see Data Retention below).

Sensitive Personal Data: We do not request or process sensitive personal data such as racial or ethnic origin, political opinion, religion, health information or criminal record. There is no need for such sensitive information within the scope of our services. We also do not knowingly collect criminal conviction and sentencing data.

Consequences of Not Providing Data: You are not required to share any personal data with us in order to visit our Site generally. However, please note that if you do not provide certain information, we may not be able to provide you with certain services. For example, we cannot deliver your order if you do not share your address for shipping delivery, or we cannot process your purchase if you do not provide your payment information. If you do not provide data in mandatory fields (e.g., fields marked during checkout or account creation), we may not be able to fulfill the relevant transaction or service.

Legal Basis for Processing Your Personal Data

Under the UK GDPR in the United Kingdom, processing your personal data must be based on a legal ground (“lawful basis”). We therefore rely on one of the legal bases identified in the UK GDPR for each data processing activity we carry out. Our main legal bases are:

  • Performance of Contract: We process the majority of your data to fulfill our contract with you or to perform a contract at your request. For example, when you place an order or purchase a product/service from us, we contractually deliver the product to you using your name and address; we use your payment information to collect your payment. Similarly, when you create an account or contact us for support, we use the data you share in this context to provide the service you have requested. Such processing is necessary for the performance of the sales or service contract between you and us.
  • Compliance with Legal Obligations: From time to time, we may need to process some of your data to comply with our legal obligations. For example, we are required by accounting and tax legislation to retain order records for at least 6 years. Similarly, we may need to share personal data with the relevant authorities necessary to respond to lawful requests by competent authorities or to comply with court orders. In these cases, the basis for processing will be the fulfillment of the relevant legal obligation.
  • Legitimate Interests: In some cases, we process your personal data on the basis of our legitimate interests. We use this basis for data processing that does not unduly interfere with your fundamental rights and freedoms, can be expected and is necessary in the ordinary course of our business. For example, data processing for purposes such as ensuring the security of our site and preventing fraud, analyzing general usage trends to improve the customer experience, or measuring customer satisfaction may be based on the legitimate interest of our business. In all cases, when processing data on the basis of our legitimate interests, we take into account the potential impact on you and your rights and conduct a balance of interests assessment. We will not take action that overrides your interests on legitimate interest grounds and we remind you that you have the right to object (see Your Rights below).
  • Explicit Consent: From time to time, we may request your explicit consent for certain matters that do not fall within the legal bases above. For example, we may ask for your consent for an optional service we may offer in the future or to send you certain information and updates upon your request. If we process your data based on your consent for a specific purpose, you have the right to withdraw that consent at any time. Withdrawal of your consent does not affect the lawfulness of any processing previously carried out on the basis of your consent. (Note: Currently, DenaHome does not engage in practices that require the processing of user data based on consent, such as email/SMS marketing, use of cookies for advertising purposes, etc.).

Sharing Personal Data with Third Parties

We treat your personal information with care and confidentiality. We do not sell your personal data to third parties. However, we may need to share your data with certain trusted third parties in order to operate our business, fulfill your orders and provide services to you - of course, all sharing is done in accordance with applicable data protection laws. The main categories of parties we share with are:

Our Service Providers (“Data Processors”): We work with some external service providers who help us to maintain the operation of DenaHome. This includes:

  • Technical Infrastructure and Hosting: We use third-party infrastructure services to host our website, store data securely, and operate site features. These service providers act on our instructions and as data processors on our behalf; they process your data solely for the purpose of operating the site and meeting technical requirements.
  • Payment Services: As mentioned above, we use Stripe to process your payment transactions. Your financial data entered during checkout is processed by Stripe and secure payment confirmation is transmitted to us. Stripe is an independent data controller in its field and has its own privacy policy. We have privacy and data protection agreements with Stripe for the security of your data.
  • Cargo and Delivery Companies: We work with cargo, courier and logistics companies to deliver the products you ordered. We share your name and delivery address with the relevant transportation partner so that packages can be delivered to you. These companies cannot use your data for any other purpose other than to fulfill your shipment.
  • Email and Communication Tools: We may use third party email delivery services or communication platforms to deliver communications such as order confirmations, notifications or support messages. For example, emails sent to you may be delivered through an email service provider we use. These service providers only access your data in accordance with our instructions and for the purpose of providing the communication.

