McEvoy & Rowley
Google★★★★★Rated Excellent 4.8/5Customer service

Legal

Privacy Policy

How we collect, use, and protect your personal information.

Last updated: 21 April 2026

1. Who we are

Rowley Home is a trading name of McEvoy & Rowley Ltd, a company registered in England and Wales under company number 01678294. Our registered office is Marlow, Buckinghamshire. Our VAT registration number is GB 207 974 933. For the purposes of UK data protection law, McEvoy & Rowley Ltd is the data controller for the personal information we hold about you. If you have any questions about this policy or how we handle your data, contact us at [email protected] or 01628 779022.

2. Information we collect

We collect personal information when you:

  • Place an order (name, billing and delivery address, email, phone, payment details)
  • Contact us by phone, email, live chat or our on-site AI assistant
  • Submit a “Seen It Cheaper” price-match request (name, email, the URL you submit)
  • Browse the site (device, browser, IP address, pages viewed — see cookies below)

Payment card details are collected and processed directly by our payment provider (Stripe). We never see or store your full card number.

3. How we use your information

We process your personal information to:

  • Take, process, deliver and invoice orders
  • Contact you about your order, delivery, installation or returns
  • Notify you about manufacturer safety notices and product recalls
  • Respond to enquiries, complaints and price-match submissions
  • Detect and prevent fraud (including price-match abuse)
  • Meet our legal and accounting obligations
  • With your consent, measure website performance and improve the experience (see cookies)

4. Lawful basis

We rely on the following lawful bases under UK GDPR:

  • Contract — to fulfil orders and provide customer service.
  • Legal obligation — to keep records for tax, accounting and consumer protection purposes.
  • Legitimate interests — to prevent fraud, secure our website, and contact you about urgent safety information relating to a product you bought.
  • Consent — for non-essential cookies, analytics and advertising cookies, and any marketing emails (we do not currently send marketing emails).

5. Who we share your data with

We share the minimum information necessary with trusted service providers who help us run our business:

  • Stripe — payment processing
  • Klarna — “pay later” option at checkout (only when you choose it)
  • Manufacturers & delivery partners — to deliver and install your appliance
  • Amazon Web Services — UK-based hosting and transactional email
  • Google (Analytics, Tag Manager, Ads) — only if you accept analytics cookies
  • Amplitude — only if you accept analytics cookies
  • Superchat — live chat provider
  • OpenAI — powers our on-site shopping assistant (no PII is sent)
  • HMRC, auditors, legal and tax advisors — where required by law

We never sell your personal information. We do not share your data with third parties for their own marketing.

6. International transfers

Some of our service providers (such as Stripe, Google, Amplitude and OpenAI) are based outside the UK. Where personal data is transferred abroad, it is protected by UK adequacy regulations, Standard Contractual Clauses, or equivalent safeguards approved under UK GDPR.

7. How long we keep your data

  • Order records: 7 years (required for HMRC)
  • Customer support correspondence: up to 3 years
  • Price-match submissions and fraud signals: up to 2 years
  • AI shopping assistant conversations: 30 days
  • Analytics event data: up to 14 months
  • Server logs: 90 days

8. Cookies and tracking

Cookies are small files stored on your device. We use them for two purposes:

  • Strictly necessary — required to run the site: your basket, secure checkout, fraud protection, and remembering your cookie preference. These cannot be disabled.
  • Analytics & advertising — set only if you accept: Google Analytics 4 and Google Tag Manager (which may load Google Ads tags), Amplitude (product analytics and session replay). These help us understand how the site is used so we can improve it.

We use Google Consent Mode v2: until you accept, no analytics or advertising cookies are set, and only anonymous pings are sent (no client identifiers, no cross-site tracking).

You can change your choice at any time: .

9. Your rights

Under UK GDPR you have the right to:

  • Access a copy of the personal information we hold about you
  • Correct information that is inaccurate or incomplete
  • Ask us to delete your information (“right to be forgotten”), where applicable
  • Restrict or object to processing
  • Receive your information in a portable format
  • Withdraw consent at any time (this does not affect prior lawful processing)

To exercise any of these rights, email [email protected]. We will respond within one calendar month.

If you believe we have mishandled your data, you can complain to the Information Commissioner's Office at ico.org.uk or on 0303 123 1113. We would appreciate the chance to resolve any concerns first.

10. Security

We use TLS encryption for all traffic, segregated credentials for each internal service, and rate limiting and abuse detection on sensitive endpoints. Payment data is tokenised by Stripe and never stored on our servers. While no system is ever 100% secure, we follow recognised good-practice and continuously review our controls.

11. Changes to this policy

We may update this policy from time to time. The “last updated” date at the top reflects the most recent change. Material changes will be highlighted on the homepage or notified by email where we hold an address for that purpose.

12. Contact us

For any privacy question, data request or complaint:

See also our Terms & Conditions.