Name : Mast Interiors Ltd
Address: 32 Station Avenue, Caterham, Surrey CR3 6LB
Telephone: 0208 686 0057

Purpose of the processing and the legal basis

The lawful basis upon which we rely to process any personal data you provide to us (largely just contact details) is contract necessity in respect of the provision of the services that we provide.  

Customers - We keep this information internally within our company in order to process your Order.  Should you choose not to share your personal data with us we will not be able to fulfil your Order.  We may need to share your data with suppliers and sub-contractors who will assist us with fulfilling your Order.  If we have seen your information on publicly displayed site boards, we may rely on legitimate interest in respect of contacting you in respect of services which we may feel would be of interest to you. If there are health and safety elements of the work we provide, we are required by statutory obligation to maintain a record of what we have done and may be required to disclose that to the authorities.

Sub-contractors - We keep this information internally within our company in order to facilitate your sub-contract with us in respect of the provision of the services to our customers.  Should you choose not to share required personal data with us you will not be able to service our customers.  We may need to share any personal data provided with our customers if on-site work is required.  We will need to share your information with third parties in order to process proper payment for services provided.  If there are health and safety elements of the work you are required to do, we are required by statutory obligation to maintain a record of what we have done and may be required to disclose that to the authorities.

Should we ever wish to send you updates in respect of Know-how and activities then we will seek your consent regarding unrelated marketing matters; you will always have the opportunity to quickly and easily unsubscribe in respect of any mailings. 

If you are a business contact that we have met through networking and wish to stay in contact with you or wish to refer business to you, then we will rely on legitimate interest to do so since we believe that this is the nature of business networking and it would be in both of our interests to do this. 

For these purposes, you have the right to access your information, object to any processing, the right to erasure and the right to amendment of your personal details that we process thereunder. 

Information security

Our electronic systems are based on Microsoft Office 365 for which all staff use a paid business package for the services we use.  Our systems inform us that all firm data is actually held in the UK.  We use up to date commercial grade anti-virus software on our systems and these are automatically updated to maintain the safety of our electronic systems.  All computers and devices are password protected.  We print out the minimum required for paper files – and what files exist are kept in a locked office when an authorised human being is not present.  We operate a clean desk policy.

Transfer of Data outside the EEA

To the best of our knowledge, none of the client data within the business is transmitted outside of the EEA (unless this happens technologically without our knowledge). 

Data Retention Periods

Ordinarily, we will store data for 7 years (6 years + 1 to allow overlap of years) and it will be erased, securely disposed of thereafter.  If there is a statutory/regulatory requirement to keep the documentation for a longer period – it will be kept for that period. 

Your Data Subject Rights

Subject Access Requests: Should you wish to exercise your right to submit a Subject Access Request under GDPR/UK Data Protection Bill/Act then you must submit your request to  together with a copy of your photo ID (passport/driving licence). Email is preferred so we can be clear as to what you wish to obtain.  No fee will be requested however in line with legislation, we reserve our right to charge a fee/refuse to comply in the event of a manifestly unfounded, excessive or repetitive request.  We will check our systems for the requested information and a response will be made available to you within 28 calendar days.

You have the right to access, right to be informed, right amendment, right to erasure and right to object to processing.  We will ordinarily exercise any reasonable request for rectification (inaccurate / incomplete personal data), erasure, restriction of processing, portability of data (where applicable) as soon as reasonably practical unless there is a lawful reason as to why we need not comply with such request.  

Automated Decision making

Note that we do not make automated decisions.


If you are concerned about the way we have handled your personal data – you have the right to complain to the ICO.  You should note that they have an expectation that you will have raised it with us first so please contact  in the first instance and we will deal with your complaint expeditiously.

Should you want external advice, full information as to how can raise a concern with us  (and/or the ICO) is available at the ICO’s website

If you would like to report a concern then the ICOs current contact details are available at their website or call the ICO helpline at 0303 123 1113