Last updated
03 September 2021
We are Duette, working on behalf of Thomas Sanderson Limited (referred to in this document as ‘Thomas Sanderson’, ‘we’ or ‘us’)
We are committed to doing the right thing when it comes to how we collect, use and protect your personal data; in this notice we explain how we handle your personal data. Please read this privacy policy carefully to understand how our views and practices and your rights regarding your personal data. Our Data Protection Officer can be contacted at [email protected], and is referred to throughout this document as the DPO.
Alternatively you can write to us at Thomas Sanderson Limited, Colwick Business Park, Private Road No 2, Colwick, Nottingham NG4 2JR
Should you have any issues, concerns or problems in relation to your data, or wish to notify us of data which is inaccurate, please let us know by contacting us. In the event that you are not satisfied with our processing of your personal data, you have the right to lodge a complaint with the relevant supervisory authority, which is the Information Commissioner’s Office (ICO) in the UK, at any time. The ICO’s contact details are available here: https://ico.org.uk/concerns/.
We will update this privacy statement when necessary. When we post changes to this statement, we will revise the “last updated” date at the top of the statement and highlight what has changed. If there are any changes as to how Thomas Sanderson will use your personal data, we will notify you by directly sending you a notification. We encourage you to periodically review this privacy statement to learn how Duette and Thomas Sanderson are protecting your information.
Data Protection law sets out a number of different reasons why a company can collect and process your personal data. The bases that we use as a company are:
Contractual obligations
Where we have a contact with you, we will use your personal data to fulfil the contract, for example we collect your address details in order to measure and fit the products that you wish to buy from us.
Legal compliance
In some cases the law requires us to collect and pass on your data, for example we pass on details of people involved in fraud or other criminal activity affecting us to law enforcement.
Legitimate interest
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example we will use your purchase history to send you direct marketing information about products and services that are available and we believe are of interest you.
Consent
In certain situations, we will have obtained consent to contact you about our products, services and promotions and we will contact you only according to the consent you have provided.
Under GDPR and the Data protection Act 2018 personal data is defined as ‘any information relating to an identified or identifiable living individual’. This will include facts and opinions about that person and any other information that we use to form an opinion or judgement about them.
For example your name, address and telephone number are your personal data as they are facts about you as a person, as are notes made about you. Your blind measurements are not your personal data as they are facts about your blinds, not about you, and we do not use them to form an opinion about you.
We want to give you the best possible customer experience. One way to achieve that is to get the richest picture we can of who you are by combining the data we have about you. We then use this to offer you promotions, products and services that are most likely to interest you.
The data privacy law allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service. If you wish to change how we use your data, you’ll find details in the ‘What are your rights?’ section below.
If you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.
If we intend to use your personal data for any purposes not set out below, we will notify you beforehand.
In order to pursue our legitimate interests to allow you to book appointments, we will contact you with to confirm your appointment details. This may be via email, SMS or telephone.
We need your personal data to comply with our contractual obligations so that we can manage your customer account and provide you with the goods and services you want to buy, including sending any relevant and necessary documentation and communications regarding the product or service and help you with any orders and refunds you may ask for. Sometimes we may need to share your details with a third party who is providing a service (such as delivery couriers or a fitter visiting your home). We do this to be able to fulfil our contract with you.
In order pursue our legitimate interests we may need to contact you to take payment, check your credit rating or pass your details onto third parties for debt collection purposes.
To improve your customer experience we use cookies and similar technologies on our Website as part of our legitimate interests. For information concerning your choices when it comes to cookies, and how you can control your online behavioural advertising preferences please visit https://www.duette.co.uk/cookie-policy/
We have a legitimate interest to improve our product range and ensure that it is tailored to our customers’ needs. We do this by carrying out market research relating to our product range and internal research and development, and may need to process your personal data to do so.
As a business we have a legitimate interest to ensure that you can safely use our services. To do this we will use your personal data to detect and prevent fraud and other crimes. If we discover or suspect criminal activity through this monitoring we may pass your personal information to law enforcement to help protect individuals from criminal activities.
