Get a Quote

Privacy Policy

Effective date: 1 January 2026
Who we are: [Leather Hero Legal Entity Name] (“Leather Hero”, “we”, “us”, “our”) is part of the Epic
Brands group. Our registered office is: [Registered Address, City, Postcode, United Kingdom].
How to contact us: privacy@leatherhero.co.uk | +44 [number]
At-a-glance: We respect your privacy and comply with the UK General Data Protection
Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic
Communications Regulations (PECR). This policy explains what personal data we collect,
why we collect it, how we use it, how long we keep it, who we share it with, and your
rights.

1. Scope

This policy applies to personal data processed by Leather Hero in the UK, including via: – our websites and booking portals (e.g. leatherhero.co.uk, subdomains and online forms); – customer service channels (telephone, email, web chat, social media); – the Leather Hero franchise network operating under the Leather Hero brand; – training, support and events for franchise owners and their teams; and – suppliers, partners and job applicants.

Franchise network: Leather Hero operates a franchise model. When you book services with a local franchisee, that franchisee will usually act as an independent data controller for the service they provide to you locally. Leather Hero (the franchisor) is the controller for national marketing, brand management, training and quality assurance activities. We put agreements in place to clarify responsibilities and to protect your data.

2. The data we collect

We collect and process the following categories of personal data (depending on your relationship with us):

2.1 Customers and prospects

  • Identity & contact: name, title, email, phone, postal address.
  • Property/service details: service address, access notes, photos you supply (e.g., of furniture/
    items), preferred dates, job notes.
  • Transaction: services booked, quotes, invoices, payments (processed via PCI-DSS compliant
    providers – we do not store full card details), warranties.
  • Communications: emails, messages, call notes, feedback, review content.
  • Marketing preferences: opt-in/opt-out status, channels, campaign interactions.
  • Technical: IP address, device identifiers, browser type, cookies/analytics events (see Cookies
    below).

2.2 Franchisees, applicants and trainees

  • Application data: CV/resume details, right-to-work documents, background information.
  • Business details: company name, addresses, insurance details, vehicle registration, kit
    inventory.
  • Training & certification: attendance, assessment outcomes, CPD records.
  • Financial: fees, royalties, and payment account details.

2.3 Suppliers & partners

  • Business contact: names, roles, emails/phones, contract information, performance and
    compliance records.

3. How we collect your data

Directly from you when you contact us, request a quote, make a booking, sign up for marketing, attend training, or apply to join the franchise. Automatically through cookies and similar technologies on our websites and booking tools. From third parties such as payment processors, review platforms, lead-generation partners, social networks (if you interact with our pages), and public sources like Companies House.

4. Why we use your data (lawful bases)

We only use your personal data when the law allows us to. Our primary lawful bases are: – Contract – to provide quotes, take bookings, deliver services, process payments, handle warranties and aftercare. – Legitimate interests – to operate and grow our business (e.g., scheduling, quality control, customer support, network management, service improvement, fraud prevention, and limited, relevant direct marketing to existing customers). We balance these interests against your rights and expectations. – Consent – for certain marketing communications, cookie-based analytics/advertising, and where the law requires consent. You can withdraw consent at any time. – Legal obligation – to meet our tax, accounting and regulatory requirements, and respond to lawful requests from authorities. We do not use your data for solely automated decisions that have legal or similarly significant effects.

5. How we use your data

  • Provide and manage services – quotes, booking confirmations, appointment reminders, on-site
    work, invoicing, receipts, and aftercare.
  • Customer support – respond to enquiries, complaints and warranty claims; record interactions to improve service quality.
  • Scheduling & operations – assign work to franchisees/technicians, logistics, training and safety.
  • Marketing & communications – send service updates and, where allowed, carefully selected offers, tips and reminders. You can opt out at any time.
  • Analytics & improvement – website/app performance, usage analysis, service quality monitoring and product development.
  • Legal & compliance – record-keeping, insurance, fraud prevention, and regulatory reporting.

6. Sharing your data

We share personal data only when necessary and with appropriate safeguards: – Franchisees – to deliver your local service; they act as independent controllers for the work they carry out. – Service providers (processors) – IT hosting, booking/CRM systems, payment processors, email/SMS tools, analytics and review platforms, couriers. We require processors to protect your data and only act on our instructions. – Professional advisers – accountants, auditors, insurers, legal advisers. – Group companies – other Epic Brands entities that provide shared services (e.g., finance, IT, compliance) under appropriate intra-group agreements. – Authorities – law enforcement, courts or regulators where legally required. – Business transfers – if we reorganise, merge or sell parts of the business, data may transfer under confidentiality safeguards.

We do not sell your personal data.

7. International transfers

Some providers may process data outside the UK. Where they do, we use recognised safeguards such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, and assess the destination’s laws and practices to ensure essentially equivalent protection.

8. Data retention

We retain personal data only as long as necessary for the purposes collected: – Customer records (job details, invoices, correspondence): up to 7 years after last service (to meet tax/accounting and limitation periods). – Enquiries & quotes with no purchase: 24 months from last contact. – Marketing records: until you opt out or after 24 months of inactivity, whichever is sooner. – Training & certification: duration of franchise relationship plus 6 years. – Franchise applications (unsuccessful): 12 months from decision unless you ask us to keep details longer. – Supplier/partner contracts: contract term plus 6 years.

We may anonymise data for statistical purposes; anonymised data is not personal data.

9. Cookies and similar technologies

We use necessary cookies to make our sites work and (with consent where required) analytics/ advertising cookies to understand usage and improve our marketing. You can manage your preferences via our cookie banner or browser settings. For details of cookie types, purposes and lifetimes, see our Cookie Policy.

10. Your rights

Under UK data protection law you have rights to: – Access your personal data and obtain a copy; –
Rectify inaccurate or incomplete data; – Erase your data (where applicable); – Restrict or object to
certain processing, including direct marketing; – Data portability for data you provided to us where
processing is based on consent or contract and carried out by automated means; – Withdraw consent
where we rely on it.
To exercise your rights, contact privacy@leatherhero.co.uk. We may need to verify your identity. You
also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk or 0303
123 1113. We would appreciate the chance to address your concerns first.

11. Security

We implement technical and organisational measures appropriate to the risk, including access controls,
encryption in transit and at rest where appropriate, secure configuration, staff training and regular
vendor assessments. Despite safeguards, no system is 100% secure; please take care when sharing
information online.

12. Children’s privacy

Our services are not directed to children under 13 and we do not knowingly collect their data. If you believe a child has provided us personal data, please contact us so we can delete it.

13. Third‑party links

Our websites may link to third‑party sites, plug‑ins or apps. Those sites are not under our control and have their own privacy policies.

14. Changes to this policy

We may update this policy from time to time. Significant changes will be communicated via our website or by email where appropriate. The latest version will always be available at leatherhero.co.uk/privacy.

Version: 2026.1
Last updated: 1 January 2026

15. Key contacts & registration

Data Controller: [Leather Hero Legal Entity Name], [Registered Address], United Kingdom.
Data Protection Contact: privacy@leatherhero.co.uk.
ICO Registration Number: [Insert number].

If you are dealing with a local franchisee, their details will be provided in your booking confirmation and
invoice; they are the controller for the service they deliver locally.