Skip to main content
Selected Depot Find your local depot
Suggested Searches
        Suggested Categories
          Suggested Products

            Howden Joinery Limited

            Privacy Notice

            This version 3.3 is effective from: 21 January 2022

            This Privacy Notice (“Privacy Notice”) sets out how Howden Joinery Limited processes your personal data in connection with our business, including the provision of our website at www.howdens.com (“Site”), our mobile application “Howdens Trade App” (“App”) and the products and services we offer, including through our Site, our App and any of our Howdens depots (“Depots”) and other physical locations (“Products and Services”).

            This Privacy Notice also applies to your use of our careers website at https://careers.howdens.com/ and therefore references to “Site” in this Privacy Notice shall also refer to our careers website, where applicable. If you apply for a position with Howdens, our Candidate Data Privacy Notice (available at www.howdens.com/candidate-privacy-statement) will also apply to you.

            We will update this Privacy Notice from time to time to reflect any changes or proposed changes to our use of your personal data, or to comply with changes in applicable law or regulatory requirements. We may notify you by email of any significant changes to this Privacy Notice, but we encourage you to review this Privacy Notice periodically to keep up to date on how we use your personal data. If we update this Privacy Notice, we will update the effective date at the top of the page.

            Your access to and use of our Site and our App, including your trade account page and any secure area, is subject at all times to our Website Terms and Conditions If you are a tradesperson and you purchase Products and Services from us, your purchase will be subject to our Trade Account Terms and Conditions (available in Depots and on request).

             

            1. Purpose of this Privacy Notice

            This Privacy Notice explains our approach to any personal data that we might collect from you or which we have obtained about you from a third party, and the purposes for which we process your personal data. This Privacy Notice also sets out your rights in respect of our processing of your personal data.

            When we talk about “personal data”, we mean any information that relates to an identified or identifiable living individual. Individuals might be identified by reference to a name, an identification number, location data, an online identifier (such as an IP address) or to other factors that are specific to them, such as their physical appearance.

            This Privacy Notice is intended to assist you in making informed decisions when using our Site, our App and our Products and Services. Please take a moment to read and understand it. It should be read in conjunction with our Website Terms and Conditions and our Cookie Policy.

            This Privacy Notice only applies to the use of your personal data obtained by us, whether from you directly or from a third party. It does not apply to personal data collected by third parties during your communications with those third parties or your use of their products or services (for example, where you follow links to third party websites over which we have no control, or you purchase goods or services from those third parties).

             

            2. About us

            The Site, our App and our Products and Services are made available by Howden Joinery Limited (“Howdens”, “we”, “us, “our”). Howdens is the controller responsible for your personal data. Howdens is a private limited company registered in England under company registration number 00526923.  Our registered office is at 40 Portman Square, London W1H 6LT. We are registered with the Information Commissioner’s Office under registration number Z6174295.

             

            3. How to contact us

            General enquiries: If you have any questions about this Privacy Notice or want to exercise your rights as a data subject set out in this Privacy Notice, you can contact us by email at dataprotection@howdens.com.

            Marketing: If at any time you wish to change your marketing preferences or opt out of marketing altogether, the quickest way to do this is to send an email to optout@howdens.com. You can also opt out of email marketing by clicking the unsubscribe link in our marketing emails.

             

            4. The types of personal data we collect

            In providing our Site, our App and our Products and Services, we may collect and process different types of personal data about you for different processing purposes. The types of personal data we collect depends on who you are and how you use our Site, our App and our Products and Services and generally includes some or all of the following (as applicable):

            Identity Data

            First name; last name; job title; organisation you represent.

            Contact Data

            Postal address; billing address; email address; telephone number; social media handle.

            Registration Data

            Trading name, trading address, landline and mobile telephone numbers, email address, account password/memorable word, bank details (bank name, address, sort code, account number and time with bank), contact name, company registration number, company registered office address, date of birth, home address, portrait and other information shown on a photo ID (such as a passport or driving licence); any other personal data you provide when you register a trade account with us.

            Financial Data

            Bank account details; partial payment card details.

            Transaction Data

            Details about payments made between you and us; details of Products and Services purchased from us.

            Profile Data

            Username; account password; profile picture or avatar; purchase/order details; interests and preferences; contact preferences; whether you have participated in any promotions or competitions; feedback and survey responses; the content of any message you send to us using our online enquiry form.

            Behavioural Data

            Data relating to your browsing activity or interaction with our emails, obtained through the use of cookies, pixel tags and other similar technologies; information about when your current or previous sessions started; details about Products or Services you viewed or purchased through the Site or App.

            Technical Data

            IP address; browser type and operating system; geolocation, to ensure we’re showing you the correct notices and information; any other unique numbers assigned to a device or browser.

            Marketing and Communications Data

            Marketing preferences; service communication preferences.

             

            5. How we collect and receive personal data

            We collect and receive personal data using different methods:

            Personal data you provide to us

            You may give us your personal data directly, for example, when you purchase Products and Services on our Site or at our Depots, contact us with enquiries, complete an application for a trade account with us, complete other forms, subscribe to receive our marketing communications or provide survey responses and feedback to us.

            Personal data we collect using cookies and other similar technologies

            When you access and use our Site, our App, we will collect certain Behavioural Data and Technical Data. We collect this personal data by using cookies and other similar technologies (see the “Insight, analysis and retargeting through Cookies” section below).

            Personal data received from third parties

            We may receive personal data about you from third parties. Such third parties may include analytics providers, credit reference agencies, data brokers, third party directories and third parties that provide technical services to us so that we can provide our Site, our App and our Products and Services. For those applying for a job with Howdens, we may also receive personal data from employment background check providers and previous employers.

            Publicly available personal data

            From time to time, we may collect personal data about you that is contained in publicly available sources (including open source data sets or media reports) or that you or a third party may otherwise make publicly available (for example through speeches at events or publishing articles or other news stories or posts on social media platforms).


            6. Who we collect personal data about

            We collect and process personal data from the following people:

            Site and App visitors/users

            If you browse our Site or our App, we will collect and process your personal data in connection with your interaction with us and our Site and/or App.

            Visitors to our Depots and other physical locations

            If you attend one of our Depots, offices or other locations, we may process personal data that you volunteer in connection with your visit and any enquiries you make. CCTV footage may also be collected for security purposes.

