Hillarys Blinds Limited Privacy Notice
We are Hillarys Blinds Limited (referred to in this document as ‘Hillarys’, ‘we’ or ‘us’)
Alternatively you can write to us at Hillarys Blinds Limited, Colwick Business Park, Private Road No 2, Colwick, Nottingham NG4 2JR
Should you have any issues, concerns or problems in relation to your data, or wish to notify us of data which is inaccurate, please let us know by contacting us. In the event that you are not satisfied with our processing of your personal data, you have the right to lodge a complaint with the relevant supervisory authority, which is the Information Commissioner’s Office (ICO) in the UK, at any time. The ICO’s contact details are available here: https://ico.org.uk/concerns/.
We will update this privacy statement when necessary. When we post changes to this statement, we will revise the “last updated” date at the top of the statement and highlight what has changed. If there are any changes as to how Hillarys Blinds use will use your personal data, we will notify you by directly sending you a notification. We encourage you to periodically review this privacy statement to learn how Hillary is protecting your information.
Data Protection law sets out a number of different reasons why a company can collect and process your personal data. The bases that we use as a company are:
Where we have a contact with you, we will use your personal data to fulfil the contract, for example we collect your address details in order to measure and fit the products that you wish to buy from us.
In some cases the law requires us to collect and pass on your data, for example we pass on details of people involved in fraud or other criminal activity affecting us to law enforcement.
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example we will use your purchase history to send you direct marketing information about products and services that are available and we believe are of interest you.
We want to give you the best possible customer experience. One way to achieve that is to get the richest picture we can of who you are by combining the data we have about you. We then use this to offer you promotions, products and services that are most likely to interest you.
The data privacy law allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service. If you wish to change how we use your data, you’ll find details in the ‘What are your rights?’ section below.
If you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.
If we intend to use your personal data for any purposes not set out below, we will notify you beforehand.
To confirm your appointment date and time
In order to pursue our legitimate interests to allow you to book appointments, we will contact you with to confirm your appointment details. This may be via email, SMS or telephone.
To provide you with the goods and services which you have ordered from us
We need your personal data to comply with our contractual obligations so that we can manage your customer account and provide you with the goods and services you want to buy, including sending any relevant and necessary documentation and communications regarding the product or service and help you with any orders and refunds you may ask for. Sometimes we may need to share your details with a third party who is providing a service (such as delivery couriers or a fitter visiting your home). We do this to be able to fulfil our contract with you.
To allow you to pay for the goods and services that you have received
In order pursue our legitimate interests we may need to contact you to take payment or pass your details onto third parties for debt collection purposes.
Manage and improve our day-to-day operations
We have a legitimate interest to improve our product range and ensure that it is tailored to our customers’ needs. We do this by carrying out market research relating to our product range and internal research and development, and may need to process your personal data to do so.
As a business we have a legitimate interest to ensure that you can safely use our services. To do this we will use your personal data to detect and prevent fraud and other crimes. If we discover or suspect criminal activity through this monitoring we may pass your personal information to law enforcement to help protect individuals from criminal activities.
Personalise your shopping experience
To enhance your use of our services, and provide you with a personalised shopping experience, we will use your online browsing behaviour as well as previous purchases to help us better understand you as a customer and provide you with personalised offers and services as part of our legitimate interests.
We want to provide you with marketing communications, including online advertising, that are relevant to your interests as part of our legitimate interests. To achieve this we measure your responses to marketing communications relating to products and services we offer, which also means we can offer you products and services that better meet your needs as a customer. You can change your marketing choices at any time, for details of how to do this see the ‘your rights’ section below. For information concerning your choices when it comes to cookies, and how you can control your online behavioural advertising preferences please visit www.hillarys.co.uk/cookie-information.
Cookies can be blocked by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
Contact and interact with you
We want to serve you better as a customer so we use personal data to provide clarification or assistance in response to communications you have sent to use, including social media posts that you have directed at us as part of our legitimate interests to interact with our customers and improve their experience.
We carry out market research to exercise our legitimate interests to improve our Services, and may invite you to take part in and manage customer surveys, questionnaires and other market research activities carried out by us and by other organisations on our behalf. However, if we contact you about this, you do not have to take part in the activities. This will not affect your ability to use our Services.
