Don’t worry, your data is in safe hands…
If you’re planning on opening an account with us, we don’t want you to be kept in the dark about your personal data. Our Privacy Notice explains how we use your personal information when opening your account, operating your account and closing it. We’ll also include information about third parties for extra peace of mind!
Keep in the know
Under the Data Protection Laws, we are the Data Controller of your information. This means we are responsible for how your personal data is collected, stored and processed.
We have a Data Protection Officer (DPO for short) who monitors our compliance to the Data Protection Laws. The DPO is the point of contact for the customer (you) and the Information Commissioner’s Office, who is our supervisory authority.
If you have questions about how we handle your personal information, or you feel the data we hold is incorrect, out of date or you’d like a copy of the data we hold about you (free of charge), our DPO is here to help.
Know Your Rights
You have the right to object to us processing your personal information if we are not entitled to use it any more, to have your information deleted if there is no compelling reason to continue processing it, or have its processing restricted in certain circumstances. There are however a number of exceptions to this where we are required to retain data by law, required to retain data by our regulators or required to retain data to exercise or defend a legal claim.
To do this, please contact the Data Protection Officer at the address above.
Before providing personal information to you or another person on your behalf, we may ask for proof of identity and sufficient information about your interactions with us so that we can locate and verify your personal information.
You have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at https://ico.org.uk.
Telephone calls may be recorded or monitored for training/monitoring and regulatory record keeping purposes.
Information Collected Directly From You, The Customer
When opening an account with us, we’ll ask for various pieces of information from you. This includes everything from your name and address, to your date of birth, email address and more. However, there’s nothing to be alarmed about! Every piece of information we take has its purpose. Take a look at the handy table below to see how we use your information:
Type of information
What do we use your information for?
Account Number, Address
To amend customer details
Claims Management Reference number
To handle claims management correspondence
Credit/ debit card details
To take payment
Date of Birth
To verify a customer’s identity
To deliver the goods
To identify a customer
To send out a catalogue at the request of the customer
To verify a customer’s identity
Income & Expenditure
To carry out an affordability assessment to ensure the customer receives an affordable credit limit (where appropriate).
Captured to ensure a repayment plan is affordable to the customer and allows payment of arrears (where appropriate).
To record whether you have opted in or out of receiving paper or electronic marketing information
To verify a customer’s identity
Next of Kin details
To correspond and to assist with the management of a deceased customer or a vulnerable customer account
Power of Attorney
To verify and manage the account subject to power of attorney
Social Media use and information about your phone/ computer
To help improve your online shopping experience by identifying personal preferences and online shopping trends
To verify a customer’s identity
To send you SMS messages in the process of managing your account including delivery updates
Vulnerable Customer Status (including physical and mental health and financial vulnerabilities)
To determine whether a customer is a vulnerable customer and assist in the management of the account
From time to time we may use various pieces of personal information to test our systems to improve our services to you. It’s important that your information is up to date, ensure that it is accurate, and we only keep what is relevant. We may use third-parties to help us review the data we hold on customers and delete any out of date information. We won’t use this process to obtain any more information about you which you haven’t given to us.
Credit Reference Agencies
Applying for credit means we need to know a little more about you, so we can identify what (e.g. account type and credit amount) works best for you – to do this, we use Credit Reference Agencies. We also use these agencies to identify who you are and whom you may be linked to financially (for example, who you live with.)
We also use Credit Reference Agencies to assess previous searches and other information held on you, as well as those who are linked to you financially. This information is used to make the decision about how we will trade with you or other members of your household, now or in the future. The agencies will record details of any searches, and whether or not we think that an account is suitable for you.
We will use Credit Reference Agencies for enhanced affordability information to help us understand if you can afford Credit Account without asking you for your income.
This information is collected by Credit Reference Agencies, including:
- Experian www.experian.co.uk
- Equifax www.equifax.co.uk
- Transuion www.transuion.co.uk
- Aire www.aire.io/privacy-app/06
Details of how these organisations handle your personal data is available on the Credit Reference Agency Information Notice: Transunion CRAIN, Equifax CRAIN, Experian CRAIN. This information is protected by the same laws as all personal data, so you know it’s in safe hands!
