We understand that privacy and the security of your personal information is extremely important. This policy sets out what we do with your information and what we do to keep it secure. It also explains where and how we collect your personal information, as well as your rights over any personal information we hold about you.
This policy applies to you if you use our products or services over the phone, online, through our mobile applications or otherwise by using any of our websites or interacting with us on social media (our “Services”). This policy gives effect to our commitment to protect your personal information.
What sorts of information do we hold?
We collect information about you when you register with us or place an order for products or services. We also collect information when you voluntarily complete customer surveys, provide feedback and participate in competitions. Website usage information is collected using cookies.
Information that you provide to us such as your name, address, telephone number, email address, bank account and payment card details and any feedback you give to us, including by phone, email, post, or when you communicate with us via social media;
Information about the Services that we provide to you (including for example, the things we have provided to you, when and where, what you paid, the way you use our products and Services, and so on);
Your account login details, including your user name and chosen password;
Information about any device you have used to access our Services (such as your device’s make and model, browser or IP address) and how you use our Services;
Your contact details and details of the emails and other electronic communications you receive from us, including whether that communication has been opened and if you have clicked on any links within that communication.
Information from other sources such as our retail partners, specialist companies that provide customer information (like credit reference agencies, fraud prevention agencies, claims databases, marketing and research companies) and social media providers as well as information that is publicly available.
How do we use your information?
We use information held about you in the following ways:
To set up and administer your account. To make available our services to you, process your orders for our products or services and ensure goods and services are delivered to the address specified. To take payment from you or give you a refund;
To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
To help answer your questions and solve any issues you have;
To carry out our obligations arising from any contracts entered into between you and us.
To allow you to participate in interactive features of our service, when you choose to do so. To notify you about changes to our service.
To help us understand more about you as a customer, the products and services you consume, and the way you consume them, so we can serve you better;
To help us ensure that our customers are genuine and to prevent fraud;
Keeping you informed about our products and services
We would like to send you information about products and services of ours and other companies in our group which may be of interest to you. Where you have consented to us doing so, we may do this through the post, by email, text message, online, using social media, push notifications via apps, or by any other electronic means. If you have consented to receive marketing, you may opt out later.
Who we might share your information with?
Our service providers
We may pass your personal data to carefully selected partners (third parties) for the purpose of processing your enquiry or order. We work with partners, suppliers, and agencies so they can process your personal information on our behalf but only where they meet our standards on the processing of data and security. We only share information that allows them to provide their services to us or to facilitate them providing their services to you.
Other organisations and individuals
We may transfer your personal information to other organisations in certain scenarios. For example:
If we’re discussing selling or transferring part or all of a business, we may share information about you to prospective purchasers – but only so they can evaluate that business;
If we are reorganised or sold to another organisation, we may transfer information we hold about you to them so they can continue to provide the Services to you;
If required to by law, under any code of practice by which we are bound or we are asked to do so by a public or regulatory authority such as the Police or the Department for Work and Pensions;
If we need to do so in order to exercise or protect our legal rights, users, systems and Services; or
In response to requests from individuals (or their representatives) seeking to protect their legal rights or the rights of others.
International transfers of your information
Access and correction of your personal information
You have the right to access the personal information that we hold about you in many circumstances. This is sometimes called a ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge.
Before providing personal information to you or another person on your behalf, we may ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.
If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it.
Right to stop or limit our processing of your data
You have the right to object to us processing your personal information if we are not entitled to use it any more, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances.
If you would like to exercise these rights, please contact us via one of the mechanisms set out below.
How long do we keep your information for?
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The table below explains the cookies we use and why.
Cookie Name: _ga, _gid
Cookie ID: _ga, _gid
Type of Cookie: Statistics
Purpose of Cookie: Used to distinguish users.
Cookie Name: _gat
Cookie ID: _gat
Type of Cookie: Necessary
Purpose of Cookie: Set by Google Analytics and used to throttle request rate.
Cookie Name: ARRAffinity
Cookie ID: ARRAffinity
Type of Cookie: Necessary
Purpose of Cookie: ARRAffinity is a cookie used to affinitize a client to an instance of an Azure Web App. e.g. if an app is scaled out to 10 instances, and a user accesses it from their browser, the ARRAffinity helps keep the user going back to the same app instance, instead of getting a random instance each time. This can be useful for some apps that keep user state in memory. How do I change my cookie settings?
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
Links to other websites
We take security measures to protect against unauthorised access, improper use, alteration, destruction or accidental loss of your personal information including:
limiting access to our buildings to those that we believe are entitled to be there (by use of passes, key card access and other related technologies);
implementing access controls to our information technology, such as firewalls, ID verification and logical segmentation and/ or physical separation of our systems and information;
never asking you for your passwords;
advising you never to enter your account number or password into an email or after following a link from an email.
When we use third party organisations to process information on our behalf, we will select reliable third parties and processing will be subject to written agreements between ourselves and the third parties processing the data. These written agreements specify the rights and obligations of each party, and will provide that the third party has adequate security measures in place and will only process information on specific written instructions from us.
You also have the right to lodge a complaint with the UK regulator, the Information Commissioner. Please go to www.ico.org.uk/concerns to find out more.