Our contracts with all our service providers require them to take the necessary technical and organizational measures to protect your personal data. These parties are obliged to process your data only for the purposes we specify and are legally required to comply with privacy and security standards.

  • Legal Obligations and Official Requests: We may need to share your personal data with third parties where required by law or to comply with legal processes. For example, we may share your relevant personal data in response to requests for information from authorities such as the police, regulators or tax authorities under a subpoena, judicial order or legal regulation. Likewise, we may share data with lawyers, consultants or law enforcement agencies where we deem it necessary to defend our legal rights, detect fraud or ensure the security of our website. Such sharing will only be done where there is a legal obligation or legitimate interest and in accordance with applicable law.
  • Business Transfers: In the event that our company is sold in whole or in part, merged with another company, restructured or similar corporate transactions, user data may also be among the transferred assets. In such a case, your personal data will continue to be protected within the new company as described in this policy. In the event of a change of ownership, we will notify you if there is a material change in the use or protection of your personal information.

International Data Transfers: The data we collect may be processed or stored by our third party service providers located in a country outside the United Kingdom. For example, our technical infrastructure provider or payment processor may hold data on servers outside the UK or European Economic Area (EEA). Where we need to transfer your personal data abroad, we ensure full compliance with the requirements of the UK GDPR. This is done by, for example, ensuring that the country to which your data is being sent is recognized by the UK as having “adequate protection” (for example, some countries, such as Canada, are recognized as adequate by the UK) or by taking appropriate contractual measures (e.g. signing Standard Contractual Clauses). In short, even if your personal data is transferred outside the UK/EEA, we will take all necessary measures to ensure that your data is protected to UK GDPR standards. All the companies we work with have an obligation to protect your privacy wherever they process your data.

Cookies and Similar Technologies

Cookies are small text files placed on your device by websites you visit. As DenaHome, we use cookies and similar tracking technologies for the efficient operation of our site and to improve the user experience. These technologies are necessary for our website to offer some of its features and remember your preferences. Things to know about cookies:

  • Necessary (Mandatory) Cookies: These cookies are essential for our website to function correctly. For example, basic functions such as remembering the products in your online shopping cart, maintaining your session when you log in to your account or ensuring site security are made possible by these cookies. Without these cookies, the basic features of our e-commerce site may not work. Mandatory cookies are automatically activated when you use the site and your consent is not requested for the use of these cookies (because they are necessary for the operation of the site service).
  • Preference and Functionality Cookies: These cookies help us provide you with a more personalized site by remembering your preferences. For example, by remembering your language selection or other customization settings, it ensures that you do not need to re-enter them each time you visit. In this way, your site experience can be improved in line with your preferences.

DenaHome does not currently use cookies for analytical purposes (e.g. Google Analytics) or for advertising purposes. That is, we do not place third-party cookies on your browser that perform detailed behavioral analysis of your site usage or targeted marketing. If in the future we decide to use an analytics tool to understand site traffic or if we add cookies for advertising purposes, we will update our Privacy Policy and, if necessary, obtain your consent before doing so.

Cookie Preferences: When you first visit our site, you may see a cookie notification banner asking for your preferences if we start using non-essential cookies. You can also control cookies using your browser settings. You can block some or all cookies or delete existing cookies at any time through your browser settings. However, please note that if you disable cookies, some features of our site may not function properly (for example, your cart or login information may not be remembered).

