The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU). This is enforceable from May 25 2018 and requires no enabling legislation so automatically becomes binding and applicable on that date.
The GDPR imposes new obligations on organisations that control or process relevant personal data and introduces new rights and protections for EU data subjects.
The GDPR applies to data processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
Our GDPR principles
- we will process all personal data fairly and lawfully
- we will only process personal data for specified and lawful purposes
- we will endeavor to hold relevant and accurate personal data, and where practical, we will keep it up to date
- we will not keep personal data for longer than is necessary
- we will keep all personal data secure
- we will endeavor to ensure that personal data is not transferred to countries outside of the European Economic Area (EEA) without adequate protection
Information we may hold about you
When you register to use our Website, purchase a product, enter a competition or promotion run by the Company or contact us, personal data you provide, such as your name, date of birth, contact details (including social media accounts), log in and payment information, will be collected.
When you browse our Website, whether or not you are registered, purchase a product, register to receive our emails or make a job application, we and our partner advertising networks, advertisers and advertising affiliates (Third Party Advertisers), will collect user information such as your location, language, assumed gender, IP address, when you visited our Website, how you arrived on our Website, where you visit after our Website, the pages you visited, how long you spend browsing individual pages on our Website, any products you have purchased, and the browser (where applicable) and device you used to access our Website.
In circumstances where you contact us by telephone, calls may be recorded for quality, training and security purposes. Calls may also be monitored without your consent in the following circumstances: to provide evidence of a business transaction; to prevent or detect a crime; to ensure that the Company complies with regulatory procedures; to see that quality standards or targets are being met; and to secure the effective operation of the telecom system.
How we may use your personal data
We may use your personal data in the following ways:
- to tell you about similar products and services, or products and services that you ask us to send you information about, by email, post, mobile, telephone and/or through other digital means (depending on your stated preferences) including social media platforms;
- to provide you with services you request from us;
- to register you on the Website (where this involves setting you up with an account, we will use your personal information to maintain and update your account (e.g. such as a change of address or change in your marketing preferences);
- to administer our Website;
- to analyse, and improve, the use of our Website and retail offering, including how you move around our Website:
- to administer any competition run by the Company. Please refer to the specific terms and conditions for each competition;
- to measure and analyse our advertising;
- to make suggestions and recommendations to you, other users of our Website, and users of the services of our Third Party Advertisers about products or services that may interest you or them;
- to keep in touch with you regarding your marketing preferences;
- to keep our Website and network safe and secure;
- to process payments and prevent fraudulent transactions (we may pass your details to a third party to carry out these functions); and
- to assess and process your job application.
We process this data where you have given us consent to use it, where it is necessary to perform our contract, to take steps at your request prior to entering into a contract, where required by law or in pursuit of our legitimate interests where these are not overridden by your rights and interests, such as to provide appropriate marketing and to maintain our services.
How long we keep your information
We will not keep your personal information for any purpose(s) for longer than is necessary and we will only retain the relevant personal information that is necessary in relation to the purpose.
We will retain the personal information you provided on registering an account on our Website or so long as that account remains in existence.
In the case of any contact you may have with our customer services department, we will retain those details for as long as is necessary to resolve your query and for a short period after the query is closed.
On making a purchase through our Website, we will retain certain limited personal information such as your name, email address and postal address until you ask us to update or delete those details for the purpose of reporting new and existing users to our affiliate advertisers. We retain transaction information for as long as required by law. We will retain information regarding your website browsing history for a similar period.
If we are legally required or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions, we may also retain some of your personal information for a limited period of time, even after you have closed your account.
We will retain your information for a short time beyond the specified retention period, to allow for information to be reviewed and any deletion to take place.
How we might share your personal data
We may share your personal data with:
- Our Company as defined in section 1159 of the UK Companies Act 2006;
- Our professional advisers, including, without limitation, our insurers;
- Our suppliers, business partners and sub-contractors;
- Our Third Party Advertisers; and,
- Search engine and web analytics providers.
In the event that we were to sell our business or assets, we may disclose your personal data to any prospective/actual purchaser and/or their advisers.
We may also disclose your personal data where we are subject to a legal obligation to do so, in connection with the prevention or detection of crime, for the purpose of establishing, exercising or defending our legal rights, or where we consider that we receive a valid request for disclosure. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
You should be aware that if we are requested by the police or any other regulatory or government authority investigating suspected illegal activities to provide your personal information or any other information we obtain about you, we are entitled do so.
Our Website and App may, from time to time, contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to these websites.
Where we store your personal data
The information that we collect from you may be transferred to, and stored outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Where we do so, the third country’s data protection laws will have been approved as adequate by the European Commission, or other applicable safeguards are in place.
You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data, clicking the unsubscribe button on any communication we have sent to you, by accessing the customer preference centre or by contacting us.
Where you have consented to us using your personal data, you can withdraw that consent at any time.
If the information we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it.
You also have the right, with some exceptions, to ask us to provide a copy of any personal data we hold about you. If you chose to exercise this right, then in certain circumstances any access request may be subject to a fee to meet our costs in providing you with details of the information we hold about you.
From 25 May 2018, if you have a complaint about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is resolved. In some circumstances you can ask us to erase your personal data if you withdraw your consent, it is no longer necessary for us to use your personal data, you object to the use of your personal data and we don’t have a good reason to continue to use it, or we haven’t handled your personal data in accordance with our obligations.
To exercise these rights or if you have any queries or concerns regarding how we use your personal data, please write to Data Protection, 2 Plummer, Street, Newcastle upon Tyne, NE4 7AB. If you are not happy with our response, you can contact the Information Commissioner’s Office: https://ico.org.uk