Your Privacy, Protected
Last Updated: May 24th 2018
When you interact with us, online or instore, we automatically collect your personal data – data which can be used to identify you, and in turn enhance your customer experience with us.
This Privacy Notice explains the types of personal data we may collect; informs you about your rights; and also explains how we’ll store and handle that data, and keep it safe.
The types of personal data we collect
- If you order from us or create an online account with us we will collect your full name and personal details including contact information (e.g. home address and address history, email address, home and mobile telephone numbers)
- Details of your instore/online/contact centre interactions. (e.g. your purchases, items viewed on our website and how and when you contact us)
- Visits to our websites and which site you came from to ours.
- Your comments and product reviews.
- Your social media username – if you interact with us through those channels – to help us respond to your comments, questions or feedback.
- Your image may be recorded on CCTV when you visit a store.
- Technical information about your internet connection and browser; where your computer is located; web pages viewed during your visit; advertisements you clicked on; search terms you entered – in turn you’ll enjoy the best web experience possible.
- When subscribing to our marketing emails from the DLX website, we will collect your IP address for security purposes.
We collect your personal data when you:
- Visit our website.
- Give us your details in store.
- Create a DLX account online.
- Make an online purchase.
- Purchase a product in store.
- Engage with us on social media.
- Contact us with queries, complaints etc.
- Complete any DLX surveys.
- Enter prize draws or competitions.
- Comment on or review our products and services.
- Fill in any DLX forms.
- Give a third party permission to share your information.
- Visit one of our shops and are recorded on our CCTV systems.
Using your personal data: the legal bases
We’ll process your personal data:
To perform our contract with you
For example, if you order an item for home delivery, we’ll need your address details for our courier.
For our own legitimate interests
We may require your data to pursue our legitimate interests as part of running our business (and which does not materially impact your rights, freedom or interests). For example, we will use your purchase history to send you or make available offers. We also combine our customers’ shopping history to identify trends and ensure we can satisfy demands, or develop new products/services.
To comply with a legal obligation
For example, we can pass on details (to law enforcement) of people involved in fraud or other criminal activity affecting DLX.
Based on your consent
For example, when you request us to pass on your personal data to other people or organisations such as a company handling an order/service on your behalf; or to send you marketing communications where we’ve asked for your consent to do so.
How we use your personal data and why:
- To respond to queries and refund requests. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests.
- To process online/instore orders. We collect your personal data to process your order and comply with our legal obligations.
- To improve our services based on your feedback.
- To share website content that’s tailored to your interests (we’ll use data we hold about your favourite products etc.).
- To develop, test and improve the systems, services and products we provide to you. We’ll do this on the basis of our legitimate business interests.
- To safeguard our business and your account from fraud and other illegal activities. We do this as part of our legitimate interest.
- To protect our customers, premises, assets and staff from crime (our CCTV systems record images for security). We do this for legitimate business interests.
- To prevent fraudulent transactions. We do this on the basis of our legitimate business interest (also helps to protect customers from fraud).
- To inform you about communications required by law. If we do not use your data for these purposes, we would be unable to comply with our legal obligations.
- To send our existing customers relevant, personalised communications in relation to updates, offers, services and products. We’ll do this for legitimate business interest – and you are free to opt out at any time.
- To update you on products and services including special offers, discounts, promotions, events, competitions etc (in this instance, we will only use your personal data with your consent – and you are free to opt out from hearing from us at any time).
- To comply with our contractual or legal obligations to share data with law enforcement.
By doing all of this we form a better picture of you (your likes and dislikes) – and in turn you will enjoy the best possible customer experience. We use this data to offer you promotions, products and services that are most likely to interest you. The data privacy law allows this as part of our legitimate interest in understanding our customers.
To change how we use your data, please see the ‘Your rights’ section (if you choose not to share your personal data with us, we might not be able to provide some services you’ve asked for).
Sharing your personal dataWe may share your personal data with trusted third parties such as:
- Fraud prevention agencies.
- Operational companies such as delivery couriers.
- IT companies who support our website and other business systems.
- Direct marketing companies who help us manage our electronic communications with you.
- Anyone else where we have your consent or where it is required by law.
Sharing your data with third parties for their own purposes – we will only do this in specific circumstances, for example:
- We may need to disclose your personal data to the police or other enforcement, regulatory or government body, in your country of origin or elsewhere (upon a valid request to do so).
- For further information please contact our Data Protection Office.
Our policy to protect your data privacy and keep it safe:
- We only supply the information a third party needs need to perform their specific services.
- Third parties may only use your data for the exact purposes we specify in our contract with them.
- We work closely with third parties to ensure that your privacy is respected and protected at all times.
- If we stop using a third party’s services, any of your data held by them will either be deleted or rendered anonymous.
We use the following companies to help personalise your online journey:
- Affiliate Future
- Emarsys – ScarabResearch
- New Relic
How we protect your personal data
- We treat your personal data with the utmost care and take all appropriate steps to protect it.
- We secure access to all transactional areas of our websites using ‘https’ technology.
- Access to your data is password-protected, and sensitive data (such as payment card information) is secured by SSL encryption – we will never store your payment card information.
- We regularly monitor our system for possible vulnerabilities and attacks.
How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. Your data will then either be deleted completely or anonymised (e.g. when you place an order, we’ll keep the personal data you give us for up to five years so we can comply with our legal and contractual obligations).
You have the right to request:
- Access to the personal data we hold about you, free of charge in most cases.
- The correction of your personal data when incorrect, out of date or incomplete.
- That we stop using your personal data for direct marketing (either through specific channels, or all channels).
- A stop to any consent-based processing of your personal data after you withdraw that consent.
- A review by a member of staff of any decision made based solely on automatic processing of your data.
- A copy of any information about you that DLX holds, and also to have that information corrected if it is inaccurate.
You have the right to request a copy of any information about you that DLX holds at any time, and can also have that information corrected if it is inaccurate. To ask for your information, please contact Data Protection Department, 149 Vermont Street, Glasgow G41 1LU, or email firstname.lastname@example.org. To ask for your information to be amended, please update your online account, or contact our Customer Services team.
(Please note: If we choose not to action your request we will explain to you the reasons for our refusal)
Withdrawing consent rights
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Legitimate interest rights
If we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason.
Direct marketing rights
You can stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Your identity rights
We will ask you to verify your identity before proceeding with any request you make under this Privacy Notice (to protect the confidentiality of your information). If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
To stop the use of your data for direct marketing, either:
- Click the ‘unsubscribe’ link in any email communication that we send you.
- If you have an online account, click on ‘Account’, log in and change your preferences.
- Write to Data Protection Department, 149 Vermont Street, Glasgow G41 1LU
(Please note: you may continue to receive communications for a short period after changing your preferences while our systems are fully updated)
Contacting the Regulator
If you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
Contact: 0303 123 1113
(Please note: If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence)
Please contact our Data Protection Department and they will be pleased to help you.
Write: Data Protection Department, 149 Vermont Street, Glasgow G41 1LU