Privacy Policy – Your Data Matters

Looking after the personal information you share with us is important. We would like to tell you when we collect your information, what we use it for, who we share it with, and how we look after it.

National Shower Spares Ltd ("we" or "us") is part of the Highbourne Group Ltd (the "Group").

This is our privacy notice, telling you what data we collect, what we do with it, who helps us process it, and how you can exercise your rights with regards to your personal information.

Our Privacy Promise

  1. The protection of your privacy and personal information is important to us. We make sure that not only do we have appropriate security measures in place, but that any other organisation we work with to provide a service also meets the same standard as us.
  2. We will respect your privacy. You should receive marketing emails only from us. We will make sure that any boxes you need to tick if you are happy to receive marketing are presented clearly and at an appropriate time.
  3. We will make it clear at the point when we request your information, what we are collecting it for and how we are going to use it.
  4. We will collect and use your personal information only if we have your permission or we have sensible business reasons for doing so.
  5. We will minimise the amount of information we collect from you to what we need to deliver the product and services you have requested.
  6. We will be clear in our dealings with you as to what information about you we will collect and how we will use it.
  7. We will use personal information only for the purposes for which it was originally collected and we will make sure we store it safely, and delete it securely.

Do remember that our websites are accessible via the internet. Therefore, if you post any comments or links on any of our sites, they can be read and accessed by anyone and everyone.

Who we are

National Shower Spares is a company registered in the UK with the number SC209728 and is part of the Highbourne Group of companies.

Our address is: Units 16-17 Bamel Way, Gloucester Business Park, Brockworth, Gloucester, Gloucestershire, GL3 4BH.

Our head office address is: Highbourne House, Eldon Way, Crick, Northampton, NN6 7SL.

We are registered as a data controller with the Information Commissioner's Office (ICO) – our registration number is Z2462678.

What information we collect about you and how we use it

If you are a customer, we collect personal data to:

If you are a supplier, we collect personal data to:

This personal information may include, but is not limited to, the following details:

Sometimes information about you might be provided to us by another source such as:

We do record and/or monitor some telephone calls, for example calls to our customer services teams. We do this for the following purposes:

What legal basis do we use to process this information?

When a business like ours processes your data we have to have a legal reason for doing so, which is also known as the legal basis. There are a number of legal bases which may differ depending on the type of personal data we are processing and for what purpose. We would like to explain this in as clear a way as possible:

We also use Legitimate Interest where we identify suspected criminal activity such as fraudulent claims or the use of stolen payment card details, we will record details of the suspected criminal activity and may take appropriate action, including refusing to accept orders, make payments or give refunds. We may also report the incident to the relevant bank or payment card issuer or to the police or other appropriate authorities.

Some data is classified as "special category" and requires particular protection. As a rule we do not collect this type of data for customers, visitors to our website, or suppliers. If we do need to process this data we will obtain Explicit Consent to do so or we will use our right in Establishing, exercising or defending a legal claim.

Occasionally we may need to process criminal conviction data. In this situation we use Legal Claims, i.e. processing in connection with legal or potential legal proceedings, obtaining legal advice or establishing, defending and/or exercising legal rights.

Children's information

We do not knowingly collect or store any personal information of children under the age of 16, because the mechanisms whereby we collect personal information are not applicable to this age group.

Who we share data with

Like most organisations, we engage service providers to assist us in ensuring our business runs smoothly and our ability to provide continued services. We work with a large number of suppliers who provide products and delivery services to us.

We will only provide these third parties with the information they need to deliver the service we have engaged them for and they are prohibited from using that information for any other reason. Whenever we share personal information about our customers or visitors to our website with these third parties, we will put in place contracts which require the protection of the personal information.

Your information may be shared within the Highbourne Group of companies for account management (including credit accounts), analysis and reporting.

Your personal data may be disclosed to the following third parties:

In order to process any application for credit, we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at Experian and TransUnion.

We may also disclose your personal information if we believe that the disclosure is necessary to enforce or apply our terms and conditions or otherwise protect and defend our rights, property or the safety of our customers and other users of the website.

We may disclose and/or transfer your personal information in connection with a reorganisation of all or part of our business, if the majority of our shares are bought by another company or if we transfer all or some of our assets to another company.

