Privacy Policy - How we use your information

Who are we?

Robert Dyas Holdings Limited (“we") are committed to protecting and respecting your privacy.

This notice (together with any terms of use on our website, any contracts between us and any other documents referred to in this notice) sets out the basis on which any personal data we collect from you, that you provide to us, or that we obtain about you from other sources, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting any of our websites, or by providing us with any information about yourself, you are accepting and agreeing to the practices described in this notice.

For the purpose of and thereafter the General Data Protection Regulation (Regulation (EU) 2016/679, the “GDPR”) as amended, supplemented or replaced from time to time (“Data Protection Law”), the data controller is Robert Dyas Holdings Ltd, with registered company number 04041884 and registered address Fourth Floor, 1 St. Georges Road, Wimbledon, London. SW19 4DR.

We have appointed a Data Protection Officer for the purpose of Data Protection Law who is contactable at: Fourth Floor, 1 St. Georges Road, Wimbledon, London. SW19 4DR or by email at GDPRenquiries@robertdyas.co.uk.

Which companies are part of the Theo Paphitis Retail Group?

Theo Paphitis Retail Group encompasses Ryman Limited, Robert Dyas Holding Limited, Boux Avenue Limited and London Graphic Centre.

  • Robert Dyas Holding Limited began as an ironmonger’s 150 years ago, but today Robert Dyas sells a huge range of home and garden items in 93 stores and a vast online shop, from kitchen electricals to outdoor furniture and everyday essentials.
  • Ryman Limited are the market-leading stationery and office supplies specialists on the high street.
  • Boux Avenue Limited specialises in lingerie, swimwear, nightwear and activewear.
  • London Graphic Centre Limited is considered a premier destination for art and graphic supplies and is the largest art and graphic supplies store in Prime Central London, located in the heart of the busy Covent Garden shopping district.

When do we collect information from you?

  • When you visit any of our websites, and use your account to buy products and services.
  • When you make an online purchase and check out as a guest or when you purchase a product or service in store or by phone.
  • When you create an account with us or when you join our loyalty programme.
  • When you shop online, we may capture information through cookies and similar technologies, you can manage these when you visit our site.
  • When you engage with us on social media, discussion boards etc. or enter prize draws or competitions or participate in surveys or review our products and services.
  • When you contact us by any means with queries, complaints etc.
  • When you fill in any forms.
  • When you subscribe to our marketing.
  • When you apply for a job via our site.
  • When you’ve given a third-party permission to share with us the information they hold about you.
  • When you use our shops or their car parks which usually have CCTV systems operating for the security of both customers and colleagues. These systems may record your image during your visit. In cases of body worn cameras, they may also record your voice.

What information do we collect about you (from you and from third parties)?

  • Personal Identification: Personal details such as your name, address, date of birth, email address, phone number. Copies of documents you provide to prove your age or identity where the law requires this (including your passport and driver's licence). This will include details of your full name, address, date of birth and facial image. If you provide a passport, the data will also include your place of birth, gender, and nationality.
  • Account information: Your username, password, loyalty card number and other identifiers you use to access your account. Any items you may have added to your Wish List.
  • Transaction & order information: Products you purchased, their price, billing/delivery address, orders, receipts, your method of payment and your payment details which are anonymised as per PCI DSS recommended standards.
  • Marketing information: Your marketing preferences, open rates, click through rates on email marketing campaigns and SMS marketing campaigns using Pixels.
  • Information obtained from your interactions with us: Details of your interactions with us through contact centres, in store, your comments and product reviews, your social media username if you interact with us through those channels, to help us respond to your comments, questions or feedback.
  • Browsing & cookie information: Details of your visits to our websites, and which site you came to ours from. Information gathered using cookies in your web browser. Learn more about how we use cookies and similar technologies.
  • Technical information: To deliver the best possible web experience, we collect technical information about your internet connection and browser as well as the country where your computer is located, the web pages viewed during your visit, the advertisements you clicked on, and any search terms you entered.
  • Surveillance/monitoring: Your image may be recorded on CCTV when you visit a shop or car park. We may also record audio when body worn video is in use.
  • Third party information: We may use personal data from other sources, such as specialist companies, media partners, retail partners and public registers (such as the electoral register). When we work with specialist companies that provide us with personal data about you, they'll have told you about this data sharing at the time it was collected. We use this and our own data to better understand our customers. We also use this personal data to make sure we have up-to-date details about you. We don't give personal data we’ve collected or created from you back to these companies.
  • Special categories of personal data: If you provide us with any of the special categories of personal data (that is to say information as to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sex life or sexual orientation or genetic or biometric data) or personal data relating to criminal convictions and offences in relation to a job application or in the context of your work with us, the information will only be used so that we can monitor our compliance with the law and best practice in terms of equal opportunities and non-discrimination and, where applicable to review and keep under review your ability and suitability to carry out the work for which you may be employed and any health and safety issues.

