INFORMATION ABOUT THIS TEMPLATE
The sections in yellow are optional and will depend on what the client does with the data or the level of information they provide.
The sections in grey should be retained but the details will need to be changed to reflect the types of data the client collects and uses.
This policy sets out how we use your information and provides you with information about the personal data we collect, how we keep it secure, how we ensure your privacy is maintained and your rights relating to the personal information we hold about you.
This policy applies to you if you purchase or use any of our products or services, if you visit our stores or shop online or use your mobile device and provides you with information about:
- WHO WE ARE
- THE TYPES OF PERSONAL DATA WE COLLECT
- HOW WE USE PERSONAL DATA
- WHO WE SHARE PERSONAL DATA WITH
- TRANSFERS OF PERSONAL DATA
- HOW WE PROTECT PERSONAL DATA
- HOW LONG WE KEEP PERSONAL DATA
- YOUR RIGHTS
- THE LEGAL BASIS FOR USING PERSONAL DATA
- HOW TO CONTACT US
- LINKS TO OTHER WEBSITES
- POLICY UPDATES
- WHO WE ARE
FULL COMPANY NAME is a company incorporated in COUNTRY OR STATE [and is part of the NAME OF GROUP which includes OTHER GROUP MEMBERS] (referred to as “we” or “us” in this policy).
We understand that privacy and the security of your personal information is extremely important and we are committed to maintaining the trust and confidence of the visitors to our websites and our customers by keeping your personal data secure and respecting your privacy rights.
We will always handle your data fairly and legally and are committed to being transparent about the data we collect and how we use it.
We don't rent or trade information about you with other organisations and businesses.
THE TYPES OF PERSONAL DATA WE COLLECT
We may collect the following information about you:
- your name
- your age or date of birth
- your gender
- your contact details (postal, billing and delivery addresses, telephone numbers and e-mail address)
- details of your purchases and orders
- information about any services we provide to you
- your on-line browsing activities on our websites
- your account login details, including user name(s) and password(s)
- when you purchase or order products and services, your bank account or payment card details
- your communication and marketing preferences
- your interests, preferences, feedback and survey responses
- your location
- your IP address
- your device ID and other details such as make and model and the apps you use
- your correspondence and communications with us
- publicly available personal data, including any you have shared via public platforms and social media.
Our websites are not intended for children and we do not knowingly collect data relating to children.
The types of data listed above is not exhaustive and, in some instances, we may need to collect additional data for the purposes set out in this policy or to provide you with certain products and services.
If shop with us using a credit or debit card, or if we take these details for payment authorisation, we will securely collect and store this information. We will ask if you want us to automatically store these details to speed up future payments. If you set up a direct debit payment, we will also collect bank details from you.
If you apply for credit, stage payments or other payment terms or forms of finance, we will take into account other information about you such as your employment details, financial position, identification documents details (such as your passport, national identify card or driving licence), insurance, criminal record and medical history as well as details about additional insured parties and cardholders or joint policyholders.
We may collect some of the above personal data directly from you, for example when you set up an account on our websites, or send an email to our customer services team. Other personal data is collected indirectly, for example your browsing or shopping activity. We may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources.
HOW WE USE PERSONAL DATA
The information we collect may be used to:
- provide products and services to you
- process your orders
- take payment from you or provide you with a refund
- manage any account(s) that you hold with us
- mange any reward or loyalty programs you participate in
- verify your identity and ensure that our customers are genuine
- detect and/or prevent crime or fraud, and related purposes
- carry our statistical analysis
- conduct market research
- help us understand more about you as a customer
- personalise your shopping experience
- tailored our websites to you
- improve our services, stores, apps and websites
- contact you about products and services
- provide online advertising
- help answer your questions and solve any issues you have
- manage customer service interactions with you
We will only use your personal data for marketing purposes with your consent. We may do this by post, email, text message, online or through social media, push notifications via apps, or other electronic means and will aim to update you only about those products and services you are interested in or which relevant to you.
You may amend your marketing preferences and have the right to opt out of receiving promotional communications at any time, by:
- changing the marketing preferences on your account(s)
- clicking the “unsubscribe” link in our emails or using the “STOP” number for texts
- contacting us (see HOW TO CONTACT US)
We won't send you marketing messages if you tell us not to, but we will still need to send you occasional service-related messages.
