Our privacy principles
What personal information we collect about you and where we get it from?
We collect most information directly from you when you order or buy from us. We get technical details from the devices you use to access our apps and websites and from cookies which tell us what you look at online, where and when. Like most other websites, our technology also lets us know when and how you use our websites, such as when you have added to or abandoned your basket or filled in a form.
The personal information we collect and use will depend on why we need it. We will only collect the personal information we believe we need to use, or which you have agreed we can collect from you or agreed someone else can share with us.
What we do with your personal information?
We need to collect and use lots of information about you so that you can use our websites/apps, shop in our store, buy things from us and learn about our offers and new arrivals. We also need to use some details to prevent and detect fraud.
We look at and learn from your browsing, shopping and how you respond to our marketing to understand what sort of customer you are and predict what products we have that you may also be interested in. We try to show you adverts and offers we think you will like tailored to you based on stuff like your location, including what we know about you through our apps and websites, relying on the extra understanding about you which ad providers and social media platforms have collected with your consent.
Our use of your details will depend on you and what you are doing: browsing or buying, if you are new to us or a registered customer. We explain our lawful reasons for use of your personal information in our detailed section. You can access this by scrolling to “Additional Details”.
Who we share your personal information with and why?
We use suppliers and service providers, such as for delivering orders, or dealing with card checks and payments. These include other group companies and external contractors. We only share the personal details they need to know for their services and we make sure your privacy is respected and protected.
We will provide personal information about you to the police, fraud prevention and credit reference agencies when we have to by law, or when we deem necessary to prevent fraud. We will never sell your personal information to third parties for them to market their products to you.
Where we send your personal information outside Europe?
Business for us and many suppliers is international so your personal information may, at times, be handled in a location outside Europe. When this occurs, we take care in ensuring the security of your information. In the event you ask us to deliver your order outside of Europe, we need to send limited details outside of Europe to fulfil this request.
How do we keep your personal information secure?
Our people understand how important it is to keep your personal information safe and secure. We take steps online and in store to keep our stores and offices, systems and records secure.
How long we keep your information and why?
We will only keep your personal information for a limited period of time. This period will depend on a number of reasons, such whether we still need to deliver to you, or you have an account with us, or we are providing ongoing customer care to you. Sometimes we must also keep your information by law, to deal with a regulator or where required by our insurers. We delete your personal information at your request where possible and we won’t keep it for longer than we should or need to for the provision of a service and for communicating with you.
Your rights and how to use them.
You have rights to find out about how and why we use your personal information and to control its use. These include rights to access and correct your details, in some cases to ask us to limit or stop our use of them and even to delete them. Where we use your personal information based on your consent, you have the right to change your mind and you can always unsubscribe from our direct marketing to you, by simply clicking unsubscribe in a marketing email, or in this policy.
Your privacy matters, so we have appointed a Data Protection Officer to help. You can get in touch with our Customer Care team for help with data protection matters at firstname.lastname@example.org. You also have a right to complain to the UK’s privacy regulator should you feel your rights or the law has been compromised.
Other details you should know.
From time to time we will update this policy. We’ll always send you a copy in the event of material change but if minor changes are made, we won’t bombard your mailbox. You can, of course, check back here for updates in the mean time!
- What personal information we collect about you and where we get it from
The personal information we collect and use will depend on why we need it and whether you are buying or browsing, in-store, or online. The technical term for information about you which identifies you is your personal data. We need lots of different types of information and have explained what categories we collect, why it is needed and where we get it from below. Collection and use of this information is not new and is commonly used by lots of retailers, but explaining this level of detail to you is new!
Examples of your personal information and why we need it.
What: Name, Address, Email Address, Telephone Number, account information (user name, log-in details)
Why: so we can know who you are to get in touch and for contract, legal and payment reasons as well as administering your account with us
Where: from you
What: Contact information, together with purchase details, delivery details, payment details, any communications we have about your order or purchase
Why: so we can take your order, take payment for it and make sure it is delivered properly
Where: from you
Other delivery information
What: Name and address of recipient for delivery, if different from customers
Why: so we can deliver to the person at the address which you have requested
Where: from you
Payment / card information
What: Name, card issuer and card type, number, issue number, start and expiry dates and cvv code.