Why do we need this information and how do we use it?

To deliver our services

  • Better shopping experience: We want to ensure you have a positive experience every time you shop with us, to do this we need to provide the goods or services you have asked for, take payment from you, and manage any refunds or charges, communicate with you about key information directly related to the product or service we are providing you with.
  • Loyalty programme: We need to register and maintain your Loyalty account and provide you with access to your order history, marketing preferences, your points, and other rewards.
  • Customer service: Provide and manage our customer service relationship with you, for example, when you communicate with customer services in-store, via the customer contact centre or through online feedback forms.
  • Customer feedback: Invite you to provide feedback on our products and the service you have received, then use your feedback to understand your views on our products and services.
  • Personalised experience: We want you to have an experience that is personalised to you, for example we may use your location to show you products which are available in your local store, ensure your orders and parcels are ready for you when you arrive in store, remind you of favourite items you may have forgotten in your basket.

To understand you better

  • Your needs: We want to ensure we’re constantly delivering the very best for you, to achieve this, we may use information to understand how our products and services are performing, and what changes we should make, who our customers are, and what kinds of things they like, how different groups of customers shop with us, how to best meet and exceed your expectations etc.
  • Understand you across all our channels: We want to know who you are and want to provide you with an ecosystem of offers relevant to you across all our channels. To do this, we combine information across all our services using various identifiers such as name, email address, phone number etc.
  • Improve our partnerships: We partner with other retail stores, companies within the TPRG group (further information provided in the privacy notice about the companies that form part of the group) etc, to provide you with offers, services that we may not directly provide but think could be useful to you. We’re always looking to understand how we can make these partnerships better.

To market relevant products & services

  • Personalised marketing: We may contact you with personalised offers about products and services we think you'll love by email, SMS or post.
  • Personalised ads on our sites and on other sites: When you’re shopping online, we may display offers, suggestions, and news about products and services we believe are most relevant to you. You may also see our ads on other sites, we routinely partner with social media and advertising partners who may show our advertising on their platform and help us to understand the effectiveness of our advertising.
  • Understanding & improving our marketing: We want to understand the effectiveness of our marketing, for example to know what types of customers have responded well to a particular event, or whether customers responded to an offer, so we can market the right product and services to our customers.

To manage and improve our operations

  • System maintenance: There’s a lot of technology powering what we do, from the systems that keep our stores stocked to the websites you interact with when you shop online.
  • Use of your interaction with us: To deliver a robust customer service, we review your interactions with us and identify areas we could do better.

To manage safety, security, and our legal obligations

  • Legal obligations: We may need to process information to comply with a legal obligation, or defend, manage, or process legal claims.
  • Fraud & Theft: We continuously monitor for, and respond to, fraudulent or suspicious activity so that we can protect our property and assets and protect our customers and their accounts when shopping online.
  • CTV: We capture CCTV footage from cameras operating at all our sites and at times on body worn cameras to protect the safety and security of our customers, colleagues, suppliers, and visitors, protect our assets and investigate incidents and learn from them.

Visitor management

  • If you’re a visitor, rather than a customer, at one of our sites we’ll make a record of your visit allowing us to effectively manage your safety and security of our site during your visit.

Security or other incidents

  • In the unlikely event if you are involved in a safety or security incident, we collect information to allow us to investigate and record the incident.

How do we justify the collection of this information?

Data Protection Law requires us to meet at least one “legal ground” for processing, currently set out in Article 6 of the General Data Protection Regulation. The grounds applicable to the personal data to which this notice relates are:

Performance of a contract

  • Where the processing is necessary for us to perform a contract that you are party to, or to take steps at your request prior to entering a contract, example we use your personal information to process your orders and payments or to give you a refund, send communications to you about your orders, purchases or accounts and bill you for using our products or services, to administer your Loyalty account.

Legal obligation

  • Where the processing is necessary for compliance with a legal obligation to which we are subject for example we need to identify you when you contact us, verify the accuracy of data that we hold about you or assist HMRC and/or the Police and/or other regulatory bodies in relation to an investigation by a public authority.

Vital Interest

  • In certain circumstances it is in your vital interests for us to process your personal information. We may need to contact you if there are any urgent safety or product recall notices or where we otherwise reasonably believe that the processing of your personal information will prevent or reduce any potential harm to you.

