Our privacy principles
We take your privacy seriously.
We are committed to protecting the security of your personal information.
We comply with data privacy laws when using your personal information.
We only use it for lawful reasons you expect or that we explain to you in this document.
We will limit our collection and use to details we really need or which you have provided.
We will explain your rights to control your personal information to you and how to use them.
We want you to understand:
- What personal information we collect about you and where we get it from
- What we do with your personal information
- Who we share your personal information with and why
- Where we send your personal information outside Europe
- How we keep your personal information secure
- How long we keep your information and why
- Your rights and how to use them
- Other details you should know
What personal information we collect about you and where we get it from
We collect most information directly from you when you order or buy from us. We get technical details from the devices you use to access our apps and websites and from cookies which tell us what you look at online, where and when. Like most other websites, our technology also lets us know when and how you use our websites, such as when you have added to or abandoned your basket or filled in a form.
The personal information we collect and use will depend on why we need it. We will only collect the personal information we believe we need to use, or which you have agreed we can collect from you or agreed someone else can share with us, such as PayPal for payment details.
Sometimes we are given information about you unexpectedly, such as from the police, organisations and agencies trying to prevent threats and fraud, and from the public.
What we do with your personal information
We need to collect and use lots of information about you so that you can use our websites and apps, shop in our stores, buy things from us and learn about our offers and new arrivals. We also need to use some details to prevent and detect fraud.
We look at and learn from your browsing, shopping and how you respond to our marketing to understand what sort of customer you are and predict what products we have that you may also be interested in. We try to show you adverts and offers we think you will like tailored to you based on stuff like your location, including what we know about you including through our apps, websites and other websites you visit, relying on the extra understanding about you which ad providers and social media platforms have collected with your consent.
Our use of your details will depend on you and what you are doing: browsing or buying, if you are new to us or a registered customer.
We use suppliers and service providers, such as for delivering orders, or dealing with card checks and payments. These include other group companies and external contractors. We only share the personal details they need to know for their services and we make sure your privacy is respected and protected.
We share personal information with third parties when you have told us that we can share, or them that they can share, or you agree we can share your information, such as when you register to create a custom made product.
We will provide personal information about you to the police, fraud prevention and credit reference agencies when we have to by law, or when we deem necessary to prevent fraud. If we decide to reorganise or sell all or most of our business, your personal information may be transferred to the buyer of the business but we will never sell your personal information to third parties for them to market their products to you.
Where we send your personal information outside Europe
Business for us and many suppliers is international so your personal information may, at times, be handled in a location outside Europe. When this occurs, we take care in ensuring the security of your information. In the event you ask us to deliver your order outside of Europe, we need to send limited details outside of Europe to fulfil this request.
How do we keep your personal information secure
Our people understand how important it is to keep your personal information safe and secure. We take steps online and in store to keep our stores and offices, systems and records secure.
How long we keep your information and why
We will only keep your personal information for a limited period of time. This period will depend on a number of reasons, such whether we still need to deliver to you, or you have an account with us, or we are providing ongoing customer care to you. Sometimes we must also keep your information by law, to deal with a regulator or where required by our insurers. We delete your personal information at your request where possible and we won’t keep it for longer than we should or need to for the provision of a service and for communicating with you.
Your rights and how to use them
You have rights to find out about how and why we use your personal information and to control its use. These include rights to access and correct your details, in some cases to ask us to limit or stop our use of them and even to delete them. Where we use your personal information based on your consent, you have the right to change your mind and you can always unsubscribe from our direct marketing to you, by simply clicking unsubscribe in a marketing email, or in this policy.
Your privacy matters You can get in touch with our Customer Care team for help at email@example.com You also have a right to complain to the UK’s privacy regulator should you feel your rights or the law has been compromised.
- Other details you should know.
From time to time we will update this policy. We’ll always send you a copy in the event of material change but if minor changes are made, we won’t bombard your mailbox. You can, of course, check back here for updates in the mean time!