Why: so we can check the right person is using the right card/account and meet the payment requirements of the card/account issuers; and make sure we are paid for what you buy
Where: from you, your payment /card issuer, your store card provider if used.
What: Fraud checks or flags raised about your transactions, the payment card you want to use, payment card refusals, suspected crimes, complaints, claims and accidents
Why: so we can protect you, other customers and our business against criminal activities and risks, make sure we understand and can meet our legal obligations to you and others and can defend ourselves
Where: from you, the police, crime and fraud prevention agencies, payment card providers, the public, regulators, your and our professional advisors and representatives
What: Your marketing preferences, your account settings including any default preferences, any preferences you have indicated, such as country, language and currency, the types of products/offers that interest you, or the areas of our website that you visit
Why: so we can make your visits easier and more convenient and make sure you get the information you want from us in the way we think you will like
Where: from you, from our website/app technology interaction with your browser/devices and cookies tracking the pages you visit, the marketing messages you open and the links you follow
What: Communications we may have with you, whether relating to an order or not.
Why: So we can deal with your requests, help you, meet your needs and make sure we have accurate records. It also helps us to obtain customer feedback and improve as a result.
Where: from you and occasionally from any third parties involved, such as another visitor to our store
What: Any voluntary information you provide us with, such as your date of birth, responses to surveys and social media account details
Why: So we can get to know you better; make our communications with you more personal; get in touch on your birthday; make sure we are not marketing/selling to children; learn and improve from your survey feedback, organise in store events and pick competition winners.
Where: from you and your social media account provider.
What: CCTV images of you.
Why: so we can keep you, other customers, our staff, buildings, systems and data safe and secure.
Where: from you; from our CCTV and from our W-Fi and similar technology interaction with your devices
What: Your customer journey online and how you use our websites and apps and use your devices when doing so. Whether and when you open our marketing emails and respond to our adverts. When you are on our website, our website technology is able to collect the technical details of your mouse clicks and movements, page scrolling and text content you key in to our online forms but will not collect payment card numbers or name and address type details
Why: so we can understand how many customers use our websites and apps, what works best online and in our marketing and advertising and what we need to change and improve to attract and keep your attention
Where: from you; from our website/app technology interaction with your browser/devices and cookies tracking the pages you visit
What: IP address, internet provider, operating system and browser used, type of devices, such as a laptop or smart phone, device cookie settings and other device details, such as MAC address and the geographic region which your device reports to us that you are located in
Why: so our website and app technology can work properly with your device and make sure you can see and use our intended website and apps on the device you are using
Where: from you; from our website/app technology interaction with your browser/devices
What: Your customer journey before and after visiting our store from Google beacons. Details of your online browsing activities on our website, such as the pages, products or areas of our website that you visit, or which link has brought you to our website from our email communication. Without getting or knowing the details they collect, benefitting from similar information about your use of other websites which is available to ad providers, social media platforms and Google, who help us to show you on other websites our ads tailored to the category of customer they think you are and which we are targeting. Similar details from use of our apps. Your contact information, historic order information, preference information, and voluntary information and online observed information
Why: so we can learn more about you; try to understand the type of customer you are, to predict what you are most interested in, what offers you will like most, tailor our adverts and offers
Where: from you, from our website/app technology interaction with your browser/devices and cookies tracking the pages you visit; without seeing the details collected, from cookies set by ad providers, social media platforms and GoogleThere are also “special categories” of more sensitive personal information which require a higher level of protection, such as information about a person’s health, criminal offences, sexuality, race, ethnicity, health or disability.
What: details about any accident or injury on our premises, or health incident
Why: so we can get you the help you need, deal with the emergency services, insurance and claims
Where: from you, witnesses or observed about you
Suspected crime information
What: details of your identity, image, name and address, suspected or alleged thefts, fraud, assault or other criminal behaviour.