Legitimate interest

  • Where processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party. As a Company we are often required to process your personal data in order to carry out certain tasks relating to our business activities. In such cases, processing of personal data can be justified on grounds of legitimate interest.
  • Communications

    • To provide customer support and to respond to, and communicate with you about your requests.
    • To contact you if we need to obtain or provide additional information.
    • To check our records are right and to check every now and then that you’re happy and satisfied (e.g., customer surveys).
    • For marketing activities (other than where we rely on your consent) e.g., personalising marketing messages through social media and other third-party platforms.
    • To comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this to be able to comply with your request).
    • To interact with you through social media.
  • Personalise & Improve our Service

    • To personalise your experience on our online services.
    • To help us understand more about you as a customer, the products, and services you use, the way you use them and how you shop across the group.
    • Improve the content and appearance of the Website(s), and to make sure that content is presented in the most effective manner for you.
    • To operate, evaluate and improve our business, including the development of new products and services; to determine the effectiveness of our sales, marketing, and advertising; and the analysis and improvement of our products, offers, and promotions.
    • To show you relevant ads by using data collected from your devices, including your searches, location, ads that you have seen and personal information that you have given us, such as your age range, gender, and topics of interest. Depending on your Ads Settings, this data informs the ads that you see across your devices. So, if you visit our website on your computer at work, you might see ads about our products or services on your phone later that night.
    • Provide you with a seamless experience across all our services and channels. This means a more joined up customer experience whether you are shopping in-store, online or over the phone.

Consent

  • If you have given your consent to our processing the data for example we use email, text messages and post to communicate with you about our products and services, competitions, offers, promotions, or special events.

Who do we share this information with and why?

To achieve the purposes mentioned in this Privacy and Cookies Policy, we must give access to your personal data to members of the Theo Paphitis Retail Group and to other third parties that provide us with support or collaborate in delivering the services that we or our partners offer you.

Selected third parties including:

  • If you choose to pay using one of Klarna’s payment options, we will pass some of your personal information (such as name, delivery address, billing address (if different), email address, and order details) to Klarna so they can assess whether you qualify for their payment options and tailor the payment options for you. Your personal data is handled by Klarna in accordance with applicable data protection law and in accordance with the information in Klarna’s Privacy Policy.
  • Payment services providers for the purposes of authorising funding of the orders you place.
  • Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. This requires you to accept our cookie policy when you first visit our website.
  • Companies that provide insights and analytics services for us so we can stock the right products, send the right marketing campaigns, and understand our business and customers better.
  • Analytics and search engine providers that assist us in the improvement and optimisation of our site.
  • Marketing partners to send emails or SMS messages on our behalf, and/or for co-branded and/or co-sponsored marketing and promotional events (such as conference events) offered in conjunction with another company or companies. If you register for or participate in such marketing and promotional events, we and the relevant partner companies may receive information collected in conjunction with the co-branded and/or co-sponsored marketing and promotional events. Our Privacy Notice will apply to our use of your personal information. We have no control over any other companies’ privacy practices, so please read their applicable privacy policy.
  • Social media partners (who may act as independent/joint controllers in certain cases), advertisers and advertising networks, who may act act as independent/joint controllers, (e.g. Google, Facebook & Instagram (aka Meta), TikTok, Microsoft and others) that require the data to select, serve and report on the effectiveness of relevant adverts to you and others. Personal data shared with these marketing providers for targeting and reporting will be pseudonymised where possible and only where opted into marketing communications (both online and through signing up in store/registering an account). We may also provide aggregate information to help advertisers reach the kind of audience they want to target.
  • Advertising to "lookalikes": We work with our retail partners to find potential customers who "look like" our existing customers on platforms such as Facebook and Google for advertising purposes ('platform'). To do this, we use information about your general shopping habits (and those of similar households) to create large groups of customers that may be interested in seeing different advertisements of retail partners. If you're within one of these groups for a given campaign, we may share some basic data about you (and the other customers in the group) with the platform. This is so that the platform can find and show adverts to other users of its platform who have similar interests to you. The data we share for these purposes will be pseudonymised to protect your identity and is promptly deleted in line with our retention policy and that of our partners . You can stop our use of your data in this way by opting out of all marketing or unsubscribing from our marketing emails. You can also opt out of being included in a platform's lookalike audiences directly via them.
  • When we work with specialist companies that provide us with personal data about you, they'll have told you about this data sharing at the time it was collected and in their privacy notices. We use this and our own data to better understand our customers. We also use this personal data to make sure we have up-to-date details about you. We don't give personal data we’ve collected or created from you back to these companies.
  • If required by law, under any code of practice by which we are bound by, or we're asked to do so by a public or regulatory authority such as the Police or the Department for Work and Pensions.
  • Information may also be shared with fraud prevention agencies to prevent fraudulent claims.
  • If we need to do so in order to exercise or protect our legal rights, users, systems and services.
  • In response to requests from individuals (or their representatives) seeking to protect their legal rights or the rights of others.
  • With emergency services (if you make an emergency call), including your approximate location.
  • Companies that enable us to collect your reviews and comments, both online and offline.
  • Third party vendors who help us to manage and maintain the Group IT infrastructure.