What personal information we collect about you and where we get it from
The personal information we collect and use will depend on why we need it and whether you are buying or browsing, in-store, or online. The technical term for information about you which identifies you is your personal data. We need lots of different types of information and have explained what categories we collect, why it is needed and where we get it from below. Collection and use of this information is not new and is commonly used by lots of retailers, but explaining this level of detail to you is new!
|Category of personal information
|Examples of your personal information and why we need it|
|Contact information||What: Name, Address, Email Address, Telephone Number, account information (user name, log-in details)
Why: so we can know who you are to get in touch and for contract, legal and payment reasons as well as administering your account with us
Where: from you
|Order information||What: Contact information, together with purchase details, delivery details, payment details, any communications we have about your order or purchase
Why: so we can take your order, take payment for it and make sure it is delivered properly
Where: from you
|Other delivery information||What: Name and address of recipient for delivery, if different from customers
Why:so we can deliver to the person at the address which you have requested
Where: from you
|Payment / card information||What: Name, card issuer and card type, number, issue number, start and expiry dates and cvv code; PayPal details
Why: so we can check the right person is using the right card/account and meet the payment requirements of the card/account issuers; and make sure we are paid for what you buy
Where: from you, your payment /card issuer, your store card provider if used, or Paypal details provided by you
|Legal information||What: Fraud checks or flags raised about your transactions, the payment card you want to use, payment card refusals, suspected crimes, complaints, claims and accidents
Why: so we can protect you, other customers and our business against criminal activities and risks, make sure we understand and can meet our legal obligations to you and others and can defend ourselves
Where: from you, the police, crime and fraud prevention agencies, payment card providers, the public, regulators, your and our professional advisors and representatives
|Preference information||What: Your marketing preferences, your account settings including any default preferences, any preferences you have indicated, such as country, language and currency, the types of products/offers that interest you, or the areas of our website that you visit
Why: so we can make your visits easier and more convenient and make sure you get the information you want from us in the way we think you will like
Where: from you, from our website/app technology interaction with your browser/devices and cookies tracking the pages you visit, the marketing messages you open and the links you follow
|Communications||What: Communications we may have with you, whether relating to an order or not. Please note that we record calls to our customer care centre team. Details of your reviews and how you rate us
Why: so we can deal with your requests, help you, meet your needs and make sure we have accurate records. It also helps us to obtain customer feedback and improve as a result.
Where: from you and occasionally from any third parties involved, such as another visitor to our store
|Voluntary information||What: Any voluntary information you provide us with, such as your date of birth, favourite & worst colour/style, responses to surveys or competition entries; student discount details and social media account details
Why: so we can get to know you better; make our communications with you more personal; get in touch on your birthday; make sure we are not marketing/selling to children; learn and improve from your survey feedback, organise in store events and pick competition winners
Where: from you, your social media account provider and student body, such as Unidays
What: Your customer journey on line and how you use our websites and apps and use your devices when doing so. Whether and when you open our marketing emails and respond to our adverts. When you are on our website, our website technology is able to collect the technical details of your mouse clicks and movements, page scrolling and text content you key in to our online forms but will not collect payment card numbers or name and address type details
Why: so we can understand how many customers use our websites and apps, what works best online and in our marketing and advertising and what we need to change and improve to attract and keep your attention
Where: from you; from our website/app technology interaction with your browser/devices and cookies tracking the pages you visit
|Device information||What: IP address, internet provider, operating system and browser used, type of device, such as laptop or smart phone, device cookie settings and other device details, such as MAC address and the geographic region which your device reports to us that you are located in
Why: so our website and app technology can work properly with your device and make sure you can see and use our intended website and apps on the device you are using
Where: from you; from our website/app technology interaction with your browser/devices
|Marketing information||What: Your customer journey before and after visiting our store from Google beacons. Details of your online browsing activities on our website, such as the pages, products or areas of our website that you visit, or which link has brought you to our website from our email communication. Without getting or knowing the details they collect, benefitting from similar information about your use of other websites which is available to ad providers, social media platforms and Google, who help us to show you on other websites our ads tailored to the category of customer they think you are and which we are targeting. Similar details from use of our apps. Your contact information, historic order information, preference information, voluntary information and online observed information