Why: so we can protect customers, the public and our business against risks and crime
Where: from crime and fraud prevention agencies, from you, witnesses, and from the police
So we are clear, cookies are the nickname for tiny text files which some websites pages place on the device you use to access them, to give us encrypted information such as to remember what you have put in your basket when shopping, your preferences, whether you have an account and what cookies you have accepted. They will not collect your name, address and payment card details but send back technical facts. They also help us to understand and sort out technical errors which sometimes happen online. We need cookies to make our websites and your device able to work well together. Some cookies are our own but we also work with carefully selected third parties to help us and who set their cookies from our website pages and to help us run our websites (these are called third-party cookies). You will not be able to buy from us online and your browsing experience may not be as enjoyable if you block your device from receiving cookies.
Personal information does not include information where your identity has been removed or is unknown (anonymous data). Some of this information may only be identifiable to you and personal because you are logged in to your account, or because we have collected details of your IP address or the device that you have used to access the website. Where we can, we prefer to show you adverts online which you are more likely to be interested in.
Normally until you buy from us, you are an unnamed user of our website but we want to make you a customer. We work with online advertising partners to do this. They set a cookie on our webpages and this allows them to spot when you use the same device on other websites they publish ads on. They can then make sure you see an ad from us (retargeting). In some cases, the ads you see from us online will be more tailored to you (tailored or behavioural ads). This uses known and observed information about you to try and categorise you and predict what you will want to buy and which offers you will most like (profiling). This will be from our knowledge of you as a customer with us and from your use of our websites but we do not share that detailed information with those advertising partners. In other cases, it will be based on what advertising partners /social media providers know about you from their cookies and use of their websites but we do not receive the detailed information from these websites.
You can get more information about cookies and can change your mind about cookies at any time. if you want more details or to change your mind, see our cookies notice.
- What do we do with your personal information?
We need to collect and use lots of information about you and any devices you use to access our apps or websites for many different reasons but we will only use your personal information when the law allows us to. This will always be for one of these reasons (our lawful basis):
|Legal basis||When we use this basis|
|Contract||This is where we need to use your personal information for a contract reason (to comply with a contract with you or take steps you have requested to start a contract with you).|
|Legal obligation||This is where we must use your personal information to comply with the law, or a binding request like a court order.|
|Consent||This is where we use your personal information with your clear consent, you have a free choice to say yes or no, and you can change your mind at any time.|
|Public interest||This is where we need to use your personal information for an official purpose, or for a reason in the public interest for the greater public good, like cooperating voluntarily with an official police investigation.|
|Vital interests||This is where we need to use your personal information in an emergency to protect you (or someone else) from death or serious harm.|
|Legitimate interests||This is where, on balance and being fair to you, we have (or a third party has) another good and lawful business reason for using your personal information and we do not need your consent.|
By law, we must treat special category or sensitive personal data, such as on health or alleged crimes, with even more care and must have an additional reason for collecting and using this type of personal information. Where special categories of sensitive personal information are involved in addition our users will always be for one of these reasons.
|Legal basis||When we use this basis|
|Legal obligation||This is where we must use your personal information to comply with your or our legal rights or obligations related to employment or social protection.|
|Preventative medicine||This is where we need to use your personal information for medical diagnosis or preventative health reasons|
|Substantial public interest||This is where we need to use your personal information in the substantial public interest for the greater public good.|
|Explicit consent||This is where we use your personal information with your very clear and express consent, you have a free choice to say yes or no, and you can change your mind at any time.|
|Legal claims||This is where we need to use your personal information to investigate, take advice on bring or defend legal claims.|
|Vital interests||This is where we need to use your personal information in an emergency to protect you (or someone else) from death or serious harm and you are not capable of giving your consent.|
We want you to understand why we use the personal information we do and our legal basis for doing so. We explain this here.
Lawful basis for use
|Why we use your personal information||All personal information||Sensitive personal information|
|To check stock for you, put it on hold, arrange to send it to your local store and keep you updated on this||Contract|
|To accept your orders, check and take payment, deliver your order and communicate with you about it. This may include a gift delivered to another person or delivery to another address if you want
Dealing with returns, replacements and refunds we are obliged to deal with
You may want to use any optional delivery tracking or confirmation facility or update options we offer. This mean sharing additional contact information for you with our delivery partners and you using their delivery systems
Dealing with returns, replacements and refunds we are not obliged to deal with
Contract; Legal obligation
|To accept card payments, we need to comply with anti-money laundering legal obligations and comply with the rules of the card issuers eg Visa to make sure we get paid
This means checking your identity and that your use of the card appears lawful by checking with credit reference agencies and fraud prevention agencies who may keep records of this and of any concerns. We use specialist payment providers to help with this.