As part of the registration process for our newsletter, we collect personal information. We use that information to: tell you about our offers, products and services; contact you if we need to obtain or provide additional information; check our records are correct and up-to-date; and make sure that you’re happy and satisfied with our services. To do so we use a third-party provider, [ADD NAME], to deliver our newsletter. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our newsletter. For more information about this, please see [ADD NAME]’s privacy notice. You can unsubscribe from our newsletter at any time by clicking the unsubscribe link at the bottom of our emails or by contacting us (see HOW TO CONTACT US).
If you are a member of any of our reward or loyalty schemes we may collect data directly from you, as well as analysing your browsing and purchasing activity, both on-line and in store, and your responses to marketing communications. The results of this analysis, together with other demographic data, allows us to personalise the information and offers we send to you, make that are relevant to you and understand more about you as a customer. We use software and other technology (automated processing) to do this.
When you visit our websites, we use service providers, like Google Analytics and Sumo Logic, to collect internet log information and details of visitor behaviour patterns. We do this to understand how visitors use our websites. This information is only processed in a way which does not identify anyone.
WHO WE SHARE PERSONAL DATA WITH
We may share your personal information with [NAME OF GROUP] from time to time so we can provide you with services across our group. That includes [ADD DETAILS].
We work with partners, suppliers, service providers and agencies and may need to share your personal information with them to provide certain services. However, we will only do so where they meet our standards for processing data and have confirmed that they have appropriate data protection and security controls in place. We will only share information with them that is necessary for them to provide services to us or directly to you and our contracts with them prevent them from using your personal information for any other purposes. These include:
- Supplier Partners - trusted partners who supply products and services on our behalf
- Delivery Partners - for you to receive the products you have ordered
- Payment Providers - who take and manage payments
- Credit Reference Agencies - to make sure you can manage the level of credit offered and prevent fraud
- Marketing Companies - who help manage our electronic communications with you
- IT Companies - who support our websites and information systems
We may also share your personal information with:
- carefully selected retail partners, where you have consented to this
- governmental bodies, regulators, law enforcement agencies, courts and insurers where we are required to do so to:
- comply with our legal obligations
- exercise our legal rights
- prevent, detect and investigate crime and fraud
- protect our employees and customers
- our financial and legal advisors
- purchasers or prospective purchasers of our business so they can evaluate that business and/or continue to provide services to you
We will not otherwise disclose your personal information to anyone else.
We will not sell or rent our customer data to other organisations for marketing purposes.
TRANSFERS OF PERSONAL DATA
If you place an order with us and you are outside of [COUNTRY] we will transfer your personal information to [COUNTRY].
Although your personal data will be held in [COUNTRY] data centres it is sometimes necessary for us to share your personal information outside of the European Economic Area (or the EEA), so that we can deliver products and provide services to you or to transfer your personal information to our group companies, suppliers or service providers based outside of the EEA for the purposes described in this policy. This will usually be the case when either you, your delivery address or our service providers are located outside the EEA.
If this happens, your personal information will continue to be subject to one or more appropriate safeguards set out in the law. We will ensure that the transfer will be compliant with data protection law and all personal information will be secure. Our standard practice is to use ‘standard data protection clauses’ for such transfers or ensuring that our suppliers sign up to an independent privacy scheme (like the US 'Privacy Shield' scheme). These methods have been approved by regulators to ensure adequate safeguards are in place.
This includes information about browsing and purchasing behaviour by people who access our websites. This includes information about pages viewed, products purchased and the customer journey around our websites.
HOW WE PROTECT PERSONAL DATA
We are committed to keeping your personal information safe and secure and use appropriate security measures to protect your information including:
- encryption of data
- security controls to protect our information systems from external attack
- access controls to our information systems
- logical separation of our systems and information
- penetration testing of systems
- internal information security policies
- personal data and information security training for our employees
- security assessments of all our service providers who may handle your personal information
- never asking you for your passwords;
- advising you never to enter your account number or password into an email or after following a link from an email.
We will never ask you for your passwords or to confirm your credit card or payment details via email.
We recommend that you:
- keep your account passwords private
- change your password often
- do not use the same password for multiple accounts or websites
- do not enter your account number or password into an email or after following a link from an email
- security controls to protect our information systems from external attack
- access controls to our information systems
- logical separation of our systems and information
HOW LONG WE KEEP PERSONAL DATA
Unless we are required to by law, we will not retain your data for longer than necessary for the purposes set out in this policy.