 Data Retention - How Long We Keep Your Data

We retain your personal data for as long as necessary to fulfill the purpose for which we collected it, as well as for as long as necessary to comply with our relevant legal, accounting or reporting obligations.Our retention periods for different types of data and the bases for these periods are as follows:

  • Order and Transaction Records: We retain information about your purchases, such as invoices, order details, payment and delivery records, for at least 6 years from the date of the transaction. This long retention period is necessary to comply with tax and accounting legislation in the UK (for example, HMRC requires companies to keep financial records for a minimum of 6 years for tax audits).
    This period is also useful for resolving potential disputes or investigating product warranty claims. After the 6-year period, we will securely delete or de-identify (anonymize) this data if we no longer need it. However, if there is an ongoing legal requirement or legitimate business need (e.g. ongoing litigation), we may need to keep the data a little longer as necessary.
  • Account Information: If you have created a customer account on our Site, we will retain your personal data associated with the account (such as name, contact information, login information, and your order history that appears under the account) for as long as your account remains active. If you decide to close your account or request us to delete your account, we will delete or de-identify the personal data linked to your account within a reasonable period of time after your pending orders, if any, have been completed and legal obligations have been fulfilled. For example, when you delete your account, we remove your name, contact information and other identifying data from our systems. However, for legal compliance or fraud prevention purposes, we may retain a minimal “record of evidence” - for example, your name, email address, and a basic transaction record note that you have had an account with us in the past. Such data may be retained to defend a legal claim or to prevent misuse of an account, but these records are not used for any other purpose and are completely deleted after the statutory retention period has expired.
  • Contact and Customer Support Records: We may retain emails, live chat histories or customer service requests you send us and our responses to them, generally for 6 months to 1 year. This period is useful for us to be able to respond to follow-up questions from you and to train our team. If there is no ongoing issue, legal requirement or dispute regarding a communication record, we will delete your support correspondence after this period. In the event of a legal dispute or if we are legally required to retain it for a longer period of time (e.g., a formal dispute over a business transaction), we may retain relevant communication records for as long as we need them. In addition, if our site has a feature that allows you to leave public comments or product reviews, the comments you leave may continue to appear on the site until you delete them or request their removal (or until they no longer apply to our site). If you delete your comments, or if you contact us to have them removed, they will also be permanently removed.

When the aforementioned retention period for a particular type of data expires or you request the erasure of your data for a valid reason (see Your Rights section below), we will securely delete your relevant personal data from our systems or anonymize it so that it no longer identifies you. There may be circumstances where complete erasure is not possible - for example, if your data resides in our backup archives, it may not be technically feasible to delete it immediately. In such a case, we will remove your data from active systems and move it to an isolated and restricted environment so that it is protected and not used in any process until it can be completely deleted.

Your Rights (Data Subject Rights under UK GDPR)

Under UK data protection laws, you have various rights that give you control over your personal data. We respect these rights and provide mechanisms for you to exercise them. The main rights you have are:

  • Right of Access: You have the right to access and request a copy of the personal data we hold about you. This is known as a Subject Access Request. If you request it, we will tell you what data we process about you, what purposes we use it for, who we share it with and how long we will keep it for. We will provide you with a copy of your personal data, as far as possible in electronic format. We do not usually charge a fee for this service and, as a legal requirement, we will usually respond to your request within one month. (If your request is very complex or if you have made more than one request, we may legally extend this period by two months, but in such a case we will inform you and explain why).
  • Right to rectification: You have the right to request the rectification of personal data that you believe is incomplete or inaccurate. For example, if your contact details have changed or you notice a typo in our systems, you can request that we update with the correct data. Upon your request, we will correct any information that we confirm is incorrect as soon as possible. (If necessary, we may ask you for additional information to confirm the accuracy of your correction request.)
  • Right to Erasure (Right to be Forgotten): In certain circumstances, you have the right to request the erasure of your personal data. For example, you may request erasure if the purpose for which your data was collected has ceased to exist, if you have withdrawn your consent to processing and we have no other legal basis, if you have objected to the processing of your data based on our legitimate interests and we have no overriding legitimate grounds, or if the data has been unlawfully processed. This right is not absolute; in some circumstances we may not be able to fulfill your deletion request. For example, if data retention is necessary to comply with a legal obligation or if data is needed to perform our contract with you (e.g. we cannot immediately delete your shopping records for tax purposes or we may need to retain certain data to prevent fraud. If we are unable to take up your deletion request, we will explain to you why and, if possible, offer partial deletion/blocking.
  • Right to Restrict Processing: In certain circumstances, you may request a temporary suspension of the processing of your personal data. For example, if you dispute the accuracy of the data we hold (we may stop processing until correction is made), if you believe the processing is unlawful and request restriction rather than erasure, or when you exercise your right to object (pending a decision on the balance of legitimate interests). In case of restriction, your data will only be stored and will not be processed except in limited circumstances, such as mandatory legal requests or with your consent. We will inform you when the restriction request needs to be lifted.
  • Right to Object: You have the right to object to the processing of your personal data in certain ways. In particular, you have the right to object at any time to the processing of your data for direct marketing purposes (if this happens in the future); in the event of such an objection, your data will no longer be processed for this purpose. Furthermore, where we process your data on the legal basis of legitimate interest, you may object on grounds relating to your particular situation. If we find your objection justified, we will stop processing your data for the activity in question. If we consider that we should continue the processing despite your objection, we will explain the grounds for this (such as an overriding legitimate interest or legal obligation).
  • Right to Data Portability: You have the right to receive your personal data that you have provided to us and that is processed by automated means in a structured, commonly used and machine-readable format and to transmit that data to another service provider. For example, if you wish to move a service you have received from us to another provider, we may transmit certain data we have on our systems to you or directly to the new provider of your choice. This right can only be exercised if the processing is based on your consent or on a contract between us and the processing is carried out by automated means. Where technically feasible, we may transfer your data directly to the other provider's system upon your request.
  • Right not to be subject to automated decisions: You have the right not to have decisions about you that have legal effect or similarly significantly affect you made solely as a result of automated processing (algorithms or artificial intelligence operating without human intervention). At DenaHome, we do not conduct fully automated decision-making processes that could affect our users in this way. Should this be the case in the future, we will obtain your explicit consent where deemed necessary and ensure your right to appeal and request human review in all cases.