Preventing and detecting crime is important to everyone and any concerns may be shared with law enforcement agencies
Legitimate interests; Legal obligation
Substantial public interest; Legal claims
|To ask you about student discount registration, fill in surveys, provide feedback and deal with your queries and requests
To learn from your feedback and improve
|To deal with your queries, requests and respond to any customer care concerns.
To provide you with information about your order or request we think you need.
Sometimes this will be where this involves a legal right or obligation we must comply with and unusually this may relate to legal claims
Legitimate interests; Legal obligation
|To set up your account with us and run it to make you’re online shopping experience quicker and easier for you, including dealing with related requests and changes and communications.
Storing any payment card details with your consent
Legitimate interests; Explicit consent
|Managing any accidents, injuries or health incidents which occur in store.
Meeting our health and safety legal obligations.
Dealing with any related insurance or legal claims
|Legitimate interests; Legal obligation; Vital interests||Vital interests; Preventative medicine; Legal obligation; Legal claims; Substantial public interest|
|Managing any suspected fraud, shoplifting or other suspected criminal activity involving or affecting you
Responding to warnings and providing details to law enforcement and fraud prevention agencies to investigate, prevent and detect crime.
Dealing with any related insurance or legal claims
Legal obligation; Legitimate interests
|Legal claims; Substantial public interest
|To keep evidence of our dealings with you to comply with our legal obligations, including on accounting, taxation and data privacy
To keep records for risk management and insurance purposes
|Grouping individual records together in large numbers to analyse them to understand customer group interests, trends and changes across the customer base.
This needed to run our business efficiently, including ordering stock and organising supplies and adjusting resourcing such as for in store staff / delivery coverage to meet demand.
|To keep our systems, websites and their use under continual review to check and maintain their integrity and security and proper operation and continually improve their efficiency.
Meeting our obligations to secure personal information.
Legitimate interests; Legal obligation
|To authenticate users, account holders and ensure use of our website complies with our terms and policies||Legitimate interests; Legal obligation|
|To deal with our legal obligations, such as on product recalls, and binding requests for information, such as from courts||Legal obligation||Legal claims|
|To cooperate with and disclose information to law enforcement and official agencies and government, regulators courts and other parties even where not legally binding
This is where we believe it is needed to prevent or detect crime, or help with legal compliance or good governance
This includes where we take professional advice to understand and deal with our legal rights and obligations and dealing with our insurers
Legitimate interests; Public interest
Substantial public interest.
|To deal with the reorganisation or sale if our business or part of it and sharing details needed with buyers and their professional adviser’s||Legitimate interests|
|Learn more about you from your browsing and purchase history, how you like to shop and how you respond to our ads and offers, we do this to try and anticipate what demographic, age range, region and preferences you would like
o try and categorise you, predict more accurately what you will want to buy, what offers and ads you will prefer and provide you with those tailored offers and ads we think you will like most
so we can –
o generate new customers and convert possible customers into actual customers
o convert browsers to shoppers
o encourage current customers to buy more goods from us or buy more frequently
o encourage customers also to buy in store if they only buy online, or to also buy online if they only buy in store
o generate income and profit to run our business
o fund our development of new exciting products for you
o pay to attract, retain and expand our amazing and talented staff who we need to do this
|Consent||To provide you with the app you have requested and send you push notifications with ads, special offers, promotions and news
To email you with ads, special offers, news and promotions
To ask you to provide product reviews and to rate us
To use your location to send you location related advertising
By signing you up to our email marketing to promote products
If you are logged in to your account with us with your mobile device / have one of our apps and your device connects to our Wi-Fi in store, tracking your journey through our store by linking your journey and your account
To link your social media account(s) with your activities on our websites and then showing you targeted product recommendations.
