This policy covers the wilko family of businesses. For more information on our businesses please go to www.corporate.wilko.com.
|Name of company||Description||Information Commissioners Office (ICO) registration number|
|Wilkinson Hardware Stores Limited||Our original company and now our holding company. It provides key activities such as strategy and development, IT, legal and finance support to the wilko family of businesses.||ZA338097|
|wilko brands limited||Is the company that develops the wilko branded products||ZA275719|
|wilko digital limited||wilko.com is where our customers can shop online||ZA338081|
|wilko retail limited||Our stores and the distribution centres||Z563418X|
|wilko worldwide limited||Sources our wilko brand products.||n/a|
We collect data in a number of ways, including in store, via the website, by phone, post or social media:
- Ordering and buying goods in store or from our website
- Registering for an online account
- Signing up to receive marketing emails
- Competition and prize draw entry
- Customer feedback satisfaction survey and product reviews
- When you contact us such as via customer services or social media
- In store Wi-Fi
- Taking part in a live chat and other online forum
- Applying for a role as a wilko Team Member
- Recruitment systems and agencies
- Development of promotional material
The type of information that we collect will depend on the purpose that you contact us. These are most likely to include:
- Residential address and delivery address
- Mobile and home phone number
- Purchase and order history
- Age and date of birth
- Images and recordings such as CCTV, adverts, promotional material, events etc.
- Interests, hobbies and likes from social media such as Facebook, Twitter
- Lifestyle and social circumstances
- Feedback and survey responses
- Correspondence - when you contact us either in writing or over the phone
- Payment information
- Information relating to offenders, suspected offenders and criminal proceedings
- MAC address (Media Access Control address) – which you provide if you access our in store Wi-Fi Details of your visits to our website including, but not limited to: traffic data, location data, web logs and other communication data and the resources that you access
- Information on the pages that you have visited on our website, demographics and interests (please see our Cookies Policy for more information).
- For those applying for role as a wilko Team Member; education and qualifications, previous employment history, health information, information relating to criminal offences, health information, gender previous employment, referee contact details.
- Team members, contractors, temporary and casual workers
- Individuals who send enquiries/information to us
- Visitors to our premises
- Images captured from our CCTV
- Credit reference agencies
- For those applying for a role as a wilko team member
- Recruitment agencies
- Nominated referees
- Disclosure and Baring Service (previously called the Criminal Reference Bureau)
- Current or previous employers
- To process and complete your order
- To notify you about changes to our goods or services
- Use your online browsing behaviour and purchases to help us better understand you, meet your needs as a customer and to provide you with marketing communications which are relevant to your interests
- To respond to any comments enquiries or compliments and resolve any issues
- To maintain and administer our records
- To evaluate how our goods and services meet your needs, and to have a better understanding of how where we can make improvements through market research, customer and team member feedback
- To send you offers we think might be of interest to you
- To prevent, detect and investigate crime, such as fraud, theft, criminal damage etc
- To make sure that your visit to our website provides you with the most suitable content (please refer to the cookies policy)
- To assess your eligibility for work
- To use what we know about you to understand you better and provide you with information that we think will be of interest to you
We only use your data when we have a legal basis for doing so. The legal basis for using your data will depend on what we need to do but includes:
Contract: for us to provide the goods and services we have agreed to provide to you
Legal obligation: for us to comply with the law, this includes examples such as HMRC, Health and Safety Executive
Vital Interests: for us to be able to protect someone’s life
Legitimate Interest: where necessary for our interests or the interest of a third party, but only after carefully considering any effect this may have on you, and in particular your rights and freedoms
Consent: where you have given us your clear consent to use your data for a specific purpose. You have the right to withdraw your consent at any point and more details can found on this by logging into your account/preference centre or contacting us (link to DPO details/correspondence)
We do not sell, rent, trade or otherwise disclose your data, except as described in this Policy. The way that the wilko family of businesses is set up means that we may need to share your personal data so that the right business can provide the service you have requested.
