FAIR PROCESSING NOTICE (“PRIVACY POLICY”)
- Who we are
In this Privacy Policy, references to we, us or our mean the Handy Cabin store that processes your personal information and interacts with you. The relevant Handy Cabin entities are:
- Handy Cabin D.I.Y Store, 47-49 Mill Street, Congleton, Cheshire CW12 1AG, United Kingdom;
You can find out how to contact us in Section 9 below.
- Your Privacy
In the course of our dealings with you, we will collect and process personal information about you. Personal information includes any information allowing us to identify you as an individual, for example, your name, your email address or your telephone number.
We are committed to protecting your privacy. We will use your personal information in accordance with all applicable laws and regulations that relate to data protection and privacy.
This Privacy Policy tells you:
- what personal information we collect;
- why we collect this information;
- how we will use it;
- how long we will keep it;
- who else will see it;
- how you can contact us;
- your rights in relation to the personal information that we hold, including your rights to change, delete and see your information.
When using our website, we will also place cookies on your device – please see our Cookies page for more information about the cookies we use and how you can change your cookie settings.
In this Privacy Policy, references to Digital Services mean our websites (we refer to these individually as a Website and collectively as the Websites), and any software and web-based applications that we make available for your use.
For the purposes of the GDPR (and equivalent data protection laws), we are the controller in respect of your personal information that we collect, and process as further described in this Privacy Policy.
As described below, we may share your personal information with other organisations that may receive and process your personal information as a controller in their own right (see Section 9 for further details).
- What information do we collect?
We collect the following types of personal information:
(a) Information we collect when you register with us
When you register with us, we may ask you for a number of pieces of information including:
- your name;
- your postal/delivery address;
- your email address;
- your telephone number;
- a password – please keep this safe;
- whether you would like to receive information from us via email, SMS text, post or telephone;
- if you are placing an order, we will also ask for your payment card number, expiry date and CVV number.
- information that you provide by filling in forms, including those on our Digital Services. This includes information provided by you at the time of becoming a registered user of our Website (or any time thereafter) or if you enter any competition or promotion sponsored by us. This information could include your name, date of birth, address, contact details, information about your home and information about your DIY and home improvement capabilities and intentions; and
- information concerning your marketing preferences.
(b) Information we collect about how you use our Digital Services and when you shop with us
- When you shop with us instore, online, browse our Websites or other organisations’ websites where our adverts are shown, or use our Digital Services, we may collect:
- information about any devices you have used (including the manufacturer, model and operating system, IP address, browser type and mobile device identifiers);
- product selection;
- cookies and information about your online browsing behaviour and history on our Digital Services, your location, and information about when you click on one of our adverts (including those shown on other organisations’ websites);
- details of your purchases with or through us;
- information that you provide to us by using our Digital Services, including any photos you have uploaded on our web and mobile platforms and applications;
- information contained in and records of communications between us, including recordings of telephone calls when you contact us and instant messaging applications;
- information about your preferences in connection with our Digital Services, for the purposes of enhancing and personalising your experience on our Digital Services;
- CCTV footage in which you feature when you visit our premises; and in the event that you have an accident while on our premises that you bring to our attention, we may record details of that accident and any injury you suffer in the relevant store’s accident log.
Please note that if you register an account and/or shop online with us, we will be able to link the information collected from you before registration and/or your online purchase (such as your online browsing behaviour) to your account and future information that we collect after registration and/or your online purchase.
If you provide us with personal information about another person, you must ensure that before you provide us with their personal information, you have their agreement to do so and that they are aware of the ways in which we use personal information as set out in this Privacy Policy.
- Why do we ask for this information?
When you place an order we need your contact and payment information to enable us to take payment and fulfil your order. You can browse our website without providing us with any of this information. When you want to place an order via the website, we ask you to login or register so you can open a customer profile and upload and save images, save your browsing information and your preferences and retrieve them from any of your devices.
You may also provide us with personal information via our forums, product questions and reviews, customer support video chat, survey responses or competition entries.
We will ask for or collect your personal information when you use our customer support services, including telephone support, instant messaging and video chats.
