1. Introduction
At Global Retail Brands UK Limited, trading as House UK (“we” “us”) (registered office C/O Pkf Littlejohn 2nd Floor, 1 Westferry Circus, Canary Wharf, London, United Kingdom, E14 4HD, company number 10642380 and VAT number 282 2904 01), your privacy is important to us. We are committed to protecting your privacy when managing your personal information. We have policies and procedures to ensure that all personal information is handled carefully and securely in accordance with all applicable data protection law, including the General Data Protection Regulation (EU) (the “GDPR”). By visiting www.houseuk.com (our “Site”) you are accepting and consenting to the practices described in this policy.
For the purposes of the GDPR, we are a data controller. The purpose of this Privacy Policy is to tell you:
This website is not intended for children and we do not knowingly collect data relating to children.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
2. Collection of information
The types of information that we collect from you will depend on the circumstances of collection and on the service that we are providing to you.
Personal information
Personal information, or personal data, means any information from an individual which can be identified. It does not include data where the ability to identify an individual has been removed (anonymous data). The type of personal information collected will be directly related to the specified purpose it has been collected for. How much of your personal information that you choose to disclose to us is completely up to you. The only way we know something about you personally is if you provide it to us. However, failure to provide certain information may result in us being unable to provide you with the relevant product or service. We will make you aware of the purpose for which we collect the personal information and, where possible, the consequences of not providing it at the time of collection.
We may collect, use, store and transfer different kinds of personal data. For example:
You acknowledge that the personal information we collect from you is your own information or information which you have been authorised to provide us.
Sensitive information
We do not generally collect any special categories of personal data about you, such as racial or ethnicity information, religious or philosophical beliefs, sex life or sexual orientation, political opinions or associations, information about your health and genetic and biometric data, nor do we collect any information about criminal records. However, we may collect sensitive information from you in the course of considering an application for employment in such circumstances such data would be held in accordance with GDPR, if applicable.
Anonymous information
We may also collect aggregated data about visitors to our website(s). For example, we may collect:
This is not considered personal data in law as this type of information does not directly or indirectly reveal your identity. We do not collect information about the identity of the visitors unless they voluntarily provide that information.
Cookies
Cookies are tiny text files stored on your computer when you visit certain web pages. We uses cookies to keep track of what you have in your basket and to remember you when you return to our site. To shop on our website you need to have all cookies enabled, though you can still use the website for browsing and research purposes without them.
3. Method of collection
Personal information will only be collected through lawful and fair means.
We collect your personal information when you deal with us directly, including via our website(s) or our social media pages, via forms or correspondence (ie by mail or email), over the phone or in person.
We may also collect personal information through our related bodies corporate and our third party service providers (such as data relating to survey responses) so that we may provide a better or more relevant product to you.
4. Use of information
Use of personal information
We will use the personal information you have chosen to provide us for the specific purpose for which you provided it or a related secondary purpose which is not incompatible with the original purpose. We will not use it for any other purpose without your consent, unless permitted or required by law.
Generally, we will use your personal information for the following purposes:
Direct marketing
We will only use your personal information for the purpose of direct marketing activities where we have obtained your consent to do so, or in circumstances where we have collected the information directly from you and are contacting you in relation to your order or providing information to you (directly or via third parties) about products/services similar to those you have purchased in the past.
We will provide you with the opportunity to “opt out” of receiving marketing materials at any time by either unsubscribing from the email service or contacting our Privacy Officer via the contact details provided at paragraph 14 below.
5. Purpose and lawful basis
Please refer to the table below at paragraph 15 of this Privacy Policy for a full description of all the ways we plan to use your personal data and the legal bases we rely on to do so including, where appropriate, our legitimate interests.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table at paragraph 15 below.
6. Disclosure
There will be occasions where it will be necessary for us to disclose your personal information to third parties.
We may disclose your personal information to the following parties for the purposes set out in the table at paragraph 15 below:
In the event that we sell or buy (or plan to sell or buy) any business or assets or seek investment from a third party investor, we may disclose your personal data to the prospective seller or buyer of such business or assets, or investor, as the case may be. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.
7. Transfer of information outside the UK
We may transfer your personal information to a destination outside the European Economic Area (“EEA”), including our related entities and third party service providers based in the USA and Australia. We may also transfer your personal information to service providers who will hold your information on a cloud computing system which may hold your data on servers located outside of the UK and EEA. Further, your personal information may be processed by staff operating outside the EEA working for us or for one of our suppliers. Such staff may be engaged in, amongst other things, the fulfilment of your order, the processing of your payment details, answering queries and assisting with purchases, performing security checks to verify orders placed, the administration of our systems and internal fraud prevention. However, where your personal information is disclosed to a recipient or a cloud computing system outside the EEA, we will take steps to put in place adequate safeguards to ensure a similar degree of protection is afforded to it and to make sure that it is treated in accordance with this Privacy Policy. For example, we may protect it using one of the following safeguards:
Do not provide us with any personal information, that you are not comfortable with us storing or sending overseas for the purposes set out in this Privacy Policy. If you would like further information on the specific mechanism used by us when transferring your personal data out of the EEA, including details of all safeguards which we have put in place to protect your personal information and privacy rights in these circumstances, please contact our Privacy Officer using the details provided at paragraph 14 below.