Why: so we can learn more about you; try to understand the type of customer you are, to predict what you are most interested in, what offers you will like most, tailor our adverts and offers
Where: from you, from our website/app technology interaction with your browser/devices and cookies tracking the pages you visit; without seeing the details collected, from cookies set by ad providers, social media platforms and Google
|Suspected crime information||What: details of your identity, image, name and address, suspected or alleged thefts, fraud, assault or other criminal behaviour
Why: so we can protect customers, the public and our business against risks and crime
Where: from crime and fraud prevention agencies , from you, witnesses, and from the police
So we are clear, cookies are the nickname for tiny text files which some websites pages place on the device you use to access them, to give us encrypted information such as to remember what you have put in your basket when shopping, your preferences, whether you have an account and what cookies you have accepted. They will not collect your name, address and payment card details but send back technical facts. They also help us to understand and sort out technical errors which sometimes happen online. We need cookies to make our websites and your device able to work well together. Some cookies are our own but we also work with carefully selected third parties to help us and who set their cookies from our website pages and to help us run our websites (these are called third party cookies). You will not be able to buy from us online and your browsing experience may not be as enjoyable if you block your device from receiving cookies.
Personal information does not include information where your identity has been removed or is unknown (anonymous data). Some of this information may only be identifiable to you and personal because you are logged in to your account, or because we have collected details of your IP address or the device that you have used to access the website. Where we can, we prefer to show you adverts online which you are more likely to be interested in.
Normally until you buy from us, you are an unnamed user of our website but we want to make you a customer. We work with online advertising partners to do this. They set a cookie from our webpages and this allows them to spot when you use the same device on other websites they publish ads on. They can then make sure you see an ad from us (retargeting). In some cases, the ads you see from us online will be more tailored to you (tailored or behavioural ads). This uses known and observed information about you to try and categorise you and predict what you will want to buy and which offers you will most like (profiling). This will be from our knowledge of you as a customer with us and from your use of our websites but we do not share that detailed information with those advertising partners. In other cases, it will be based on what advertising partners /social media providers know about you from their cookies and use of their websites but we do not receive the detailed information from these websites.
You can get more information about cookies and can change your mind about cookies at any time. if you want more details or to change your mind, see our cookies notice.
What we do with your personal information
We need to collect and use lots of information about you and any devices you use to access our apps or websites for many different reasons but we will only use your personal information when the law allows us to. This will always be for one of these reasons (our lawful basis):
|Legal basis||When we use this basis|
|Contract||This is where we need to use your personal information for a contract reason (to comply with a contract with you, or take steps you have requested to start a contract with you).
|Legal obligation||This is where we must use your personal information to comply with the law, or a binding request like a court order.
|Consent||This is where we use your personal information with your clear consent, you have a complete free choice to say yes or no, and you can change your mind at any time.
|Public interest||This is where we need to use your personal information for an official purpose, or for a reason in the public interest for the greater public good, like cooperating voluntarily with an official police investigation.
|Vital interests||This is where we need to use your personal information in an emergency to protect you (or someone else) from death or serious harm.
|Legitimate interests||This is where, on balance and being fair to you, we have (or a third party has) another good and lawful business reason for using your personal information and we do not need your consent.
By law we must treat special category or sensitive personal data, such as on health or alleged crimes, with even more care and must have an additional reason for collecting and using this type of personal information. Where special categories of sensitive personal information are involved in addition our use will always be for one of these reasons.
|When we use this basis|
|Legal obligation||This is where we must use your personal information to comply with your or our legal rights or obligations related to employment or social protection.|
|Preventative medicine||This is where we need to use your personal information for medical diagnosis or preventative health reasons|
|Substantial public interest||This is where we need to use your personal information in the substantial public interest for the greater public good.|
This is where we use your personal information with your very clear and express consent, you have a complete free choice to say yes or no, and you can change your mind at any time.
|Legal claims||This is where we need to use your personal information to investigate, take advice on bring or defend legal claims.|
|Vital interests||This is where we need to use your personal information in an emergency to protect you (or someone else) from death or serious harm and you are not capable of giving your consent.