Links to other websites

Links may be provided on our website to other websites that are not operated by us. If you use these links, you will leave our website. You should note that we are not responsible for the contents of any third party website. External sites will have their own privacy policies which you should read carefully.

Our marketing activities

You may receive direct marketing from us if you have signed up to this or where we have a previous relationship, e.g. if you have bought products and services from us before. You have the right to stop receiving this marketing material at any time.

If you have an online account you can access, update and correct your personal information – including your marketing choices – using the account management facilities.

You can opt out of receiving emails or text marketing at any time by using the unsubscribe option in any email message you receive.

You can opt out of postal and telephone marketing by contacting us.

If you prefer not to receive marketing which is tailored to suit your customer profile, please contact us and confirm which accounts this affects. You will still receive generic marketing unless you opt out of receiving marketing entirely.


We may use direct or anonymised information to engage in data analysis, data matching and profiling activities for a variety of purposes, including, but not limited to:


Cookies are little packets of data that sit on our website, in some cases to make it work, and in some cases to add additional services. For more information about cookies, how to look after them, even how to turn them off, please visit our Cookie Policy.

Sending data outside of the UK

Sometimes we need to use services that may be located outside the United Kingdom. This means your personal information may be transferred outside the UK. If we transfer your personal data out of the United Kingdom, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

How we keep your information safe

We take great care to use appropriate administrative, technical and physical safeguards designed to protect against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of information you submit via our website and any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organisational measures to safeguard your personal data against loss, theft and unauthorised use, access or modification.

If you have created an account or registered to use any online services, your account details may be password protected. It is your responsibility to keep your password confidential and to sign out once you have finished browsing.

Access to personal data is restricted to those within our business who have a legitimate business need and data processed by third parties is only done so under strict instruction from us, as per the terms of their contract. We contractually require service providers and processors to safeguard the privacy and security of personal information they process on our behalf in line with data protection obligations and authorise them to use or disclose the information only as necessary to perform services on our behalf and under our instruction or to comply with legal obligations and requirements.

How long do we keep your information?

The length of time we keep some data is dictated by our legal obligations, e.g. we have to keep details of purchases for seven years. Otherwise we keep it for a period time that is related to the reason we collected it in the first place.

When we don't need to keep your data any more, we do one of three things:

Making changes or getting access to the information we hold about you

You can make a request to rectify, erase or object to or restrict the way your information is handled without undue delay. You can also ask to access the data we hold on you, ask for some of it to be transferred to another organisation or ask a human to intervene in an automated decision making process.

Where you withdraw your consent, this will not affect the lawfulness of the processing of your personal data prior to the withdrawal of your consent.

Should your request be one that we cannot process you will be informed of this, along with the reasons as to why your request cannot be carried out.

You can exercise your rights either verbally or in writing to: Privacy Office, Highbourne Group Ltd, Highbourne House, Eldon Way, Crick, Northampton, NN6 7SL.

Or you can phone us on 0330 678 0267.

If you're based in the EU/EEA and wish to contact us via our GDPR Representative, DataRep, you may do so at:

Should you make a request verbally, we recommend that you follow this up in writing to provide a clear correspondence trail. Requests in relation to accessing your personal data, having your information erased or to opt out of marketing material can be made via our Privacy Portal.

If you are making a request on behalf of someone else please complete this form.

We have an obligation to respond within one month of receiving your request. If your request is a complex one, the response time can be extended by up to two months. We will let you know about the extended response date, alongside an explanation, within the original one-month time frame.

If required, identification will be requested within the one-month time frame and only limited to what is necessary for confirmation.We might require a copy of your driving licence, passport or a utility bill. We will only request these details via Our Privacy Portal.

If we are not able to comply with a request we will inform you of this within the one-month time frame and provide an explanation outlining our justification.

Your right to complain

If you do not agree with our reasoning you can contact our Data Protection Officer at or you can lodge a complaint with the UK supervisory authority:

Changes to this Privacy Policy

If we make changes to our privacy policy, we will show you what they are here. If these changes are significant, we may also choose to email relevant individuals with new details. If we are required by law, we will obtain your consent to make these changes.

Page last reviewed: April 2022