Privacy Policy

22nd February 2026

​​

This policy explains how The Lemon Rooms ("we," "us") collects, uses, and protects your personal information. We are committed to protecting your privacy in accordance with the UK GDPR and the Data Protection Act 2018.

​

This policy complies with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR) where applicable, and the Australian Privacy Act 1988 including the Australian Privacy Principles (APPs).

Please read this policy carefully. By using our website or placing an order, you acknowledge that you have read and understood this policy.

 

1. Who We Are

The Lemon Rooms is an online interior concept design service operated by The Lemon Rooms Ltd. For the purposes of data protection law, The Lemon Rooms Ltd is the "data controller" for your personal data.

Contact: [email address]

Website: www.thelemonrooms.com

 

2. What Information We Collect

We collect different types of information depending on how you interact with us.

​

2.1 Information You Provide Directly

When you place an order, complete our briefing form, or contact us, you may provide:

​

• Contact details (Name, Email).

• Residential Data: Photographs of your private home interiors, project briefs, and inspiration images.   

• Your payment information (processed securely through our website platform, Wix, and its integrated payment provider, Stripe — we do not see, handle, or store your full card details at any point).

 

2.2 Information We Collect Automatically

Our website (hosted on Wix) automatically collects technical data such as IP addresses, browser types, and cookies to ensure site functionality and security. 

​

2.3 Information from Third Parties

We may receive limited information from third-party services we use, such as our payment processor confirming that a transaction was successful, or analytics platforms providing aggregated usage data about our website.

​

3. Lawful Basis for Processing

The following table summarises how and why we process your data:

​

​

​

​

​

​

​

​

​

 

 

4. Privacy of the Home and Sensitive Data

We recognise that photos of your home are highly personal. These images may reveal "special category" data (such as religious items, health-related home modifications, or other personal details visible in the background). We treat all interior photos as high-privacy data. We will never use identifiable images of your home for marketing or public display without your explicit, separate opt-in consent.  

​

5. How We Share Your Information

We do not sell your personal data to third parties. We may share your information with:

​

• Payment processors: Our website is hosted on Wix, which uses Stripe as its integrated payment provider. Stripe processes your card details securely and is bound by its own privacy policy and PCI-DSS compliance standards. We do not see, handle, or store your full card details at any point.

• Website hosting and email providers: Our website is hosted on Wix and we use Google Workspace for email and file storage. These providers may process data on our behalf in order to operate the website, store client files, and deliver communications.

• Analytics providers: We may use analytics tools (such as Google Analytics) to understand website usage in aggregate. These tools use cookies and collect anonymised data.

• Professional advisers: such as accountants or legal advisers, where necessary.

• Law enforcement or regulatory bodies: where we are required to do so by law.

 

6. How We Protect Your Information

We take reasonable steps to protect your personal data from unauthorised access, loss, or misuse. These steps include using secure, encrypted connections (HTTPS) on our website, storing client files and correspondence using Google Workspace (Google Drive and Gmail) with access restricted to authorised team members only, relying on reputable third-party platforms (Wix for our website and Stripe for payments) with strong security practices and compliance certifications, and not seeing, handling, or storing full payment card details on our own systems.

​

No method of electronic storage or transmission is completely secure. While we take reasonable precautions, we cannot guarantee absolute security.

​

7. Data Retention and Deletion

To comply with the principle of storage limitation under UK and EU GDPR, we apply the following retention schedule:

​

• Room photographs and briefs: deleted within 12 months of delivery, unless you have given explicit consent for us to retain anonymised versions for portfolio purposes.

• Order and financial records: retained for up to 6 years after the completion of your order, in line with UK tax and accounting requirements.

• Marketing data: retained until you unsubscribe or withdraw consent, then deleted promptly.

• Consent records: retained for as long as we rely on that consent for marketing or portfolio purposes.

• Portfolio images: retained indefinitely where you have provided explicit consent for marketing use, or where the image has been rendered truly anonymous.

• Website analytics data: typically retained in anonymised form and subject to the retention settings of the analytics provider.

 

After the relevant retention period, we will securely delete or anonymise your data.

 

8. Cookies

Our website uses cookies — small text files stored on your device — to help the website function, analyse usage, and support our marketing. We use the following types of cookies:

​

• Essential cookies: necessary for the website to function properly, such as maintaining your session while completing the briefing form.

• Analytics cookies: help us understand how visitors use our website so we can improve it. These collect anonymised data.

• Marketing cookies: used to deliver relevant advertising and track the effectiveness of our marketing campaigns, for example through Facebook or Instagram pixels.

 

You can manage your cookie preferences through your browser settings or through any cookie consent tool displayed on our website. Disabling certain cookies may affect the functionality of the site.

​

9. Your Rights

Under the UK GDPR (and, for EEA-based customers, the EU GDPR), you have the following rights in relation to your personal data:

​

• Right of access: you can request a copy of the personal data we hold about you.

• Right to rectification: you can ask us to correct any inaccurate or incomplete data.

• Right to erasure: you can ask us to delete your data, including your photographs and contact details (“Right to be Forgotten”), subject to certain legal exceptions.

• Right to restrict processing: you can ask us to limit how we use your data in certain circumstances.

• Right to data portability: you can request your data in a structured, commonly used format.

• Right to object: you can object to processing based on legitimate interests or direct marketing.

• Right to withdraw consent: where we process data based on your consent (including marketing and portfolio use), you can withdraw it at any time via the unsubscribe link or by contacting us directly.

 

To exercise any of these rights, please contact us at [email address]. We will respond within one calendar month, as required by law.

 

10. General International Compliance

As The Lemon Rooms provides services globally, we apply high standards of data protection to all users regardless of location. If you are a resident of Australia, the following additional notice applies:

​

• Notification of Collection: We collect your personal information (specifically your name, email, and home photographs) primarily to provide the interior design concepts you have ordered. If you choose not to provide the requested photographs or briefing details, we will be unable to perform the service.

• Standard of Care: We handle your personal information in a manner consistent with the Australian Privacy Principles (APPs).

• Privacy of the Home: We acknowledge the heightened privacy sensitivity of identifiable residential imagery and maintain strict organisational and technical safeguards to prevent unauthorised disclosure, in line with modern international privacy standards and statutory protections.

 

11. International Transfers

We use third-party providers (Wix, Stripe, Google Workspace). While data is primarily processed in the UK, it may be stored on servers in the US or EU. We ensure all such transfers are protected by Standard Contractual Clauses (SCCs) or adequacy decisions, to maintain a level of protection equivalent to the UK GDPR.  

 

12. Third-Party Links

Our website may contain links to third-party websites, such as Pinterest, Instagram, or product suppliers. We are not responsible for the privacy practices of those websites. We encourage you to read their privacy policies before providing them with any personal information.

 

13. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with the updated date at the top. We encourage you to check this page periodically. Changes will not reduce your rights under applicable data protection law.

 

14. How to Contact Us

If you have any questions about this privacy policy or how we handle your personal data, please contact us:​

​

Email:         hello@thelemonrooms.com

​

Website:      www.thelemonrooms.com

​

15. Complaints

If you have concerns, please contact us at hello@thelemonrooms.com. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK. 

For Australian residents, complaints may also be directed to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

For EEA-based customers, you may also contact your local Data Protection Authority.