            Trade customers

            If you buy our Products and Services, we may collect and process your personal data in connection with account application and the supply of Products and Services to you.

            People who contact us with enquiries

            If you contact us with an enquiry through our Site, submit a complaint through our Site or provide any feedback to us in our surveys and feedback forms, we will collect and process your personal data in connection with your interaction with us and our Site.

            People who work for our customers and suppliers

            If you work for one of our customers or suppliers and have responsibility for placing orders with us, administering your organisation’s trade account with us or handling our orders or our account with your organisation, we will process your personal data in connection with your organisation’s relationship with us.

            Event attendees

            If you attend one of our events, we will process personal data about you in connection with your attendance at the event. For example, we may ask you to complete a registration or feedback form, or other document relating to the event.

            Job applicants

            If you apply for a job with us, we will collect and process the personal data you volunteer in connection with your application.

             

            7. How we use your personal data

            We use your personal data for the purposes set out in this section.

            Provision of our Services

            If you browse our Site

            When you browse our Site, we collect and process certain Behavioural Data and Technical Data to help us understand how you are using and navigating our Site. We do this so that we can better understand which parts of our Site are more or less popular and improve the structure and navigation of our Site.

            Our legal basis for processing

            It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you for the Products and Services, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we provide access to our Site in a secure and effective way and so that we can improve our Site.

            If you request our design appointment service

            If you request a home survey and kitchen design appointment, we will use your Identity Data and Contact Data and any other information you volunteer to arrange and carry out a visit to your home to provide the service you have requested.

            Our legal basis for processing

            It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you for the Products and Services, or it is in our legitimate interest or a third party’s legitimate interest to use your personal data in the ways described above to ensure that we are able to provide the service requested and provide a good standard of service.

            If you request our virtual kitchen design service

            We offer a virtual kitchen design service and an in-Depot design service. If you request one of these personal design services, we will use your Identity Data and Contact Data and any other information you volunteer to provide the service you have requested. As part of the service, you may also upload photographs and/or plans of your kitchen directly to us. If your photograph or plan includes personal information (for example, it may feature you and other individuals, as well as pets and personal property), we will process that information in connection with our use of the photograph or plan.

            Our legal basis for processing

            It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you for the Products and Services, or it is in our legitimate interest or a third party’s legitimate interest to use your personal data in the ways described above to ensure that we are able to provide the service requested and provide a good standard of service.

            If you request a kitchen visualiser

            We use your Identity Data and Contact Data to send you your created kitchen visualiser plans when you request them.

            Our legal basis for processing

            It is in our legitimate interest or a third party’s legitimate interest to use your personal data in the ways described above to ensure that we are able to help with your request and provide a good standard of service.

            If you request a brochure

            We use your Identity Data and Contact Data to send you our brochures and other publications when you request them.

            Our legal basis for processing

            It is in our legitimate interest or a third party’s legitimate interest to use your personal data in the ways described above to ensure that we are able to help with your request and provide a good standard of service.

            If you use the “Find a Depot” search tool on our Site

            If you search for your local Depot on our Site, we will use your post code to locate the nearest Depot. If you choose to search using your location, we will process your device location data to carry out the search.

            Our legal basis for processing

            It is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we are able to help with your enquiry. However, we will only use your location data with consent.

            If we include your photographs of your Howdens kitchen on our Site

            From time to time, our Site may include a gallery function, allowing those who have purchased a Howdens kitchen to have photographs of their kitchen featured on the Site. We may include functionality that allows you to upload photographs of your Howdens kitchen directly to our Site. Alternatively, where you have posted a photograph of your Howdens kitchen on social media and tagged us, we may contact you to ask you for permission to post your photograph in our gallery. If you post a photograph to our Site directly, or you permit us to include your photograph in our gallery in response to a request from us, the photograph will be published on our Site and we and our group companies may also use it in other advertising and marketing materials for Howdens (please see our Website Terms and Conditions for more details). If your photograph includes personal data (for example, it may feature you and other individuals, as well as pets and personal property), we will process that personal data in connection with our use of the photograph. We will also collect your Identity Data and Contact Data for general record-keeping purposes (for example, to contact you about the use of your photograph). Your name may also be published alongside your photograph on our Site. If you provide a caption, the content of that caption (including any personal information) may also be published on our Site.

            Our legal basis for processing

            It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you for the Products and Services, or it is in our legitimate interest or a third party’s legitimate interest to use your personal data in the ways described above to ensure that we are able to feature your photograph in our gallery at your request. If we ask you for permission to feature your photograph, then we will rely on consent as our lawful basis for processing.

            If you register your appliance using our after-sales service

            If you register for our Lamona appliance after-sales service, we will process your name, email address, postal address, telephone number and information about your purchase of the relevant product. If you make a warranty claim, we may process these details as well as any other relevant personal information you provide in order to process the warranty claim. If your builder or professional installer is making a warranty claim in relation to any Howdens products and services which they have supplied to you, we may need to collect personal information about you, such as your name, contact details and any other relevant information, in order to process their warranty claim. We may also process your registration information to contact you in relation to any product safety issue affecting our Products (for more information see “Product safety and recalls” below). 

            Our legal basis for processing

            It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you for the Products and Services, or it is in our legitimate interest or a third party’s legitimate interest to use your personal data in the ways described above to ensure that we are able to help you or your builder with the request for after-sales support. We also have certain legal obligations in relation to product safety and may need to process your personal data to comply with those obligations.

            If a trader engaged by you purchases our Products and Services on your behalf

            If you have engaged a trader to carry out services for you and that trader purchases our Products and Services for use in your project, we may collect and process certain personal data relating to you, such as your Identity Data and Contact Data. This may happen, for example, where your trader arranges delivery of Products directly to you at your home address.

            Our legal basis for processing

            It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you for the Products and Services, or it is in our legitimate interest or a third party’s legitimate interest to use your personal data in the ways described above to ensure that we are able to help you and/or your builder with the request for our Products and Services.

            If you link to social media sites and interact with our social media pages

            If you click on one of the social media links on our Site or otherwise interact with our social media pages such as on Facebook or Instagram (including interacting with any “like” or similar embedded features on our Site or social media accounts), we and the relevant social media platform may receive information relating to such interaction and may share your personal data in connection with this purpose, such as certain Behavioural Data and Technical Data. For more information about how we use this personal data, please see the “Insight, analysis and retargeting through Cookies” section below.