Different retention periods apply for different types of data, however the longest we will normally hold any personal data for is 6 years.
You have the right to:
access your personal information
You can ask us to confirm what personal information we hold about you and how we use it, where we are obliged to provide copies of this personal information we will do so free of charge.
rectify your personal information
You can ask us to update and correct any out-of-date or incorrect personal data that we hold about you.
erase your personal information
You can ask us to delete information that we hold about you if you have withdrawn your consent, if that information is no longer needed for the purposes for which it was collected, if we are processing it unlawfully or in certain other circumstances.
stop or limit our processing of your personal information
You can object to us processing your personal information if we are not entitled to use it any more or if the processing is based on our legitimate interest (including profiling) where this does not override your rights, to have your information deleted if we are keeping it too long or have its processing restricted where you have contested the accuracy of the data, opposed the erasure of the data, you want us to retain the data so you can establish, exercise or defend legal claims, or you have objected to the processing, whilst a decision on overriding legitimate interests is pending.
Where you have consented to us processing your personal information you may withdraw this consent at any time, including the right to opt-out of marking communications.
Where you have provided us with information in a structured, commonly used and machine-readable format which we process by automated means, you can receive this in a standard form or ask us to move or transfer that data to another service provider.
not be subject to automatic decision making
You may not to be subject to a decision based solely on automated processing, including profiling, unless this is necessary for entering into, or performance of, a contract with us, it is authorised by the regulators or it is based on your explicit consent.
If you have any questions about your rights or wish to exercise any of them, please contact us (see HOW TO CONTACT US).
Before providing personal information to you or another person on your behalf, we may ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.
You also have the right to lodge a complaint with a data protection regulator where your personal information has or is being used in a way that you believe does not comply with data protection law. Usually this would be in the country where you live or where your legal rights have been infringed. Our lead authority is [ADD NAME AND CONTACT DETAILS].
THE LEGAL BASIS FOR USING PERSONAL DATA
We are required to set out the legal basis for our ‘processing’ of personal data.
We collect and use your personal data because is it necessary:
- for our legitimate interests (as set out below)
- to fulfil our contractual obligations to supply products and services
- to exercise our contractual rights and remedies
- to comply with our legal obligations
In general, we only rely on consent as a legal basis for using your personal data in relation to sending direct marketing communications to you via email or text message. You have the right to withdraw consent at any time and, where consent is the only legal basis for processing your personal information, we will cease to process data after consent is withdrawn.
Normally, the legal basis for using your personal information is that it is necessary for our legitimate interests. This includes:
- selling and supplying products and services to our customers
- processing orders and dealing with enquiries from our customers
- managing returns and refunds
- protecting our customers, employees and other individuals
- promoting, marketing and advertising our products and services
- sending promotional communications which are relevant and tailored to individual customers
- administering reward or loyalty schemes
- understanding our customers’ behaviour, activities, preferences, and needs;
- improving existing products and services
- developing new products and services
- complying with our legal and regulatory obligations;
- preventing, investigating and detecting crime, fraud or anti-social behaviour
- handling customer contacts, queries, complaints or disputes
- managing insurance claims by customers
- taking appropriate legal action against third parties
- handling legal claims or regulatory enforcement actions taken against us
- fulfilling our duties to our customers, colleagues, shareholders and other stakeholders
HOW TO CONTACT US
If you would like to exercise your rights (see YOUR RIGHTS for further information) or you have a question or a complaint about this policy, the way your personal information is processed, please contact us by one of the following means:
- By email: [ADD EMAIL]
- By post: Data Protection Officer [ADD ADDRESS]
LINKS TO OTHER WEBSITES
We may partner with trusted service providers to make additional products and services available to you and may sometimes provide you with links to other websites that are not under our control.
In these instances, we will not be liable to you for any issues with their use of your personal information, the website content or the products and services offered or provided to you by these websites.
This Policy was last updates in [ADD MONTH AND YEAR].
WHAT ARE COOKIES?
Cookies are data files containing small amounts of information which are placed on your computer or other devices through your web browser when you visit our websites. This is then sent back to our websites by your browser and is used to “remember” your computer or device.
Cookies are used on all versions of our websites and in our website applications.
