This policy is effective from 8th June 2020.
What is the purpose of this document
This privacy policy sets out how HeaterDeals UK (“HeaterDeals UK”, “we”, “us”) collects, stores, uses and protects any personal information that you give to us when you use bmstores.co.uk (“the website”), the HeaterDeals UK App (“the App”), when you visit one of our stores or contact our customer services team.
This privacy notice describes how we collect and use personal information about you, in accordance with the General Data Protection Regulation 2016 (GDPR) and Data Protection Act 2018 (DPA).
HeaterDeals UK is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
We may update this notice from time to time so it’s important that you periodically check this page to ensure that you are aware of any changes in the way we use your data.
What information do we hold about you?
We will collect, store, and use some or all of the following categories of personal information about you depending on your interaction with us:
- Your name and title;
- Date of birth or birthday;
- Contact details which may include your email address, home address and phone number(s);
- Preferences and interests, such as department favourites and gender (for the registered App users);
- Marketing preferences;
- Your comments, views and opinions;
- Purchase history;
- Payment information, such as card details;
- CCTV recordings if you visit one of our stores;
- your internet protocol address and details of your browsing activity during visits to our website (IP addresses are anonymised), including traffic and location data (see Cookies policy for more information. Location data is collected via the App, but only with your consent).
We may also collect, store and use the following “special categories” of more sensitive personal information:
- Incident reports if you have an accident in one of our stores;
- Information to defend any claim brought against us, this may include medical data;
- Records of criminal activity in our stores.
How is your personal information collected?
As a general rule we collect personal information directly from you when you interact with us.
What legal basis do we rely on to process your personal information?
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- Where we need to perform the contract we have entered into with you, for example when you purchase something from us;
- Where you have consented to the processing, for example to receive marketing;
- Where we need to comply with a legal obligation, for example for accounting records;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. This could include the use of CCTV and keeping customer services records;
- To protect your interests, for example if you had an accident in one of our stores
What will we use your personal information for?
We will use your data to provide the service you have requested and to ensure the smooth running of our business. This may include:
- Where we have your consent to send promotions about new products and latest offers by email, the App, SMS, phone or post;
- To contact you for market research purposes via email, the App, text, phone or post
- Manage and respond to customer service enquiries;
- Where necessary, resolve customer service queries by passing information to relevant third parties and between B&M departments;
- Post prizes that have been won when entering competitions;
- To send you a birthday greeting;
- Take payment for items you have ordered and refund you when things go wrong
- To deliver items you have ordered from us;
- To respond to legal claims;
- For health and safety;
- Loss prevention;
- Review website and App traffic and usage to improve and develop our website, App and our products and services;
- Notify you about changes to our website, App, products or services from time to time;
- Carry out anonymous analysis of data on user visits, browsing patterns, trends and preferences for our own market research purposes and to track and measure the impact, results or pattern of website traffic and preferences from other promotional and marketing activities of B&M;
- Comply with any applicable law, legal process or enforcement by any regulatory body which is binding on B&M.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
If you fail to provide personal information
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as delivering a product you have ordered from us or issuing a refund).
Cookies
Click here to read our Cookie Policy and to review and control your preferences.
Links to other websites
Our website and App may contain links to other websites or Apps of third parties. We do not have any control over websites or App’s of third parties and they are not subject to this privacy policy. Their own privacy policies will apply in relation to your personal information, which may be different to our policy. You should always check the privacy policy of third party websites and Apps before using them.
Social media
When you use our website or App or those of trusted providers, you may be able to share information through social media networks such as Facebook and Twitter, for example through ‘Likes’ or reviews. When doing this your data may be visible to providers of social network services and their users, as well as B&M. We recommend that you consider the privacy settings on your social media accounts so that you are aware of how your information is processed and used.
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Disclosure of your data to third parties
We do not sell, rent, loan, trade or otherwise disclose your personal information, except as described in this policy.
B&M may disclose your information with trusted third party business partners so that we can provide you with the service you requested. For example, couriers where you have purchased a home delivery product. We may disclose your information to data processors who provide direct marketing, advertising and market research services to us to help improve our services to customers and users of our website and App.
Third parties are not be permitted by HeaterDeals UK to contact you for marketing purposes unless you have given your consent for them to contact you for that purpose, and provided that they also have their own privacy policy in place. We do not disclose your information with these third parties in order for them to contact you about their own products or services. These organisations are only permitted to use the data provided by us for purposes we have determined.
There may be times when we believe it is necessary to disclose your personal information with a third party (other than those already described). These include:
- where we are required or permitted to do so by law;
- in the event that all or any part of our business is sold or integrated with another business, your details may be disclosed to our advisers and any prospective purchaser’s adviser, and may be passed on to the new owners of the business (or any part of it).
Data security
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How long will you use my information for
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your personal information are available in our retention policy which is available from the customer services team. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. In most cases we will retain your data for no more than 6 years following our last contact with you.
Rights of access, correction, erasure, restriction and withdrawing consent
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent (for example if you no longer wish to receive marketing) please contact the customer service team customerservices@bmstores.co.uk. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Contact us
If you have any questions regarding how we collect, store and handle your personal information or wish to exercise any of your legal rights, we will be more than happy to hear from you. Please email your enquiry to:
Post
Alternatively you can write to our Customer Services team who will be happy to help:
Customer Services
Kemlon Trading Limited
VAT Number: GB37694614
Contact Address:
72A Kingston Road,
Portsmouth, PO2 7PA, UK
Phone Number: 0161 273 4496
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
Privacy Policy Changes:
The following amendment was made to this privacy policy
10 April 2019:
From:
preferences and interests, such as department favourites and gender (while using the App);
To:
preferences and interests, such as department favourites and gender (for the registered App users);