If you don’t want to read all the detail, here are the things we think you’d really want to know:
- Your personal information is, where appropriate, shared within the Group.
- We do use several third parties to process your personal information on our behalf and some of them are based outside of the European Economic Area.
- You have several rights over your personal information. How you can exercise these rights is set out in this notice.
- We do send direct marketing, if we’re allowed to. And we do this to encourage you to buy our products and services by sending you offers and ideas that we feel will be of benefit to you. If you want us to stop then here’s (sec section 9).
- We also display online advertising relating to our products and services on websites across our Group, on other websites and online media channels
Who are we?
What sorts of personal information do we hold?
- Information that you provide to us such as your name, address, date of birth, telephone number, email address, bank account and payment card details and any feedback you give to us, including by phone, email, post, or when you communicate with us via social media;
- Information about the services that we provide to you (including for example, the things we have provided to you, when and where, what you paid, the way you use our products and services, and so on);
- Your account login details for our services, including your user name and chosen password;
- Information about whether or not you want to receive marketing communications from us;
- Information about any device you have used to access our Services (such as your device’s make and model, browser or IP address) and how you use our Services. For example, we try to identify which of our apps you use and when and how you use them. If you use our websites, we try to identify when and how you use those websites too;
- Your contact details and details of the emails and other electronic communications you receive from us, including whether that communication has been opened and if you have clicked on any links within that communication. We want to make sure that our communications are useful for you, so if you don’t open them or don’t click on any links in them, we know we need to improve our Services; and
- Information from other sources such as specialist companies that provide customer information (like credit reference agencies such as Experian, fraud prevention agencies, claims databases, marketing and research companies), social media providers and the DVLA, as well as information that is publicly available.
Our legal basis for processing your personal information
- Consent: You have told us you are happy for us to process your personal information for a specific purpose;
- Legitimate interests: The processing is necessary for us to conduct our business, but not where our interests are overridden by your interests or rights.
- Performance of a contract: We must process your personal information in order to be able to provide you with one of our products or services;
- Prevention of fraud: Where we are required to process your data in order to protect us and our customers from fraud or money laundering;
- Vital interests: The processing of your personal information is necessary to protect you or someone else’s life;
- Public information: Where we process personal information which you have already made public;
- Legal claims: The processing of your personal information is necessary for the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity; and
- Legal obligation: We are required to process your personal information by law
How do we use your personal information?
We may use your information in the following ways:
- To provide our products and services – we need to use your personal information to make our products and services available to you. If you then decide to order any of our products or services then we’re delighted, thank you. After that, we need to provide them to you, process your payment and sometimes award you Reward points, Discount coupons as Customer loyalty program. And we need to use your details to do all this.
- To personalize your shopping experience – we try to understand our customers so we can provide you with a great shopping experience, relevant marketing, personalized offers, shopping ideas and online advertising. Understanding how you use our Apps, how you interact with us, where you shop, the products and services you buy and how you use and browse our websites helps us to do this.
- For safety and security – we use your personal information to help provide safe and secure environments for to you and our other customers to shop and for our businesses to be conducted. To enable this we monitor online behavior and carry out checks to help us ensure that our customers are genuine to prevent fraud and to help customers use our services appropriately.
- Analytics and profiling – we use your personal information for statistical analysis and to help us understand more about our customers. That includes understanding the products and services you buy, the way you consume them, how you shop across the whole Group and by creating profiles about you. This helps us to serve you better and to find ways to improve our services, stores, apps and websites. These profiles help us to send you offers that are more relevant to you.
- Contacting you – we use your personal information to contact you: either to conduct market research or to contact you about products and services from us and other companies. We may also contact you in relation to any questions you have raised with us or to discuss the status of your account with us.
Cookies and similar technologies
Our service providers – we work with partners, suppliers, insurers, aggregators and agencies so that they can help us provide the products and services you require from us. These third parties process your personal information on our behalf and are required to meet our high standards of security before doing so. We only share information that allows them to provide their services to us or to facilitate them providing their services to you. These third parties include:
- Advertising companies, who help us place adverts online;
- Scheme providers – such as Visa and MasterCard – if you process a credit/debit card or travel money card with us, in order to manage your account and so your payments are processed;
- Our agents, advisers or others involved in running accounts and services for you and your business or collecting what you or your business owe Group companies.
- Market research partners, who help us to analyze customer behavior;
- Social media providers – such as Facebook, Instagram and Twitter – where we interact with you on social media;
- Third party vendors who help us to manage and maintain the Organizational IT infrastructure;
- Logistics and delivery providers who enable us to deliver products you order on our websites;
- Providers of temporary staff, who need access to certain personal information to carry out their role within the business;
- Where relevant, our professional advisors, such as lawyers and consultants;
- Companies that deploy our email campaigns for us because they need to know your email address to carry out these services;
- Companies that provide insights and analytics services for us so we can stock the right products, send the right marketing campaigns and understand our business and customers better;
- Security and fraud prevention companies to ensure the safety and security of our customers, colleagues and business;
- Companies which run our contact centers because they need your personal information to identify and contact you;
- Companies who assess faults and repair products on our behalf;
- Companies administer competitions for us, so they run smoothly;
- Companies that enable us to collect your reviews and comments, both online and offline; and
- Companies that help us with our community and social goals,
- Companies or individual(s) whether described or may include at any time with or without any intimation who we may need to share any or all of these to run out business smoothly without any liability.