Additionally, we may disclose your personal information to third parties:

  • If we outsource any aspect of our business or systems, then we may disclose your personal data to our service provider(s).
  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If we or a substantial part of our assets are acquired by a third party, in which case personal data held by us about our customers may be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply the terms of any agreement or policy to which we are a party, or to protect the rights, property, or safety of our business, our customers, or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

How do we secure this information?

We know how important it is to protect and manage your personal data. We use technical and organisational security measures to protect the personal information supplied by you against loss, destruction, and any unauthorised access by third parties. This section sets out some of the measures we have in place:

  • We make sure staff are trained and rules are in place to make sure that data is used in line with our data protection and information security policies.
  • We have physical protections and digital/electronic systems in place to keep what we hold secure.
  • When data is moved or transferred, we make sure it's encrypted.
  • We use computer safeguards such as firewalls and data encryption to keep this data safe when it's not being moved.
  • We only allow access to colleagues and trusted partners.
  • Systems are proactively monitored for possible weaknesses, and we carry out tests (penetration testing) to see what can be improved.
  • We ask for proof of identity before we share your personal data with you.
  • Any payment transactions will be encrypted as per the PCI standards. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential, and for all use made of your account with such password. We ask you not to share a password with anyone.
  • All appropriate organisational and security measures have been implemented to prevent unauthorised access and to ensure transmission of information is secure. As information is transmitted via the internet, any transmission is at your own risk.

Where do we store this information & international transfers?

The data that we collect from you will be stored on our servers or those of our service providers in the UK/EEA. From time to time, we may transfer your personal information to our suppliers, service providers and other company offices based outside of the European Economic Area (EEA) for the purposes described in this privacy policy.

If we do transfer information to our suppliers, agents or advisers outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We'll use one of these safeguards:

  • We'll transfer it to a non-EEA country with privacy laws that give the same protection as the EEA i.e., the country in question has been deemed by the European Commission to provide an adequate level of protection for personal data. Learn more on the European Commission Justice website.
  • We'll put in place a model contract with the recipient that means they must protect it to the same standards as the EEA. Read more about this on the European Commission Justice website.

How long do we store the information for?

Our policy is to ensure that personal data is only stored for as long as is necessary for the purposes set out in the section titled “Why do we need this information and how do we use it?”. This may vary according to the type of information and the specific applicable purpose(s). We have a detailed data retention and destruction policy which governs the length of time for which we hold your data in personally identifiable form. The timing of our retention, anonymisation and/or destruction of your personal data is determined according to the criteria set out in that policy. We can provide you with relevant details applicable to your data on request – please see the section below to understand how to request this information.

What are your rights and how do you exercise these?

You have various rights under Data Protection Law. These include:

  • The right to ask us not to process your personal data for direct marketing purposes, even if you have given consent; You can click onto the "unsubscribe" link in any communication that we send to you by email or reply with "STOP" in SMS marketing message we send you which will automatically unsubscribe you from that type of communication. Each "unsubscribe" link only relates to that specific type of communication. Please also note that you may continue to receive Service communications in relation to the product and services we have sold to you.
  • If our processing is based on your consent, the right to withdraw any consent you may have given for our processing of your data – if you exercise this right, we will be required to stop such processing if consent is the sole lawful ground on which we are processing that data;
  • The right to ask us for access to the data we hold about you also known as Subject Access Request;
  • The right to ask us to rectify any data that we hold about you that is inaccurate or incomplete;
  • The right to ask us to delete your data in certain circumstances;
  • The right to ask us to restrict our processing of your data in certain circumstances;
  • The right to object to our processing of your data in certain circumstances; Where we rely on our legitimate interests, as set out under “How do we justify the collection of this information?”, you may object to us using it for these purposes. If we agree that your objection is justified in accordance with your rights under data protection laws, we’ll permanently stop using your data for those purposes. Otherwise we’ll provide you with our justification as to why we need to continue using your data.
  • In certain circumstances, the right to require us to give you the data we hold about you in a structured, commonly used and machine-readable format so that you can provide the data to another data controller.
  • You have the right not to be subject to a decision based solely on automated processing.

You can exercise any of the rights set out above, free of charge, by clicking here.

In respect of certain of the rights referred to above, we may need more information from you, which we will ask you. We are required by law to confirm your identity before sharing any data with you as such please make sure you provide one proof of identity (we suggest either a utility bill in your name or your driver's licence, but other similar formal documents may be accepted, please note the documents cannot be older than 6 months) as part of your request.

Under certain circumstances, we may be required by law to retain certain information.

Please also note that if you submit unfounded or excessive (for example repetitive) requests to exercise any of these rights, we reserve the right to make a reasonable charge for providing the requested information or taking the requested action, or to decline your request.

You also have the right to lodge a complaint with the Information Commissioner’s Office (www.ico.org.uk) if you are concerned that we are not respecting your rights under Data Protection Law. The Information Commissioner’s Office is the authority in the UK which is responsible for overseeing the application of, and enforcing, Data Protection Law.

