Data stewardship

Privacy policy and your data rights

This statement explains how Quoglarnizio collects, uses, stores, and shares personal data when you browse quoglarnizio.world, correspond with our studio, or contract for sleep environment and renewal planning services. It is designed for visitors and clients based in the United Kingdom and reflects the UK GDPR and the Data Protection Act 2018.

Viewed on

ControllerQuoglarnizio, London W1J 7QB, UK.

DPO contactUse the email below for privacy queries.

Supervisory authorityICO, ico.org.uk

Who we are

The data controller is Quoglarnizio, 4 Shepherd Market, London W1J 7QB, United Kingdom. You can reach us by telephone on +44 20 7493 2309 or by email at contact@quoglarnizio.world. For simplicity, this policy refers to the controller as “we” or “us”.

Personal data we process

Depending on how you interact with us, we may process the following categories of personal data:

Identity data: full name, title, usernames if we issue them in future client portals.
Contact data: billing address, delivery address, email address, telephone numbers.
Financial data: bank details for refunds, payment card type and last four digits when processed by our payment provider, invoice references.
Technical data: internet protocol address, browser type and version, time zone, operating system, device identifiers, and diagnostic logs.
Usage data: information about how you use our website and services, collected through logs or optional analytics when you consent.
Marketing and communications data: preferences for receiving information from us and communication metadata such as open receipts if you consent to marketing email.
Service data: room dimensions, photographs you supply, notes from consultations, procurement preferences, supplier correspondence, and project timelines.
Compliance data: records demonstrating consent, identity verification where required for high-value transactions, and dispute correspondence.

We do not require special category data to deliver our services. If you voluntarily disclose health-related information, we will treat it with additional care and minimise retention, but our engagements are not clinical and we do not rely on such data to provide core deliverables.

Lawful bases

We process personal data only when a lawful basis applies. The principal bases we rely on are:

Contract: processing necessary to perform our agreement with you, including preparatory steps at your request.
Legitimate interests: securing our network, preventing fraud, improving website stability, understanding aggregate client needs where analytics cookies are not used, internal training with pseudonymised examples, and asserting or defending legal claims.
Consent: optional cookies, certain marketing communications, and any optional photograph use beyond contract fulfilment.
Legal obligation: tax, accounting, and regulatory record-keeping.

Where we rely on legitimate interests, we balance our interests against your rights and offer opt-outs where appropriate, particularly for non-essential communications.

Purposes and processing activities

We use personal data to respond to enquiries, prepare quotations, schedule site visits or remote sessions, deliver written room ledgers, coordinate suppliers, process payments, provide aftercare answers, improve our internal processes, comply with law, and evidence consent trails. We do not sell personal data and we do not permit third parties to use your data for their independent marketing without explicit disclosure.

If you arrive from online advertising, optional marketing or analytics tools may process limited technical or pseudonymous data to measure campaign performance, subject to your cookie choices and our cookies policy. Where processing relies on consent, you may withdraw it at any time without affecting the lawfulness of earlier processing.

We share personal data with categories of recipients including hosting providers, email delivery services, calendar scheduling tools, payment processors, accountants, legal advisers, insurers, and logistics partners fulfilling product deliveries you approve. Contracts require processors to process data only on documented instructions and to assist with UK GDPR compliance requests.

If you introduce a joint decision-maker such as a cohabitant, we assume you have authority to share their contact details; tell us promptly if that is not the case.

International transfers

Some cloud services store data outside the United Kingdom. When transfer tools are required, we rely on adequacy regulations where available or implement standard contractual clauses and conduct transfer impact assessments commensurate with risk. Copies of relevant safeguards may be requested subject to confidentiality.

Retention

We retain data only as long as necessary for the purposes described. Indicative periods include: enquiry records up to twenty-four months unless they mature into contracts; contract and invoice records up to seven years from the end of the financial year; technical logs up to ninety days unless extended for security investigations; marketing suppression lists indefinitely in hashed or minimal form to honour unsubscribe requests; cookie consent evidence according to our cookies policy.

Retention may be extended if litigation is reasonably anticipated. When retention expires, we delete or anonymise data using procedures appropriate to the medium.

Security measures

We implement organisational and technical measures including role-based access, multi-factor authentication for administrative accounts where supported, encryption in transit, segregated environments for production and testing, vendor security reviews, and staff confidentiality commitments. We maintain an incident response checklist and notify supervisory authorities or data subjects when legally required.

Your rights

Subject to conditions in the UK GDPR, you may request access to personal data, rectification of inaccuracies, erasure, restriction of processing, data portability for data you provided where processing is automated and based on contract or consent, and objection to processing based on legitimate interests or to direct marketing. You may withdraw consent without affecting the lawfulness of earlier processing.

We respond within one month of verification, extendable by two further months for complex requests, in which case we explain the delay. You may lodge a complaint with the ICO. We welcome the chance to resolve concerns informally first.

Automated decision-making

We do not make decisions producing legal or similarly significant effects based solely on automated processing. If that changes, we will update this policy and provide meaningful information about logic and your rights.

Children

Our services are directed at adults arranging residential spaces. We do not knowingly collect data from anyone under sixteen without parental consent. If you believe we have received a child’s data in error, contact us and we will delete it promptly.

Updates and contact

We revise this policy when our processing activities or legal obligations change materially. The date you see in the hero reflects when you opened this page in your browser. Archived copies are available on request for serious disputes.

Related documents: cookies policy, terms of use, returns policy, home.