Robert Dyas (“we") are committed to protecting and respecting your privacy.
For the purpose of and thereafter the General Data Protection Regulation (Regulation (EU) 2016/679, the “GDPR”) as amended, supplemented or replaced from time to time (“Data Protection Law”), the data controller is Robert Dyas Holdings Ltd, with registered number ZA157134 and registered address Fourth Floor, 1 St. Georges Road, Wimbledon, London. SW19 4DR.
We have a Data Controller and Data Protection Officer for the purpose of Data Protection Law both who are contactable at Data Manager, Fourth Floor, 1 St. Georges Road, Wimbledon, London. SW19 4DR or by email at [email protected].
We will collect and process the following data about you:
1.1. Information you give us.
This is information about you that you give us by filling in forms on our website ("our site”) or by corresponding with us by phone, e-mail or otherwise, and while you are in-store. It includes information you provide when you register to use our site, open an account, subscribe to our service, subscribe to our mailing list, search for a product, place an order on our site, participate in discussion boards or other social media functions on our site, enter a competition, promotion or survey, when you report a problem with our site, products or services and when you apply for a job via our site. The information you give us may include your name, address, e-mail address and phone number, financial and credit card information. If you provide any information about any other individuals such as friends, family or colleagues, you warrant to us that you are entitled to provide that information to us and to authorise us to process it on the same basis as we will process the rest of the data you provide about yourself.
1.2. Information we collect about you.
With regard to each of your visits to our site we will automatically collect the following information:
1.3. Information we receive from other sources.
We receive information from other sources in order that we can fulfil your order. This will include courier and payment card services.
We use information held about you in the following ways:
3.1. Information you give to us.
We may use this information:
Please note that, where you are asked to provide information to us which is of a sort that is necessary to enable us to perform a contract or fulfil a request that you make (e.g. contact, delivery or payment information) it is a requirement for us to enter and perform such a contract or fulfil your request that you provide that information – if you do not do so, we may not be able to perform your contract or fulfil your request.
3.2. Information we collect about you.
We will use this information:
4.1. You agree that we have the right to share your personal information with:
4.1.1. For administrative purposes, any of our group undertakings, as defined in s1161(5) of the UK Companies Act 2006 and also including any undertaking which is under 50% or more ultimate common ownership with Robert Dyas Ltd, provided that they either:
(a) are within the European Economic Area;
(b) are in a country that the European Union has decided has adequate data protection laws in place; or
(c) have provided appropriate data protection safeguards of the sort approved by the European Union and provide effective rights and remedies for you.
Any use by other group members of one group member’s personal data beyond administration will be subject to all the requirements of Data Protection Law.
4.1.2. Selected third parties including:
4.2. Additionally, we may disclose your personal information to third parties:
4.2.1. If we outsource any aspect of our business or systems, then we may disclose your personal data to our service provider(s).
4.2.2. In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
4.2.3. If we or a substantial part of our assets are acquired by a third party, in which case personal data held by us about our customers may be one of the transferred assets.
4.2.4. If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply the terms of any agreement or policy to which we are a party, or to protect the rights, property, or safety of our business, our customers, or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
5.1. Data Protection Law requires us to meet at least one “legal ground” for processing, currently set out in Article 6 of the General Data Protection Regulation. The grounds applicable to the personal data to which this notice relates are:
5.1.1. Where the processing is necessary for us to perform a contract that you are party to, or to take steps at your request prior to entering a contract, that is the ground on which we are processing that data;
5.1.2. Where the processing is necessary for compliance with a legal obligation to which we are subject, that is the ground on which we are processing that data;
5.1.3. Where processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, that is the ground on which we are processing that data, provided that your fundamental rights and freedoms which require protection of your data override those legitimate interests (our legitimate interests comprise the management, marketing and promotion of our business, products and services, and the supply of our products and services, and the recruitment and management of staff);
5.1.4. If you have given your consent to our processing the data, that is the basis on which we are processing that data.
If more than one of the above grounds apply to the processing of data in question, the applicable ground will be the one that is set out first above.
6.1. The data that we collect from you will be stored on our servers or those of our service providers. It will not be transferred to, and stored at, a destination outside the UK or the European Economic Area ("EEA") unless:
6.1.1. to one of our group undertakings to which section 4.1.1 above applies; or
6.1.2. to a processor acting on our behalf which is either (i) within the EEA, or (ii) in a country that the European Union has decided has adequate data protection laws in place, or (iii) has provided appropriate data protection safeguards of the sort approved by the European Union and provide effective rights and remedies for you.
6.2. All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential, and for all use made of your account with such password. We ask you not to share a password with anyone.