We want you to understand why we use the personal information we do and our legal basis for doing so. We explain this here.
Where we can, we will also move from using your information in ‘individual picture’ form about you, to ‘big picture’ form as a member of a group but not as an individual. To do this, we can bunch lots of information on individuals together (aggregation), remove or change details that identify you to make that more difficult or impossible (de-identification, pseudonymisation and anonymization) and change information about people into information about numbers (statistics). This helps us to protect your privacy whilst having the information we need to run our business and comply with our obligations. We can use the details for research, statistical analysis, and reports.
|Why we use your personal information||Lawful basis for use|
|All personal information||Sensitive personal information|
|To check stock for you, put it on hold, arrange to send it to your local store and keep you updated on this
|To accept your orders, check and take payment, deliver your order and communicate with you about it. This may include a gift delivered to another person or delivery to another address if you want
Dealing with returns, replacements and refunds we are obliged to deal with
You may want to use any optional delivery tracking or confirmation facility or update options we offer. This mean sharing additional contact information for you with our delivery partners and you using their delivery systems
Dealing with returns, replacements and refunds we are not obliged to deal with
Contract; Legal obligation
|To accept card payments, we need to comply with anti-money laundering legal obligations and comply with the rules of the card issuers eg Visa to make sure we get paid
This means checking your identity and that your use of the card appears lawful by checking with credit reference agencies and fraud prevention agencies who may keep records of this and of any concerns. We use specialist payment providers to help with this.
Preventing and detecting crime is important to everyone and any concerns may be shared with law enforcement agencies
|Legitimate interests; Legal obligation||Substantial public interest; Legal claims
To ask you about student discount registration, fill in surveys, provide feedback and deal with your queries and requests
To learn from your feedback and improve
|To deal with your queries, requests and respond to any customer care concerns.
To provide you with information about your order or request we think you need.
Sometimes this will be where this involves a legal right or obligation we must comply with and unusually this may relate to legal claims
|Legitimate interests; Legal obligation
|To provide you with Wi-Fi in our stores to make you more likely to visit and stay shopping with us||Legitimate interests
To respond to your personal shopping requests, book appointments and provide personal shopping services
|To set up your account with us and run it to make your online shopping experience quicker and easier for you, including dealing with related requests and changes and communications
Storing any payment card details with your consent
|Legitimate interests; Explicit consent|
|Managing any accidents, injuries or health incidents which occur in store.
Meeting our health and safety legal obligations.
Dealing with any related insurance or legal claims
|Legitiamte interests; Legal obligation; Vital interests||Vital interests; Preventative medicine; Legal obligation; Legal claims; Substantial public interest
|Managing any suspected fraud, shoplifting or other suspected criminal activity involving or affecting you
Responding to warnings and providing details to law enforcement and fraud prevention agencies to investigate, prevent and detect crime.
Dealing with any related insurance or legal claims
|Legal obligation; Legitimate interests
|Legal claims; Substantial public interest
|To keep evidence of our dealings with you to comply with our legal obligations, including on accounting, taxation and data privacy
To keep records for risk management and insurance purposes
|Grouping individual records together in large numbers to analyse them to understand customer group interests, trends and changes across the customer base.
This needed to run our business efficiently, including ordering stock and organising supplies and adjusting resourcing such as for in store staff / delivery coverage to meet demand
|To keep our systems, websites and their use under continual review to check and maintain their integrity and security and proper operation and continually improve their efficiency
Meeting our obligations to secure personal information
|Legitimate interests; Legal obligation|
|To authenticate users, account holders and ensure use of our website complies with our terms and policies
|Legitimate interests; Legal obligation|
|To deal with our legal obligations, such as on product recalls, and binding requests for information, such as from courts
|Legal obligation||Legal claims|
|To cooperate with and disclose information to law enforcement and official agencies and government, regulators courts and other parties even where not legally binding.