To administer any promotions or competitions that you choose to take part in
If you choose to take part in a promotion or competition, including those we run with our suppliers and Retail Partners, we need to process your personal data with your consent so that we can manage the promotions or competitions.
Understand and improve service levels
In order to pursue our legitimate interests as a company, we want to improve the service that we provide to our customers and understand the cause of any issues that might have arisen during the order process.
To do this we may process your personal data to monitor the status and outcome of your order and to generate a range of internal analysis aimed at identifying any areas of improvement.
To comply with our legal obligations
In some cases we will need to process your personal data to comply with our legal obligations. For example we sometimes need you to verify your identity before responding to your requests.
To send you communications required by law, or which are needed to inform you about changes to products or services that have been provided to you. For example updates to this Privacy notice, product recall notices or information we are legally required to communicate to you regarding your order. These messages will not include any marketing content.
To comply with any legal obligations to share data with law enforcement, for example if a court order is submitted to us requiring that we share your personal data.
To ensure your safety and detect and prevent crime
In order to pursue our legitimate interests as a company, we have installed CCTV in some of our premises. This allows us to monitor the safety of visitors, assists in day to day management, and acts as a deterrent against crime, vandalism and disruption.
This section lets you know under what circumstances we may collect personal information from you, and what personal data we may collect.
When you contact us to request a brochure, order samples or book an appointment, you may provide us with:
- Your personal contact details, including your name, postal address, email address and telephone number
When you purchase products from us, you may provide us with:
- Your personal contact details, including your name, postal address, email address and telephone number
- Information about your purchase, for example what you have bought, when you bought it, what the installation address is and financial information relating to how you paid for it
When you browse our websites we may collect:
- Information about the device you have used to access the Website (including the make, model and operating system, IP address, browser type and mobile device identifiers)
- Your IP address is unique identifier used to identify the computer or device that you are using to access the internet.
- Information about your online browsing behaviour on our Website, including which site you came from and products that you are interested in, and information about when you click on one of our adverts, including those shown on other organisations’ websites.
When we contact you we may collect:
- Details of the emails and other digital communications we send to you that you open, including any links in them that you click on
- Copies of documents you provide to prove your age or identity where the law requires this. (including your passport and driver's licence). This may include details of your full name, address, date of birth and facial image. If you provide a passport, the data will also include your place of birth, gender and nationality.
When you contact us (including via social media) we may collect:
- Personal data you provide about yourself any time you contact us about our Services (for example, your name, social media username and contact details), including by phone, email or post or when you speak with us through social media
- Details of your interactions with us through contact centres, in store or with our Advisors. For example we may collect notes of conversations with you, details of any complaints or comments you have made and copies of emails that you have sent us.
When you take part in any promotions or competitions of ours, or chose to complete any surveys we send you
- Your feedback and contributions to customer surveys and questionnaires
- Details of the promotion, including your responses and any prizes won.
When you comment on or review our products and services online
- Your comments and product reviews if posted online
When you visit our shops or other premises we may collect:
- Images of you during your visit
It is important that personal data we hold about you is accurate and up to date. Please keep us informed if your personal data changes during your relationship with us. Our contact details can be found at the end of this privacy notice or at the ‘Contact Us’ tab of our website.
We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.
Where we engage with third parties to process personal data on our behalf, we do so, on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
We will not keep your personal data for longer than is necessary for the purpose or purposes that it was initially collected. At the end of that retention period, your data will either be securely deleted or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Some examples of retention periods are below:
When you call our contact centre we may record the conversation, if we do this will be held for a maximum of 12 months unless the call is required for the resolution of an ongoing dispute.
If you place an order with us we have to retain the details of the order, including your personal data, for 10 years to comply with our legal and contractual obligations. If the order included a warranty which was for a longer period than this, and you have registered that warranty with us, we will keep details of the warranty period and any associated personal data for the duration of the warranty period.
We will share your personal information with third parties (including companies in the Hillarys group) set out below the purposes set out in the ‘How and why we use personal data?’ section above
Sharing your details within the Hunter Douglas group
We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
We will only do so if the company is located in the EEA, in a country on the EU adequacy list or is located in the USA and the transfer is being made under the Safe Harbour agreements.