We ask for your permission to send you marketing and promotional material via post, telephone, email and SMS so that we can send you free gifts, discount vouchers, invitations to events, special offers and other marketing material that we believe may be of interest to you. If you give permission, you will be able to withdraw it at any time: by using the unsubscribe link in each communication we send out which will opt you out of receiving either marketing emails or SMS messages, as applicable;
- where you are a registered user of our Website, by using the My Account section on our Website and logging in using your username and password;
- by emailing us via our contact web page.
- by writing to Handy Cabin D.I.Y Store, 47-49 Mill Street, Congleton, Cheshire CW12 1AG, United Kingdom;
You do not have to give us permission in order to use our website.
Please note that, even if you choose not to receive this marketing information, we may still use your personal information to provide you with important services communications, including communications in relation to any orders you submit or products you purchase. We may also offer you the opportunity to indicate the specific types of marketing communications you are particularly interested in receiving from us; where possible, we will tailor the communications you receive to reflect your choices, but we may send you other communications that may be of interest to you.
- How do we use your personal information
We have set out below the purposes for which we use your personal information. We are also required by law to state a “legal basis for processing”, i.e. to tell you on what grounds we are allowed to use your information, and this is also set out below. The legal basis for each purpose is that we have your consent for the use of your personal information, or that we need to use your personal information in order to perform a contract with you, or that the use of your personal information is necessary for our legitimate interests (in which case we will explain what those interests are).
Purpose of processing |
Our legal basis |
+ carry out our obligations under any contracts entered into between you and us for example, we will use your payment details and delivery address to process and fulfil your order(s), and to communicate with you about your order for a service or product; |
Contractual necessity – we use your personal information in order to meet our obligations under our contract with you (for example, to deliver a product you have ordered). |
+ administer your membership to any membership scheme we provide; for example, we will keep a record of your membership and use your details to ensure you receive the benefits of that membership; |
Legitimate interests – we use your personal information to manage our relationship and to administer your membership of our membership schemes so that you can make best use of them. |
+ in the event that you do not complete your registration or order, we may use any contact information you have provided us to follow up on your partial registration or order; |
Legitimate interests – we use your personal information in order to remind you of your partial registration or order and so that you can (if you wish) complete the registration or order. |
+ communicate with you about your order for a product or service; |
Contractual necessity – we use your personal information in order to meet our obligations under our contract with you (for example, to deliver a product you have ordered). We use feedback from customers as part of improving our products and services. |
+ contact you about an appointment you have booked; |
Legitimate interests – we use your personal information to contact you with details of the appointment. |
+ contact you about leaving a review on a product or service or providing feedback once your order has been completed or the service has been provided; |
Legitimate interests – we use your personal information to contact you so that we can ask you to provide feedback on the product or service you have ordered. |
+ notify you about changes to our services and to otherwise communicate with you. For example, we will use your contact details in order to respond to any queries that you submit to us; |
Legitimate interests – we use your personal information to keep you up to date with information about our services, and to respond to your queries. |
+ send you information about products and services, including free gifts, special offers and discounts; |
Legitimate interests – we use your personal information to send you this information. In some cases (such as where we’re required to do so by law) we will also ask for your consent before sending you this information. |
+ review your past purchases and viewing history on our website to provide you with special offers or to tailor your experience online; |
Legitimate interests – we use your personal information to provide you with these offers and to tailor your experience when using our online services. |
+ help us review, develop and improve the products and services we offer, including our Digital Services. For example, calls to our contact centres may be monitored and/or recorded for quality control and training purposes. If you raise a query (for example about a product or about our service) while we still hold a recording of your call, and we can investigate or answer your query by referring back to this call, we may do so. This may mean that your call recording will be held until your query has been resolved; |
Legitimate interests – we use your personal information to help us deliver the best quality of service to you and our other customers. |
+ monitor details of your visits to our Digital Services, including page views, for business and data analysis purposes and to ascertain the products, services, promotions, special offers and discounts that are likely to be of particular interest to you and to use this to send tailored marketing information to you (where we are permitted to do so). For instance, if you browse pages of our Digital Services in relation to a particular category of product, we may use this information to send you marketing communications about that category of product; |