We may also use the personal data that we collect about you to improve our efficiency and service levels across our group of companies and to analyse our customer segments to determine customer overlap between group companies and use this information to inform future group strategies (including marketing strategies). We undertake these activities in our legitimate interest to make improvements across our business. As set out in more detail below, we may share your data with other companies in the Hunter Douglas group of companies for this purpose.
To enhance your use of our services, and provide you with a personalised shopping experience, we will use your online browsing behaviour as well as previous purchases to help us better understand you as a customer and provide you with personalised offers and services as part of our legitimate interests.
We want to provide you with marketing communications, including online advertising, that are relevant to your interests as part of our legitimate interests. To achieve this we measure your responses to marketing communications relating to products and services we offer, which also means we can offer you products and services that better meet your needs as a customer. You can change your marketing choices at any time, for details of how to do this see the ‘your rights’ section below. For information concerning your choices when it comes to cookies, and how you can control your online behavioural advertising preferences please visit https://www.duette.co.uk/cookie-policy/
Cookies can be blocked by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
We want to serve you better as a customer so we use personal data to provide clarification or assistance in response to communications you have sent to use, including social media posts that you have directed at us as part of our legitimate interests to interact with our customers and improve their experience.
We carry out market research to exercise our legitimate interests to improve our Services, and may invite you to take part in and manage customer surveys, questionnaires and other market research activities carried out by us and by other organisations on our behalf. However, if we contact you about this, you do not have to take part in the activities. This will not affect your ability to use our Services.
If you choose to take part in a promotion or competition, including those we run with our suppliers and Retail Partners, we need to process your personal data with your consent so that we can manage the promotions or competitions.
In order to pursue our legitimate interests as a company, we want to improve the service that we provide to our customers and understand the cause of any issues that might have arisen during the order process.
To do this we may process your personal data to monitor the status and outcome of your order and to generate a range of internal analysis aimed at identifying any areas of improvement.
In some cases we will need to process your personal data to comply with our legal obligations. For example we sometimes need you to verify your identity before responding to your requests.
To send you communications required by law, or which are needed to inform you about changes to products or services that have been provided to you. For example updates to this Privacy notice, product recall notices or information we are legally required to communicate to you regarding your order. These messages will not include any marketing content.
To comply with any legal obligations to share data with law enforcement, for example if a court order is submitted to us requiring that we share your personal data.
In order to pursue our legitimate interests as a company, we have installed CCTV in some of our premises. This allows us to monitor the safety of visitors, assists in day to day management, and acts as a deterrent against crime, vandalism and disruption.
This section lets you know under what circumstances we may collect personal information from you, and what personal data we may collect.
It is important that personal data we hold about you is accurate and up to date. Please keep us informed if your personal data changes during your relationship with us. Our contact details can be found at the end of this privacy notice or at the ‘Contact Us’ tab of our website.
We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.
Where we engage with third parties to process personal data on our behalf, we do so, on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
We will not keep your personal data for longer than is necessary for the purpose or purposes that it was initially collected. At the end of that retention period, your data will either be securely deleted or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Some examples of retention periods are below:
When you call our contact centre we may record the conversation, if we do this will be held for a maximum of 12 months unless the call is required for the resolution of an ongoing dispute.
If you place an order with us we have to retain the details of the order, including your personal data, for 10 years to comply with our legal and contractual obligations. If the order included a warranty which was for a longer period than this, and you have registered that warranty with us, we will keep details of the warranty period and any associated personal data for the duration of the warranty period.
We will share your personal information with third parties (including companies in the Thomas Sanderson group) set out below the purposes set out in the ‘How and why we use personal data?’ section above
Sharing your details within the Hunter Douglas group
We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
We share personal data with group companies to provide centralised services, such as shared deliveries and customer services. We also share personal data to review, analyse and improve service levels across the group and to analyse customer overlap between our group companies to inform our future strategy.
We will only do so if the company is located in the EEA, in a country on the EU adequacy list or is located in the USA and the transfer is being made under the Safe Harbour agreements.
For a list of companies included in the Hunter Douglas group please see our latest annual report which is available at http://investor.hunterdouglasgroup.com/
Partners and Service providers
We apply the following policy when we share your personal information with external organisations
We work with carefully selected Service Providers that carry out certain functions on our behalf. These include, for example, companies that help us with technology services, storing and combining data, processing payments and delivering orders. We only share personal data that enable our Service Providers to provide their services.