Other organizations and individuals – we may share your personal information in certain scenarios. For example:
- If we’re discussing selling or transferring part or all of our Group business, we may share information about you to prospective purchasers and their advisers – but only so they can evaluate the relevant business; or
- If we are reorganized or sold to another organization, we may transfer information we hold about you to them so they can continue to provide the Services to you.
- If we are required to by law, under any code of practice by which we are bound or where we are asked to do so by a public or regulatory authority such as the police or the Department for Work and Pensions;
- If we need to do so in order to exercise or protect our legal rights, users, systems and services; or
- In response to requests from individuals (or their representatives) seeking to protect their rights or the rights of others. We will only share your personal information in response to requests which do not override your privacy interests. For example, we will not share your personal information with individuals who are merely curious about you, but we will share your personal information to e.g. insurers, solicitors, employers etc. which have a legitimate interest in your personal information
International transfers of personal information
Your rights as a custommer
- the right to access a copy of the personal information we hold about you;
- the right to correction of inaccurate personal information we hold about you;
- the right to restrict our use of your personal information;
- the right to be forgotten;
- the right of data portability; and
- the right to object to our use of your personal information.
If you are seeking to exercise any of these rights, please contact us using the details in the “Contact Us” section below. Please note that we will need to verify your identity before we can fulfil any of your rights under data protection law. This helps us to protect the personal information belonging to our customer against fraudulent requests.
Automated decision making and profiling
We take protecting your personal information seriously and are continuously developing our security systems and processes. Some of the controls we have in place are:
- We limit user access to our systems to only those that we believe are entitled to be there;
- We use technology controls for our information systems, such as firewalls, user verification, strong data encryption, and separation of roles, systems & data;
- Systems are proactively monitored through a “detect and respond” information security function;
- We utilize industry “good practice” standards to support the maintenance of a robust information security management system; and
- We enforce a “need to know” policy, for access to any data or systems.
California Consumer Privacy Act:
If you are a California resident, you can make certain requests regarding your personal information. We will fulfill each of these requests to the extent required by law.
- You can ask us what personal information we have about you, including a list of categories of your personal information that we have sold and a list of categories of your personal information that we have shared with another company for a business purpose.
2. You can ask us to delete your personal information.
3. You can ask that we stop selling your personal information.
More information on each of these requests is below.
- What personal information do you collect about me?
If you make this request, we will return to you (to the extent required by law):
- The categories of personal information we have collected about you.
- The categories of sources from which we collect your personal information.
- The business or commercial purpose for collecting or selling your personal information.
- The categories of third parties with whom we share personal information.
- The specific pieces of personal information we have collected about you.
- A list of categories of personal information that we have sold, along with the category of any other company we sold it to. Any of the categories of personal information that we collect could be included in a sale to other companies, including those within our corporate family. If we have not sold your personal information, we will inform you of that fact.
- A list of categories of personal information that we have disclosed for a business purpose, along with the category of any other company we shared it with.
You can ask us to provide you with this information up to two times in a rolling twelve-month period. When you make this request, the information provided may be limited to personal information we collected about you in the previous 12 months.
- Delete My Personal Information:You have the right to ask that we delete your personal information. Once we receive a request, we will delete the personal information (to the extent required by law) we hold about you as of the date of your request from our records and direct any service providers to do the same. In some cases, deletion may be accomplished through de-identification of the information. If you choose to delete your personal information, you may not be able to use certain website or in-store functions that require your personal information to operate. Deleting your personal information will not cancel memberships you have purchased.
- Stop Selling My Personal Information:We do not sell your personal information for monetary consideration. However, under some circumstances a transfer of personal information to a third party, or within our group of companies, without monetary consideration may be considered a “sale” under California law. For purposes of California law, all categories of personal information, except for background and criminal information, biometric information, and government identifiers, are transferred to third parties or within our companies. Such transfers may be considered a sale. If you submit a request to stop selling your personal information, we will stop making such transfers. If you are a California resident, to opt-out of the sale of your personal information, Contact” Privacy Manager and write him for Do Not Sell My Personal Information” Contact us page to submit your request.
We will not discriminate against you for exercising your rights. This generally means we will not deny you goods or services, charge different prices or rates, provide a different level of service or quality of goods, or suggest that you might receive a different price or level of quality for goods. Please know, if you ask us to delete or stop selling your data, it may impact your experience with us, and you may not be able to participate in certain programs or membership services which require usage of your personal information to function.
To exercise the California privacy rights described above, please contact Privacy Manager and “Request personal information” Contact us page.
Your California Privacy Rights – Shine the Light
The following rights apply to California residents:
- We share personal information with others outside of Denril and/or sister concerns or partners for direct marketing of their products only if we have your affirmative consent (opt in). See “How Do We Share Your Personal Information Outside our company?”
- We share personal information with other businesses within our corporate members/partners.
Please “Contact Us” with any questions, or to request a list of third parties to whom we may share personal information for their marketing purposes and the categories of information we may disclose.