Privacy and your information
Where and how we collect your personal information
We collect personal information about you in several ways:
- When you fill in a form on our website or contact us via phone, email or another method
- When you register with us and fill in a form on our website or mobile app, whether directly or via a social media account
- When you subscribe to our services
- When you purchase anything from us
- When you opt in to receive marketing messages, or news by email, post, SMS or other means
- When you enter a competition or promotion, or fill in a survey
- When you browse our website or app
We also collect your personal information from other organisations and sources, for example when you contact us through a social media company such as Facebook, Twitter, LinkedIn or Instagram. Before providing information to us via these channels, you should check these companies’ privacy policies and settings to understand how they use your personal information.
What personal information do we hold about you?
When you fill in a form or buy online, we normally ask you to provide us with:
- Your name
- Your contact details including your address, phone number, email address
- Your bank or credit card details (if you're buying products or other items from us), including billing information
- Details of how you would like us to contact you.
We don’t collect age information but we recognise that young people use our services and are legally able to provide consent after the age of 13 years.
When you visit our website we may collect the following information automatically:
- Technical information, including the IP address used to connect your computer to the Internet, your login information, the browser you’re using, time zone setting, browser plug in types and versions, the operating system.
- Location data and Wi-Fi usage
- Information about your visit that will help us to improve our service and make your online experience more relevant. This can include your approximate geographical location, the date and time you visited, which of our products you looked at or searched for, which pages you looked at, how long you spent on certain pages, and how you clicked to, through, and from our website, the information remains anonymous your name is not linked to visit information.
In our communications with you by email, SMS, or push notification, we automatically collect data relating to:
- How you interact with our communications, such as which emails you opened or clicked a link within, and how long the email was opened for
- Where you are when you interact with our messages
- What type of device, model and operating system you’re using.
This helps us build a better picture of whether our marketing is effective.
We also collect information about your visits to our websites using cookies.
While we mainly use the personal information that you give us about yourself, we may sometimes use other sources of information about our customers and prospective customers where you've given your permission for your data to be shared. We do this to help us understand more about our customers, to ensure that our messages are relevant, and to make sure that the marketing information we send you, with your consent, is also relevant. We take great care in sourcing this information, but if you prefer us not to use your data in this way, please let us know by emailing firstname.lastname@example.org
Our legal basis for using your personal information
Under UK data protection law, we must have a valid basis for using your personal information and we may not collect store or use information other than as described in this policy. There are four ways we may have a valid basis for using your personal information:
- Fulfilling the contract: Most of the information we collect from you is necessary to allow us to fulfil our contract with you or to enter into a contract with you e.g. you provide a billing address when you purchase products via our website; we may need to contact you to notify you about changes to your order. We may also need information from you to ensure that we can provide you your products. Essentially, we need that information to ensure you’re the real you and provide assistance to you post purchase.
- Consent to contact you: When you register and purchase online with us you will give your consent to use your personal information. You are entitled to withdraw this consent at any time by emailing email@example.com.
- Legitimate interest: We may also have a legitimate interest in using your personal information e.g. to ensure that the content on our website is presented to you and your computer as effectively as possible. If this is our reason for using your personal information, we must make sure that our interests do not override yours and you can object to this use of your personal information.
- Legal obligation: Lastly, we may have a legal obligation to use your personal information in certain ways or to protect your interests e.g. we may exchange information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
How we use your personal information
We use the personal information you provide to:
- fulfill the service or information you’ve requested
- handle the administration of your payment, issue your products, or confirm orders
- provide post-sales support and deal with any complaints, refunds or other issues
- personalise your experience of our website by using your purchases and browsing activity to make recommendations that we think may be of interest to you
- improve our website and the range of services and products we provide
- carry out market research and survey related activities
- analyse and optimise our marketing activities
- facilitate loyalty schemes
- contact you with your consent to tell you about our super savings, loyalty programmes and partners, latest news, events and, services and special offers where you have given us permission to do so.
How we use your personal information for marketing
We use your personal information for marketing where you have given us permission to do so, or you have provided permission to other organisations to allow us to market to you.
The marketing content may include tailored marketing messages about offers, ideas and news, and is dependent on the permission you have given us or another organisation.
By using the information you provide, we may contact you with specific marketing messages about offers, ideas and news and, depending on the permission you have given us or another organisation. This may be by post, email, phone, SMS, social media, or other means.
If you’ve given us your consent to use your personal information for marketing, you have the right to withdraw your consent at any time by contacting firstname.lastname@example.org, clicking the “unsubscribe” link in our marketing emails, or replying STOP to a text message.