Accessing your data

You have the right to obtain from us:

  • Confirmation as to whether we are processing (including holding) personal data about you; and if we are processing personal data about you, you are entitled to be provided with:
    • Information as to the purposes for which we process the data;
    • Information as to the categories of the data that we are processing;
    • Information as to the recipients or categories of recipients to whom the data has or will be disclosed;
    • Information as to the envisaged period for which we will store the data, or the basis on which that period will be determined;
  • A copy of the data (further copies are available at a reasonable charge, which we will inform you of should you request further copies). Please note that this right is subject to the rights of others in relation to their own personal data, meaning that we cannot disclose data to you if it would involve disclosing data about someone else.

Please see the section above as to how to exercise your rights under this section. Section above applies in full to the exercise of these rights.

How do we use cookies?

Our website uses cookies and similar industry standard tracking technologies (collectively “Cookies”) to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and allows us to improve our site. For detailed information on the cookies and similar tracking technologies we use and the purposes for which we use them see our Cookie Policy.

Other websites

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Changes to this privacy notice

Any changes we make to our privacy notice in the future will be posted on this page, in case of significant changes we will email you the relevant information.

This notice was last updated on 22-03-2023

Contact

Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to: GDPRenquiries@robertdyas.co.uk

Robert Dyas (“we") are committed to protecting and respecting your privacy.

This notice (together with any terms of use on our website, any contracts between us and any other documents referred to in this notice) sets out the basis on which any personal data we collect from you, that you provide to us, or that we obtain about you from other sources, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting any of our websites, or by providing us with any information about yourself, you are accepting and agreeing to the practices described in this notice.

For the purpose of and thereafter the General Data Protection Regulation (Regulation (EU) 2016/679, the “GDPR”) as amended, supplemented or replaced from time to time (“Data Protection Law”), the data controller is Robert Dyas Holdings Ltd, with registered number ZA157134 and registered address Fourth Floor, 1 St. Georges Road, Wimbledon, London. SW19 4DR.

We have a Data Controller and Data Protection Officer for the purpose of Data Protection Law both who are contactable at:

Data Manager, Fourth Floor, 1 St. Georges Road, Wimbledon, London. SW19 4DR or by email at GDPRenquiries@robertdyas.co.uk.

1. Information we collect from you

We will collect and process the following data about you:

1.1. Information you give us.

This is information about you that you give us by filling in forms on our website ("our site”) or by corresponding with us by phone, e-mail or otherwise, and while you are in-store. It includes information you provide when you register to use our site, open an account, subscribe to our service, subscribe to our mailing list, search for a product, place an order on our site, participate in discussion boards or other social media functions on our site, enter a competition, promotion or survey, when you report a problem with our site, products or services and when you apply for a job via our site. The information you give us may include your name, address, e-mail address and phone number, financial and credit card information. If you provide any information about any other individuals such as friends, family or colleagues, you warrant to us that you are entitled to provide that information to us and to authorise us to process it on the same basis as we will process the rest of the data you provide about yourself.

1.2. Information we collect about you.

With regard to each of your visits to our site we will automatically collect the following information; this includes but is not limited to:

  • technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, device type, language setting.
  • information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products and categories you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
  • We collect this personal data by using cookies, server logs and other similar technologies. 

The tracking technologies we or our selected third parties use for automated data collection may include: 

Cookies (or browser cookies): Like many other sites, we use “cookies,” which are small files placed on the hard drive of your computer. Cookies help us to identify account holders and to optimize their shopping experience. (See Section 2 Cookies). 

For our website - Our Cookies and other tracking technologies (above) also allow us to hold selections in a shopping cart when a user leaves the Web Site without checking out, track an order, track an order number/value or track purchases through the website. 

Within our emails - help us to understand a little bit about how you interact with our emails, and are used to improve our future email communications.If you have configured your computer to automatically display images, or if you have added us to your email "address book" (or "safe senders" list), or if you have configured your computer to have "weak" security, cookies might be set at the same time as you download, open or read an email from us. If you would prefer for this not to happen, you should disable the automatic displaying of images, or remove us from your address book or strengthen your security settings.

Web Beacons: Pages of the Web Site and our emails may contain small electronic files known as web beacons (also referred but not limited to clear gifs. pixel tags and single-pixel gifs). 

For our website - that permit us, for example, to count users who have visited those pages or opened an email and for other related Web Site statistics (for example, recording the popularity of certain Web Site content and verifying system and server integrity). 

Within our emails - that tells us whether you have opened an email, how often you have opened it, how you interacted with the email (such as the time you spent reading the email), which email software and web browser you used, which device you used and your IP address. We also use web beacons to help us display emails in the best format for your device.

We utilize web beacons to help us better manage the content on the Web Site and the Email we send to you by informing us what content is effective.