Legitimate interests – we use your personal information to (i) help us deliver the best quality of service to you and our other customers; and (ii) provide you with tailored advertising and to tailor your experience when using our Digital Services. |
+ improve and measure the effectiveness of our marketing communications, including online advertising. We also share cookie and other data with entities such as Google and Facebook in order to make our advertising more relevant to you. We require any such third parties to treat your personal information as fully confidential and to fully comply with all applicable data protection legislation; |
Legitimate interests – we use your personal information to help us understand the effectiveness of our advertising and to make sure you see adverts that are most relevant to you. |
+ provide, enhance and personalise your experience on our Digital Services; |
Legitimate interests – we use your personal information to deliver you a tailored experience when using our digital services. |
+ carry out security checks to protect against fraudulent transactions and to prevent and detect criminal activity; |
Legitimate interests – we use your personal information to protect against unlawful activities. In some cases we may also be under a legal obligation to disclose your personal information (for example, to law enforcement agencies). |
+ address any claims made against us. For example, we may share details of our accident logs and CCTV footage with our claims handlers and insurers in connection with any claim made or likely to be made against us; |
Legitimate interests – we use your personal information to address any claims that are made against us. In some cases we may also be under a legal obligation to disclose your personal information (for example, in connection with legal proceedings). |
+ in order to comply with any legal obligation (including in connection with a court order); |
Compliance with legal obligation – we process your personal information in order for us to comply with our legal obligations. |
+ in order to enforce or apply our Terms and Conditions of Sale or other agreements we have with or otherwise concerning you (including agreements between you and us (or one or more of our affiliates)), or to protect our rights, property or safety or those of our customers, employees or other third parties. |
Legitimate Interests – we process your personal information in order to conduct and manage our business |
Our Digital Services are not intended for children and we do not knowingly collect data relating to children.
- How long do we keep your personal information?
We are required by law to keep your personal information only for as long as is necessary for the purposes for which we are using it. The period for which we keep your personal information will be determined by a number of criteria, including the purposes for which we are using the information, the amount and sensitivity of the information, the potential risk from any unauthorised use or disclosure of the information, and our legal and regulatory obligations.
- Who do we share your personal information with?
We may disclose your personal information to third parties, including in the following circumstances:
We use third parties to carry out certain activities on our behalf that involve the processing of personal information. For example, we may engage third party service providers to fulfil orders, deliver packages, send postal mail, SMS text messages and email, maintain and update our databases of customer details (including the removal of repetitive or incorrect information), analyse data to help us develop, provide and improve our products and services, provide marketing assistance, process card payments, process payments online, carry out surveys and installations, provide customer service, process the booking of appointments and handle claims. These third parties have access to personal information needed to perform their functions, but may not use it for other purposes. We may use the information we receive from third parties to supplement, improve and add to our databases of customer details, for purposes such as credit checking and fraud prevention.
Where we allow customers to pay for products and services via our Digital Services using online payment methods and digital wallets, customer personal information may be shared with providers of those services for payment purposes in order to process the transaction.
We may share information that we hold about you (for example, your email address and information about your purchases) with third parties that also hold your information or have an existing online relationship with you in order to identify you and to enable us (or Kingfisher Group companies or other third parties on our behalf) to provide you with relevant marketing online. For instance, we may share your information with social networking sites such as Facebook and Google so that they can identify you as a customer of ours and can tailor the marketing we send you via their sites and products.
We may pass personal information to external agencies and organisations (including the police and other law enforcement agencies) for the purpose of preventing and detecting fraud (including fraudulent transactions) and criminal activity. These external agencies may check the information we give them against public and private databases and may keep a record of such checks to use in future security checks. We may also disclose personal information to the police and other law enforcement authorities in connection with the prevention and detection of crime.
We may pass personal information to our insurers in the event that a claim is made or could be made against us. For example, we may send CCTV footage and information contained in our accident logs to our insurers. In the event that we sell or buy any business or assets, we may disclose personal information held by us to the prospective seller or buyer of such business or assets. If we or substantially all of our assets are acquired by a third party (or subject to a reorganisation within our corporate group), personal information held by us will be one of the transferred assets.