Where we carry out marketing this will be based on our legitimate interests unless by law we need your consent or have chosen to ask for consent anyway. In the event you have placed an order, query, and request or flagged an issue, we will still need to keep in touch. We won’t market to you but contact you regarding the relevant issue.
Where we have explained that our use of your personal information is needed for us to comply with a legal obligation, or to start or comply with a contract with you, if you refuse to provide those details, on most occasions, we won’t be able to accept your order or continue to deal with your purchase or delivery.
- Who we share your personal information with and why
We do not sell your personal information to third parties for them to market their products to you but, on occasion, we do need to share some of your details with third parties.
We need to work with suppliers and professional service providers as they help us to run our business and look after you. In these cases, we only share the personal details they need to know for their services and work closely with them to make sure your privacy is respected and protected. They must keep your details confidential and secure and only use them to provide the help we have agreed with them or as allowed by law.
We are a dynamic business in a fast moving industry and as you can imagine, the help we need can change quickly and over time. We work with lots of suppliers and service providers and these also frequently change. So that you understand where this can affect your personal information, we have provided more details.
|Who we share with||Why we share it|
|External suppliers||, We use external suppliers to help us with:
-warehouses, packing and delivering orders;
-payment service providers to securely validate and take your payments by card;
-specialist providers to host and operate our websites, online presence, databases and IT systems and support their operation and -help with data analytics;
-specialist providers to help with cyber and other security; and
-agencies to help with marketing, analytics, advertising and communications.
|Event, discount registration and account providers||We can share personal information with third parties for discount verification, registered account management, event management or where you have told us, or them, we can share it.|
|Other retailers||Where we operate a concession in another retailer’s store, their systems record your personal information. Unusually, there may be an incident involving you where we need to provide them with details about you to prevent and detect crime or help them to deal with legal claims or obligations.|
Where you accept third party cookies, we do not send them data but they normally collect data directly from your device
|Social media*||Where you want to link your social media account to us, we will share the details needed to do that with your provider.|
|Third party content and links on our websites*||Our websites and apps sometimes feature links to third parties which we think you will like.
We do not send them your details but if you follow those links, you will do so direct and leave our website. You can choose to share your personal data with them separately sand subject to their Privacy Notice.
|Law enforcement, credit reference and fraud prevention agencies.||We will provide personal information about you to:
-fraud prevention and credit reference agencies
If we must by law, or when we think it is necessary to prevent fraud, or protect you, our staff, business or other customers, from threats, theft or, fraud
|Other recipients||We may also disclose your personal information where needed to comply with a legal obligation, to enforce a contract or to protect the rights, property or safety of you, our employees, customers or others, or where permitted by law and needed to help others to do so.
-Consultants and professional advisors including legal advisors, accountants and auditors;
-courts, court-appointed persons/entities, receivers and liquidators;
-business partners and joint ventures;
-Governmental departments, statutory and regulatory bodies including the Information Commissioner’s Office, the police and Her Majesty’s Revenue and Customs.
*The way the internet works means that to show you our banners and adverts especially on other websites and apps, we must work with third party ad exchanges, networks and online platforms. They must comply with their data privacy obligations, make their policies available to you and allow you to change your mind about their cookies and use of your information. We are not responsible for their use of your personal information or websites.
- Where we send your personal information outside Europe
Data privacy laws in the UK and across the countries in the European Union, Norway, Iceland and Liechtenstein, (the European Economic Area) are very similar. We have called this area ‘Europe’ for ease. If it is necessary for us to transfer your personal information outside Europe we will only make that transfer if we use a method approved as privacy-safe by the data privacy regulators in Europe:, including:
-the country to which the personal information is to be transferred has been approved by them;
-the recipient of the personal information is in the USA and has certified they will comply with the Privacy Shield rules to protect personal information, approved by them;
-the recipient of the personal information is legally bound to protect your personal information under binding corporate rules approved by them;
-we have made sure that there is a contract to protect your personal data with the recipient, using a template approved by them;
-the transfer is needed for another reason approved by them, such as to make an international delivery at your request; or
-where you explicitly consent to the transfer
You can ask for a copy of the method approved as privacy safe by the data privacy regulators in Europe from our Customer Care team or Data Protection Team using the contact details in section 8 below.
