1. Who we are
We are Screwfix Direct Limited. You can find out how to contact us in Section 9 below.
2. Your Privacy
In the course of our dealings with you, we will collect and process personal information about you. Personal information includes any information allowing us to identify you as an individual, for example, your name, your email address or your telephone number.
We are committed to protecting your privacy. We will use your personal information in accordance with all applicable laws and regulations that relate to data protection and privacy, including the EU General Data Protection Regulation (GDPR).
This page tells you:
- What personal information we collect;
- Why we collect this information;
- How we will use it;
- How long we will keep it;
- Who else will see it;
- How you can contact us;
- Your rights in relation to the personal information that we hold, including your rights to change, delete and see your information.
When using our Digital Services we will also place cookies on your device - please see our Cookies page for more information about the cookies we use and how you can change your cookie settings.
3. What information do we collect?
We collect the following types of information:
(a) Information we collect when you register with us
When you register with us, we will ask you for a number of pieces of information including:
- Your name.
- Your postal address.
- Your email address.
- Your telephone number.
- Your profession.
- A password - please keep this safe.
- Whether you would like to receive information from us via email, SMS text, post or telephone.
- If you are placing an order, we will also ask for your payment card number, expiry date and CVV number.
(b) Information we collect about how you use our stores, services, Digital Services and how you shop with us.
When you shop with us, communicate with our Contact Centre, browse our websites or other organisations' websites where our adverts are shown, or use our Digital Services, we will collect:
- Information about any devices you have used (including the manufacturer, model and operating system, IP address, browser type and mobile device identifiers).
- Cookies and information about your online browsing and purchasing behaviour and history on our Digital Services, your location, your product selection, and information about when you click on one of our adverts (including those shown on other organisations' websites).
- Information when you write a review or ask a question or provide an answer via our Q&A section.
- Details of your purchases with or through us.
- Photos and videos you have uploaded using our Digital Services.
- Information about your preferences in connection with our website and app, for the purposes of enhancing and personalising your experience.
- CCTV footage when you visit our premises.
- A record of your correspondence and/or conversation with our Contact Centre.
- Information when you 'share this' product review via Facebook, Twitter, LinkedIn, Instagram, Pinterest, Reddit and any other social media channels.
If you register an account with us, we may be able to link the information collected from you before registration and apply it to either your registered account or to future information that we collect after you have registered.
4. Why do we ask for this information?
When you place an order through our Digital Services, or through our Contact Centre, we need your contact and payment information to enable us to take payment and fulfil your order. We also request your contact information and need your payment information when you shop offline with us through our trade counters. You can browse our website without providing us with any of this information. You can also shop at our trade counters without providing any contact information or, if using cash, payment information. When you want to place an order via our Digital Services, we ask you to login or register so you can open a customer profile and upload and save images, save your browsing information and your preferences, and retrieve them from any of your devices.
To ensure that your credit, debit or charge card is not being used without your consent, we will validate the name, address and any other personal information supplied by you (which may include further information being requested, such as your date of birth, driving licence number or passport number) during the order process, against appropriate third-party databases. By placing an order through our Digital Services or Contact Centre you consent to such checks being made.
You may also provide us with personal information via our forums, product questions and reviews, survey responses and competition entries.
We will ask for or collect your information when you use our trade counters (if you have an account with us) and our customer support services, including telephone support and instant messaging.
You do not have to give us permission in order to use our website. You may also choose not to share your location with us by changing your device settings.
We ask for your permission to send you marketing and promotional material using your address, telephone number, email address and SMS, so that we can send you free gifts, discount vouchers, invitations to events, special offers, market research, and any other marketing material that we believe may be of interest to you. If you give permission, you will be able to withdraw it at any time by:
- logging into your account and updating your preferences.
- emailing firstname.lastname@example.org;
- telephoning 03330 112 112;
- writing to us at Customer Correspondence, Screwfix Direct Limited, Trade House, Mead Avenue, Yeovil, BA22 8RT.
- completing this form.
Even if you choose not to receive this marketing information, we may still use your personal information to provide you with important services communications, including communications in relation to any orders you submit or products you purchase.
5. How do we use your personal information?
We have set out below the purposes for which we use your personal information. We are also required by law to state a 'legal basis for processing', i.e. to tell you on what grounds we are allowed to use your information, and this is also set out below. The legal basis for each purpose is that we have your consent for the use of your personal information, or that we need to use your personal information in order to perform a contract with you, or that the use of your personal information is necessary for our legitimate interests (in which case we will explain what those interests are).
Purpose of processing
Our legal basis
Communicate with you about your order for a service or a product.
Contractual necessity - we use your personal information in order to meet our obligations under our contract with you (for example, to deliver a product you have ordered).