            The relevant social media platform may also be a controller in respect of the personal data that is collected via your use of our social media pages and may use that personal data for additional purposes. For details of how the relevant social media platform uses your personal data, please see the privacy notice of the relevant social media platform.

            Our legal basis for processing

            It is in our legitimate interest or a third party’s legitimate interest to use personal data in the ways described above to ensure that we provide the Site in an effective way and to promote our Site via social media.

             

            Howdens trade customers (this section only applies to you if you are a Howdens trade customer)

            If you apply for a Howdens trade account

            If you wish to open a trade account with us, you will be required to complete an application form and provide your Registration Data. The Registration Data we collect depends on the nature of your trading status but will generally include your trading name, trading address, landline and mobile telephone numbers, email address, an account password and your bank details (bank name, address, sort code, account number and time with bank). If you are opening the account on behalf of a limited company, we will also collect your contact name, the company’s registration number and registered office address. For sole traders, partners in a partnership and any other non-company applicant, we will collect your name, date of birth and home address. Applicants will also need to provide a photo ID such as a passport or driving licence to enable us to identify the applicant or a relevant company director.

            We will use your personal data for the purpose of processing your application for a trade account and, once your account is open, we will process your personal information so that we can administer your account, make our account features and benefits available to you and communicate with you about your account, any orders you have placed and any important information that may affect you or your use of our Products and Services.

            If you have applied for credit terms or you wish to change an existing credit limit, we will process your personal data for the purpose of carrying out credit checks through credit reference agencies. In the case of non-payment, we may process your personal data for the purpose of debt recovery action.

            Our legal basis for processing

            It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you for the Products and Services or in relation to your Howdens trade account, or it is in our legitimate interest or a third party’s legitimate interest to use your personal data in the ways described above to ensure that we are able to administer your account, make our account features and benefits available to you, ensure that we provide a good standard of service and to help us improve our Products and Services and our Site and App.

            If you register your Howdens trade account for online access on our Site

            If you or the organisation you represent have a trade account with Howdens and you would like to manage your account on the Site, gain access to certain secure features and functionality of our Site and/or receive certain offers and benefits, you will need to register for online access. If you register for online access, we will use your trade account name and number, name, business address, email address and postcode to process your registration. We may collect and process your personal data whether you are interacting with us on your own behalf or on behalf of any organisation you represent.

            Once you are registered, we will process your Profile Data (username and password) to identify you when you log into your account and the secure areas of our Site. We will use your account information so that we can administer your account with us and we will use any payment details you enter so that we can process payments at your request. We do not store any payment details.

            Please also see the section above entitled “If you browse our Site” for more general information about how we process your personal data when you use our Site.

            Our legal basis for processing

            It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you for the Products and Services or in relation to your Howdens trade account, or it is in our legitimate interest or a third party’s legitimate interest to use your personal data in the ways described above to ensure that we are able to administer your account, make our account features and benefits available to you, provide access to the Site in a secure and effective way and so that we can make improvements to our Products and Services and our Site.

            If you register with and use our App

            If you or the organisation you represent have a trade account with Howdens, you can access certain account features and other functionality through our App. We may collect and process your personal data whether you are interacting with our App on your own behalf or on behalf of any organisation you represent. We may also link interactions within the App and the Site.

            Once registered on the App, you can log in using the same access credentials that you use for the Site. We will process such personal data to give you access to the account features and other functionality of the App.

            If you enable touch ID or facial recognition, you will be able to log in using your fingerprint and/or your face, depending on your choices. If you wish to use these features, we will process your biometric data to give you access to the App.

            If you enable push notifications, we will send you push notifications to update you on the status of your orders and provide collection information.

            Our legal basis for processing

            It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you for the Products and Services or in relation to your Howdens trade account, or it is in our legitimate interest or a third party’s legitimate interest to use your personal data in the ways described above to ensure that we are able to administer your account, make our account features and benefits available to you, provide access to the App in a secure and effective way and so that we can make improvements to our Products and Services and our App.

            We will only process your biometric data and send you push notifications if you have enabled these features in-App, in which case our processing will be based on consent.

            If you purchase Products and Services

            We collect and maintain personal data that you submit to us for the purpose of supplying Products and Services that you have requested from us. We may collect and process your personal data whether you are interacting with us on your own behalf or on behalf of any organisation you represent.

            You can purchase products in person in our Depots. We also operate an online service which allows you to place an order/reservation for Products online via your online trade account. 

            The personal data we process in connection with your purchase or order/reservation will depend on whether you are interacting with us online or in our Depots but will generally include your Identity Data and Contact Data, as well as certain Registration Data, Profile Data, Financial Data (where applicable), and your password/memorable word.

            We process this information so that we can fulfil the supply of Products and Services, process any returns, maintain our user databases and to keep a record of how our Products and Services are being used.

            Our legal basis for processing

            It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you (or the organisation you represent) for the Products and Services you have requested, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we provide our Products and Services in an effective, safe and efficient way.

            If you wish to return our Products

            If you wish to return any Products you have purchased from us, we will collect and process your Identity Data and Contact Data and, if applicable, certain Registration Data, Profile Data, Payment Data and Transaction Data, as well as any other personal data you volunteer that is relevant to your return. We use this information to assist you with the processing of your return.

            Our legal basis for processing

            It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you for the Products, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we are able to help you with your return or cancellation, provide a good standard of service and improve our customer services.

             

            Customer service, enquiries and complaints.

            If you have a general question or need help with any issue concerning our Site, our App or our Products and Services

            There are various ways in which you are able to contact us (see the contact us section above). In particular, our Site features a “Contact Us” page, which invites you to contact your local Depot by telephone or via our online enquiry form. You can also contact your local Depot by email when you use the “Find a Depot” function on our Site or our App. From time to time, you may also be able to submit specific enquiries on other pages of our Site or our App, including in secure account areas.

            When you make an enquiry or submit a complaint, we will collect and process your Identity Data and Contact Data (either your telephone number or your email address, depending on how you would like us to respond), as well as any other personal data you volunteer that is relevant to your enquiry. We use this information to manage and respond to your enquiry or complaint.

