We recognise the importance of your privacy and we respect and value the privacy of everyone visiting our website ("Our Site”) and (subject to the limited exceptions in section 6, below) We do not collect personal data about you unless you contact us (see section 5, below). Any personal data We do collect will only be used as permitted by law.
1. Definitions and Interpretation
In this Policy, the following terms shall have the following meanings:
"Personal data” means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to Us via Our Site. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation ("GDPR”). Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
"We/Us/Our” means DIY Direct Express Ltd., t/a DIY Direct
"Account” means an account required to access and/or use certain areas and features of Our Site
"Cookie” means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site. Details of the Cookies used by Our Site are set out in Part 9, below
"Cookie Law” means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003.
2. Information About Us
2.1 Our Site is owned and operated by DIY Direct Express Ltd., a limited company registered in England under company number 3863403, whose registered address is Front Suite, 1st Floor, Charles House, 148-149 Gt Charles Street, Birmingham B3 3HT.
2.2 Our VAT number is 104855718.
3. What This Policy Covers
4. Your Rights
4.1 As a data subject, you have the following rights under the GDPR, which this Policy and Our use of personal data have been designed to uphold:
4.1.1. The right to be informed about Our collection and use of personal data;
4.1.2. The right of access to the personal data we hold about you (see section 8);
4.1.3. The right to rectification if any personal data We hold about you is inaccurate or incomplete (please contact Us using the details in section 10);
4.1.4. The right to be forgotten – i.e. the right to ask Us to delete any personal data We hold about you (We only hold your personal data for a limited time, as explained in section 6 but if you would like Us to delete it sooner, please contact Us using the details in section 10);
4.1.5. The right to restrict (i.e. prevent) the processing of your personal data;
4.1.6. The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);
4.1.7. The right to object to Us using your personal data for particular purposes; and
4.1.8. Rights with respect to automated decision making and profiling.
4.2 If you have any cause for complaint about Our use of your personal data, please contact Us using the details provided in section 10 and We will do Our best to solve the problem for you. If We are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.
4.3 For further information about your rights, please contact the Information Commissioner’s Office or your local Citizens Advice Bureau.
5. The Data We Collect
* Business name
* Telephone number
* Email address
* Payment type
* Web browser type and version
* Operating system
* IP address
* A list of URLs starting with a referring site, your activity on Our Site, and the site you exit to.
6. How We Use Your Data
6.1 Under GDPR, We must always have a lawful basis for using personal data. This may be because the data is necessary for Our performance of a contract with you, because you have consented to Our use of your personal data, or because it is in Our legitimate business interests to use it. Your personal data may be used for the following purposes:
6.1.1. Providing and managing your Account.
6.1.2. Providing and managing your access to Our Site.
6.1.3. Personalising, tailoring and improving your experience on Our Site.
6.1.4. Supplying Our products and/or services to you. Your personal details are required in order for us to enter into a contract with you.
6.1.5. Communicating with you. This may include responding to emails or calls from you.
6.1.6. Supplying you with information by email and/or post that you have opted-in to (you may unsubscribe or opt-out at any time by changing you preferences in your account or by contacting us).
6.1.7. Analysing your use of Our Site and gathering feedback to enable Us to continually improve Our Site and your user experience.
6.2 With your permission and/or where permitted by law, We may also use your personal data for marketing purposes, which may include contacting you by email or post with information, news, and offers on Our products and or services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with Our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.
6.3 Like any organisation, we work with specialist third-party companies providing specialised services on our behalf that require the processing of personal information. We will only give these companies the information they need to deliver the service we have asked them to provide and they must not use that information for any other purpose.
6.3.1 Services provided to us may include delivery services, order fulfilment, sending email, maintaining our databases of customer details, analysing data to help us improve our services, providing marketing assistance, processing payments & refunds and fraud prevention.
6.3.2 We use Trustpilot to request feedback from our customers on our behalf. We share your name and email address with Trustpilot, who act as a data processor, so that they may contact you to request your feedback.
6.3.3 We may pass personal information to our insurers in the event that a claim is made or could be made against us.
6.3.4 We may be legally required to share certain personal data, which might include yours, if We are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
6.3.5 Our website uses Google Analytics to help us understand how customers use our website so that we can try to improve the service we provide. We mask IP addresses so user data is anonymised. Google Data Sharing is disabled and no other Google services are used in conjunction with Google Analytics cookies.
7. How & Where We Store Your Data
7.1 We only keep your personal data for as long as We need to in order to use it as described above in section 6, and/or for as long as We have your permission to keep it.
7.2 Your data will be stored in the UK, within the European Economic Area ("the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein) or may be stored outside of the European Economic Area ("the EEA”). If We do store data outside the EEA (this may be the case, for example, if Our email server is located in a country outside the EEA or we use an emailing service that does so), We will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK and under the GDPR including:
7.2.1. EU-U.S. Privacy Shield
7.2.2. Supplier or Provider EU Contractual Clauses confirming compliance with GDPR
7.3 Data security is very important to Us, and to protect your data We have taken suitable measures to safeguard and secure any data We hold about you (even if it is only your email address).
7.4 Steps We take to secure and protect your data include:
7.4.1 Our network uses antivirus and antimalware software and is protected by a firewall.
7.4.2 All users have their own unique logins.
7.4.3 We have a strong password policy and store our passwords securely.
7.4.4 We have a patch management policy that ensures all high priority updates are installed within 14 working days.
7.4.5 Remote access to the company network is secure.
7.4.6 Access to data is available only to staff authorised to do so.
7.4.7 Staff receive cyber security and GDPR training at induction and have updates as necessary.
7.4.8 Data is backed up daily to an offsite location.
7.4.9 Perimeter vulnerability testing is conducted regularly by a third party IT services provider.
7.4.10 We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected or for the amount of timer determined by law, for instance for accounts information.
7.4.11 Personal information provided on the website and online credit card transactions are transmitted through a secure server. We are committed to handling your personal information with high standards of information security. We take appropriate physical, electronic, and administrative steps to maintain the security and accuracy of personally identifiable information we collect, including limiting the number of people who have physical access to our database servers, as well as employing electronic security systems and password protections that guard against unauthorized access. Our website uses encryption technology, like Secure Sockets Layer (SSL), to protect your personal information during data transport. SSL encrypts ordering information such as your name, address, and credit card number. Please note that email is not encrypted and is not considered to be a secure means of transmitting sensitive information.
8. How You Can Access Your Data
You have the right to ask for a copy of any of your personal data held by Us (where such data is held). Under the GDPR, no fee is payable and We will provide any and all information in response to your request free of charge. Please contact Us for more details using the contact details below in section 9.
10. Contacting Us