In addition to your rights above, you also have the right to withdraw consent at any time. If you have given us explicit consent to process your personal data, you can easily withdraw that consent by changing your mind later on. Withdrawing your consent does not affect the lawfulness of processing based on consent in the period prior to withdrawal. For example, if you sign up for a newsletter in the future and later unsubscribe, you can withdraw your consent by using the unsubscribe option or by contacting us.

Exercise of Your Rights: If you wish to exercise any of the above rights, please do not hesitate to contact us. You can submit your requests 24/7 by sending an e-mail to info@denahome.co or by writing to our mailing address specified in the “Who We Are and Contact Us” section. We will review your requests as soon as we receive them and respond within one month at the latest. We usually respond to requests from you free of charge. To ensure the security of personal data, we may ask you to verify your identity before fulfilling your request (for example, by sending verification to a registered email address or asking for proof of identity). This is to prevent disclosure of data to the wrong person. If your requests are unreasonably frequent or excessively repetitive or manifestly unfounded (for example, if you make the same request repeatedly in short intervals), we may, to the extent permitted by law, charge a reasonable fee or refuse to respond. However, if this happens, we will be sure to explain the reasons for our decision to you.

Right of Complaint: If you have any concerns or are dissatisfied with the protection of your personal data, we ask that you first contact us to resolve the issue. If you contact us with your complaint, we will promptly investigate and try to resolve it. If you are not satisfied with our response to a complaint or if you wish to contact the competent authority directly, you have the right to contact the Information Commissioner's Office (ICO), the UK Data Protection Supervisory Authority. It is usually expected that the relevant organization (in this case us) will be given the opportunity to rectify the problem before you make a complaint to the ICO, but ultimately it is your right to contact the ICO. ICO contact details: Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom. Telephone: +44 303 123 1113. Web: ico.org.uk. The ICO will investigate your complaint as an independent authority and will have the power to take enforcement action against our company if it considers it necessary.

Children's Privacy and Age Limit

Our Services are not directed to children under the age of 16 and we do not knowingly collect personal data from anyone under the age of 16. If you are under the age of 16, please do not use our site or provide us with any personal information. If you are the parent or guardian of a child under the age of 16 and you believe that your child has provided us with personal data, please contact us as soon as possible and we will promptly delete or anonymize that data if we deem it necessary.

