Why do we need this document?
The Data Protection Act 2018 requires wilko to provide certain information to individuals when we process their personal data.
What is the purpose of this?
To be open and transparent on how wilko processes that personal data and meets its data protection obligations.
Who needs to understand this?
Customers, suppliers, third parties and visitors and potentially the general public.
Data Protection Officer.
- Who we are?
- How we collect your data
- What data we collect
- Who we collect data from?
- How we use your data
- Our legal basis for using your data
- Who we share your data with?
- Where we store your data
- How long we keep your data
- Your rights regarding your data
- Obtaining a copy of your data
- Contact Us
- Your right to complain to the regulator
- Privacy Notice changes
Wilko is committed to being open and transparent about how it processes personal data and meets its data protection obligations. Please read this privacy notice carefully.
This notice covers the wilko family of businesses. For more information on our businesses please go to www.corporate.wilko.com.
This notice together with any documents referred to in it explains how we process your personal data including the collection, storage, how we use it and otherwise process your data. It also explains your rights in relation to that personal data.
We collect data in several ways, including in store, via the website, by phone, fax, post or social media:
- Browsing, ordering and buying goods in store or from our website
- Registering for an online account
- Signing up and receiving marketing emails, competition and prize draw entry
- Customer feedback, including satisfaction surveys and product reviews
- When you contact us such as via customer services or social media
- In store Wi-Fi
- Taking part in a live chat and other online forums
- Development of promotional material, including images
- Reports of incidents and crime
- Visitor signing in records
The type of information that we collect will depend on the interaction or relationship we have with you. Types of information we collect may include:
- Residential address and delivery address
- Mobile and home phone number
- Purchase and order history
- Marketing preferences
- Images and recordings such as CCTV, adverts, promotional material, events etc.
- Age, DOB or age bracket
- Health data
- University details: University name, place and year of study
- Interests, hobbies and likes from social media such as Facebook, Twitter
- Lifestyle and social circumstances
- Feedback and survey responses
- Correspondence - when you contact us either in writing or over the phone
- Payment information
- Information relating to incidents, crime, offenders, suspected offenders and criminal proceedings
- MAC address (Media Access Control address) – which you provide if you access our in store Wi-Fi Details of your visits to our website including, but not limited to: traffic data, location data, web logs and other communication data and the resources that you access
- Individuals who send enquiries/information to us
- Visitors to our premises and or website
- Team members, contractors, temporary and casual workers
- Images captured from our CCTV and other recording devices
- Any relevant third parties
- To process and complete customer transactions, including returns.
- To notify you about changes to our goods or services;
- To improve/personalise our service offerings to you;
- To respond to any comments enquiries or complaints and resolve any issues;
- To maintain and administer our records;
- To evaluate how our goods and services meet your needs, and to have a better understanding of how where we can make improvements through market research and feedback;
- To send you offers we think might be of interest to you;
- To prevent, detect and investigate claims and crime, such as fraud, theft, criminal damage etc
- To make sure that your visit to our website provides you with the most suitable content (please refer to the cookies policy);
- Use your online browsing behaviour and purchases to help us better understand you, meet your needs as a customer and to provide you with marketing communications which are relevant to your interests. (please refer to the cookies policy)
- To assist wilko in matters relating to the Health and Safety Act 1974
We only use your data when we have a legal basis for doing so. The legal basis for using your data will depend on what we need to do but includes:
- Contract: for Wilko to provide goods and services
- Legal obligation: to comply with the law
- Vital Interests: for us to be able to protect individuals
- Legitimate Interest: where necessary for our interests or the interest of a third party, after carefully considering any effect to individual rights and freedoms
- Consent: where clear consent is given to use your data for a specific purpose.
For more information on our legal basis for sharing please contact firstname.lastname@example.org
We do not share or disclose your data, except as described in this Privacy Notice. The wilko family of businesses may need to share your personal data so that the right business can provide the service you have requested.
Data sharing with third parties
We also work with trusted third-party suppliers and agencies so they can process data on our behalf, but only where they meet our data protection and security standards. We only share the minimal information that allows them to provide services to us or to facilitate providing services to you.
The types of third parties include:
- Advertising, marketing, market research and customer feedback/competition agencies
- Social media platforms
- Other trusted third parties, including IT & website service providers
- Research agencies
- Law enforcement and Government agencies
- Our trusted professional advisers, such as insurance providers, legal, civil / debt recovery and collecting investigators, accountancy and auditors;
- if wilko or substantially all its assets are acquired by a third party;
We transfer data between our family of businesses and with our suppliers and service providers. Where these providers are based outside the European Economic Area, we use appropriate safeguards as set out in the law to protect your data.
We will only retain your data for as long as is necessary or in accordance with legal requirements. How long we need to keep your personal data will depend on the purpose it was collected for, including: providing you with services you’ve requested, meeting our legal and regulatory obligations, complaints and disputes.
When we no longer have a requirement to keep your data, this will be securely deleted or archived anonymously.
For more information on how long your data is stored please contact email@example.com
Depending on the circumstances you have several rights available to you and these are set out in the General Data Protection Regulations including:
- Right to be informed - this means you have a right to be informed about the way we collect and use your data.
- Right of Access - this means you have a right to request a copy of the data we hold about you.
- Right of Rectification - this means that you can request we correct your personal data if it is inaccurate.
- Right of Erasure - this means you can request that all the data that we hold about you is deleted.
- Right to Restrict Processing - this means that you can request the processing of your data is blocked and your data is stored separately.
- Right to Data Portability - this means that you can request a secure transfer of your data to another business.
- Right to Object - this means you have a right to object to direct marketing, including profiling.
- Rights Related to Automated Decision Making and Profiling – this means that human intervention can be requested where automated decision making, and profiling is made about you.
- Right to withdraw consent – please send to: firstname.lastname@example.org
If you wish to see the personal data, we hold for you then please send your request to email@example.com
In most circumstances your data will be provided within 30 days and free of charge, unless the request is deemed as manifestly excessive or unfounded.
If you wish to make a request relating to any of the above rights, please contact firstname.lastname@example.org
The contact details for the Data Protection Officer for wilko are:
Name: Tara Neal email address: email@example.com
We would request that you contact us prior contacting the Information Commissioners Office (ICO for short) who are the regulator and supervisory authority for the United Kingdom is, so we can make every effort to reassure you and answer any queries you may have.
You have the right to make a complaint to the ICO if you believe that we are not using your data in accordance with the law.
The ICO website is www.ico.org.uk where you can find information on how to complain.
This Privacy Notice is reviewed and updated on an annual basis, in addition to making any changes in line with updated regulation and communicating changes accordingly.
Last updated: June 2020
Reason for update: Annual review