Some of the Service Providers we work with operate online media channels, and they place relevant online advertising for our products and services, as well as those of our suppliers and our Retail Partners, on those online media channels on our behalf. For example, you may see an advert for our products and services as you use a particular social media site or watch television through your pay TV account.
In addition to our use of service providers, we may also disclose your personal data to our suppliers or subcontractors in order to provide you with the Services you have requested from us.
We may disclose your personal data on the basis of our legitimate interests to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
Financial transactions relating to our website and services are handled by our payment services providers. We share your information with them in so that we can process your payments, and deal with complaints and queries relating to these payments and/or refunds.
See Appendix 1 for more information.
Other organisations
We may share personal data with other organisations not included in the list in the previous section in the following circumstances:
Additionally, we will disclose your personal information to the relevant third party:
At Duette and Thomas Sanderson we take your safety and security very seriously and we are committed to protecting your personal and financial information. All information kept by us is stored on our secure servers.
We do not transfer your data outside the European Economic Area ("EEA"). If in future we do need to transfer your data outside the EEA, we will only do so if adequate protection measures are in place in compliance with data protection legislation.
Under General Data protection Regulation (GDPR) you have a number of rights. Some of these are complex and not all of the details have been included in our summaries below. Please read the relevant guidance from the Information Commissioner’s Office on their website at https://ico.org.uk/for-the-public/ for a full explanation of these rights.
You have the right:
Where use of your personal data is based on consent, you can withdraw that consent at any time.
If you wish access to a copy of your personal data held by us, please click here for details
If you wish us to erase your personal data from our files please click here for details
If you wish to no longer be marketed to please see the next section
For all other enquiries about your rights please email our DPO at [email protected]
You can stop direct marketing from us in a number of ways:
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
We may share your personal data with the following categories of service providers:
If you are referring to an offline version of this document this list may have changed. Please refer to the version available on our website for an up to date list.
Appendix 2 – Subject Access Requests
Under GDPR you have the right of access to your Personal Data held by us so that you are aware of and can verify the lawfulness of our processing activities.
In some cases we may be entitled to refuse to respond, if this is the case we will inform you of our decision and the reason for it. You are then entitled to complain to the Information Commissioners Office, see https://ico.org.uk/for-the-public/raising-concerns/ for details of how to do so.
Timeframe for response
We will provide you with the information requested within one month of receipt of all information relevant to your request. To avoid any delays in processing your request, please ensure that you have provided all of the information requested below.
In the case of numerous or excessive requests we may take up to a further two months to provide this information, in which case we will inform you of this fact, and the reason that the extension is necessary.
Costs
There is no charge to you unless your request is manifestly unfounded or excessive, in which case we are entitled to charge you an administrative fee based on the cost of providing the information to you. If we consider this to be the case we will inform you of this fact and wait for your agreement before proceeding.
Costs
Please note that you cannot request copies of personal information which related to another person, including calls made by somebody else.
What you need to do
If you wish access to a copy of your personal data held by us, please click here for details
Under GDPR you have the right to have your personal data held by us to be erased under certain circumstances, this is known as the right to be forgotten.
In some cases we may be entitled to refuse your request, if this is the case we will inform you of our decision and the reason for it. You are then entitled to complain to the Information Commissioners Office, see https://ico.org.uk/for-the-public/raising-concerns/ for details of how to do so.
When does this apply?
You have the right to be forgotten if:
Timeframe for response
We will provide you with the information requested within one month of receipt of all information relevant to your request. To avoid any delays in processing your request, please ensure that you have provided all of the information requested below. In the case of numerous or excessive requests we may take up to a further two months to provide this information, in which case we will inform you of this fact, and the reason that the extension is necessary.
Costs
There is no charge to you unless your request is manifestly unfounded or excessive, in which case we are entitled to charge you an administrative fee based on the cost of providing the information to you. If we consider this to be the case we will inform you of this fact and wait for your agreement before proceeding.
What you need to do
If you wish us to erase your personal data from our files please click here for details