Otherwise than stated above, we do not disclose personal information that you may give us to any organisation or person outside of us unless you have authorised us to do so.
8. No sale of personal information
Under no circumstances will we sell or receive payment for licensing or disclosing your personal information.
9. Security
The security of your information is important to us. We operate secure data networks using the latest Secure Server Technology that are designed to protect your privacy and security. When we have collected information about you it cannot be seen or modified by anyone else. We have implemented generally acceptable standards of technology and operational security to ensure personal information (in both physical and electronic form) is protected against loss, misuse, interference and unauthorized access. You are responsible for keeping any passwords you have implemented secure.
Only authorised personnel and contractors are provided access to personal information and have agreed to ensure the confidentiality of this information. Reasonable steps are taken to destroy or permanently de-identify any personal information that is no longer required. We minimise the extent of our access to personal data about you that we cause to be processed by third parties (processors) on our behalf.
We review and update our security measures in light of current technologies. You should however be aware that the internet is not a secure environment and information sent via the internet (including email) cannot be guaranteed to be totally secure. Although we do our best to protect your personal information, we cannot guarantee the security of the information transmitted and any transmission is at your own risk.
10. Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including contact, identity, financial and transaction data) for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data: see 11. Data Quality, access and correction: Correction below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
11. Data quality, access and correction
Access
If you are a subscriber to one of our online services or products or loyalty programs, you may access your personal information by accessing your subscriber/account details via the relevant facility on our websites.
Otherwise, you may at any time, request access to personal information that we hold about you by making a request to our Privacy Officer at the address or email address below for a fee of £10, as specified by law.
We will endeavour to process any requests for access to personal information within a reasonable period of time. Where possible, we will provide you with access to that information either by providing you with copies of the information requested, allowing you to inspect the information requested, or providing you with a summary of the information held.
Correction
We will try to ensure that all information we collect, use or disclose about you is accurate, complete, up-to-date and relevant to the service being provided. If you are a subscriber to one of our online services or products, you may change your personal information by accessing your subscriber/account details via the relevant facility on our website(s).
Otherwise, if you discover or suspect that there is an error or information is missing or out of date, please forward your request for correction to our Privacy Officer in writing at the address or email address at paragraph 14 below. Our Privacy Officer will update your information free of charge.
You also have the right to:
Please contact our Privacy Officer for further assistance.
12. Changes
Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email.
13. Complaints about privacy and our complaint handling procedure
If you have any complaints relating to the management of your personal information or if you believe there has been a breach of the GDPR by us, please forward your complaint in writing to our Privacy Officer at the address or email address below.
If you are still not satisfied after lodging a complaint with us and giving us a reasonable time to respond, then we suggest that you contact the UK’s Information Commissioner’s Office (www.ico.org.uk), the UK supervisory authority for data protection issues, or the equivalent regulatory authority in your country.
14. Contact Privacy Officer
Please contact our Privacy Officer on the contact details below if you would like to:
Please contact:
Post: Privacy Officer, C/O Pkf Littlejohn 2nd Floor, 1 Westferry Circus, Canary Wharf, London, United Kingdom, E14 4HD
Telephone: 0800 085 7855
E-mail: info@houseuk.com
15. Table of purpose(s) and lawful basis
Purpose/Activity |
Type of data |
Lawful basis for processing including basis of legitimate interest |
To register you for a service requested by you |
|
Performance of a contract with you |
To process sales transactions and deliver the products or services to you including:
|
|
|
To manage our relationship with you which will include:
|
|
|
To enable you to partake in rewards programs and competitions or to complete a survey |
|
|
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
|
|
To deliver (or to procure the delivery of) relevant website content and advertisements to you on our own website and elsewhere on the internet and measure or understand the effectiveness of the advertising we serve (or cause to be served) to you |
|
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) |
To use data analytics to improve our website, social media page(s), products/services, marketing, customer relationships and experiences |
|
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
To make suggestions and recommendations to you directly and via third party advertising platforms about goods or services that may be of interest to you (i.e. direct marketing) |
|
Necessary for our legitimate interests (to develop our products/services and grow our business) |
16. Glossary
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
Legitimate interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.