Information held about you by the Credit Reference Agencies may already be linked to records relating to people with whom you are linked financially. For the purposes of searching the files of Credit Reference Agencies you may be treated as financially linked and you will be assessed with reference to any “associated” records. For more information about how the Credit Reference Agencies use your information, please use the following links: Transunion CRAIN, Equifax CRAIN, Experian CRAIN.
Credit scoring currently evaluates previous borrowing history. If you don’t have a big enough credit history or we need to gather more information to assist our lending decisions, we may refer you to Aire Labs Limited (Aire) to offer you an Interactive Virtual Interview (IVI). If we do this, your name, mobile phone number or e-mail address will be passed to Aire to make contact with you and you have a choice to interact with them. If you have an IVI, Aire will share information with us about your financial position.
More information can be found at https://aire.io/how-it-works/. You can also find information about how Aire handles your data at www.aire.io/privacy-app/. If you need to contact Aire for any specific data questions, you can email firstname.lastname@example.org.
In order to detect and prevent fraudulent transactions on our customer accounts, we use a third party who monitor anonymised behavioural activity on our accounts, allowing us to spot unusual behaviour – for example, when orders are placed or payments are made that don’t appear to be made by you, we can take action to prevent harm to us and our customers.
Our Service Partners
Although we would like to do most things ourselves, we use a variety of Service Partners to make certain services available to you. To do this, we may need to share your personal information with some of our Service Partners. These include:
- our Customer Contact Centres in the Philippines and South Africa (see below for more information about how we protect your personal information);
- our suppliers who send your order directly to your door using their delivery agent (as indicated in the catalogue by the
logo and online where it is stated “Direct from Supplier: This item will be delivered directly from the supplier to your specified address”),
- our delivery and returns partners (currently EVRI, Parcelnet Limited, Arrow XL Limited and Royal Mail),
- our warranty providers, (currently Castelan Limited), where appropriate;
- our partner Access Systems (UK) Limited who handle the Direct Debit payments;
- our Account Protection Provider (currently Castelan Limited who are underwritten by the Canopius Group), where appropriate;
- our printing house (currently Adare International Limited)
- marketing service providers to help customise and improve your shopping experience on our website:
- Qubit Digital Limited
- The Communicator Corporation Limited
- Endless Gain
- OneTrust Limited, our partner who provide the cookie management tool on our website
- BazaarVoice Inc, Trustpilot A/S and Feefo LTD – our partners who carry out optional product reviews with our customers
- Salesforce.com – our partners who help us customise and place adverts targeted to you
- our partners who help managing our social media: Gnatta Limited & Salesforce.com
- our partners who carry out customer satisfaction surveys on our behalf including The Institute of Customer Services and ResponseTek Limited
- our IT Support services who manage customer complaints, who provide the company intranet, email, video conferencing and office file storage, who provide our telephone interactive voice response system, for customer text mail correspondence and for the hosting of our websites and Financier systems.
- In the event our systems fail, we have a plan with a third party in place so that we can be up and running again quickly. We currently use IBM for this service.
We only allow our Service Partners to handle your personal information when we have confirmed that they apply appropriate data protection and security controls. We also impose contractual obligations on service providers relating to data protection and security, meaning they can only use your personal information to provide services to us and to you, and for no other purposes (such as annoying third-party sales calls).
Some of these third parties may use sub-processors who are based outside the European Economic Area (EEA). If this occurs then such sub processors are bound by the European Commission’s standard contractual data protection clauses so you know your information is safe.
We may provide third parties with anonymised information and analytics about our customers (so they don’t know who you are).
Other Third Parties
From time to time we may need to share your personal information with other third parties for a variety of reasons such as:
- debt collection agencies if you fail to make the required payment to your account, which will change from time to time;
- Phillips and Cohen, a third party who specialise in dealing with the administration of deceased accounts
- our insurers, for public, product and employer’s liability, where appropriate;
- governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so:
- to comply with our legal obligations;
- to exercise our legal rights (for example to chase outstanding monies, in court cases etc.);
- for the prevention, detection, investigation of crime or prosecution of offenders; and
- for the protection of our employees and customers
• Your personal data is shared with Experian Ltd for the purposes of managing a service called Club Canvasse, a home shopping and direct retailer data co-operative of which are members. By sharing information on what customers buy and pooling that with contributions from other members of the co-operative, the service allows to better understand our customers and to communicate with you more effectively.