Link Tracking: Our emails contain a number of hyperlinks, each of which has a unique tag. When you click on one of these links you will be automatically redirected to the server of our mailing company which logs the click. From there you will be redirected to the relevant page on our website. This process enables us to understand who has clicked through from an email to visit our website. We use this information to tailor future messages to you.

With regard to newsletter emails you sign up to receive from us, each email collects:

  • Information about you, using industry standard technologies including pixels which will track email opens (if you have images enabled in your email client/mailbox). This is the standard approach for measuring open and click rates, and is used by all email platforms in the market.
  • All links in emails are proxied through a link redirection service that records data for each link clicked. This leads to a set of events which includes:
  • Event type (delivery, bounce, open, click, spam complaint, unsubscribe)
  • Email address of the recipient (which you will have provided)

  • IP address of the recipient (in the case of open and click)

  • GEO location based on IP address (city level) (in the case of open and click)

  • Device type (mobile/computer/tablet) and browser (i.e/firefox/chrome/safari)

If you do not want this information to be collectable, you should disable and not open images in your email application.

Other collected information:

  • We may also collect information about you when you visit our stores via CCTV. Any CCTV recording and use is governed by our separate CCTV policy. We will not collect any other information about you when you are in-store or when you correspond with us apart from the information that you provide to us.

1.3. Information we receive from other sources.

We receive information from other sources in order that we can fulfil your order. This will include courier and payment card services.

2. Cookies

Our website uses cookies and similar industry standard tracking technologies (collectively “Cookies”) to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies and similar tracking technologies we use and the purposes for which we use them see our Cookie policy.

3. Purposes for which we may process the information

We use information held about you in the following ways:

3.1. Information you give to us.

We may use this information:

  • to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
  • to update you with regard to the progress of orders that you have placed;
  • to resolve any queries you may have regarding orders that you have placed;
  • to initiate any product recalls or provide any important information to you relating to products that we supply;
  • to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
  • to provide you, or permit selected third parties to provide you, with information about our goods or services we feel may interest you. If you are an existing consumer customer, we will only contact you by electronic means (e.g. e-mail or SMS) with information about our goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you unless you have consented to receive wider communications. If you are a consumer and are not an existing customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick or, as applicable, leave unticked, the relevant boxes situated on the form on which we collect your data or notify our in-store staff accordingly when they attempt to collect your information;
  • to notify you about changes to our products or services;
  • for fraud prevention;
  • to ensure that content from our site is presented in the most effective manner for you and for your computer;
  • to perform analysis of customer purchasing habits, geographic location and other research to help us improve customer experience and touchpoints. Wherever possible analysis is performed against anonymised or non personal data;
  • to make decisions as to whether and on what terms to offer credit;
  • if you have submitted a job application, in order to evaluate and manage that application, and to manage your employment if you are successful.

Please note that, where you are asked to provide information to us which is of a sort that is necessary to enable us to perform a contract or fulfil a request that you make (e.g. contact, delivery or payment information) it is a requirement for us to enter and perform such a contract or fulfil your request that you provide that information – if you do not do so, we may not be able to perform your contract or fulfil your request.

3.2. Information we collect about you.

We will use this information:

  • to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
  • to allow you to participate in interactive features of our service, when you choose to do so;
  • as part of our efforts to keep our site safe and secure;
  • to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
  • to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.

4. Disclosure of your information

4.1. You agree that we have the right to share your personal information with:

4.1.1. For administrative purposes, any of our group undertakings, as defined in s1161(5) of the UK Companies Act 2006 and also including any undertaking which is under 50% or more ultimate common ownership with Robert Dyas Ltd, provided that they either:

(a) are within the European Economic Area;

(b) are in a country that the European Union has decided has adequate data protection laws in place; or

(c) have provided appropriate data protection safeguards of the sort approved by the European Union and provide effective rights and remedies for you.

Any use by other group members of one group member’s personal data beyond administration will be subject to all the requirements of Data Protection Law.

4.1.2. Selected third parties including:

  • If you choose to use Klarna to fund your order we will securely pass your name, delivery address, billing address (if different), email address and order details to Klarna. Your browsing session is securely passed over to Klarna who provide us with authorisation codes when you return to our site to complete your order. We have no visibility of your Klarna account or your interaction with them. Please see Klarna's privacy policy for more information. For more information about paying with Klarna at Robert Dyas click here.