            We may also record your enquiry (including voice recordings of telephone conversations) and use the information referred to above to train our personnel so that they can effectively deal with enquiries and complaints.

            Our legal basis for processing

            It is in our legitimate interest or a third party’s legitimate interest to use your personal data in the ways described above to ensure that we are able to help you with your enquiry or resolve your complaint, provide a good standard of service and improve our customer services.


            Surveys and feedback.

            If you complete our surveys or provide feedback on your experience of our Site, our App and/or our Products and Services

            From time to time, we may invite you to provide general feedback about us, our Site, our App, our Depots and our Products and Services in the form of online, postal or in-Depot surveys. We will collect and process your Identity Data, Contact Data and, if applicable, certain Registration Data, Profile Data and Transaction Data, as well as any other personal data you choose to volunteer in your survey response or other feedback.

            You can provide feedback in person at a Depot or by telephone, email or via our online enquiry form (please see the “Customer service, enquiries and complaints” section above for more details). We also provide an online website feedback form which you can use to report technical issues with our Site. When you complete this form, we may capture Technical Data (such as your browser type and device type) for diagnostic purposes and, where requested, your Identity Data, Contact Data and details of the issue you wish to report. This feedback is used for the purposes of improving our website services.

            Sometimes we run more in-depth customer surveys to help us gain a better understanding of how customers use our Site, our App and our Products and Surveys. These programmes may involve attending an online or in-person meeting or telephone call. Such meetings and calls may be recorded, but you will be informed of this in advance. If you are invited to participate and you would like to take part, you will be asked to complete a participant form, providing your Identity Data and Contact Data, and we will collect your feedback in response to the programme. We use this personal data to administer your participation in the programme and to analyse the results of the programme. 

            We use feedback and the information obtained through survey programmes to help us monitor and improve our Site, our App and our Products and Services, to assist with the selection of future product and service lines, to train our personnel and to improve the quality of our customer service.

            Our legal basis for processing

            It is in our legitimate interest or a third party’s legitimate interest to use the personal data provided by you so that we can improve our Site, our App and our Products and Services and provide them in an effective way.

            If we invite you to submit a Trustpilot review and/or we feature your Trustpilot review on our Site

            Our Site features a selection of reviews of our Products and Services given by our trade customers and owners of Howdens kitchens. We use a third-party provider called Trustpilot A/S to manage our online reviews. Reviews are submitted on the Trustpilot platform in the first instance and we may then show a small selection of these on our Site.

            If you are a Howdens trade customer, we may use your Identity Data and Contact Data to invite you to submit a customer review through the Trustpilot platform. Trade customers and owners of Howdens kitchens may also submit a review to the Trustpilot platform at any time without invitation.

            To submit a review on the Trustpilot platform, you will first need to set up an account on the platform. Trustpilot A/S will be the data controller in respect of your use of the platform (including when you submit reviews) and the administration of your account on the platform. Trustpilot A/S’s privacy notice can be found here: https://uk.legal.trustpilot.com/for-reviewers/end-user-privacy-terms.

            Howdens is an independent data controller where we invite you to submit a review on the Trustpilot platform and where we display on our own Site any review you may have submitted to the Trustpilot platform.

            If we feature your Trustpilot review on our Site, we will process your Identity Data (first name only), your town or county and any information you volunteer in your review in order to make the review available on our Site. If required by a regulator, we may also use your personal data to demonstrate that the review is genuine. 

            Our legal basis for processing

            It is in our legitimate interest or a third party’s legitimate interest to use your personal data contained in your review to promote our business, our Site and our Products and Services, to help improve our Products and Services and our customer service generally and to comply with any regulatory requirements. We will send review invites to trade customers who have opted in to receive direct marketing from us. In certain circumstances we may also rely on our legitimate interest to send an invite to customers who have purchased our Products and Services and who have not opted out of receiving marketing emails (having been given the opportunity to do so).

             

            Product safety and recalls.

            If your Product suffers a product safety issue

            If we become aware of a product safety issue relating to any of our Products, we will investigate the problem and, where necessary, carry out repairs to the Product or recall the Product. If you have registered your Product, we will use the personal data you provided when registering your Product to contact you to arrange the repair or recall of your Product. If you are a Howdens trade customer, we will process certain account details such as your Identity Data and Contact Data and any relevant Registration Data, Profile Data and Transaction Data to identify purchasers of the Product in question and to arrange a repair or recall.  

            Our legal basis for processing

            It is in our legitimate interest or a third party’s legitimate interest to use your personal data in the ways described above to ensure that we are able to help resolve any issues with our Products, maintain the safety of our Products, and provide a good standard of customer service. We also have certain legal obligations in relation to product safety and may need to process personal data to comply with those obligations.

            Hosting and managing events.

            If you sign up for and/or attend an event organised, hosted or sponsored by us 

            From time to time, we may organise and host (whether alone or jointly with others) or sponsor events for the purpose of promoting our business or for charitable causes or other reasons. We may process your Identity Data and Contact Data to communicate with you about such events where you have specifically requested information about such events or where we have another lawful basis for sending that information to you.

            If you attend one of these events, we may use your Identity Data, Contact Data and certain Profile Data to record your attendance at the event and for related record-keeping purposes. If relevant, we may also collect and process any dietary requirements you may have. You may also feature in photographs taken at such events and such photographs may appear in publications that we make available online and in print.

            Our legal basis for processing

            It is necessary for us to use your personal data in this way to perform our obligations in accordance with any contract that we may have with you where you have signed up to attend an event, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that the event is operated in an effective way.

            We may specifically ask your permission to use your photographs, quotes, testimonials, or other content that you make available or publish at the event. Where this is the case, our processing of your such personal data will be based on consent.

            Prize draws, prize competitions and other promotions.

            If you participate in one of our promotions

            From time to time, we may run prize draws, prize competitions and other promotions on our Site, our App and/or on our social media accounts. For the purposes of administering such promotions, we may process your Identity Data and Contact Data, certain Registration Data, Profile Data and Transaction Data (where applicable) and any other personal data volunteered by you in relation to your promotion entry.

            Our promotions are subject to separate terms and conditions, which you may be required to accept as a condition of entry. Such terms and conditions will be made available to you in the promotional materials relevant to the promotion. 