Cookies are designed to enable your computer or device to remember something you have done within that website (such as remembering that you have logged in, or which buttons you have clicked) and are essential for the effective operation of our websites and to help you shop online. They are also used to tailor the products and services offered and advertised to you, both on our websites and elsewhere.
To make full use of our websites and shop online, cookies need to be enabled on your web browser. If you do not accept, or disable, cookies then certain features on our websites will not work. You will still be able to browse our websites but will not be able to shop online.
The cookies stored on your computer or other device when you visit our websites are either designed by us, or on our behalf, and are necessary to enable you to a make purchases on our websites or by third parties who participate with us in marketing programmes or who provide web banner advertisements or other services to you on our behalf.
WHAT INFORMATION IS COLLECTED?
Some cookies collect information about browsing and purchasing behaviour when you visit our websites. This includes information about pages viewed, products purchased and your journey around a website.
To help you understand cookies better we have outlined some of the main types below:
These cookies are used to identify If you are logged in as a user, or not. They are important for our websites to know what information to show you or remind you to log in.
These cookies only last for as long as your browsing session on the website and are normally deleted automatically when you close your web browser.
These cookies remain after you have finished browsing, so if you visit a website and then return to it sometime later, the website will “remember” you.
These cookies are set by the domain (or sub-domain) for our websites in your web browser.
These cookies are set by a different domain to the website you are visiting and are used for a variety of reasons.
We do not control what information is collected and stored by Third-Party Cookies, or how they are set and we do not accept any liability in connection with these cookies, you should check the relevant website for more information about what they do with cookies and how you can manage them. These may include social networking sites, like Facebook and Twitter. If you share content in this way, the social network may send cookies to your browser.
For details of the Third-Party Cookies we use please see our COOKIE LIST.
HOW LONG IS THIS INFORMATION KEPT?
Generally, we only keep cookies for the duration of your visit to websites.
Please see our COOKIE LIST for more information.
HOW ARE COOKIES MANAGED?
You have different options to manage the cookies on your computer or device.
You can change your browser settings to prevent cookies from being accepted, or, depending on which browser you are using, you might be able to receive an alert when a website is trying to place one on your browser.
With most browsers, you can allow First-Party Cookies to be set but refuse to accept Third-Party Cookies.
WHAT ARE COOKEIS USED FOR?
- to recognise customers and understand and facilitate their browsing and shopping behaviour
- to complete orders and fulfil online transactions
- for technical purposes relating to the operation of our websites and navigation
- to improve our websites and you online shopping experience
- to provide you with personalised content, web banner advertisements and targeted updates
- to monitor the success of our online campaigns, sales, promotions and competitions
- to meet our contractual obligations to third parties and manage the relationship with our partners
HOW DO I DISABLE OR DELETE COOKIES?
If you want to disable cookies you need to change your website browser settings.
This will depend on the browser you use and your browser’s 'help' menu should tell you how to disable cookies or change your cookie settings.
We have included instructions on how to do this for the most popular browsers below:
Microsoft Internet Explorer:
- Choose the menu “tools” then “Internet Options”
- Click on the “privacy” tab
- Select the setting the appropriate setting
- Choose Settings> Advanced
- Under "Privacy and security," click “Content settings”
- Click “Cookies”
- Choose Preferences > Privacy
- Click on “Remove all Website Data”
- Choose the menu “tools” then “Options”
- Click on the icon “privacy”
- Find the menu “cookie” and select the relevant options
You can also delete cookies stored in your browser by using the functions in your browser. This will not disable cookies or prevent your browser from collecting them in the future. Deleting cookies on one browser or one device does not automatically clear them on another.
WHAT HAPPENS IF I DISABLE COOKIES?
This depends on which cookies you disable, but in general the website may not operate properly if cookies are not accepted. However, you will still be able to browse around our websites, although some functions will not be available, for example you will not be to purchase products, set up a new account or access an existing one.
If you only disable Third-Party Cookies, you will not be prevented from making purchases on our websites.
If you disable ALL cookies, you will be unable to complete a purchase on our websites.
LAST UPDATED: DATE
We will update this list as we make changes to the shopping experience on our websites and as we gather more information on such cookies or as any cookies change. Whilst we intend to update this page regularly, there may occasionally be some cookies missing from the list.
The following Cookies are all used for analytical and targeting purposes:
Google Tag Manager
Facebook Custom Audiences
LAST UPDATED: DATE