- Legal bases for data processing
- What information do we collect about you?
- How will we use the information about you?
- Protecting personal data
- Retaining personal data
- Sharing personal data
- Where data is processed
- Your personal data rights
- Opting out of marketing communications
- Contacting the regulator
In this document, the terms ‘we’ and ‘us’ mean the Group and its brands.
We take seriously our responsibilities around the collection, protection and use of your personal data. This policy sets out what data we collect, why we collect it, and your rights and choices regarding this data.
We keep this policy under regular review and we will place any updates on this web page. This policy was last updated on 4th April 2019.
Legal bases for data processing
There are a number of different legal bases under which a company may collect and process personal data. These include:
Contractual obligation: where we need to process personal data in order to uphold our part of an agreement. An example of this would be where you place an order for a product for home delivery, and we collect your name and address details and share them with the courier company who deliver the product.
Legal compliance: where we need to process personal data in order to meet our legal obligations. An example of this would be where we pass on details of fraud against the Group to the police.
Legitimate interest: where we need to process personal data to support our own legitimate interests in a manner that is consistent with your reasonable expectations and does not adversely affect your own interests or rights. An example of this would be where use data about your previous purchases to recommend other products you may be interested in.
Consent: where you have specifically consented for us to process your personal data for an agreed purpose. An example of this would be where you choose to sign up to one of our email newsletters.
In the sections that follow, we will explain what personal data we collect, and our reasons and legal bases for doing so.
What information do we collect about you?
When you purchase a product or subscription from us, or set up an account on one of our websites, you may provide us with:
- Your personal details, including your name, title, postal and billing addresses, email address and phone number
- Your date of birth (if you so choose)
- Your account login details, such as your username and the password that you have chosen
- Payment details
When you browse our websites, we may collect:
- Information about your online purchases from us
- Information about your online browsing behaviour on our Websites
- Information about whether you click on advertisements on our Websites
- Information about any devices you have used to access our Websites (including the make, model and operating system, IP address, browser type and mobile device identifiers)
When you subscribe to our email newsletters, we may collect:
- Your email address
- Information about which emails from us you open, and which links in those emails you click on
Other information you may provide us with:
- Information you supply when you voluntarily complete customer surveys, provide feedback and participate in competitions.
How will we use the information about you?
- To process orders you may place with us (on the legal basis of contractual obligation).
- To respond to you about any queries you may raise with us relating to our goods or services, handle complaints or administer refunds (on the legal basis of legitimate interest).
- To manage any promotions or competitions you may enter (on the legal basis of consent given by you when entering).
- To personalise and improve your browsing experience on our websites (on the legal basis of legitimate interest).
- To protect and maintain any accounts you may create with us (on the legal basis of our legitimate interest).
- To monitor and protect our own systems (on the legal basis of our legitimate interest).
- To process payments and prevent fraud (on the legal basis of our legitimate interest).
- To advise you about other products and services we think may be of interest to you (on the legal bases of legitimate interest or consent). You are free to opt out of marketing communications at any time.
- To send you survey or feedback requests to help us improve our services (on the legal basis of legitimate interest). You are free to opt out of such communications at any time.
- To combine the data captured across the Group to build a better understanding of our customer’s requirements, so that we can better serve you (on the legal basis of our legitimate interest).
- To overlay information (for example, demographic profile information) obtained from third parties onto the information captured across the Group, to make our marketing campaigns and selections more efficient (on the legal basis of our legitimate interest). Any use of third party information will be subject to appropriate controls.
- To comply with legal obligations (on the basis of legal compliance).
You can choose not to share your personal data with us, or refuse to allow certain types of processing. This may however mean we are unable to provide some of our services to you where those services are reliant on the processing of personal data.
Protecting Personal Data
We take seriously our responsibility to safeguard your personal data. Measures taken to protect it include the use of SSL-secured websites, firewalls, data encryption, and restricting systems access to those employees who require it to carry out their duties.
In the case of individual purchases, we do not store credit card details. In the case of recurring subscription payments, credit card details are encrypted and stored securely.
Retaining Personal Data
We’ll only keep your personal data for as long as it is needed for the purpose for which it was collected. Once it is no longer required for that purpose, we’ll ensure it is deleted.
Sharing Personal Data
In order to provide the highest quality service to our customers, we work with carefully selected service providers who carry out certain functions on our behalf. These include payment processing companies, delivery companies, email service providers and other information technology companies. We share selected information with these service providers in order to enable them to deliver the services on our behalf. We only share such data as is necessary to provide the services, and the service providers treat your personal information with the same degree of care and trust as we do.
Other than this, we will not share your information with companies outside the Group without your express consent.
Where data is processed
Some personal data we collect from you may be transferred to, stored at, or processed at a destination outside the European Economic Area (“EEA”), or processed by companies outside the EEA who work for us or for one of our service providers. Where this is the case, we will put in place appropriate protection to make sure your personal data remains fully protected and is treated in line with this Policy.
Your personal data rights
The rights available to you in relation to your personal data include:
- You may ask to see all the personal data we hold about you. This is usually free of charge.
- You may ask us to correct any incorrect personal data we hold about you.
- In certain circumstances, you may ask for all your personal data to be removed.
- You may ask to us to stop certain types of processing. Please be aware that this may mean we are unable to offer certain services that rely on the data processing.
- You may at any time withdraw your consent for any processing to which you have previously consented. We must comply with your request.
- You may at any time request we stop processing based on legitimate interests. We must comply unless we believe we have a legitimate overriding interest.
- You may request that we stop direct marketing through specific channels, or all channels. We must comply with your request.
Should you wish to exercise these rights, you can email firstname.lastname@example.org or write to the Data Protection Officer, The Hull Hub, 123 Promenade, Bridlington, YO152QN, UK. For your protection, we will ask you to verify your identity before actioning any requests in relation to your personal data rights.
Opting out of marketing communications
You can opt out of email communications by clicking the Unsubscribe link at the bottom of all emails. This is applied on a brand-by-brand basis, so that for instance you can opt out of emails from one of our brands whilst still receiving emails from another.
Contacting the regulator
Should you have a complaint about our personal data policy or about our handling of your personal data, in the first instance please contact us directly by emailing email@example.com and we will endeavour to resolve it. Should we be unable to resolve the complaint to your satisfaction, you have the right to lodge your complaint with the relevant data protection regulator. If you live in the UK, this is the Information Commissioner’s Office – please visit https://ico.org.uk/ for more information.