            Our legal basis for processing

            It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you (e.g. the promotion terms and conditions) or it is in our legitimate interest or a third party’s legitimate interest to use your personal data to enable us to administer our promotion fairly and effectively and to ensure that we comply with self-regulatory codes governing the operation of promotions.


            Charitable activities.

            If you request a charitable donation from us

            From time to time, we receive requests for charitable donations. If you make a request, your request will include personal data, such as your Identity Data and Contact Data, as well as any other personal data you may include in your request. If your request is successful, we will ask you to complete a form, setting out the name of the organisation which is to receive the charitable donation and Financial Data such as the organisation’s bank account details. As part of the application process, we may also ask you for further information about your request and your response may include additional personal data.

            We will use the information obtained through the application process to help us administer the process and to assess the merits of the specific request. We will use your name and contact details to communicate with you in relation to your request and, if the request is successful, we will process the bank account details provided to enable us to process our payment to the recipient. We also retain any personal data for record-keeping purposes.

            Our legal basis for processing

            It is in our legitimate interest or a third party’s legitimate interest to use personal information in the ways described above to ensure that we are able to process and administer requests for charitable donations fairly and efficiently.

            If you appear in photographs relating to our sponsorships and charitable activities

            From time to time, we may offer financial support to local organisations (such as football teams) through sponsorship and other initiatives. We may occasionally publicise our involvement by publishing news and photographs about our sponsorship activities on our website and social media, as well as in other print and online media. If you feature in such news and/or photographs, we will process your personal data (which may include your Identity Data and any other relevant information) for the purpose of publicising our sponsorship and other charitable activities.

            Our legal basis for processing

            It is in our legitimate interest or a third party’s legitimate interest to use personal information in the ways described above to ensure that we are able to promote our business and our sponsorship and charitable activities. If it is not within our legitimate interest, we will contact you to ask your permission, in which case our processing of such personal data will be based on your consent.

             

            Insight, analysis and retargeting through Cookies.

            If we use cookies to help us understand more about you and your use of our Site and our Products and Services

            We and our third-party partners use cookies, web beacons, pixels, tags and other similar technologies (which we generically refer to as “Cookies”) to collect data from the devices that you use to access our Site, our App our Products and Services and any emails that you receive from us. The data that is collected includes Behavioural Data and Technical Data, and certain Profile Data and Transaction Data. Please see our Cookie Policy for further information, including details of our third-party partners.

            We and our third-party partners use this data to analyse how you use our Site, our App and our Products and Services and the effectiveness of our Site, our App and our Products and Services, including:

            ·        for the purposes described in the “If we carry out any online advertising”, “If we advertise to you on social media and similar platforms”, and the “If we advertise to other people who share similar interests and characteristics to you” sections below;

            ·        to analyse how you use, and the effectiveness of, our Site, our App and our Products and Services;

            ·        to count users who have visited our Site or opened an email and collect other types of information, including insights about visitor browsing habits, which helps us to improve our Site, our Products and Services and the effectiveness of our emails;

            ·        to measure the effectiveness of our content;

            ·        to measure the effectiveness of our advertising on other websites and platforms (for example, by counting how many people click on our advertisements on other sites and platforms to be redirected to our Site);  

            ·        to learn what parts of our Site and our App are most popular and what kind of features and functionalities our visitors like to see;

            ·        to understand the causes of errors and crashes in relation to the App for troubleshooting and support purposes;

            ·        to help us understand the type of marketing content that is most likely to appeal to our visitors and customers; and

            ·        to help us with the selection of future product and service lines, website design and to remember your preferences.

            In some of our email messages, we use a “click-through URL” linked to certain websites administered by us or on our behalf. We may track click-through data to assist in determining interest in particular topics and measure the effectiveness of these communications.

            Our legal basis for processing

            Where your data is collected through the use of non-essential cookies, we rely on consent to collect your personal data and for the onward processing purpose. Please see our Cookie Policy for further details.

            In certain circumstances, we may rely on another lawful basis when we use your personal data collected via the use of cookies. For example, where we use personal data collected through the use of analytics cookies to analyse how you use our Site or our App, it is in our legitimate interest to use your personal data in such a way to improve our Site, our App and our Products and Services.

             

            Advertising and marketing activities.

            If we send you marketing communications by post and/or email/SMS

            We use your Identity Data, Contact Data and Marketing and Communications Data to send you (or the organisation you represent) marketing communications by post and/or email/SMS. Our marketing will include press releases and information about us, our Site, our App our Depots, our Products and Services, any events we may hold and the offers and promotions we offer from time to time.

            Our marketing communications will include personalised and non-personalised marketing.

            Personalised marketing has been specifically tailored to you and will include content that we think is most relevant to you, based on what we know about you. Personalised marketing would include emails about Products and Services we know you have shown an interest in previously, as well as email reminders that we may send to you if you reserve Products online via your online trade account but do not go on to collect the reserved Products from our Depot.

            Non-personalised marketing is marketing that is not tailored to you and is sent to subscribers generally, such as an email about a seasonal sale we may be holding and which will be of interest to all of our customers.

            Where we are sending you personalised marketing, we may also use Profile Data, Transaction Data and Behavioural Data to help us decide what sort of personalised marketing to send you. Please see the “Insight, analysis and retargeting through Cookies” section above for more details.

            Our legal basis for processing

            It is in our legitimate interest to use your personal data for marketing purposes, for example to decide what marketing content we think may appeal to you.

            It is in our legitimate interest to use your personal data to send our marketing to you by post. However, if you have expressly opted in to receive postal marketing from us, then our legal basis for sending postal marketing to you will be based on your consent. We will not send direct marketing to you by post if you have opted out of receiving postal marketing from us or you have otherwise registered with the Mailing Preference Service and you have not separately opted in to receive postal marketing from us. We will only send marketing communications to you by email and/or SMS where you have consented to receive such content by email and/or SMS, or where we have another lawful right to send marketing to you using email and/or SMS. For example, in certain circumstances we may rely on our legitimate interest to send marketing by email and/or SMS to customers who have purchased or requested our Products and Services. We may also rely on our legitimate interest to send marketing by email and/or SMS to certain trade account holders and other business users of our Site, our App and our Products and Services.

