Privacy Notice

This Robert Welch Designs Privacy Notice explains the types of personal data we may collect about you when you interact with us by telephone, email, online or on social media. This Notice explains when and why we collect that data and how we keep it safe. This Notice will be updated from time to time.

Robert Welch has never, and will never, share or sell your details to third party companies for marketing purposes. From time to time we do work with carefully selected brands to bring you free gifts and offers. You can opt out from email and postal marketing at any time. See the section Your Legal Rights below.

If you have any questions about anything covered in this Privacy Notice, please let us know.

We collect your personal data when you:

  • visit our website, make a purchase online or by phone, as a guest or an account holder

  • seek to purchase an age restricted item

  • create an account with us

  • engage with us on social media including Facebook, Instagram and Pinterest

  • sign up to receive news and offers from us

  • enter a competition or prize draw

  • request a catalogue

  • fill in a card in our shop requesting to be kept up to date on news and offers

  • contact us with a query or complaint

  • give us feedback or a review on our products or customer services

  • visit our shop, we use CCTV for security purposes

  • create a wish list on our website

  • make a claim under a guarantee

  • purchase one of our products from another retailer which we send to you direct

The sort of personal data we collect:

  • Identity Data:
    • Your name and title, company name and the name of the person we are delivering to, if different.
    • Your social media usernames, if you interact with us through social media, to help us to respond to your comments, questions or feedback.
    • If you have an account with us, your Robert Welch password and account number.
    • Your image may be recorded on CCTV when you visit our shop for our and your security and to help prevent fraud.
    • Your date of birth, if you seek to purchase an age restricted item, such as a kitchen knife or scissors, online or by telephone.
    • Personal data contained in proof of age documentation (your birth certificate, passport or driving licence) provided by you for age verification purposes. If you send us proof of age documentation, we will ONLY use the documentation to check that you are aged 18 or over and the documentation, and accompanying email, will be deleted once used for this purpose.
  • Contact Data: your billing address, the delivery address, email address and telephone numbers.
  • Financial Data: your payment card details. When ordering online your payment card details are securely stored with our third-party payment providers. If you order over the phone your payment details are handled in a secure manner.
  • Transaction Data: your purchases from us including how often and what you buy from us.
  • Usage Data: details of your interactions with us in our shops and online including details of what you have viewed, added to your basket, added to your wish list and web pages you visit before and after you visit ours. Some of this information is collected by Google analytics and some using cookies in your web browser. To learn more about the cookies we use and how you can manage them see our cookie policy.
  • Technical Data: your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website. Some of this information is collected by Google analytics.
  • Profile Data: Your comments, feedback, product reviews and other information which helps us to recommend items of interest for example what you like to purchase and your shopping preferences.
  • Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.

The legal bases we rely on:

Data Protection Law sets out a number of different reasons why we may collect and process your personal data including:

  • Consent: In specific situations, we can collect and process your data with your consent: when you tick a box to receive email newsletters; when you enter your date of birth for age verification purposes when seeking to buy an age restricted item agreeing to the use of your data for these purposes; when you provide proof of age documentation age verification purposes; when you consent to our use of cookies when browsing our website. For more information on age verification, see the table below and our Terms & Conditions of Sale at www.robertwelch.com.
  • Contractual obligations: In specific situations, we need your personal data to comply with our contractual obligations, for example, if you order an item from us for home delivery, we will collect your address details to deliver your purchase and pass them to one of our couriers.
  • Legal compliance: Sometimes the law requires us to collect and process your data, for example, we can pass on details of people involved in fraud to law enforcement or to verify you are 18 or over when selling you an age restricted item.
  • Legitimate interest: In specific situations, we need your personal data to pursue our legitimate interests in the usual way that would reasonably be expected as part of running a business and which does not materially impact your rights, freedom or interests. For example, we will use your purchase history to send you or make available personalised offers. We will also analyse the purchases and shopping history of many of our customers to identify trends and make sure that we keep up with demand for new products. We will also use your address to send you marketing information by post, telling you about products that we think might interest you. If you no longer wish to hear from us, you can change your marketing preferences at any time.

How and why we use your personal data:

We want to give you the best possible customer experience and to provide you with products you want. Most of the collection and processing we do of your personal data is for this purpose alone.

As part of serving you, we try to build up a good picture of who you are by combining the data we gather about you through your use of our website, your phone purchases and your interactions with us on social media. We then use this data to offer you promotions and products that are most likely to interest you.

Data privacy law allows us to do this as part of our legitimate interest in understanding our customers and providing the best levels of customer service. If you wish to change this, you can find details under Your legal rights below.

Here is more detail about how we use your personal data and why:

PURPOSE/ACTIVITY TYPE OF DATA WHY WE USE YOUR DATA AND OUR LAWFUL BASES FOR PROCESSING

To send you a catalogue when you request us to do so.

  • Identity Data

  • Contact Data

  • Marketing and Communications Data

  • Necessary for our legitimate interests (to develop our products and grow our business).
  • You have requested that we contact you (consent).

To register you as a new customer

  • Identity Data

  • Contact Data

  • Performance of a contract with you.
  • You have requested to be a registered customer (consent).