We may pass your personal information to third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation (including in connection with a court order), or in order to enforce or apply our Digital Services Ts&Cs, Terms and Conditions of Sale, Supply & Install Terms and other agreements we have with or otherwise concerning you (including agreements between you and us (or one or more of our affiliates)); or to protect our rights, property or safety or those of our customers, employees or other third parties.
We may share anonymous or aggregate data (such as aggregated statistics or other anonymised data) with third parties.
Links to external sites
From time to time we may also establish relationships with third parties that will enable you to access the websites or applications (such as video players) of such third parties directly from our Digital Services. Each third party operates its own policy regarding the processing of personal information and the use of cookies on its website(s) or through its applications and you are advised to read the third party’s privacy policy and cookies policy.
Please note that third party websites and applications are not under our control. When you click through to these websites or access these applications you leave the area controlled by us. We do not accept responsibility or liability for any issues arising in connection with the third party’s use of your data (including your personal information).
Where will your personal information be processed?
Your personal information may be transferred to, and stored and processed in, one or more countries outside the European Economic Area (EEA), including countries which do not provide equivalent protection for personal information. In these circumstances, we will take reasonable steps and implement appropriate measures to ensure that your personal information is adequately protected in accordance with the law.
These measures generally include either:
- Transferring personal information to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission; or
- Transferring personal information where the recipient has agreed to a European Commission approved data transfer agreement in the form of the standard contractual clauses.
- Occasionally, we may transfer your personal information in circumstances where there are no adequate safeguards where this is permitted by data protection law.
Please contact us using the details below if you want further information on the specific safeguards used by us when transferring your personal information out of the EEA.
- Your rights
You have the right to ask us to:
- Confirm what personal information we hold about you and provide you with a copy of that data;
- Correct any personal information that is inaccurate;
- Remove your personal information where there is no good reason for us to continue to hold that data;
- Temporarily stop using your personal information if you are questioning our right to use that data and in other circumstances where that right is applicable;
- Stop using your personal information unless we can demonstrate a valid reason why we need to continue to hold that data e.g. to support a product warranty;
- Stop using your personal information to send you marketing materials such as our catalogue, marketing email, discounts or vouchers.
- Provide you with the personal information that you have provided to us, in a structured and commonly-used electronic format, or transmit that information directly to another company if that is technically feasible. This applies where we are using your personal information on the basis of your consent or because it is necessary to perform a contract with you (see How do we use your personal information, above).
Our security procedures mean that we may request proof of identity before we are able to disclose your personal information to you or comply with other requests.
We want to make sure that the personal information we hold about you and your preferences as to how we contact you are accurate and up to date. If any of the details are incorrect, please let us know (details below) and we will amend them.
You also have the right to make a complaint to the supervisory authority if you’re not happy with how we’ve handled your personal information.The websites for the supervisory authorities that regulate our processing of your personal information are set out below:
Supervisory authority |
Supervisory authority contact information |
The Information Commissioner’s Office |
- How to contact us?
Due to the unprecedented challenges we are all facing during the Coronavirus (COVID-19) pandemic, you may experience delays when making information rights requests during the pandemic. Where possible, we ask that you contact us via email.
To update your details or ask for a copy of your personal information:
You can write to us at: Handy Cabin D.I.Y Store, 47-49 Mill Street, Congleton, Cheshire CW12 1AG, United Kingdom;
You can email via the Contact web page.
- Protecting your personal information
The transmission of information via the internet is not completely secure; this risk is common across the internet and not specific to our services. We cannot guarantee the security of your data (including your personal information) transmitted to our services; any transmission is at your own risk.
It is important for you to protect against unauthorised access to your password and to your computing device. Be sure to sign off and close your browser when you have finished your session. This will help to ensure that others do not access your personal information if you share your computing device or use a computing device in a public place such as a library or internet café.
- Updates to this notice
We may update this notice from time to time. The latest version of this notice will be posted on our Website.