• Please note, your personal information is not shared with any of the other members of the co-operative, and only aggregated data on the number and value of purchases is provided to members e.g. we will receive a report which states how many customers who have bought from us in the last 0-12mths, and who have also bought from other members of the co-operative in the last 0-12mths, or the last 24mths, last 36mths etc.
• To understand more please click through to Experian website to understand more about their marketing services.
• You can access this by visiting the Experian Consumer Information Portal.
We will share your data with Experian Marketing Services, which will use it to create products and services to help better understand the likely characteristics of its customers; communicate with them more effectively, and find others like them across a range of marketing channels. This may mean that you receive advertising that is more relevant to you via direct mail, by e-mail or when you visit a website. For more information about how Experian Marketing Services uses your data, please use the following link: https://www.experian.co.uk/privacy/consumer-information-portal/
If you give us a call, you’ll probably get through to one of our contact centres in the Philippines (Express Gifts Philippines Limited, Tech Mahindra Limited and CCI Limited in South Africa). Although they aren’t with us in the UK, they are still governed with the same high levels of security as our UK call centres.
We have recently started to use a customer relationship management tool, provided by Salesforce.com, who are based in the USA, to enable us to improve our interactions with you, our customer.
Whilst we try to keep our IT support suppliers within the European Economic Area where the laws to protect personal information are equivalent to those in the UK, we do sometimes need to use companies outside of the EEA, including our customer services system, development and support and our support supplier who carries out our product reviews.
We do use one direct dispatch supplier who are based in the USA – Glamorise Inc (a lingerie provider).
All our international suppliers are bound by the European Commission’s standard contractual data protection clauses so you know your information is safe.
If you have opted into receiving email marketing from us you can change your mind at any time by clicking on the unsubscribe link found within each marketing message we have sent to you or by updating your marketing preferences. We may also share your data with our advertising or marketing partners to ensure that you aren’t sent information where you have opted out of marketing or where adverts are targeted at potential new customers. A minimum amount of information will be shared to suppress your details in any marketing database used.
When browsing the web, you’ll often see adverts from sites you’ve visited. This is where Cookies come in…
Additionally, you may see ads from us on other websites who participate in an advertising network (currently we use Criteo SA and Google for remarketing). The Ad Network uses the Cookie info (i.e. the products that you’ve viewed/bought) to show you personalised adverts based on your previous browsing activity on a particular browser.
You can also opt out of targeted advertising from multiple companies by visiting:
You may also see promotions from us on social media: Facebook, Instagram, Twitter, or subscribed on YouTube. We may share your data when advertising on social media to ensure that you do not see too many adverts from us.
If you opt out of receiving catalogues, we will still contact you about your account. Sometimes, we may include information from carefully selected third parties in these communications (but don’t worry, we won’t share your details with third parties to do this!).
I have received marketing literature from you, but I’m not a customer…
Received a catalogue or leaflet from us that’s been directly addressed to you? If you’re not a customer, this can seem daunting. However, we can assure you that we only obtain information from reputable marketing houses, who have assured us they have your permission to share your information with us, so that we can contact you.
Before we send you marketing information, we will run your personal information through another third party such as Experian or Equifax to ensure that you only receive marketing that we think might be of interest to you.
If you do not want to receive this information in the future, please contact our DPO at the address above, or click on the unsubscribe link found within each marketing message we have sent to you, and we’ll get things sorted.
On occasion, we also send unaddressed leaflets or catalogues on a door to door basis. This is undertaken using Royal Mail or other recognised delivery companies. If you aren’t interested, please put it in the recycling bin.
How long do we keep your personal information for?
Don’t worry, we won’t keep your information forever. Different types of information can be kept for different times, and normally the longest we keep information is 6 years. However, when we are required to satisfy a regulatory request (e.g. Financial Conduct Authority), we may keep it for 12 years.
Changes to our Privacy Notice
If we make any big changes to our policies, we’ll keep you in the know! Changes will be sent by email, post or through the website for you to review.