Contact you about leaving a review on a product or service or providing feedback once your order has been completed or the service has been provided.
Legitimate interests - we use your personal information to contact you so that we can ask you to provide feedback on the product or service you have ordered.
Notify you about changes to our services and to otherwise communicate with you. For example, we will use your contact details in order to respond to any queries that you submit to us.
Legitimate interests - we use your personal information to keep you up to date with information about our services, and to respond to your queries.
Send you information about products and services, including exclusive offers, vouchers, free gifts, deals, and information about products and events.
Legitimate interests - we use your personal information to send you this information. In some cases (such as where we're required to do so by law) we will also ask for your consent before sending you this information.
Review your past purchases and viewing history on our Digital Services to provide you with special offers or to tailor your experience online.
Legitimate interests - we use your personal information to provide you with these offers and to tailor your experience when using our online services.
Help us review, develop and improve the products and services we offer. For example, calls to our Contact Centre are monitored and recorded for quality control and training purposes. We may also send you market research requests via email (which you can opt out of via that email). If you raise a query (for example about a product or about our service) while we still hold a recording of your telephone call, and we can investigate or answer your query by referring back to this call, we may do so. This may mean that your call recording will be held until your query has been resolved.
Legitimate interests - we use your personal information to help us deliver the best quality of service to you and our other customers.
Improve and measure the effectiveness of our marketing communications, including online advertising. We sometimes compare limited information that we hold about you (for example, your email address or mobile phone number) with third parties that also hold your details or have an existing online relationship with you in order to identify you as our customer and to enable us (or third parties on our behalf) to provide you with relevant marketing online. For example, we may compare your information with the information that social networking sites such as Twitter, Instagram, LinkedIn, Pinterest, Reddit and Facebook hold on you, so that they can identify you as a Screwfix customer and hence tailor the Screwfix marketing you receive via their sites and products.
Legitimate interests - we use your personal information to deliver you a tailored experience when using such digital services, to help us understand the effectiveness of our advertising, and to make sure you see adverts that are most relevant to you.
Carry out security checks to protect against fraudulent transactions and to prevent and detect criminal activity.
Legitimate interests - we use your personal information to protect against unlawful activities. In some cases we may also be under a legal obligation to disclose your personal information (for example, to law enforcement agencies).
Provide, enhance, and personalise your experience on our Digital Services.
Legitimate interests - we use your personal information to deliver you a tailored experience when using our Digital Services.
To ensure the safety and security of customers, employees and third parties at our premises.
Legitimate interests – we use your personal information to prevent and detect harm and crime.
Address any claims made against us.
Legitimate interests - we use your personal information to address any claims you make against us. In some cases, we may also be under a legal obligation to disclose your personal information (for example, in connection with legal proceedings).
Our Digital Services are not intended for children, and we do not knowingly collect data relating to children.
6. How long do we keep your personal information?
We are required by law to keep your personal information only for as long as is necessary for the purposes for which we are using it. The period for which we keep your personal information will be determined by a number of criteria, including the purposes for which we are using the information, the amount and sensitivity of the information, the potential risk from any unauthorised use or disclosure of the information, and our legal and regulatory obligations.
7. Who do we share your personal information with?
We are a member of the Kingfisher Group of companies including B&Q, Screwfix, Castorama and Brico Dépôt (for more information on the Kingfisher Group please visit: www.kingfisher.com).
We may share your personal information with other members of the Kingfisher Group in connection with the purposes above and those listed below. Members of the Kingfisher Group may also use the personal information we share with them to improve their websites and other digital services and for analysis purposes.
We may disclose your personal information to third parties, including in the following circumstances:
- We use third parties to carry out certain activities on our behalf that involve the processing of personal information. For example, we may engage third party service providers to fulfil orders, deliver packages, send postal mail, SMS text messages and email, maintain and update our databases of customer details (including the removal of repetitive or incorrect information), analyse data to help us develop, provide and improve our services, provide marketing assistance, process payments and refunds, carry out surveys, provide customer service and handle claims. These third parties have access to personal information needed to perform their functions but may not use it for other purposes. We may use the information we receive from third parties to supplement, improve and add to our databases of customer details, and for purposes such as credit checking and fraud prevention.
- We may share information that we hold about you (for example, your email address and information about your purchases) with third parties that also hold your information or have an existing online relationship with you in order to identify you and to enable us (or Kingfisher Group companies or other third parties on our behalf) to provide you with relevant marketing online. For instance, we may share your information with social media and networking sites such as Facebook, Instagram, Twitter, YouTube, Pinterest, Reddit and Google so that they can identify you as a customer of ours and can tailor the marketing we send you via their sites, applications, and products.