For a list of companies included in the Hunter Douglas group please see our latest annual report which is available at http://investor.hunterdouglasgroup.com/
Partners and Service providers
We apply the following policy when we share your personal information with external organisations
- We provide only the information they need to perform their specific services.
- They may only use your data for the exact purposes we specify in our contract with them.
- We work closely with them to ensure that your privacy is respected and protected at all times.
- If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
We work with carefully selected Service Providers that carry out certain functions on our behalf. These include, for example, companies that help us with technology services, storing and combining data, processing payments and delivering orders. We only share personal data that enable our Service Providers to provide their services.
Some of the Service Providers we work with operate online media channels, and they place relevant online advertising for our products and services, as well as those of our suppliers and our Retail Partners, on those online media channels on our behalf. For example, you may see an advert for our products and services as you use a particular social media site or watch television through your pay TV account.
In addition to our use of service providers, we may also disclose your personal data to our suppliers or subcontractors in order to provide you with the Services you have requested from us.
We may disclose your personal data on the basis of our legitimate interests to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
Financial transactions relating to our website and services are handled by our payment services providers. We share your information with them in so that we can process your payments, and deal with complaints and queries relating to these payments and/or refunds.
See Appendix 1 for more information.
We may share personal data with other organisations not included in the list in the previous section in the following circumstances:
- if the law or a public authority says we must share the personal data;
- if we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk);
- to an organisation we sell or transfer (or enter into negotiations to sell or transfer) any of our businesses or any of our rights or obligations under any agreement we may have with you to. If the transfer or sale goes ahead, the organisation receiving your personal data can use your personal data in the same way as us; or
- to any other successors in title to our business.
Additionally, we will disclose your personal information to the relevant third party:
- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
- If we are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets; or
At Hillarys we take your safety and security very seriously and we are committed to protecting your personal and financial information. All information kept by us is stored on our secure servers.
We do not transfer your data outside the European Economic Area ("EEA"). If in future we do need to transfer your data outside the EEA, we will only do so if adequate protection measures are in place in compliance with data protection legislation.
Under General Data protection Regulation (GDPR) you have a number of rights. Some of these are complex and not all of the details have been included in our summaries below. Please read the relevant guidance from the Information Commissioner’s Office on their website at https://ico.org.uk/for-the-public/ for a full explanation of these rights.
You have the right:
- To ask us not to process your personal data for marketing purposes. We will inform you if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes;
- To ask us not to process your personal data where it is processed on the basis of legitimate interests provided that there are no compelling reasons for that processing;
- To request from us access to personal information held about you;
- To ask for the information we hold about you to be rectified if it is inaccurate or incomplete;
- To ask for data to be erased provided that the personal data is no longer necessary for the purposes for which it was collected, you withdraw consent (if the legal basis for processing is consent), you exercise your right to object, set out below, and there are no overriding legitimate ground for processing, the data is unlawfully processed, the data needs to be erased to comply with a legal obligation or the data is children’s data and was collected in relation to an offer of information society services;
- To ask for the processing of that information to be restricted if the accuracy of that data is contested, the processing is unlawful, the personal data is no longer necessary for the purposes for which it was collected or you exercise your right to object (pending verification of whether there are legitimate grounds for processing);
Where use of your personal data is based on consent, you can withdraw that consent at any time.
If you wish access to a copy of your personal data held by us, please click here for details
If you wish us to erase your personal data from our files please click here for details
If you wish to no longer be marketed to please see the next section
For all other enquiries about your rights please email our DPO at [email protected]
You can stop direct marketing from us in a number of ways:
- Click the ‘unsubscribe’ link included in all emails we send you. We will then stop any further emails from that particular division
- Reply to any SMS message following the instructions contained in the message. We will then stop contacting you via SMS for marketing.
- Email [email protected] to opt out of receiving telephone, post, SMS or direct mail.
Write to us at Marketing Preferences, Hillarys Blinds Limited, Colwick Business Park, Private Road No 2, Colwick, Nottingham NG4 2JR
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
We may share your personal data with the following categories of service providers:
- Advertising agencies
- App developers
- Courier services
- Data Analytics companies
- Government bodies
- HMRC and the courts
- Hillarys Advisors, Sales Agents and Carpet Fitters
- Insurance providers
- IT consultants
- IT service providers
- Legal Advisors
- Online review providers
- Payment providers
- Postal services
- Tracing and tracking agents