  • If you choose to pay using one of Klarna’s payment options, we will pass some of your personal information (such as name, delivery address, billing address (if different), email address, and order details) to Klarna so they can assess whether you qualify for their payment options and if you do tailor the payment options for you. Your personal data is handled by Klarna in accordance with applicable data protection law and in accordance with the information in Klarna’s Privacy Policy (Klarna’s Privacy Notice ) For information about Klarna’s Terms and Conditions please see T&C’s Terms and Conditions – Klarna UK or information on Klarna can be found on their websites Klarna: Shopping just levelled up

  • Payment services providers for the purposes of authorising funding of the orders you place. We do not store your payment (debit or credit) card data in our systems, all data is securely transmitted to our service providers, after which we store limited transactional data such as authorisation codes which we keep along with your order information. If you use Paypal or the PayPal Pay in 3 service your browsing session is securely passed over to Paypal, who provide us with authorisation code when you return to our site to complete your order. We have no visibility of your Paypal account or your interaction with Paypal.
  • Verified by VISA and Mastercard® SecureCode™ are services from VISA and Mastercard in association with your card issuer to provide added protection when you buy online. There is no need to get a new card (great news!), you just need to choose your own personal code for your existing card. This information is never shared with us or any merchants. It is a private code that means added protection against unauthorised use of your credit or debit card when you shop online. This should not be confused with your normal pin number that you use when shopping in the high street or when using cash machines. To choose your new code, you will need to register by following the website links provided below. When shopping on our website, if your card is eligible for these schemes (currently only available on credit cards but not debit cards), you may see a pop up window appear when you are at the checkout. This pop up will be provided by the bank that issued the card you are making payment with. If you have not already registered your card, you can use this pop up and follow the instructions to register securely. Once registered, you will be taken back to the Robert Dyas website to complete your order. If you are at all concerned or confused, simply close the pop up window and complete your order as normal, then contact your bank to find out more about the schemes. Once registered, you will then be required to use your personal code on all subsequent online transactions. These services are effectively the online equivalent of chip & pin, which is the only secure way to shop in the high street. By replicating this high street security, Robert Dyas is providing you with a secure and safe online shopping service.If you would like to learn more about these services, please click on the links to the relevant websites:
  • If you use Mastercard: mastercardsecurecode.com
  • If you have a VISA debit or credit card: visaeu.com/iusevisa/shoppingonline.html
  • advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. This requires you to accept our cookie policy when you first visit our website or sign up to our newsletters by agreeing to the terms of our privacy policy;
  • analytics and search engine providers that assist us in the improvement and optimisation of our site;
  • marketing partners to send emails on our behalf, and/or for co-branded and/or co-sponsored marketing and promotional events (such as conference events) offered in conjunction with another company or companies. If you register for or participate in such marketing and promotional events, we and the relevant partner companies may receive information collected in conjunction with the co-branded and/or co-sponsored marketing and promotional events. Our Privacy Notice will apply to our use of your personal information. We have no control over any other companies’ privacy practices, so please read their applicable privacy.
  • to our third party service providers and partners who provide data processing services to us (for example, to support the delivery of, provide functionality on, or help to enhance the security of our Online Properties), or who otherwise process personal information for purposes that are described in this Privacy Notice or notified to you when we collect your personal information. Occasionally our suppliers may run promotional campaigns or suchlike, in conjunction with the purchase of certain products, which we agree to make available on our Website. Should you view the details of such promotions etc, you may be taken to external websites / apps run by other organisations for further details. This policy does not apply to those external websites / apps, and we recommend you to read their privacy statements should you wish to understand how your data will be processed as we do not control and cannot be responsible for the content of external websites.

4.2. Additionally, we may disclose your personal information to third parties:

4.2.1. If we outsource any aspect of our business or systems, then we may disclose your personal data to our service provider(s).

4.2.2. In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.

4.2.3. If we or a substantial part of our assets are acquired by a third party, in which case personal data held by us about our customers may be one of the transferred assets.

4.2.4. If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply the terms of any agreement or policy to which we are a party, or to protect the rights, property, or safety of our business, our customers, or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

5. Legal basis of processing

5.1. Data Protection Law requires us to meet at least one “legal ground” for processing, currently set out in Article 6 of the General Data Protection Regulation. The grounds applicable to the personal data to which this notice relates are:

5.1.1. Where the processing is necessary for us to perform a contract that you are party to, or to take steps at your request prior to entering a contract, that is the ground on which we are processing that data;

5.1.2. Where the processing is necessary for compliance with a legal obligation to which we are subject, that is the ground on which we are processing that data;

5.1.3. Where processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, that is the ground on which we are processing that data, provided that your fundamental rights and freedoms which require protection of your data override those legitimate interests (our legitimate interests comprise the management, marketing and promotion of our business, products and services, and the supply of our products and services, and the recruitment and management of staff);

5.1.4. If you have given your consent to our processing the data, that is the basis on which we are processing that data.

If more than one of the above grounds apply to the processing of data in question, the applicable ground will be the one that is set out first above.

6. Where we store your personal data

6.1. The data that we collect from you will be stored on our servers or those of our service providers. It will not be transferred to, and stored at, a destination outside the UK or the European Economic Area ("EEA") unless:

6.1.1. to one of our group undertakings to which section 4.1.1 above applies; or

6.1.2. to a processor acting on our behalf which is either (i) within the EEA, or (ii) in a country that the European Union has decided has adequate data protection laws in place, or (iii) has provided appropriate data protection safeguards of the sort approved by the European Union and provide effective rights and remedies for you.

