We are committed to protecting and respecting your privacy.
Everyone has rights with regard to the way in which their personal information is handled. During the course of our activities we will collect, store and process personal information about our customers, suppliers and other third parties, and we recognise that the correct and lawful treatment of this data will maintain confidence in the organisation and will provide for successful business operations.
This policy sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it.
For the purpose of UK data protection laws, the data controller is MandM Direct Limited of Clinton Road, Leominster, Herefordshire, UK. HR6 0SP.
When processing your information, we must comply with the six enforceable principles of good practice. These provide that your personal information must be:
We may collect, use, store and transfer different kinds of personal information about you, including:
Information relating to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, criminal convictions, sex life or sexual orientation, or certain types of genetic or biometric data is known as 'special category' data.
During the course of dealing with you, we do not expect to collect any 'special category' data about you.
We may obtain personal information by directly interacting with you, such as:
We may obtain personal information via automated technology when you interact with our website by using cookies, server logs and other similar technologies.
We may also collect personal information about you from third parties or publicly-available sources, such as:
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
We do not use 'special category' information.
We may use your personal information for a number of different purposes. For each purpose, we are required to confirm the 'legal basis' that allows us to use your information, as follows:
|Purposes for which we will use the information you give to us||Legal basis|
|To register you as a new customer||It will be necessary for the performance of the contract between you and us|
|To process your order and, if accepted, to deliver the products to you (including managing payments, fees, charges and accurate data)||It will be necessary for the performance of the contract between you and us|
|To manage your queries or complaints||It will be necessary for the performance of the contract between you and us|
|To collect and recover money owed to us||It will be necessary for our legitimate business interests, namely to ensure we receive payment for products and services that you have ordered from us|
|To enable you to participate in a prize draw, competition or complete a survey||It will be necessary for our legitimate business interests, namely to study how customers use our products, to develop them and help grow our business|
|To create customer profile types that are used to help identify new customers from other sources. These profiles DO NOT contain personal data.||
This will be done after you give your consent for us to do.
Your consent can be withdrawn by changing your preferences using the My Account functionality on our website.
|To provide you with relevant marketing communications that inform you of special offers, sales and new products.||It will be necessary for our legitimate interest to develop our offers and services in order to improve customer interaction and retain customers.|
|To prevent customers from trading with MandM Direct who have been abusive or who have abused or misused the products and/or services that we supply.||It will be necessary for our legitimate business interests, namely to prevent the misuse of our products or services|
|To detect, investigate and prevent crime and where necessary to prevent customers from trading with MandM Direct who have been fraudulent and to pass their details on to the relevant legal/regulatory organisation.||It will be necessary for our legitimate business interests, namely to help prevent fraudulent or dishonest behaviour, and to comply with any legal obligations placed upon us (e.g. such as by a regulator).|
|To notify you when you have products in your basket that have not been through the ordering process||It will be necessary for our legitimate business interests, namely to ensure we provide the quality of service you expect from us|
(Where goods and/or services are being provided to MandM Direct).
To have a contractual relation with you to supply goods and/or service.
|It will be necessary for our legitimate business interests, in order to fulfil our contractual obligations.|
|To contact you to undertake customer satisfaction surveys, invite you to provide product reviews or for market research.||It will be necessary for our legitimate business interests, namely to develop products, services, applications and designs that attract and retain customers, improving customer interaction with our sites.|
|To comply with our legal and regulatory obligations for the payment of tax||It will be necessary for us to comply with a legal obligation to which we are subject|
We will only use your personal information for the purpose(s) for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
It is a contractual requirement for you to provide us with certain information, namely your name, delivery address, phone number and email address. During the ordering process you will be required to provide payment information to our chosen payment service provider. We do not hold any of your bank or credit/payment card details. If you do not provide us or payment service provider with that information, we may be unable to accept and process your order and deliver the products to you, and/or we may have to cancel your order. You may also be liable to pay additional costs, as explained in paragraph 8.18 of our terms of sale.
We may share your personal data with trusted third parties. For example, to delivery your orders, to handle complaints, for fraud management, to help us personalise our offers to you and so on.
