In situations where you consent for us to process your data. An example of this is if you have ticked a box to receive marketing e-mails, when checking out or where you have explicitly signed up to this using our newsletter.
In situations where we require your data to pursue our legitimate interest in a way which might be expected as part of running our business and which does not materially impact your rights, freedom or interest. An example of this may be where we send an abandoned basket email as you started the process with us but did not complete it online.
In situations where we need personal data to comply with our contractual obligations. An example would be where we pass your delivery details to our courier to deliver your order, or for our fitters to install your bathroom and keep you informed of your order progress.
Where the law requires us to, we may need to collect and process your data. An example of this may be where we are required to pass on details of people involved in fraud or other criminal activity effecting the group to law enforcement.
The information we collect includes:
This will be collected from the below:
Please note, we never store payment details in our systems or our website.
Your preferences and use of email and SMS updates, recorded by emails we send you (if you select to receive email/SMS updates).
When you sign up with us, you will be given access to an area called mytubhub. This will collect and store all your designs made instore and online, orders made online, your saved billing and shipping address details and your saved baskets.
If you start shopping with us online and adding items to your shopping basket, either; when using your account or entering your email address, and don't subsequently complete the order, we will send you an email. The email will contain your chosen basket of products and any service we feel would be of help to you. These communications are sent under a legitimate interest basis and are treated separately from our marketing emails. You can unsubscribe from this at any time using the unsubscribe link on the bottom of the email you receive.
Monitoring and recording communications
We may monitor and record communications with you (such as telephone conversations and emails) for quality assurance, training, fraud prevention and compliance.
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:
Any personal information we collect from you will be used in accordance with the General Data Protection Regulation 2018 and other applicable laws. The details we collect will be used to:
When we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Examples of this are when you place an order, we’ll keep the personal data you supply us for a maximum of 6 years so we can comply with our legal and contractual obligations after which it will be anonymised as above.
If your order includes a guarantee, the associated personal data will be retained until the end of the guarantee period.
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We will use technical and organisational measures to safeguard your personal data, for example:
Transfers of your information out of the EEA
We may need to transfer your personal data to a location outside the European Economic Area, for the supply of goods and services. Any transfer of your data will be subject to a European Commission approved contract that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach.
What can I do to keep my information safe?
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
To help personalise your journey and process your orders or assist you with any issues you are having we currently use the following companies, who will process your personal data as part of their contracts with us where applicable:
We may be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please contact us (see ‘How to contact us’ below)
We may decline requests that are unreasonable, prohibited by law, or are not required to be honoured by applicable law. If we deny your request we will explain why within 1 month and you have the right to complain to the supervisory authority.
Any valid request will be actioned within 1 month unless the request is complex or numerous where we will advise you within the first month of an extra 2 month extension and may charge a reasonable fee, which we will advise you of, to allow all data to be gathered this information. The information will be supplied free of charge unless the request is manifestly unfounded or excessive, or in particularly if it is repetitive.
To protect the confidentiality of your information we may also ask you to verify your identity before proceeding with any request you make under this privacy notice. If you ask a 3rd party to submit a request on your behalf we will deny this unless they can prove they have your permission to act on your behalf.
If you are unhappy with our decision or feel your data has been mishandled you have the right to complain to the data regulator the details for this are below
For the UK the Information Commissioner’s Office is the regulator. You can contact them by calling 0303 123 1113 or you can visit them online at www.ico.org.uk/concerns
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.
We consider your data security vital and make every effort to ensure our transaction process is safe and that your personal information is secure.
We utilize stringent security precautions to make our website safe, including the utilization of a Secure Socket Layer (SSL) server across all our pages. Any information you enter while you're utilizing the secure server is encrypted before being transmitted
You can check that you are shopping in a secure environment by looking for either a locked padlock icon or an image of a padlock in the address bar. Normally sites only secure pages like the checkout however we secure every page of our website to give enhanced security. This is easily identifiable as the address will start with https: - the ‘s’ indicating it is a secure page.