We require you to be at least 16 years old to shop and create an account on DenaHome. With respect to our underage customers between the ages of 16 and 17, we recommend that they use the site with the permission of their parents or legal guardians. We recommend that users under 18 years of age obtain parental consent before purchasing a product or entering into a contract. Especially if you are 16-17 years old, it is important that you read this Privacy Policy with a parent or guardian and make sure you fully understand it. Our Company reserves the right to cancel orders or close accounts without parental consent from persons it determines to be under the age of legal contract.

Children's Privacy: We take care to protect the privacy of young children. We do not conduct marketing or profiling activities targeting children. The products and content presented on our site are intended for an adult audience interested in home decoration and home life. We do not have any content or membership system specifically for the use of children under 13 years of age.

How is Your Data Secured?

We implement appropriate technical and organizational security measures to protect your personal data. We strive to comply with current industry standards for information security to ensure the confidentiality and integrity of your data and to prevent unauthorized access or disclosure. For example:

  • Our website and your data are protected by encryption technologies. All communication between the browser and our site takes place over the HTTPS (Secure HTTP) protocol - this means that the information you enter is transmitted securely to our servers.
  • Access Controls: We limit access to personal data to authorized personnel who need this information for our business. Our employees and service providers have access only to the minimum level of data necessary to fulfill their duties. All relevant personnel are trained in privacy and data protection obligations and must comply with these rules.
  • Security Infrastructure: The servers and infrastructure we use are equipped with protective measures such as firewalls, intrusion detection and prevention systems (IDS/IPS) and regular security scans. Strong encryption methods and continuous monitoring are applied to the systems containing your personal data. We also take regular backups to protect the integrity of the data and use alarm mechanisms in case of unusual activity.
  • Payment Security: Since your payment information, which is considered particularly sensitive, is processed directly by our PCI-DSS compliant payment partners (e.g. Stripe), this data is protected under the highest security standards. Not all of your card details are seen and stored by us, which minimizes the security risk. Payment organizations such as Stripe have globally recognized certifications for payment information protection
  • Penetration Tests and Updates: We regularly apply software updates to keep our systems up to date and close known security vulnerabilities. From time to time, we may conduct professional penetration tests or use security scanning tools to detect unauthorized access attempts.


Please note that despite all these precautions, no data transmission or storage system over the internet is 100% secure. While we and our business partners strive to provide the strongest protections, absolute security cannot be guaranteed. Therefore, while we use reasonable efforts to protect your personal data, we cannot fully guarantee the security of the information you transmit to us over the internet. To ensure the security of your account, please use a unique and strong password and do not share your login details with third parties. We will notify you immediately of any suspected breach of security and take appropriate action.

Links to Other Websites

From time to time, our website may contain links to third party websites or content. For example, you may find links to external resources related to our products, our social media pages or our partners' sites. We would like to point out that DenaHome is not responsible for the privacy practices or the content of third-party sites. This privacy policy applies only to data collected within DenaHome; when you go to another site, that site's privacy policy comes into play. Therefore, we encourage you to read the privacy statements of other websites that you access through our site. We are not responsible for any loss or damage that may arise from any actions you take or information you share on a third party site. You should be careful when using external links and, if you deem it necessary, you should contact the relevant site administrators for information.

Changes to this Privacy Policy

We may update or change this Privacy Policy from time to time. If we update, we will post the new version on our website and change the “Last Updated” date above. Upon any changes becoming effective, the revised policy will apply. If we make an update that materially changes the way we use your personal data, we will endeavor to notify you by appropriate means (for example, by posting a prominent notice on our website or notifying you by email). We regularly review and improve our privacy practices, and it may be helpful to check this page periodically so that you have the most up-to-date information about the policy.

Contact Us

If you have any questions, concerns or requests about this Privacy Policy or if you wish to exercise any of the rights mentioned above, please contact us. Our contact information:

  • E-post: info@denahome.co

We will respond to you as soon as possible after receiving your request. We are here to help you with matters relating to your personal data and to answer your questions. When you contact us, please remember to include your name and a contact where we can reach you.

At Denaventures Ltd we value your privacy and fulfill all our legal obligations to protect your personal data. Thank you for reading this Privacy Policy - it is very important to us that you use DenaHome safely and trust us with peace of mind.