Verified by VISA and Mastercard® SecureCode™ are new services from VISA and Mastercard in association with your card issuer to provide added protection when you buy online. There is no need to get a new card (great news!), you just need to choose your own personal code for your existing card. This information is never shared with any of the retailers or merchants. It is a private code that means added protection against unauthorised use of your credit or debit card when you shop online. This should not be confused with your normal pin number that you use when shopping in the high street or when using cash machines. To choose your new code, you will need to register by following the website links provided below.
When shopping on our website, if you card is eligible for these schemes (currently only available on credit cards but not debit cards), you may see a pop up window appear when you are at the checkout. This pop up will be provided by the bank that issued the card you are making payment with. If you have not already registered your card, you can use this pop up and follow the instructions to register securely. Once registered, you will be taken back to the Robert Dyas website to complete your order. If you are at all concerned or confused, simply close the pop up window and complete your order as normal, then contact your bank to find out more about the schemes. Once registered, you will then be required to use your personal code on all subsequent online transactions.
These services are effectively the online equivalent of chip & pin, which is the only secure way to shop in the high street. By replicating this high street security, Robert Dyas is providing you with a secure and safe online shopping service.
If you would like to learn more about these services, please click on the links to the relevant websites:
6.3. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted via the internet; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Our policy is to ensure that personal data is only stored for as long as is necessary for the purposes set out at section 3 above. This may vary according to the type of information and the specific applicable purpose(s). We have a detailed data retention and destruction policy which governs the length of time for which we hold your data in personally identifiable form. The timing of our retention, anonymisation and/or destruction of your personal data is determined according to the criteria set out in that policy. We can provide you with relevant details applicable to your data on request – please see section 8.2 below as to how to request this information.
8.1. You have various rights under Data Protection Law. These include:
8.1.1. The right to ask us not to process your personal data for direct marketing purposes, even if you have given consent;
8.1.2. If our processing is based on your consent, the right to withdraw any consent you may have given for our processing of your data – if you exercise this right, we will be required to stop such processing if consent is the sole lawful ground on which we are processing that data;
8.1.3. The right to ask us for access to the data we hold about you (see section 9 below for further details);
8.1.4. The right to ask us to rectify any data that we hold about you that is inaccurate or incomplete;
8.1.5. The right to ask us to delete your data in certain circumstances;
8.1.6. The right to ask us to restrict our processing of your data in certain circumstances;
8.1.7. The right to object to our processing of your data in certain circumstances;
8.1.8. In certain circumstances, the right to require us to give you the data we hold about you in a structured, commonly used and machine-readable format so that you can provide the data to another data controller.
8.1.9. You have the right not to be subject to a decision based solely on automated processing. This includes decisions based on profiling. If you choose to exercise this right, then you will no longer receive offers from us as we base our mailing list on our customers’ purchase history.
8.2. You can exercise any of the rights set out above, free of charge, by clicking here. In respect of certain of the rights referred to above, your right may be qualified by the GDPR (which we will discuss with you following your request) or we may need more information from you, which we will ask you for following your request. We may ask you to provide further information in order to confirm your identity. Please also note that if you submit unfounded or excessive (for example repetitive) requests to exercise any of these rights, we reserve the right to make a reasonable charge for providing the requested information or taking the requested action, or to decline your request.
8.3. You also have the right to lodge a complaint with the Information Commissioner’s Office (www.ico.org.uk) if you are concerned that we are not respecting your rights under Data Protection Law. The Information Commissioner’s Office is the authority in the UK which is responsible for overseeing the application of, and enforcing, Data Protection Law.
You have the right to obtain from us:
9.1. Confirmation as to whether we are processing (including holding) personal data about you; and
9.2. If we are processing personal data about you, you are entitled to be provided with:
9.2.1. Information as to the purposes for which we process the data;
9.2.2. Information as to the categories of the data that we are processing;
9.2.3. Information as to the recipients or categories of recipients to whom the data has or will be disclosed;
9.2.4. Information as to the envisaged period for which we will store the data, or the basis on which that period will be determined;
9.2.5. A copy of the data (further copies are available at a reasonable charge, which we will inform you of should you request further copies). Please note that this right is subject to the rights of others in relation to their own personal data, meaning that we cannot disclose data to you if it would involve disclosing data about someone else.
9.3. Please see section 8.2 above as to how to exercise your rights under this section 9. Section 8.2 applies in full to the exercise of these rights.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Any changes we make to our privacy notice in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy notice.
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to [email protected]
Robert Dyas is a member of the SafeBuy Assurance Scheme for online retailers. Robert Dyas' accreditation registration number is 507082.
When you shop online with a retailer displaying the SafeBuy logo, you have the guarantee that the retailer conforms to the terms of the UK Sale of Goods Act, the EU Directive on Privacy and Electronic Communications, the EU General Data Protection Regulations as well as providing security for the processing of payment card transactions. To find out more about SafeBuy please click here