To process your order on our website, in our shops or over the phone, to arrange delivery of your order (including managing payments) and to service our product guarantees.

  • Identity Data

  • Contact Data

  • Financial Data
  • Transactional Data
  • Marketing and Communications Data
  • Performance of a contract with you.
  • Necessary for our legitimate interests (to recover money owed to us and to prevent fraud).
  • Necessary to comply with a legal obligation.

To manage our relationship with you including responding to your queries, refund requests or complaints, notifying you about changes to our terms or privacy notice and asking you to leave a review or take a survey.

  • Identity Data

  • Contact Data

  • Profile Data
  • Marketing and Communications Data
  • Performance of a contract with you.
  • Necessary to comply with a legal obligation.
  • Necessary for our legitimate interests (to provide the best customer service and seek to improve it, to keep our records updated and to study how customers use our products/services).

To enable you to take part in a prize draw or competition.

  • Identity Data

  • Contact Data

  • Profile Data
  • Marketing and Communications Data
  • Necessary for our legitimate interests (to study how customers use our products, to develop them and to grow our business).
  • Consent (given at the time of entry into the competition).

To send you a survey or feedback request to help improve our products and customer services.

  • Identity Data

  • Contact Data

  • Profile Data
  • Usage Data
  • Necessary for our legitimate interests (to study how customers use our products, to develop them and to grow our business).

  • Consent (if you agree that we can use your feedback for marketing our products).

To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

  • Identity Data

  • Contact Data

  • Profile Data
  • Usage Data
  • Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to protect against fraud).

  • Necessary to comply with a legal obligation.

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.

  • Identity Data

  • Contact Data

  • Profile Data
  • Usage Data
  • Marketing and Communications Data

  • Technical Data

  • Necessary for our legitimate interests (to study how customer use our products/services, to develop test and improve them, to grow our business and to inform our marketing strategy).

  • Consent (if you agree to our use of cookies when browsing our website – see our Cookies Policy about how to manage cookies).

To keep you informed by email, web, text or telephone about relevant products and services including tailored special offers, discounts, promotions, events, competitions and so on

  • Identity Data

  • Contact Data

  • Profile Data
  • Transaction Data
  • Usage Data
  • Marketing and Communications Data

  • Consent (which you are free to opt out of at any time, see Your legal rights below).
  • Necessary for our legitimate interests (to develop our products and grow our business).
  •  

To send you relevant, personalised communications by post including in relation to updates, offers and products.

  • Transaction Data

  • Technical Data
  • Usage Data
  • Necessary for our legitimate business interests (in growing our business).

  • Consent (which you are free to opt out of at any time, see Your legal rights below).

To use data analytics to improve our website, products, marketing, customer relationships and experiences

  • Transaction Data

  • Technical Data
  • Usage Data
  • Necessary for our legitimate interests (to define types of customers for our products, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).

To protect our customers, premises and assets from crime by using CCTV systems in our shops.

  • Identity Data

  • Legitimate business interests (to protect from crime).

To verify that you are aged 18 or over to enable us to sell you an age restricted item online, by email or by telephone.

  • Identity Data

  • Contact Data
  • Consent to the use of your data for age verification purposes (given when you provide your date of birth during the order process).

  • Performance of a contract with you (so that we can sell you age restricted items).
  • Necessary for our legitimate interests (to ensure we comply with the law and evidence that compliance).
  • Necessary to comply with a legal obligation (to ensure we comply with the law).

How and why we communicate with you:

Where you have requested marketing email communications, we will contact you by email and offer an unsubscribe option at the bottom of each email.

For some of the other purposes listed in how and why we use your personal data above, we will use your email address (and other contact details where necessary) to contact you as part of our service and information delivery. We define these as transactional emails. Examples of these types of communications include:

  • To provide order confirmation and status updates including delivery notifications from our 3rd party couriers (where possible).
  • To request that you provide proof of age documentation for age verification purposes.
  • To provide warranty, recall or safety information about a product or service.
  • To provide information about a change to our policies.
  • To provide information about a change in your account or subscription status.
  • To provide confirmation of competition or prize draw entries and notify you of the result.

Unlike our marketing email communications, we do not include an unsubscribe option at the bottom of such correspondence. If you no longer wish to receive transactional emails from us, please email us and let us know at DPO@robertwelch.com.

How we protect your personal data:

Our customers data security is very important to us. We treat your data with the utmost care and take all appropriate steps to protect it. We have put in place appropriate security measures to prevent your personal data from being altered, disclosed, accidentally lost, used or accessed in an unauthorised way.

We secure access to all transactional areas of our website using ‘https’ technology.

Access to your personal data is password-protected and sensitive data (such as payment card information) is secured by encryption.

We also carry out regular tests, assessments and evaluations of the effectiveness of our system for possible vulnerabilities and attacks and conduct testing to find ways of increasing our data security.

If you provide us with proof of age documentation for age verification purposes, we will ONLY use the documentation to check that you are aged 18 or over and the documentation, and any accompanying email, will be deleted once used for this purpose.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long we keep your personal data:

When we have collected and processed your personal data, we seek to keep it only for as long as is necessary for the purpose for which it was collected.