Sharing your personal information
We respect your privacy and will not sell or lease your personal information. The information you provide us may be accessed by our staff to facilitate our marketing activities described above. We will not share or distribute any of the information you provide to us to unaffiliated third parties without receiving your consent, unless required to do so by law.
Third-party companies will be required to use your personal information in accordance with the Data Protection legislation currently in force. We may also use information in aggregate, where personally identifiable information is removed, for marketing and strategic development to improve and support our business.
Where we use trusted suppliers to help us deliver our service to you, we allow the supplier concerned limited access to the personal data they need to provide their service. A list of just some of the service suppliers are listed below:
- website development and hosting companies which we use to administer our website content, including personalised messaging
- agencies which we use to manage loyalty programmes
- agencies which we use to analyse traffic on our website and use of our services
- customer feedback and market research organisations
- the organisation that processes payments ie. Paypal or Stripe.
We may also use trusted suppliers to help us with marketing:
- an email service provider to send our emails and make sure you only receive what you have asked for
- a mailing house to send out marketing by post
- online media owners who help us target, deliver and track our marketing campaigns using cookies.
All personal information sent to our trusted suppliers is transferred securely. In all cases we require these companies to comply strictly with our instructions and they are not allowed to use your information for their own business purposes. We also require these companies to have sufficient organisational and technical measures in place to ensure the security of your personal information.
We may use suppliers who operate outside of the country of which you are a resident, for example in the United States. These countries may not offer the same legal protection of your personal information as the UK. If we use one of these organisations, we take appropriate steps to ensure that they provide an adequate level of protection in accordance with UK data protection law. By submitting your personal information to us you agree to this transfer, storing or processing of your personal information at our approved locations outside the EEA. If you would like to know more about the ways in which we safeguard your personal information, please get in touch using the contact details in this policy.
Under some circumstances we may be required to disclose or share your information without your consent, for example if we are required by the police, the courts or for other legal reasons.
Your rights regarding our use of your personal information
You provide us with details of what we can do with your data and have the right to manage your choices as detailed in How we use your personal information for marketing above.
You have the following rights:
- To know that your data is being processed
- To access your personal data by making a Subject Access Request (SAR)
- To have your information corrected if inaccurate
- To data portability if applicable
- To request that your data be erased, restrict processing, and object to processing
- Those relating to automated decision-making and profiling.
Accessing your Data by Subject Access Request (SAR)
You have the right to request a copy of the information that we hold about you. This is known as a Subject Access Request (SAR). We will provide this to you free of charge once we have confirmed your identity within 30 days of receipt of your request.
If you would like a copy of some or all of your personal information, please email email@example.com. Unless you specify otherwise we will provide your information electronically.
If we do hold information about you we will:
- give you a description of it
- tell you why we are holding it
- tell you who it could be shared with
- tell you how long we will keep the information
- if the information was not provided by you, we will give you any available information such as the source of the data
- tell you if the information has been used for automated decision making
- tell you if the information is stored outside of the European Economic Area, and if so what safeguards are in place to protect your personal information
- let you have a concise and clear copy of the information.
How we keep your personal information up-to-date
We have a legal obligation to keep the personal information we collect accurate and up–to-date. You have the right to ask us to correct any inaccuracies in the personal information we hold about you and to restrict the use of your information until it has been corrected.
We keep your information accurate as follows:
- By giving you the opportunity at any time to contact us to correct or change your information
- If you contact us we may ask you to confirm certain details.
- When we receive undelivered mail or email we will update our records accordingly.
We have specific rectification, restriction, objection and erasure policies in place to make sure we respond effectively to your request to correct data and to any erasure requests.
How we keep your personal information safe
We use administrative, electronic and physical security measures to ensure the information we collect about you is protected from access by unauthorised persons and protected against unlawful processing, accidental loss, destruction and damage.
By using our website and/or services, you acknowledge and agree that, except to the extent required by the Data Protection laws, we shall not be responsible for any unauthorised use, distribution, damage or destruction of personal data. We will only retain your information for a reasonable period or as long as is required by law.
How long we keep your personal information
Of the data we process outside of any contract we retain the data for no longer than is necessary. Where there is a legal requirement to retain data for longer we will do so. Where reasonably practicable data is minimised so not to be identifiable to the data subject unless required by law or is subject to a Subject Access Request.
We keep your personal information where we have:
- A legal or regulatory requirement requires that we hold data for a specific time
- The business has a legal basis to retain data including data opt-ins, revised opt-ins and renewed consents.
What to do if you have a complaint about our use of your personal information
If you have a complaint about the information we hold or how we use that information, please contact firstname.lastname@example.org who will deal with your request promptly. If you are not satisfied with the way your complaint was handled, you can refer your complaint to UK Information Commissioner’s Office.