This is the policy we apply to those organisations to keep your data safe and protect your privacy:
Third parties we work with are:
|Courier Services||Delivery of your orders, including proof of delivery and tracking information. Depending on the service chosen this will be one of Hermes, DPD, Parcel Force or United Broker.|
|Data Insight||Behavioural analysis that allows us to personalise your experience and the information we provide to you. We use Google Analytics, Google Big Query, RedEye, Qubit and The Blueberry Wave.|
|Email Services||How we manage our electronic communication with you. This is done through either IBM, RedEye and Fresh Relevance.|
Fraud Services and
|We may use a combination of Experian, DWP, Citizens Advice Bureau and the Police when fulfilling our 'public interest' and legal responsibilities to prevent fraud and dishonest behaviour. We may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.|
|IT Services||We use a number of partners to support our website and other business systems but only share your information with Google|
|Legal Services||When necessary we will enlist BPE or Eversheds solicitors for resolution of legal matters.|
|Mailing Services||Addressing of printed material will be provided by Metromail and then delivered by either Whistl or the Royal Mail.|
|Payment Services||During the payment process you will be directed to options to Adyen, PayPal depending on your preference.|
|Market Research Services||Should you wish to comment on our products or service you will be able to do so via our chosen review service provider, Trustpilot.|
|Social Media||So we can show you products that might interest you while you are browsing the internet, we use the services of Google, Facebook, Twitter and Instagram.|
|Law enforcement||We may be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.|
|Regulatory bodies||When appropriate your personal information may be shared with HM Revenue & Customs, Douane en Accijnzen (in Belgium), the UK Information Commissioner's Office, regulators and other authorities who require reporting of processing activities in certain circumstances.|
We may also disclose your information to third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this policy.
All information you provide to us is stored on our secure servers in the United Kingdom, or within the EU.
We will take all steps reasonably necessary to ensure that your data is treated securely, including a formal review of the security provisions of 3rd party Data Controllers we use, including taking the following safeguards:
If you are concerned about the levels of data security in any of those countries, please let us know and we will endeavour to advise what steps will be taken to protect your data when stored overseas.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
The length of time that we will store your data will depend on the 'legal basis' for why we are using that data, as follows:
|Legal basis||Length of time|
|Where we use/store your data because it is necessary for the performance of the contract between you and us||We will use/store your data for as long as it is necessary for the performance of the contract between you and us|
|Where we use/store your data because it is necessary for us to comply with a legal obligation to which we are subject||We will use/store your data for as long as it is necessary for us to comply with our legal obligations|
|Where we use/store your data because it is in the public interest||We will use/store your data for as long as it remains a matter of public interest for us to do so. The law sets out what matters are considered to be in the public interest, and we will use/store your data in accordance with those requirements|
|Where we use/store your data because it is necessary for our legitimate business interests||We will use/store your data until you ask us to stop. However, if we can demonstrate the reason why we are using/storing your data overrides your interests, rights and freedoms, then we will continue to use and store your data for as long as it is necessary for the performance of the contract between you and us (or, if earlier, we no longer have a legitimate interest in using/storing your data)|
|Where we use/store your data because you have given us your specific, informed and unambiguous consent||We will use/store your data until you ask us to stop|
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitive of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements, for example, we will retain information relating to orders you place with us for 6 years so we can meet our statutory obligations.
You have various legal rights in relation to the information you give us, or which we collect about you, as follows:
If you wish to exercise any of your legal rights, please contact our customer services team by writing to the address at the top of this policy, or by emailing us at firstname.lastname@example.org.
You also have the right, at any time, to lodge a complaint with the UK Information Commissioner's Office if you believe we are not complying with the laws and regulations relating to the use/storage of the information you give us, or that we collect about you.
You can ask us to stop sending you marketing communications at any time by:
We may undertake 'profiling' to ensure you only receive information that we believe is relevant to you (for example, where we had a special offer that was relevant only to young adults under the age of 25, we would profile those of our customers to whom we can legitimately send marketing emails to ensure that the marketing email is sent only to appropriate recipients).
We may undertake credit reference checks with Experian.
Otherwise, we do not make any decisions that produce legal effects concerning you, or which would otherwise significantly affect you, by means of an automated decision-making process.
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Any changes we make to our policy in the future will be posted on our website and, where appropriate, notified to you by email or via social media. Please check our website frequently to see any updates or changes to our policy.
Questions, comments and requests regarding this policy are welcomed and should be addressed to our customer services team by writing to the address at the top of this policy, or by emailing us at email@example.com.
Customers outside the UK may prefer to contact our EU Representative at firstname.lastname@example.org. Based in Denmark, our EU Representative also acts as a point of contact for supervisory authorities across Europe.
Be the first to hear about our best deals, biggest savings and newest arrivals by signing up to our emails today!