This is where we believe it is needed to prevent or detect crime, or help with legal compliance or good governance
This includes where we take professional advice to understand and deal with our legal rights and obligations and dealing with our insurers
|Legitimate interests; Public interest||Substantial public interest
|To deal with the reorganisation or sale if our business or part of it and sharing details needed with buyers and their professional advisers
Marketing based on our legitimate interests is to try to …
o try and categorise you, predict more accurately what you will want to buy, what offers and ads you will prefer and provide you with those tailored offers and ads we think you will like most
o generate new customers and convert possible customers into actual customers
o convert browsers to shoppers
o encourage current customers to buy more goods from us or buy more frequently
o encourage customers also to buy in store if they only buy online, or to also buy online if they only buy in store
o generate income and profit to run our business
o fund our development of new exciting products for you
o pay to attract, retain and expand our amazing and talented staff who we need to do this
Marketing based on consent…
Where we carry out marketing this will be based on our legitimate interests unless by law we need your consent or have chosen to ask for consent anyway. In the event you have placed an order, query, request or flagged an issue, we will still need to keep in touch. We won’t market to you but contact you regarding the relevant issue.
Where we have explained that our use of your personal information is needed for us to comply with a legal obligation, or to start or comply with a contract with you, if you refuse to provide those details, on most occasions, we won’t be able to accept your order or continue to deal with your purchase or delivery.
Who we share your personal information with and why
We do not sell your personal information to third parties for them to market their products to you but, on occasion, we do need to share some of your details with third parties.
We need to work with other group companies, suppliers and professional service providers as they help us to run our business and look after you. In these cases, we only share the personal details they need to know for their services and work closely with them to make sure your privacy is respected and protected. They must keep your details confidential and secure and only use them to provide the help we have agreed with them or as allowed by law.
We are a dynamic business in a fast moving industry and as you can imagine, the help we need can change quickly and over time. We work with lots of suppliers and service providers and these also frequently change. So that you understand where this can affect your personal information, we have provided more details.
|Who we share your personal information with and why|
|Who we share with||Why we share it|
|Group companies||We are part of the Arcadia group of companies and different companies within the group help with different functions. For instance:
Where we have two or more of our brands sharing a single store, and you buy products from one brand but pay at another brand’s checkout, the brand who you buy from will share details about your in store purchase with the brand whose products you buy
|External suppliers||We use external suppliers to help us with:
|Store cards and credit providers||We will need to share agreed personal information about your purchases with third parties providers, such as:
Their privacy policies apply to their use of your details.
|Event, discount registration and account providers||We can share personal information with third parties for discount verification, registered account management, event management or where you have told us, or them, we can share it. This includes:
|Other retailers||Where we operate a concession in another retailer’s store, their systems record your personal information. Unusually, there may be an incident involving you where we need to provide them with details about you to prevent and detect crime or help them to deal with legal claims or obligations|
|Third party content and links on our websites*||
|Law enforcement, credit reference and fraud prevention agencies||We will provide personal information about you to:
if we must by law, or when we think it is necessary to prevent fraud, or protect you, our staff, business or other customers, from threats, theft or, fraud
|Business buyers||If we decide to reorganise or sell all or most of our business:
|Other recipients||We may also disclose your personal information where needed to comply with a legal obligation, to enforce a contract or to protect the rights, property or safety of you, our employees, customers or others, or where permitted by law and needed to help others to do so.
*The way the internet works means that to show you our banners and adverts especially on other websites and apps, we must work with third party ad exchanges, networks and online platforms. They must comply with their data privacy obligations, make their policies available to you and allow you to change your mind about their cookies and use of your information. We are not responsible for their use of your personal information or websites.
How do we keep your personal information secure
We take specific steps required by data privacy law to take appropriate care of your personal information, whether online or not. This is to protect it against theft or other loss, being corrupted so we cannot use it properly or at all and to stop people who should not be able to see or use it from doing so.
