1. Who we are
You can find out how to contact us in Section 9 below.
2. Your Privacy
In the course of our dealings with you, we will collect and process personal information about you. Personal information includes any information allowing us to identify you as an individual, for example, your name, your email address or your telephone number.
We are committed to protecting your privacy. We will use your personal information in accordance with all applicable laws and regulations that relate to data protection and privacy, including the EU General Data Protection Regulation (GDPR).
- what personal information we collect;
- why we collect this information;
- how we will use it;
- how long we will keep it;
- who else will see it;
- how you can contact us;
- your rights in relation to the personal information that we hold, including your rights to change, delete and see your information.
When using our website we will also place cookies on your device – please see our Cookies page for more information about the cookies we use and how you can change your cookie settings.
As described below, we may share your personal information with other organisations that may receive and process your personal information as a controller in their own right (see Section 9 for further details).
3. What information do we collect?
We collect the following types of personal information:
(a) Information we collect when you register with us
When you register with us, we may ask you for a number of pieces of information including:
- your name;
- your email address;
- your company name;
- your role/job title.
(b) Information we collect about how you use our Digital Services
When you browse our Websites or use our Digital Services, we may collect:
- information about any devices you have used (including the manufacturer, model and operating system, IP address, browser type and mobile device identifiers);
- cookies and information about your online browsing behaviour, access to our Digital Services and history on our Digital Services (this may, for example, help us facilitate your re-access to the Digital Services without requiring you to re-log-in);
- information about your preferences in connection with our Digital Services, for the purposes of enhancing and personalising your experience on our Digital Services;
4. Why do we ask for this information?
We ask for information to deliver the information you require relating to our Digital Services and to ensure that you have the necessary information needed to adhere to our operational and contractual requirements, as well as to tender for business with us.
5. How do we use your personal information
We have set out below the purposes for which we use your personal information. We are also required by law to state a “legal basis for processing”, i.e. to tell you on what grounds we are allowed to use your information, and this is also set out below. The legal basis for each purpose is that we have your consent for the use of your personal information, or that we need to use your personal information in order to perform a contract with you, or that the use of your personal information is necessary for our legitimate interests (in which case we will explain what those interests are).
Purpose of processing
Our legal basis
carry out our obligations under any contracts entered into (or in anticipation of such contracts) between you and us
Contractual necessity – we use your personal information in order to meet our obligations under our contract with you (for example, to deliver the information you have requested) or in anticipation of entering into a contract with you and/or inviting you to tender for business with us
monitor details of your visits to our Digital Services, including page views, for business and data analysis purposes.
Legitimate interests – we use your personal information to help us deliver the best quality of service to you and our other customers.
provide, enhance and personalise your experience on our Digital Services;
Legitimate interests – we use your personal information to deliver you a tailored experience when using our digital services.
in order to comply with any legal obligation (including in connection with a court order);
Compliance with legal obligation – we process your personal information in order for us to comply with our legal obligations.
Our Digital Services are not intended for children and we do not knowingly collect data relating to children.
6. How long do we keep your personal information?
We are required by law to keep your personal information only for as long as is necessary for the purposes for which we are using it. The period for which we keep your personal information will be determined by a number of criteria, including the purposes for which we are using the information, the amount and sensitivity of the information, the potential risk from any unauthorised use or disclosure of the information, and our legal and regulatory obligations.
7. Who do we share your personal information with?
We are a member of the Kingfisher Group of companies including but not limited to B&Q Plc, Screwfix Direct Limited (including its division Screwfix Direct Limited Zweigniederlassung Deutschland), Brico Depot SASU, Castorama France SASU, Euro Depot España SA, Brico Depot Portugal SA, Bricostore Romania SA, Praktiker Romania SA, Castorama Polska Sp. z.o.o., Koçtaş Yapi Marketleri Tic A.S and Castorama Rus LLC as well as KSO Istanbul Sourcing Ev Gelistirme Ürunleri Ve Hizmetleri Limited Şirketi., Kingfisher Asia Limited, Kingfisher Sourcing Eastern Europe Sp. z.o.o., Kingfisher International Products France SASU, “Kingfisher International Products RUS” LLC and Kingfisher (Shanghai) Sourcing Consultancy Co., Ltd
We may share your personal information with other members of the Kingfisher Group in connection with the purposes above and those listed below. Members of the Kingfisher Group may also use the personal information we share with them to improve our Digital Services (in particular, the Kingfisher Vendor Manual website), for analysis purposes
We may disclose your personal information to third parties, including in the following circumstances:
- We may pass personal information to external agencies and organisations (including the police and other law enforcement agencies) for the purpose of preventing and detecting fraud (including fraudulent transactions) and criminal activity. These external agencies may check the information we give them against public and private databases and may keep a record of such checks to use in future security checks. We may also disclose personal information to the police and other law enforcement authorities in connection with the prevention and detection of crime.