            If we make telephone marketing calls to you

            We use your Identity Data, Contact Data and Marketing and Communications Data to make marketing telephone calls to you (or the organisation you represent). Our marketing calls will include information about us, our trade account offering, our Site, our App our Depots, our Products and Services, any events we may hold and the offers and promotions we offer from time to time. We may also call you to offer assistance if you have started an online application for a trade account but have not been able to complete the process for any reason.

            Our marketing calls may include personalised and/or non-personalised marketing (please see the above section on post and email/SMS marketing for more information on the difference).

            Where we are contacting you with personalised marketing, we may also use Profile Data, Transaction Data and Behavioural Data to help us decide what sort of personalised marketing to contact you about. Please see the “Insight, analysis and retargeting through Cookies” section above for more details.

            Our legal basis for processing

            It is in our legitimate interest to use your personal data for marketing purposes, for example to decide what marketing content we think may appeal to you.

            It is in our legitimate interest to use your personal data to make telephone marketing calls to you. However, if you have expressly opted in to receive telephone marketing calls from us, then our legal basis for making those calls to you will be based on your consent.

            We will not make telephone marketing calls to you if you have opted out of receiving such calls from us or you have otherwise registered with the Telephone Preference Service or Corporate Telephone Preference Service (as applicable) and you have not separately opted in to receive telephone marketing calls from us.

            If we carry out any online advertising

            We and our third party partners may use certain of your Profile Data, Behavioural Data and Technical Data, and other data that is collected through your use of and interactions with third party websites and services (including on-demand television), to provide you with, and analyse the effectiveness of, personalised and non-personalised ads when you visit or use those other websites and/or services. In some cases we do this as described in the “If we advertise to you on social media and similar platforms” section below.

            By “personalised ads”, we mean advertisements for products and services that you have shown an interest in when you have used our Site or our App or which we or our third party partners think you otherwise might be interested in based on Behavioural Data. Our third-party partners may use the data that is collected to show personalised ads for products and services offered by third parties.

            In some cases we may be joint controllers with third parties in respect of this activity – please see the “Joint controller activities” section below for further information.

            Our legal basis for processing

            Please see the “Insight, analysis and retargeting through Cookies” section above to learn about the legal basis that we rely on to collect data via the use of Cookies.

            Where we use your personal data to display online advertising to you, we rely on the consent that you have provided in respect of the collection of such data, or it is otherwise in our legitimate interests to promote our Site, our App and our Products and Services to you.

            Our third-party partners may rely on a different lawful basis in respect of their use of your personal data. Please read the privacy notice of the relevant third-party provider (see our Cookie Policy for details).

            If we advertise to you on social media and similar platforms

            We share (usually in an encrypted or “hashed” form) certain Contact Data and/or Technical Data (such as unique identifiers associated with your device or browser) with third-party providers of social media and similar platforms such as Facebook (“Social Platforms”), so that the Social Platform can try to “match” your hashed data with the hashed data relating to registered users of the Social Platform.

            Where there is a successful match (e.g. because you are our customer and/or a user of our Site and are also a registered user of the relevant Social Platform), our advertising will be displayed to you when you use the relevant Social Platform (e.g. on your Facebook newsfeed). This is known as “custom audience” advertising, because we “customise” the audience that we want to reach on the relevant Social Platform.

            Some of the advertising that you see may be personalised to you using certain Profile Data and/or Behavioural Data. This data will not be provided to the Social Platforms for this purpose, but please see the “Insight, analysis and retargeting through Cookies” section for details of where we may share such data.

            This activity is also subject to the privacy choices you have elected to make on the Social Platforms. In some cases we may be joint controllers with such Social Platforms in respect of this activity – please see the “Joint controller activities” section below for further information.

            Our legal basis for processing

            We will only share your personal data with Social Platforms for the above purpose where you have provided your consent or where it is otherwise in our legitimate interests to do so to promote our Products and Services.

            Where this activity is undertaken through the use of Cookies, please see the “Insight, analysis and retargeting through Cookies” section) to learn about the legal basis that we rely on.

            You can opt-out of our sharing of your personal data with the Social Platforms by exercising your rights as a data subject as set out below.

            If we advertise to other people who share similar interests and characteristics to you (or if you are someone who sees such advertising)

            We will provide personal data to Social Platforms as described in the “If we advertise to you on social media and similar platforms” and the “Insight, analysis and retargeting through Cookies” sections. We may ask those Social Platforms to find other registered users of their services who share similar interests and characteristics to our customers and/or Site users, which will be based on information that the third party holds about its registered users.

            This is known as “lookalike” audience advertising because we are trying to show our advertising to people who “look like” our customers and/or Site users.

            If you are someone who has seen this advertising on a Social Platform, please note that this activity is based on data that you have provided to the Social Platform (which we do not receive) and is also subject to the privacy choices you have elected to make on such third-party services.

            Our legal basis for processing

            Please see the “If we advertise to you on social media and similar platforms” section for details of the lawful basis that we rely on to share your personal data with the Social Platforms.

            It is in our legitimate interests to further use your personal data to advertise our Products and Services to other individuals who use those Social Platforms and who share similar interests and characteristics with you.

            If you are someone who has seen this advertising on a Social Platform, it is in our legitimate interests that the Social Platform uses the data that you have provided to it to advertise our Products and Services, although please note that we do not receive this data and you should exercise your rights in respect of such data in accordance with the privacy notice of the relevant Social Platform.


            Recruitment.

            If we use your personal data in connection with our recruitment activities

            If you are applying for a position with Howdens, whether through our careers portal at www.careers.howdens.com (“Careers Site”) or otherwise, our Candidate Data Privacy Notice (available at www.howdens.com/candidate-privacy-statement) will apply to the processing of your personal data in relation to your status as an applicant. The following is a brief summary of our processing activities relating to the job application process, but please read the Candidate Data Privacy Notice for full details.

            We use your personal data for recruitment purposes, in particular, to assess your suitability for any of our positions that you apply for, whether such application has been received by us online, by email or by hard copy and whether submitted directly by you or by a third-party recruitment agency on your behalf. We also use your Identity Data and Contact Data to communicate with you about the recruitment process, to keep records about our recruitment process and to comply with our legal and regulatory obligations in relation to recruitment.

            We will process any personal data about you that you volunteer, including during any interview, when you apply for a position with us. We may also process your personal data obtained from any third parties we work with in relation to our recruitment activities, including without limitation, recruitment agencies, background check providers, credit reference agencies and your referees.

