- Who we are
2. Legal basis we rely on to process and collect data
In situations where you consent for us to process your data. An example of this is if you have ticked a box to receive marketing e-mails, when checking out or where you have explicitly signed up to this using our newsletter.
In situations where we require your data to pursue our legitimate interest in a way which might be expected as part of running our business and which does not materially impact your rights, freedom or interest. An example of this may be where we send an abandoned basket email as you started the process with us but did not complete it online.
In situations where we need personal data to comply with our contractual obligations. An example would be where we pass your delivery details to our courier to deliver your order, or for our fitters to install your bathroom and keep you informed of your order progress.
Where the law requires us to, we may need to collect and process your data. An example of this may be where we are required to pass on details of people involved in fraud or other criminal activity effecting the group to law enforcement.
3. What information we collect and how
The information we collect includes:
- Names of persons placing orders, delivery address, invoice address, telephone numbers, email address and any other personal information supplied to us
- Payment Information
- Details of shopping preferences
- IP Address- this is your computers individual identification number. This is used to note your interest in our website and your location (e.g. county/city) for our site analytics
This will be collected from the below:
- When you make an online purchase;
- When you create an account with us online or instore;
- When you contact us by any means;
- When you enter prize draws or competitions;
- When you choose to complete any survey we send you;
- When you comment on or review our products and services; and
- When you’ve given a third-party permission to share with us the information they hold about you.
Please note, we never store payment details in our systems or our website.
Your preferences and use of email and SMS updates, recorded by emails we send you (if you select to receive email/SMS updates).
When you sign up with us, you will be given access to an area called mytubhub. This will collect and store all your designs made instore and online, orders made online, your saved billing and shipping address details and your saved baskets.
If you start shopping with us online and adding items to your shopping basket, either; when using your account or entering your email address, and don't subsequently complete the order, we will send you an email. The email will contain your chosen basket of products and any service we feel would be of help to you. These communications are sent under a legitimate interest basis and are treated separately from our marketing emails. You can unsubscribe from this at any time using the unsubscribe link on the bottom of the email you receive.
Monitoring and recording communications
We may monitor and record communications with you (such as telephone conversations and emails) for quality assurance, training, fraud prevention and compliance.
4. Personal information about other individuals
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:
- give consent on his/her behalf to the processing of his/her personal data;
- receive on his/her behalf any data protection notices; and
- give consent to the transfer of his/her personal data abroad;
- give consent to share with third parties to ensure we can fulfil our contract e.g. our delivery service
- give consent to share with third parties for marketing purposes
5. What we do with your information
Any personal information we collect from you will be used in accordance with the General Data Protection Regulation 2018 and other applicable laws. The details we collect will be used to:
- Identify you and manage any accounts you hold with us;
- Process your order;
- Conduct research, statistical analysis and behavioural analysis;
- Carry out customer profiling and analyse your purchasing preferences;
- Let you know about other products or services that may be of interest to you—see 'Marketing’ section below;
- Detect and prevent fraud;
- Do a credit check—see 'Credit checking' section below;
- Customise our website and its content to your preferences;
- Notify you of any changes to our website or to our services that may affect you;
- Improve our services.
- Compliance with legal, regulatory and corporate governance obligations and good practice;
- Gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests;
- Ensuring business policies are adhered to such as policies covering security and Internet use;
- Operational reasons, such as recording transactions, training and quality control;
- statistical analysis;
- Marketing our business and those of our group companies and other business associates;
- Analysing purchasing preferences and improving services; and
- Host mailing and providing customer services
6. How long will we retain your data?
When we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Examples of this are when you place an order, we’ll keep the personal data you supply us for a maximum of 6 years so we can comply with our legal and contractual obligations after which it will be anonymised as above.
If your order includes a guarantee, the associated personal data will be retained until the end of the guarantee period.
7. Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We will use technical and organisational measures to safeguard your personal data, for example:
- access to your account is controlled by a password and user name that are unique to you;
- we store your personal data on secure servers; and
- payment details are encrypted using SSL technology (typically you will see a lock icon or green address bar (or both) in your browser when we use this technology). While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. If you have any concerns about your information, please contact us (see ‘How to contact us’ below).
Transfers of your information out of the EEA
We may need to transfer your personal data to a location outside the European Economic Area, for the supply of goods and services. Any transfer of your data will be subject to a European Commission approved contract that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach.
What can I do to keep my information safe?
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses
8. Who do we share your personal data with?
To help personalise your journey and process your orders or assist you with any issues you are having we currently use the following companies, who will process your personal data as part of their contracts with us where applicable:
- Hitachi Finance
- SLI systems
- New Relic
- Visual website optimizer
- Kerridge commercial systems
- Trade partners
- bathstore franchises
We may be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
9. What rights do you have?
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
- Fair processing of information and transparency over how we use your personal information;
- Access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address;
- Require us to correct any mistakes in your information which we hold;
- Require the erasure of personal information concerning you in certain situations;
- Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;
- Object at any time to processing of personal information concerning you for direct marketing;
- Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
- Object in certain other situations to our continued processing of your personal information;
- Otherwise restrict our processing of your personal information in certain circumstances; and
- Claim compensation for damages caused by our breach of any data protection laws.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please contact us (see ‘How to contact us’ below)
We may decline requests that are unreasonable, prohibited by law, or are not required to be honoured by applicable law. If we deny your request we will explain why within 1 month and you have the right to complain to the supervisory authority.
Any valid request will be actioned within 1 month unless the request is complex or numerous where we will advise you within the first month of an extra 2 month extension and may charge a reasonable fee, which we will advise you of, to allow all data to be gathered this information. The information will be supplied free of charge unless the request is manifestly unfounded or excessive, or in particularly if it is repetitive.