- In the event that we sell or buy any business or assets, we may disclose personal information held by us to the prospective seller or buyer of such business or assets. If we or substantially all of our assets are acquired by a third party (or subject to a reorganisation within our corporate group), personal information held by us will be one of the transferred assets.
- We may pass your personal information to third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation (including in connection with a court order).
- We may share anonymous or aggregate data (such as aggregated statistics or other anonymised data) with third parties.
Links to external sites
Please note that third party websites and applications are not under our control. When you click through to these websites or access these applications you leave the area controlled by us. We do not accept responsibility or liability for any issues arising in connection with the third party's use of your data (including your personal information).
Where will your personal information be processed?
Your personal information may be transferred to, and stored and processed in, one or more countries outside the European Economic Area (EEA) - such as the Kingfisher Group Companies in the United Kingdom, China, Hong Kong, Vietnam, Turkey and Russia - and including countries which do not provide equivalent protection for personal information. In these circumstances, we will take reasonable steps and implement appropriate measures to ensure that your personal information is adequately protected in accordance with the law.
These measures generally include either:
- Transferring personal information to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission; or
- Transferring personal information where the recipient has agreed to a European Commission approved data transfer agreement in the form of the standard contractual clauses.
Occasionally, we may transfer your personal information in circumstances where there are no adequate safeguards where this is permitted by data protection law.
Please contact us using the details below if you want further information on the specific safeguards used by us when transferring your personal information out of the EEA.
8. Your rights
You have the right to ask us to:
- Confirm what personal information we hold about you and provide you with a copy of that data;
- Correct any personal information that is inaccurate;
- Remove your personal information where there is no good reason for us to continue to hold that data;
- Temporarily stop using your personal information if you are questioning our right to use that data and in other circumstances where that right is applicable;
- Stop using your personal information unless we can demonstrate a valid reason why we need to continue to hold that data (e.g. to evidence as part of performance or intended performance of a contract that you have – on behalf of your nominated company – been granted access to our Digital Services);
- Provide you with the personal information that you have provided to us, in a structured and commonly-used electronic format, or transmit that information directly to another company if that is technically feasible. This applies where we are using your personal information on the basis of your consent or because it is necessary to perform a contract with you (see How do we use your personal information, above).
Our security procedures mean that we may request proof of identity before we are able to disclose your personal information to you or comply with other requests.
We want to make sure that the personal information we hold about you and your preferences as to how we contact you are accurate and up to date. If any of the details are incorrect, please let us know (details below) and we will amend them.
You also have the right to make a complaint to the supervisory authority if you’re not happy with how we’ve handled your personal information. The websites for the supervisory authorities that regulate our processing of your personal information are set out below:
Supervisory authority contact information
Kingfisher International Products Limited
The Information Commissioner's Office
9. How to contact us?
To update or correct your details, please email email@example.com.
Alternatively, if you wish to request a copy of your personal information please use :our: Data Subject Request Form,
If you have a general GDPR query or concern:
- You can write to us at: Data Protection Officer, Kingfisher Plc, 3 Sheldon Square, Paddington, London, W6 6PX, United Kingdom;
- You can email us at firstname.lastname@example.org;
- If you would like to contact our Data Protection Officer please email: email@example.com write to
Data Protection Officer,
3 Sheldon Square,
10. Protecting your personal information
The transmission of information via the internet is not completely secure; this risk is common across the internet and not specific to our services. We cannot guarantee the security of your data (including your personal information) transmitted to our services; any transmission is at your own risk.
It is important for you to protect against unauthorised access to your password and to your computing device. Be sure to sign off and close your browser when you have finished your session. This will help to ensure that others do not access your personal information if you share your computing device or use a computing device in a public place such as a library or internet café.
11. Updates to this notice
We may update this notice from time to time. The latest version of this notice will be posted on our Website.
Last updated: March 2019