6.2. All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential, and for all use made of your account with such password. We ask you not to share a password with anyone.

Verified by VISA and Mastercard® SecureCode™ are new services from VISA and Mastercard in association with your card issuer to provide added protection when you buy online. There is no need to get a new card (great news!), you just need to choose your own personal code for your existing card. This information is never shared with any of the retailers or merchants. It is a private code that means added protection against unauthorised use of your credit or debit card when you shop online. This should not be confused with your normal pin number that you use when shopping in the high street or when using cash machines. To choose your new code, you will need to register by following the website links provided below.

When shopping on our website, if you card is eligible for these schemes (currently only available on credit cards but not debit cards), you may see a pop up window appear when you are at the checkout. This pop up will be provided by the bank that issued the card you are making payment with. If you have not already registered your card, you can use this pop up and follow the instructions to register securely. Once registered, you will be taken back to the Robert Dyas website to complete your order. If you are at all concerned or confused, simply close the pop up window and complete your order as normal, then contact your bank to find out more about the schemes. Once registered, you will then be required to use your personal code on all subsequent online transactions.

These services are effectively the online equivalent of chip & pin, which is the only secure way to shop in the high street. By replicating this high street security, Robert Dyas is providing you with a secure and safe online shopping service.

If you would like to learn more about these services, please click on the links to the relevant websites:

6.3. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted via the internet; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

7. Length of data storage

Our policy is to ensure that personal data is only stored for as long as is necessary for the purposes set out at section 3 above. This may vary according to the type of information and the specific applicable purpose(s). We have a detailed data retention and destruction policy which governs the length of time for which we hold your data in personally identifiable form. The timing of our retention, anonymisation and/or destruction of your personal data is determined according to the criteria set out in that policy. We can provide you with relevant details applicable to your data on request – please see section 8.2 below as to how to request this information.

8. Your rights

8.1. You have various rights under Data Protection Law. These include:

8.1.1. The right to ask us not to process your personal data for direct marketing purposes, even if you have given consent;

8.1.2. If our processing is based on your consent, the right to withdraw any consent you may have given for our processing of your data – if you exercise this right, we will be required to stop such processing if consent is the sole lawful ground on which we are processing that data;

8.1.3. The right to ask us for access to the data we hold about you (see section 9 below for further details);

8.1.4. The right to ask us to rectify any data that we hold about you that is inaccurate or incomplete;

8.1.5. The right to ask us to delete your data in certain circumstances;

8.1.6. The right to ask us to restrict our processing of your data in certain circumstances;

8.1.7. The right to object to our processing of your data in certain circumstances;

8.1.8. In certain circumstances, the right to require us to give you the data we hold about you in a structured, commonly used and machine-readable format so that you can provide the data to another data controller.

8.1.9. You have the right not to be subject to a decision based solely on automated processing. This includes decisions based on profiling. If you choose to exercise this right, then you will no longer receive offers from us as we base our mailing list on our customers’ purchase history.

8.2. You can exercise any of the rights set out above, free of charge, by clicking here. In respect of certain of the rights referred to above, your right may be qualified by the GDPR (which we will discuss with you following your request) or we may need more information from you, which we will ask you for following your request. We may ask you to provide further information in order to confirm your identity. Please also note that if you submit unfounded or excessive (for example repetitive) requests to exercise any of these rights, we reserve the right to make a reasonable charge for providing the requested information or taking the requested action, or to decline your request.

8.3. You also have the right to lodge a complaint with the Information Commissioner’s Office (www.ico.org.uk) if you are concerned that we are not respecting your rights under Data Protection Law. The Information Commissioner’s Office is the authority in the UK which is responsible for overseeing the application of, and enforcing, Data Protection Law.

9. Accessing your data

You have the right to obtain from us:

9.1. Confirmation as to whether we are processing (including holding) personal data about you; and

9.2. If we are processing personal data about you, you are entitled to be provided with:

9.2.1. Information as to the purposes for which we process the data;

9.2.2. Information as to the categories of the data that we are processing;

9.2.3. Information as to the recipients or categories of recipients to whom the data has or will be disclosed;

9.2.4. Information as to the envisaged period for which we will store the data, or the basis on which that period will be determined;

9.2.5. A copy of the data (further copies are available at a reasonable charge, which we will inform you of should you request further copies). Please note that this right is subject to the rights of others in relation to their own personal data, meaning that we cannot disclose data to you if it would involve disclosing data about someone else.

9.3. Please see section 8.2 above as to how to exercise your rights under this section 9. Section 8.2 applies in full to the exercise of these rights.

10. Other websites

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

11. Changes to this privacy notice

Any changes we make to our privacy notice in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy notice.

12. Contact

Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to:

Loading...