To protect the confidentiality of your information we may also ask you to verify your identity before proceeding with any request you make under this privacy notice. If you ask a 3rdparty to submit a request on your behalf we will deny this unless they can prove they have your permission to act on your behalf.
If you are unhappy with our decision or feel your data has been mishandled you have the right to complain to the data regulator the details for this are below
For the UK the Information Commissioner’s Office is the regulator. You can contact them by calling 0303 123 1113or you can visit them online at www.ico.org.uk/concerns
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.
10.Is shopping online with us safe?
We consider your data security vital and make every effort to ensure our transaction process is safe and that your personal information is secure.
We utilize stringent security precautions to make our website safe, including the utilization of a Secure Socket Layer (SSL) server across all our pages. Any information you enter while you're utilizing the secure server is encrypted before being transmitted.
You can check that you are shopping in a secure environment by looking for either a locked padlock icon or an image of a padlock in the address bar. Normally sites only secure pages like the checkout however we secure every page of our website to give enhanced security. This is easily identifiable as the address will start with https: - the ‘s’ indicating it is a secure page.
The latest versions of the most popular browsers, Internet Explorer, Chrome, Safari and Firefox support this secure connection. If for any reason this option has been disabled on your browser, you will not be able to transact or login until you reset these options to protect your security. Find this option in your browser settings under security.
11.How do you protect my credit card details and personal information?
Our website is secured by Thawte, to protect your personal data. Your payment methods are also covered through MasterCard Secure Code or Verified by Visa and American express safekey.
For your additional security and to protect your personal information we request that you enter your password each time you wish to view your account.
We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.
When progressing with an enquiry our store team will ask if you wish to receive marketing communications via SMS, telephone or email, you can decide at this stage if you wish to receive these. If you enquire on our website, you can choose to opt in at that stage. Our marketing emails and SMS tell you how to “opt-out” of receiving further marketing communications. If you opt out, we may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you such as order confirmation or an email regarding an abandoned basket etc, and as allowed by applicable law, requests for your participation in surveys. If you wish to contact us regarding this, see ‘How to contact us’ below. You can also update you marketing preferences by following clicking here.
13.Cookies/tracking and links
A cookie is a piece of text which asks permission to be placed on your computer’s hard drive. Once you agree (or your browser agrees automatically if you have set it up in that way), your browser adds that text in a small file. A cookie helps analyse web traffic or lets web site operators know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. For example, when you visit an electronic store, a cookie makes it easier to shop, by allowing you to place things into a shopping basket; the basket itself is not a cookie; the cookie is placed on your hard drive and keeps track of your basket versus others in use at the same time.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our web site in order to tailor it to customer needs. We only use this information for statistical analysis purposes. Denial of a traffic log cookie may prevent you from using the web site. Overall, cookies help us provide you with a better web site, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. This practice is strictly enforced. We know that people have concerns about cookies, but we believe that the benefit to you and us from their proper use is worthwhile. You may set up your web browser to notify you of cookie placement requests or decline cookies completely (although declining them may prevent you from being able to use the web site properly or at all). You can delete the files that contain cookies - those files are stored as part of your Internet browser.
Click here to see our full cookies policy.
When you use our services, we and our partners may use unique device identifiers, cookies, pixel tags, web beacons and other similar technologies to receive and store information on an automated basis.
Do not track
Some Internet browsers include the ability to transmit “Do Not Track” signals. Since uniform standards for “Do Not Track” signals have not been adopted, our websites do not currently process or respond to “Do Not Track” signals. To learn more about “Do Not Track”, please visit “All About Do Not Track".
Information we receive from third party data partners
We may receive data about you from data providers and combine it with the data that we collect from you examples may include data from our franchise partners and affiliates to confirm your purchases and market to you if you have given permission.
This site contains links to other sites. Please be aware that we are not responsible for the privacy practices or content of such other sites and accordingly assumes no responsibility whatsoever in respect of such sites. Furthermore, we do not endorse any products and/or servicesfeatured on any third party site. You should exercise caution and look at the privacy statement applicable to the site in question.
We do not knowingly collect personal data relating to children under the age of 16. If you are a parent or guardian of a child under the age of 16 and think that we may have information relating to that child, please contact us at (see ‘How to contact us’ below). We will ask you to prove your relationship to the child but if you do so you may (subject to applicable law) request access to and deletion of that child’s personal data
We will only conduct a credit check if you are applying for a credit account with us. This will be conducted for the below reasons:
- so that we and other companies in our group can make credit decisions about you and members of your household; and
- to prevent and detect fraud and money laundering
Our search will be recorded on the files of the credit reference agency. We may also disclose information about how you conduct your account to credit reference agencies and your information may be linked to records relating to other people living at the same address with whom you are financially linked. Other credit businesses may use your information to:
- make credit decisions about you and the people with whom you are financially associated;
- trace debtors; and
- prevent and detect fraud and money laundering If you provide false or inaccurate information to us and we suspect fraud, we will record this. If you want to see your credit file, please contact the credit reference agency.
If you apply for a retail credit agreement this will be done directly through Hitachi, our finance partner.
16.Notification of changes
17.How to contact us?
If you wish to make a request for the personal data we store please simply click here to fill out our online form. This way we can make sure we have all the information we need to conduct your request. If you would like to update your marketing preferences please click here.
Alternatively, you can write to us at the below address, we recommend you send any mail recorded delivery to ensure it reaches us.
Data Protection Officer
Home House, 3 Albany Place,
Hyde Way, Welwyn Garden City