The latest versions of the most popular browsers, Internet Explorer, Chrome, Safari and Firefox support this secure connection. If for any reason this option has been disabled on your browser, you will not be able to transact or login until you reset these options to protect your security. Find this option in your browser settings under security.
Our website is secured by Thawte, to protect your personal data. Your payment methods are also covered through MasterCard Secure Code or Verified by Visa and American express safekey.
For your additional security and to protect your personal information we request that you enter your password each time you wish to view your account.
We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.
When progressing with an enquiry our store team will ask if you wish to receive marketing communications via SMS, telephone or email, you can decide at this stage if you wish to receive these. If you enquire on our website, you can choose to opt in at that stage. Our marketing emails and SMS tell you how to “opt-out” of receiving further marketing communications. If you opt out, we may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you such as order confirmation or an email regarding an abandoned basket etc, and as allowed by applicable law, requests for your participation in surveys. If you wish to contact us regarding this, see ‘How to contact us’ below. You can also update you marketing preferences by following clicking here.
A cookie is a piece of text which asks permission to be placed on your computer’s hard drive. Once you agree (or your browser agrees automatically if you have set it up in that way), your browser adds that text in a small file. A cookie helps analyse web traffic or lets web site operators know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. For example, when you visit an electronic store, a cookie makes it easier to shop, by allowing you to place things into a shopping basket; the basket itself is not a cookie; the cookie is placed on your hard drive and keeps track of your basket versus others in use at the same time.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our web site in order to tailor it to customer needs. We only use this information for statistical analysis purposes. Denial of a traffic log cookie may prevent you from using the web site. Overall, cookies help us provide you with a better web site, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. This practice is strictly enforced. We know that people have concerns about cookies, but we believe that the benefit to you and us from their proper use is worthwhile. You may set up your web browser to notify you of cookie placement requests or decline cookies completely (although declining them may prevent you from being able to use the web site properly or at all). You can delete the files that contain cookies - those files are stored as part of your Internet browser.
Click here to see our full cookies policy.
When you use our services, we and our partners may use unique device identifiers, cookies, pixel tags, web beacons and other similar technologies to receive and store information on an automated basis.
Do not track
Some Internet browsers include the ability to transmit “Do Not Track” signals. Since uniform standards for “Do Not Track” signals have not been adopted, our websites do not currently process or respond to “Do Not Track” signals. To learn more about “Do Not Track”, please visit “All About Do Not Track".
Information we receive from third party data partners
We may receive data about you from data providers and combine it with the data that we collect from you examples may include data from our franchise partners and affiliates to confirm your purchases and market to you if you have given permission.
This site contains links to other sites. Please be aware that we are not responsible for the privacy practices or content of such other sites and accordingly assumes no responsibility whatsoever in respect of such sites. Furthermore, we do not endorse any products and/or servicesfeatured on any third party site. You should exercise caution and look at the privacy statement applicable to the site in question.
We do not knowingly collect personal data relating to children under the age of 16. If you are a parent or guardian of a child under the age of 16 and think that we may have information relating to that child, please contact us at (see ‘How to contact us’ below). We will ask you to prove your relationship to the child but if you do so you may (subject to applicable law) request access to and deletion of that child’s personal data.
We will only conduct a credit check if you are applying for a credit account with us. This will be conducted for the below reasons:
Our search will be recorded on the files of the credit reference agency. We may also disclose information about how you conduct your account to credit reference agencies and your information may be linked to records relating to other people living at the same address with whom you are financially linked. Other credit businesses may use your information to:
If you apply for a retail credit agreement this will be done directly through Hitachi, our finance partner.
If you would like to update your marketing preferences please click here.
Alternatively, you can write to us at the below address, we recommend you send any mail recorded delivery to ensure it reaches us.
Head of Legal,
Witan Gate house,
500-600 Witan Gate,
Last modified: 6/12/19