Unless stated otherwise, we will always keep product purchase data (including Contact, Identity, Financial and Transaction Data) for a minimum of 6 years. In the case of the product purchased being covered by a warranty, your personal data will be kept until the end of the warranty period.

To determine the right retention period, we think about the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use, the purposes for which we process your data and whether we can achieve those purposes through other means.

Once it is no longer necessary to keep your data, we will either delete it or anonymise it. If we have used anonymisation, we may then put the anonymous data together with other data for statistical analysis for business purposes.

Your legal rights

You have the right to:

  • Request access to or a copy of your personal data that we hold, free of charge in most cases.
  • Request the correction of your personal data when incorrect, out of date or incomplete.
  • Withdraw your consent (or to object) to us holding your data where we have no legitimate overriding interest or once the purpose for which we hold the data has come to an end (for example, the warranty period has ended).
  • Ask that we stop using your personal data for direct marketing purposes.
  • Request that your data be erased.
  • Request the transfer of your personal data.
  • Ask that we stop any consent-based processing of your personal data (for example where you opt-out of receiving email marketing from us).

We will ask you to verify your identity before proceeding with any request under this Privacy Notice. This is necessary to protect the confidentiality of your information. If you have authorised a third party to submit a request on your behalf, we will ask them to prove that they have permission to act.

You can change your marketing preferences, by following the ‘unsubscribe’ link at the base of all our email communications, by updating your marketing preferences in your Robert Welch account, emailing DPO@robertwelch.com or phoning 01386 840522. Any other requests should be emailed to DPO@robertwelch.com.

We will seek to respond to any request within 28 days. If you feel that your data hasn’t been handled correctly or you are unhappy about our response to any requests you have made about the use of your personal data, please let us know. You also have the right to lodge a complaint with the Information Commissioner’s Office.

Please also see our Cookies Policy at robertwelch.com to learn about the cookies we use and how you can manage them.

Who do we share your personal data with?

We do share your personal data, where necessary, with trusted third parties, for example:

  • IT companies that support our website (Shopify) and our other business systems;
  • Our business analysis system and our age verification service provider;
  • Payment system companies;
  • Operational companies for example delivery couriers;
  • Fulfilment companies who assist in data analysis and insight and in managing our postal and electronic communications; and
  • Google, Twitter, Instagram, Pinterest and Facebook for electronic communications between us including the use of cookies when you have consented by using our website. For further information, please see our Cookie Policy.

In relation to all third parties:

  • We provide only the information they need to perform their specific services for us.
  • They may only use your data for the exact purposes we specify.
  • We work closely with them to ensure that they respect your privacy and protect it at all times.
  • If we stop using their services, any of your data provided by us and held by them will either be deleted or rendered anonymous.

For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data with law enforcement bodies. We may be required to disclose your data to the police or other government body on a proper request to do so.

In the case of any transfer of our business, your personal data would, where relevant, be transferred to new owners under the terms of this Privacy Notice.

Where your personal data may be processed:

Some of our suppliers who provide IT and other business support services are based outside the UK and your data is shared with them for example, in order to fulfil your order or process your payment details. Countries where these suppliers are based include those in the EEA, Australia, Canada and the USA.

In relation to processing outside the UK, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the UK. For example, our contracts with third parties and suppliers stipulate the standards they must follow at all times. If you would like more information about these contracts, please contact our Data Protection Officer DPO@robertwelch.com.

Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.

International orders

By placing an order with us, browsing our website, including for analytics and website usage research, and/or agreeing to receive direct marketing electronic communications as described in this Privacy Notice and our Cookies Policy, you expressly consent to the processing of your personal data by us or on behalf of us. Of course, you still have the right to ask us not to process your data in these ways.

If you are based outside the UK and place an order with us, we will transfer the data that we collect from you to the UK. That data will be transferred outside the UK, for example when we send your purchase to you in your country of residence or to another individual as a gift. In making a purchase from us, you are expressly consenting to such overseas use, transferring and disclosure of your data outside your country of residence for such purposes.

We shall endeavour to ensure that reasonable steps are taken to procure that all such third parties outside of your country of residence shall not use your data other than for that part of the purposes as set out in this Privacy Notice and to adequately protect the confidentiality and privacy of your personal data.

We will ensure that any third parties only process your personal data in accordance with their legitimate interests. These third parties may be subject to laws that differ from the laws which apply in the country where you reside. We do not actively take steps to ensure that any overseas recipient of your personal data complies with the laws which apply in your country.

If you have any questions, please contact our Data Protection Officer DPO@robertwelch.com, and we will seek to respond within your local timeframe response requirements. To complain about an alleged breach of this Privacy Notice or our privacy obligations at law, please provide us with as much detail as possible in relation to your complaint. We will take any privacy complaint seriously and any complaint will be assessed with the aim of resolving any issue in a timely and efficient manner.

EU Data Protection Representative

If you are based in the EU and wish to contact our EU Data Protection Representative, please contact our Data Protection Officer DPO@robertwelch.com for details.