How long we keep your information and why
We will only keep your personal information for a limited period of time. This will depend on a number of factors, including:
- whether you have placed an order with us, or have a registered account with us;
- any laws or regulations that we are required to follow;
- whether we are dealing with a current request, customer care issue or complaint;
- where there is a legal or other type of dispute involving or affecting you;
- the type of information that we hold about you; and
- whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.
We will keep your personal information during the period that you are a customer with us and then for as long as is necessary in connection with both our and your legal rights and obligations. This may mean that we keep some types of personal information for longer than others. Generally, if you are an inactive customer we will remove your account after 18 months.
Your rights and how to use them
You have rights to understand and control use of your personal information. These rights only apply to your own personal information. For all these rights:
- we must be able to verify your identity;
- your request must not impact the privacy rights of other people;
- Your request must not be excessive, very unreasonable or repeated [too often].
- They cannot clash with the provision of a service (for example submitting a right to erasure when we are processing an order from you)
Many rights have limitations and exceptions, for instance, we do not have to provide you with legally privileged advice involving your personal information.
|Your right||What does it mean?||Limitations and conditions of your right|
|Right of access||You are entitled to have access to your personal information and specific information about its use by us (this is more commonly known as submitting a “data subject access request”).||You should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations.|
|Rights in relation to inaccurate personal or incomplete data||You may challenge the accuracy or completeness of your personal information and have it corrected or add details to make it complete.
You must inform us of changes to your personal information. Please notify us of any changes as soon as they occur, including changes to your contact details.
|Where available, please use any self-help tools to correct the personal information we use about you.
When exercising this right, please be as specific as possible.
|Right to object to our use of your personal information
|You have the right to object to our use of your personal information.||This general right applies where our use of your personal information is needed based on legitimate interests and there is something about your particular situation which makes you want to object to processing on this ground.
We will then consider your request.
|Right to object to direct marketing||You can change your mind about direct marketing at any time. This may mean changing your mind about our app, or receiving our emails, or all direct marketing.||Click unsubscribe at the bottom of any email.|
|Right to object to important computer only decision making affecting you||If we have explained that we use any computer only decision making to make important decisions affecting you, you have the right to challenge those decisions and have a real person take another look at them to make sure they were right.||The second look at the decision by a real person may result in the same decision the computer made.|
|Right to restrict our use of your personal information||You are entitled to limit our use of your personal information for so long as we are considering any request you have made for us to correct or complete your personal information, or to consider an objection you have made to our use of it based on legitimate interests.
You can also request us to limit our use permanently in some cases.
|The temporary restriction on our use will end when we have dealt with your request for correction or completion of your personal information or we have made a decision on further use following your objection.
If we agree that we should stop that use of your personal information, or in limited other cases, the limitation will become permanent.
The impact of the restriction is limited to personal information affected by the request/use.
|Right to erasure||You are entitled to have your personal information deleted or destroyed, such as where your personal information is no longer needed for its intended use.||We may not always be able to erase your personal information completely, such as were we still need it to comply with a legal obligation, or to deal with legal claims.|
|Right to withdrawal of consent||Where our processing of your personal information is based on your consent, you have the right to withdraw your consent at any time.||If you withdraw your consent, this will only affect future use of that personal information.|
|Right to data portability||You are entitled to receive the personal information which you have provided to us and which is used by us in a commonly used format to help make it readily re-usable.||This right only applies where we are using the personal information you have provided based on your consent or on our contract with you.|
To unsubscribe, or change your mind about receiving our marketing, you can:
- use the unsubscribe link in our emails
- email our Customer Care team firstname.lastname@example.org
- call our Customer Care team 0141 630 0640
- write to us at Unit B3 30 Glenwood Place, Glenwood Business Park, Glasgow, Strathclyde, G45 9UH
We are committed to protecting your privacy, so we have appointed a Data Protection Officer and have a Data Protection Team to help. If you wish to exercise any of these rights please contact our Customer Care team by emailing email@example.com
You also have the right to lodge a complaint with the UK data privacy regulator.
Other details you should know.