Wilko Privacy Policy

This notice covers users of Wilko.com. Wilko.com is owned by CDS Superstores International Ltd T/A The Range, who are the data controller for any personal data processed through Wilko.com. For more information on The Range please go to: https://www.therange.co.uk/privacy-notice/.

This notice together with any documents referred to in it explains how we process your personal data including the collection, storage, how we use it and otherwise process your data. It also explains your rights in relation to that personal data.

We collect data in several ways, including in store, via the website, by phone, fax, post or social media:

• Browsing, ordering and buying goods in store or from our website
• Registering for an online account
• Signing up and receiving marketing emails, competition and prize draw entry
• Customer feedback, including satisfaction surveys and product reviews
• When you contact us such as via customer services or social media
• In store Wi-Fi
• Taking part in a live chat and other online forums
• CCTV and body worn cameras
• Development of promotional material, including images
• Reports of incidents and crime
• Visitor signing in records
• Call recordings

The type of information that we collect will depend on the interaction or relationship we have with you. Types of information we collect may include:

• Name
• Email
• Residential address and delivery address
• Mobile and home phone number
• Purchase and order history
• Marketing preferences
• Images and recordings such as CCTV, Audio, adverts, promotional material, events etc.
• Age, DOB or age bracket
• Gender
• Health data
• Diversity and Inclusion data
• University details: University name, place and year of study
• Interests, hobbies and likes from social media (but not limited to) Facebook and Twitter
• Lifestyle and social circumstances
• Feedback, survey and quiz responses
• Correspondence - when you contact us either in writing or over the phone
• Payment information
• Information relating to incidents, crime, offenders, suspected offenders and criminal proceedings
• MAC address (Media Access Control address) – which you provide if you access our in store Wi-Fi Details of your visits to our website including, but not limited to: traffic data, location data, web logs and other communication data and the resources that you access
• Information on the pages that you have visited on our website, demographics and interests (please see our cookie policy for more information).

• Customers
• Suppliers
• Subscribers
• Individuals who send enquiries/information to us
• Visitors to our premises and or website
• Team members, contractors, temporary and casual workers
• Images captured from our CCTV and other recording devices
• Any relevant third parties
• Governing and legal bodies

• To process and complete customer transactions, including returns.
• To notify you about changes or updates to our goods or services.
• To improve/personalise our service offerings to you.
• To respond to any comments, enquiries or complaints and resolve any issues.
• To maintain and administer our records.
• To evaluate how our goods and services meet your needs, and to have a better understanding of how and where we can make improvements through market research and feedback.
• To send you offers we think might be of interest to you.
• Using Images and AI to prevent, detect and investigate claims and crime, such as fraud, theft, criminal damage etc
• To make sure that your visit to our website provides you with the most suitable content (please refer to the cookies policy)
• Use your online browsing behaviour and purchases to help us better understand you, meet your needs as a customer and to provide you with marketing communications which are relevant to your interests. (please refer to the cookies policy)
• To assist wilko in matters relating to the Health and Safety Act 1974

We only use your data when we have a legal basis for doing so. The legal basis for using your data will depend on what we need to do but includes:

• Contract: for Wilko to provide goods and services
• Legal obligation: to comply with the law
• Vital Interests: for us to be able to protect individuals
• Legitimate Interest: where necessary for our interests or the interest of a third party, after carefully considering any effect to individual rights and freedoms
• Consent: where clear consent is given to use your data for a specific purpose.

For more information on our legal basis for sharing please contact [email protected]

We do not share or disclose your data, except as described in this Privacy Notice. Wilko may need to share your personal data so that the right business can provide the service you have requested.

Data sharing with third parties
We also work with trusted third-party suppliers and agencies so they can process data on our behalf, but only where they meet our data protection and security standards. We only share the minimal information that allows them to provide services to us or to facilitate providing services to you.

The types of third parties include:

• Couriers
• Suppliers and manufacturers
• Advertising, marketing, market research and customer feedback/competition agencies
• Social media platforms
• Other trusted third parties, including IT & website service providers
• Research agencies
• Law enforcement and Government agencies
• Our trusted professional advisers, such as insurance providers, legal, civil / debt recovery and collecting investigators, accountancy and auditors.

We transfer data between Wilko.com and CDS Superstores T/A The Range and with our suppliers and service providers. Where these providers are based outside the UK, we use appropriate safeguards as set out in the law to protect your data.

We will only retain your data for as long as is necessary or in accordance with legal requirements. How long we need to keep your personal data will depend on the purpose it was collected for, including: providing you with services you’ve requested, meeting our legal and regulatory obligations, complaints, and disputes.

When we no longer have a requirement to keep your data, this will be securely deleted or archived anonymously.

For more information on how long your data is stored please contact [email protected]

You have several rights available to you and these are set out in the General Data Protection Regulations including:

• Right to be informed -this means you have a right to be informed about the way we collect and use your data.
• Right of Access - this means you have a right to request a copy of the data we hold about you.
• Right of Rectification - this means that you can request we correct your personal data if it is inaccurate.
• Right of Erasure - this means you can request that all the data that we hold about you is deleted.
• Right to Restrict Processing - this means that you can request the processing of your data is blocked and your data is stored separately.
• Right to Data Portability - this means that you can request a secure transfer of your data to another business.
• Right to Object - this means you have a right to object to direct marketing, including profiling.
• Rights Related to Automated Decision Making and Profiling – this means that human intervention can be requested where automated decision making, and profiling is made about you.
• Right to withdraw consent – please send to: [email protected]

If you wish to see the personal data, we hold for you then please send your request to [email protected]

In most circumstances your data will be provided within one calendar month’ and free of charge, unless the request is deemed as manifestly excessive or unfounded.

We would request that you contact us prior contacting the Information Commissioners Office (ICO for short) who are the regulator and supervisory authority for the United Kingdom, so we can make every effort to reassure you and answer any queries you may have.

You have the right to make a complaint to the ICO if you believe that we are not using your data in accordance with the law.

The ICO website is www.ico.org.uk where you can find information on how to complain.

This Privacy Notice is reviewed and updated on an annual basis, in addition to making any changes in line with updated regulation and communicating changes accordingly.

Last updated: September 2023

Reason for update: For update to change in Data Controller