            The personal data we process may include your Identity Data, Contact Data, details of your education, qualifications and employment history, any other personal data which appears in your curriculum vitae or application, any personal data that you volunteer during an interview or your interactions with us, or any personal data which is contained in any reference about you that we receive. Such information may also include special categories of personal data (such as information about your health, any medical conditions and your health and sickness records) and information relating to criminal convictions and offences if that information is relevant to the role you are applying for.

            We also use your personal data for the purposes of reviewing our equal opportunity profile in accordance with applicable legislation. We do not discriminate on the grounds of gender, race, ethnic origin, age, religion, sexual orientation, disability or any other basis covered by local legislation. All employment-related decisions are made entirely on merit.

            Our legal basis for processing

            Where we use your personal data in connection with recruitment, it will be in connection with us taking steps at your request to enter into a contract we may have with you or it is in our legitimate interest to use personal data in such a way to ensure that we can make the best recruitment decisions.

            We will not process any special (or sensitive) categories of personal data or personal data relating to criminal convictions or offences except where we are able to do so under applicable legislation or with your explicit consent.


            Receipt of products and services from our suppliers.

            If we have engaged you or the organisation you represent to provide us with products or services

            If we have engaged you or the organisation you represent to provide us with products or services (for example, if you or the organisation you represent provide us with services such as IT support or financial advice), we will collect and process your personal data in order to manage our relationship with you or the organisation you represent, to receive products and services from you or the organisation you represent and, where relevant, to provide our Products and Services to others. The personal data we collect from you may include your Identity Data and Contact Data and any other personal data you volunteer which is relevant to our relationship with you or the organisation you represent.

            Our legal basis for processing

            It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you or the organisation you represent, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we have an effective working relationship with you or the organisation you represent and are able to receive the products and services that you or your organisation provides, and provide our Products and Services to others, in an effective way.


            Security and CCTV.

            If we need to use your personal data in connection with the administration of our security measures

            We have security measures in place at some of our Depots and other premises, including CCTV and building access controls. Where relevant, there are signs in place showing that CCTV is in operation. The images captured are securely stored and only accessed on a need to know basis (e.g. to look into an incident). CCTV recordings are automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft).

            We may require visitors to our premises to sign in on arrival and where that is the case we will keep a record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need-to-know basis (e.g. to look into an incident).

            Our legal basis for processing

            It is in our legitimate interest or a third-party’s legitimate interest to process your personal data so that we can keep our premises secure and provide a safe environment for our personnel and visitors to our premises.

             

            Internal product development.

            If we use your personal data in relation to our development of new products and services

            We are always striving to improve our Products and Services and to develop new ones. We will use personal data, including your Identity Data, Contact Data, Registration Data, Profile Data, Transaction Data, Behavioural Data and Technical Data in test environments as part of the ongoing development and improvement of our Site, our App and our Products and Services.

            Our legal basis for processing

            It is in our legitimate interest or a third-party’s legitimate interest to process your personal data in such ways to enable us to continue to improve our product and service offerings, to provide our Products and Services in a safe, secure and effective way and to improve our customer service.


            Business administration and legal compliance.

            If we need to use your personal data to comply with our legal obligations or in connection with the administration of our business

            We may use your personal data: (i) to comply with our legal obligations; (ii) to exercise and enforce our legal rights; (iii) to protect the rights of third parties; (iv) to comply with any formalities for executing documents; and (v) in connection with a business transition such as a merger, reorganisation, acquisition by another company, or sale of any of our assets.

            Our legal basis for processing

            Where we use your personal data in connection with a business transition, to exercise and enforce our legal rights or to protect the rights of third parties, it is in our legitimate interest or the legitimate interest of a third party to do so. For all other purposes described in this section, we have a legal obligation to use your personal data to comply with any legal obligations imposed upon us, such as a court order.

            We will not process any special (or sensitive) categories of personal data or personal data relating to criminal convictions or offences except where we are able to do so under applicable legislation or with your explicit consent.

             

            8. Investor relations

            If you are a shareholder in Howden Joinery Group Plc and/or a user of the corporate website at www.howdenjoinerygroupplc.com (“Corporate Site”), the privacy notice displayed on the Corporate Site will apply to the processing of your personal data in relation to your status as an investor and your use of the Corporate Site. The controller responsible for your personal data in relation to this processing is Howden Joinery Group Plc. Howden Joinery Group Plc is a public limited company registered in England under company registration number 02128710 with its registered office address located at 40 Portman Square, London W1H 6LT. Howden Joinery Group Plc is registered as a with the Information Commissioner’s Office under registration number Z6396228.

             

            9. If you fail to provide your personal data

            Where we are required by law to collect your personal data, or we need to collect your personal data in connection with a contract we have with you or the organisation you represent, and you fail to provide that personal data when we request it, we may not be able to perform the contract we have or are trying to enter into with you. This may apply where you do not provide the personal data we need in order to provide the Products and Services you have requested from us or to process an application to register an account. In these circumstances, we may have to cancel your application or the provision of the relevant Products and Services to you, in which case we will notify you.

             

            10. How we obtain your consent

            Where our use of your personal data requires consent, you can provide such consent at the time we collect your personal data following the instructions provided, or by informing us using the contact details set out in the "How to Contact Us" section above.

             

            11. Third-party links

            This Privacy Notice only applies to personal data processed by us through your use of our Site, our App and/or in connection with our business operations. However, from time to time, our Site may contain links to third-party websites and services. We have no control over these websites and services and this Privacy Notice does not apply to your interaction with the relevant third parties.

            When you use a link to go from our Site to another website (even if you don’t leave our Site) or you request a service from a third party, your browsing and interactions on any other websites, or your dealings with any other third-party service provider, is subject to that website’s or third-party service provider’s own rules and policies. For example, our Site invites you to connect with us on social media platforms, such as Facebook, Instagram, Pinterest and YouTube. When you click on the links we provide to such third-party platforms, you will be transferred from our Site to the relevant third-party platform and the privacy notice (and other terms and conditions) of that platform will apply to you.

            We do not monitor, control or endorse the privacy practices of any third parties. We encourage you to become familiar with the privacy practices of every website you visit or third-party service provider that you use in connection with your interaction with us and to contact them if you have any questions about their respective privacy notices and practices.