- We may pass your details to third parties (such as Experian) for the purpose of improving the quality and accuracy of our database, suppressing records for deceased people and movers, for appending marketing information and for solvency and credit scoring purposes.
- We may pass your details to third parties (Confirmit, 100% Cotton, Feefo, Bazaarvoice) for market research purposes and they may then contact you to request that you answer surveys, or to conduct research on our behalf.
- We may pass your details to a third party called Tealium (who is a tag management provider that facilitates the use of the data captured during a visitor's journey through our site to enable functionality, analytics, and marketing communications).
- We may pass personal information to external agencies and organisations (including the police and other law enforcement agencies) for the purpose of preventing and detecting fraud (including fraudulent transactions) and criminal activity. These external agencies may check the information we give them against public and private databases and may keep a record of such checks to use in future security checks. We may also disclose personal information to the police and other law enforcement authorities in connection with the prevention and detection of crime.
- We may pass personal information to our insurers in the event that a claim is made or could be made against us.
- In the event that we sell or buy any business or assets, we may disclose personal information held by us to the prospective seller or buyer of such business or assets. If we or substantially all of our assets are acquired by a third party (or subject to a reorganisation within our corporate group), personal information held by us will be one of the transferred assets.
- We may pass your personal information to third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation (including in connection with a court order), or in order to enforce or apply any agreements we have with or otherwise concerning you (including agreements between you and us or one or more of our affiliates); or to protect our rights, property or safety or those of our customers, employees or other third parties.
- We may share anonymous or aggregate data (such as aggregated statistics or other anonymised data) with third parties.
Links to external sites
Please note that third party websites and applications are not under our control. When you click through to these websites or access these applications you leave the area controlled by us. We do not accept responsibility or liability for any issues arising in connection with the third party's use of your data (including your personal information).
Where will your personal information be processed?
Your personal information may be transferred to, and stored and processed in, one or more countries outside the European Economic Area (EEA), including countries which do not provide equivalent protection for personal information. In these circumstances, we will take reasonable steps and implement appropriate measures to ensure that your personal information is adequately protected in accordance with the law.
These measures generally include either:
- Transferring personal information to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission; or
- Transferring personal information where the recipient has agreed to a European Commission approved data transfer agreement in the form of the standard contractual clauses.
- Occasionally, we may transfer your personal information in circumstances where there are no adequate safeguards where this is permitted by data protection law.
Please contact us using the details below if you want further information on the specific safeguards used by us when transferring your personal information out of the EEA.
8. Your rights
You have the right to ask us to:
- Confirm what personal information we hold about you and provide you with a copy of that data.
- Correct any personal information that is inaccurate.
- Remove your personal information where there is no good reason for us to continue to hold that data.
- Temporarily stop using your information if you are questioning our right to use that data.
- Stop using your personal information unless we can demonstrate a valid reason why we need to continue to hold that data e.g., to support a product warranty.
- Stop using your personal information to send you marketing materials such as our catalogue, marketing emails, discounts, or vouchers.
- Provide you with the personal information that you have provided to us, in a structured and commonly used electronic format, or transmit that information directly to another company if that is technically feasible. This applies where we are using your personal information based on your consent or because it is necessary to perform a contract with you (see How do we use your personal information, above).
Our security procedures mean that we may request proof of identity before we are able to disclose your personal information to you or comply with other requests.
We want to make sure that the personal information we hold about you and your preferences as to how we contact you are accurate and up to date. If any of the details are incorrect, please let us know (details below) and we will amend them.
You also have the right to make a complaint to the Information Commissioner's Office if you're not happy with how we've handled your personal information. You can contact the supervisory authority at:
- Email: email@example.com
- Phone: 0303 123 1113 (local rate)
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
- Website: www.ico.org.uk
9. How to contact us?
To update your details or ask for a copy of your personal information:
- You can call us on: 03330 112 112.
- You can write to us at Customer Correspondence, Screwfix Direct Limited, Trade House, Mead Avenue, Yeovil BA22 8RT.
- The Data Protection Officer can be contacted on firstname.lastname@example.org, or you can write to them at the address above.
- If you want, you can also use this form to make a Subject Access Request, request data is erased, rectify data or object to data processing.
10. Protecting your personal information
The transmission of information via the internet is not completely secure; this risk is common across the internet and not specific to our services. We cannot guarantee the security of your data (including your personal information) transmitted to our services; any transmission is at your own risk.
It is important for you to protect against unauthorised access to your password and to your computing device. Be sure to sign off and close your browser when you have finished your session. This will help to ensure that others do not access your personal information if you share your computing device or use a computing device in a public place such as a library or internet cafe.
11. Updates to this notice
We may update this notice from time to time. The latest version of this notice will be posted on our website.