- How do we keep your personal information secure?
We take specific steps required by data privacy law to take appropriate care of your personal information, whether online or not. This is to protect it against theft or other loss, being corrupted so we cannot use it properly or at all and to stop people who should not be able to see or use it from doing so.
- How long we keep your information and why?
We will only keep your personal information for a limited period of time. This will depend on a number of factors, including:
-whether you have placed an order with us, or have a registered account with us;
-any laws or regulations that we are required to follow;
-whether we are dealing with a current request, customer care issue or complaint;
-where there is a legal or other type of dispute involving or affecting you;
-the type of information that we hold about you; and
-whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.
We will keep your personal information during the period that you are a customer with us and then for as long as is necessary in connection with both our and your legal rights and obligations. This may mean that we keep some types of personal information for longer than others. Generally, if you are an inactive customer we will remove your account after 18 months.
- Your rights and how to use them
You have rights to understand and control use of your personal information. These rights only apply to your own personal information. For all these rights:
-we must be able to verify your identity;
-your request must not impact the privacy rights of other people;
-Your request must not be excessive, very unreasonable or repeated [too often].
-They cannot clash with the provision of a service (for example submitting a right to erasure when we are processing an order from you)
Many rights have limitations and exceptions, for instance, we do not have to provide you with legally privileged advice involving your personal information.
|Your right||What does it mean?||Limitations and conditions of your right|
|Right of access||You are entitled to have access to your personal information and specific information about its use by us (this is more commonly known as submitting a “data subject access request”).||You should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations.|
|Rights in relation to inaccurate personal or incomplete data||You may challenge the accuracy or completeness of your personal information and have it corrected or add details to make it complete.
You must inform us of changes to your personal information. Please notify us of any changes as soon as they occur, including changes to your contact details.
|Where available, please use any self-help tools to correct the personal information we use about you.
When exercising this right, please be as specific as possible.
|Right to object to our use of your personal information||You have the right to object to our use of your personal information.||This general right applies where our use of your personal information is needed based on legitimate interests and there is something about your particular situation which makes you want to object to processing on this ground.
We will then consider your request.
|Right to object to direct marketing||You can change your mind about direct marketing at any time. This may mean changing your mind about our app, or receiving our emails, or all direct marketing.||Click unsubscribe at the bottom of any email.|
|Right to object to important computer only decision making affecting you||If we have explained that we use any computer only decision making to make important decisions affecting you, you have the right to challenge those decisions and have a real person take another look at them to make sure they were right.||The second look at the decision by a real person may result in the same decision the computer made.|
|Right to restrict our use of your personal information||You are entitled to limit our use of your personal information for so long as we are considering any request you have made for us to correct or complete your personal information, or to consider an objection you have made to our use of it based on legitimate interests.
You can also request us to limit our use permanently in some cases.
|The temporary restriction on our use will end when we have dealt with your request for correction or completion of your personal information or we have made a decision on further use following your objection.
If we agree that we should stop that use of your personal information, or in limited other cases, the limitation will become permanent.
The impact of the restriction is limited to personal information affected by the request/use.
|Right to erasure||You are entitled to have your personal information deleted or destroyed, such as where your personal information is no longer needed for its intended use.||We may not always be able to erase your personal information completely, such as were we still need it to comply with a legal obligation, or to deal with legal claims.|
|Right to withdrawal of consent||Where our processing of your personal information is based on your consent, you have the right to withdraw your consent at any time.||If you withdraw your consent, this will only affect future use of that personal information.|
|Right to data portability||You are entitled to receive the personal information which you have provided to us and which is used by us in a commonly used format to help make it readily re-usable.||This right only applies where we are using the personal information you have provided based on your consent or on our contract with you.|
To unsubscribe, or change your mind about receiving our marketing, you can:
-use the unsubscribe link in our emails
-email our Customer Care team email@example.com
-call our Customer Care team
-write to us at the above-listed address
We are committed to protecting your privacy, so we have appointed a Data Protection Officer to help. If you wish to exercise any of these rights please contact our Customer Care team by emailing firstname.lastname@example.org
You also have the right to lodge a complaint with the UK data privacy regulator.
- Other details you should know.