We also work with trusted third party suppliers and agencies so they can process data on our behalf, but only where they meet our strict standards. We only share the minimal information that allows them to provide services to us or to facilitate providing services to you.
The types of third parties include:
- Advertising, market research and customer feedback agencies
- Third party agencies that analyse and provide insight into your online browsing and shopping history
- Law enforcement and Government agencies
- Our trusted professional advisers, such as insurance providers, legal, debt recovery and investigators, accountancy and auditors
- Debt collection and tracing agencies
- Research agencies
- if wilko or substantially all of its assets are acquired by a third party
- email service provider
We transfer data between our family of businesses and with our suppliers and service providers. Where these providers are based outside the European Economic Area we use appropriate safeguards as set out in the law you to protect your data.
We retain a record of your data so as to provide you with a high quality of service across our family of businesses. We will only retain your data in accordance with the law and we will only retain it for as long as is necessary. How long we will need to keep your personal data will depend on the purpose it was collected for and our basis in law for keeping it. There a number of reasons we may need to retain it.
Reasons we might need to keep your data include:
- Financial reporting - to report financial information to HMRC
- Record of payments – for us to reconcile our records with your receipt to organise product returns
- Insurance - to show our previous contact with customers in the case of a claim, such as defective product, a personal injury in our stores
Your data will be disposed of securely once it is no longer needed.
The General Data Protection Regulation gives you a number of rights in relation to your data. These are set out briefly below:
Right to be informed - this means you have a right to be informed about the way we collect and use your data.
Right of Access - also sometimes called a Subject Access Request - this means you have a right to request a copy of the data we hold about you (link to SAR).
Right of Rectification - this means that you can request we correct your personal data if it is inaccurate.
Right of Erasure - this means you can request that all the data that we hold about you is deleted.
Right to Restrict Processing - this means that you can request the processing of your data is blocked and your data is stored separately.
Right to Data Portability - this means that if you can request a secure transfer of your data to another business.
Right to Object - This means you have a right to object to direct marketing, including profiling.
Rights Related to Automated Decision Making and Profiling – This means that where a decision is being made about you using an automated process, you can request an explanation as to why that process is used and to request human intervention if you believe a human would come to a different conclusion
Right to withdraw consent - see link
Right to complain to the Regulator - Details on how you can do this are included further down the page.
If you wish to see the data we hold for you then please send your request to us.
We will act upon promptly upon receiving your request. In most circumstances, your data will be provided and free of charge.
Before providing any information we will need to verify your identity and may request further information from you so we may progress your query as quickly as possible
When you use our website or trusted providers, you may be able to share information through social media networks such as Facebook and Twitter for example through ‘likes’ or reviews. When doing this your data may be visible to providers of social network services, their users as well as the wilko family of businesses. We recommend that you consider the privacy settings on your social media accounts so as you are clear how your information may be used and shared.
Here are some of the measures we take to protect your data:
- Information technology protection for example through firewalls, encryption, separation of our system
- Limit who is able to get into our buildings and where people are allowed to go, for example by use of passes, card access and other technologies
- We never ask for your password
We never ask you to enter your password or your account details into an email or an email link. We ask if you receive any requests of this nature to contact us (link).
If there is anything you cannot find the answer to in our Policy then we are more than happy to help you.
If you wish to make a request relating to any of the above rights please contact InfoGov@wilko.co.uk
The contact details for the Data Protection Officer for wilko are
Name: Barry Smith email address: InfoGov@wilko.co.uk
You have the right to make a complaint to the regulator if you believe that we are not using your data in accordance with the law.
The supervisory authority for the United Kingdom is The Information Commissioner's Office (ICO).
- By phone: 0303 123 1113
- By letter:
- The Information Commissioner's Office
- Wycliffe House
- Water Lane
- SK9 5AF
We would request that you make contact with us prior to the ICO, so we can make every effort to reassure you and answer any queries you may have.