             

            12. Joint controller activities

            We are joint controllers with Facebook Ireland Limited (“Facebook”) in respect of the activities described in the “If we carry out any online advertising” and the “If we advertise to you on social media and similar platforms” sections, where these activities involve advertising to you on Facebook.

            We and Facebook have entered into Facebook’s Controller Addendum (available here) to determine our and Facebook’s respective responsibilities for compliance with data protection obligations in respect of these activities. We are responsible for providing the information set out in this Privacy Notice (in particular, the information set out in the “If we carry out any online advertising” and the “If we advertise to you on social media and similar platforms” sections). Facebook is responsible for giving effect to your data subject rights (see the “Your rights as a data subject” section) in respect of these activities.

            For further information about how we and Facebook use your personal data in connection with these activities, including the legal basis Facebook relies on and the ways to exercise your data subject rights against Facebook, please see Facebook’s Data Policy at https://www.facebook.com/about/privacy.

             

            13. Third-party App Stores 

            If you wish to download and install our App from an app store (such as Google Play or the Apple AppStore), you must first register with the provider of the respective app store and agree to that app store’s user agreement. We have no influence on the terms of such user agreement and are not a party to such user agreement. When downloading and installing one of our Apps, certain information is transmitted to the respective provider of the app store (e.g. Google or Apple) including your username, your email address and the customer number of your account, the time of download and the individual device code and, in the case of in-app purchases, your payment information. We have no influence on this process and are not responsible for you downloading and installing our App on your mobile device.

             

            14. Sharing personal data

            When processing your personal data, we may need to share it with third parties (including other entities within our group of companies), as set out in the table below. This list is non-exhaustive and there may be circumstances where we need to share personal data with other third parties. However, we only share personal data with others when we are legally permitted to do so. When we share personal data with others, we put contractual arrangements and security mechanisms in place to protect the personal data shared and to comply with our data protection, confidentiality and security standards and obligations.

            Builders and professional installers

            We share personal data with builders and professional installers where cooperation is needed in relation to the Products and Services you have requested from them and us.

            Third-party suppliers who provide applications/ functionality, data processing or IT services

            We share personal data with third parties who support us in providing our Site, our App and their functionality and help provide, run and manage our internal IT systems. Such third parties may also include, for example, providers of information technology, cloud-based software-as-a-service, SEO, identity management, website design, hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them. We also share your personal data with third-party service providers to assist us with insight analytics. These providers are described in our Cookie Policy

            Payment providers and banks

            We share personal data with third parties who assist us with the processing of payments and refunds.

            Printing, delivery and courier companies

            We share personal data with suppliers who assist us in the delivery of our Products and Services to our customers.

            After-sales service providers

            We share personal data with specialist third parties who assist us with the registration of our Lamona appliances and offer extended warranties on those products. We also share personal data with repair and servicing companies who undertake product repairs under our manufacturer’s warranty.

            Advertising partners

            We share personal data with third-party advertising partners, including those set out in our Cookie Policy when you use our Site or our App. This data is used to provide you with, and measure the effectiveness of, online advertising and for other advertising related activities.

            Please see “If we carry out any online advertising”, “If we advertise to you on social media and similar platforms”, and the “If we advertise to other people who share similar interests and characteristics to you” sections above for more information.

            Third-party marketing, reviews/survey administration and CRM specialists

            We share personal data with specialist suppliers who assist us in managing our marketing database and sending out our post and email/SMS marketing communications and account-related communications. We also share data with third party organisations who help to administer our reviews and surveys.

            Third-party suppliers who assist us in administering our promotions

            We share personal data with specialist suppliers who assist us in administering our prize draws, prize competitions and other promotions.

            Event partners and suppliers

            When we run events, we will share your personal data with third-party service providers that are assisting us with the operation and administration of that event. If we are running an event in partnership with other organisations, we will share your personal data with such organisations for use in relation to the event.

            Recruitment agencies and related organisations

            We share personal data with external recruiters, third-party providers that undertake background checks on our behalf and other entities within our group of companies.

            Credit reference agencies, fraud sharing organisations and tracing agents

            We share personal data with third parties who carry out credit referencing and tracing services for us and who assist us with our fraud prevention activities.

            Auditors, lawyers, accountants, insurers and other professional advisers

            We share personal data with professional services firms and insurers who advise and assist us in relation to the lawful and effective management of our organisation and in relation to any disputes or claims we may become involved in.

            Law enforcement or other government and regulatory agencies and bodies

            We share personal data with law enforcement or other government and regulatory agencies or other third parties as required by, and in accordance with, applicable law or regulation.

            Other third parties

            Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, or to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

             

            15. Transfers outside the UK and EEA

            Where necessary in order to provide our Site, our App and our Products and Services, we will transfer personal data to countries outside the United Kingdom (“UK”) and the European Economic Area (“EEA”).

            Countries outside the UK and EEA have different data protection laws to the UK and the EEA. In particular, such countries may not provide the same degree of protection for your personal data, may not give you the same rights in relation to your personal data and may not have a data protection supervisory authority to help you if you have any concerns about the processing of your personal data. However, when transferring your personal data outside the UK or the EEA, we will comply with our legal and regulatory obligations in relation to your personal data, including having a lawful basis for transferring personal data and putting appropriate safeguards in place to ensure an adequate level of protection for the personal data. We will take reasonable steps to ensure the security of your personal data in accordance with applicable data protection laws.

            When transferring your personal data outside the UK or the EEA, we will, where required by applicable law, ensure that at least one of the safeguards set out below is in place. Please contact us if you would like further information on the specific mechanisms used by us when transferring your personal data outside the UK or the EEA.

            Adequacy decisions

            We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the EU and/or UK authorities. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.

            Model clauses

            Where we use certain service providers, we may use specific contracts approved by the EU and/or UK authorities which give personal data the same protection it has in the UK and the EEA. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.

             

            16. How long we keep your personal data

            Regarding personal data we process in connection with the “Contact Your Local Depot”, “Request a Brochure” and the “Kitchen Visualiser” sections of our Site, we will retain any personal data relevant to that request for 18 months from the date of the request. We may then destroy such files without further notice or liability.

            If you apply for a position with us and your application is unsuccessful, we will hold your data on file for a period of 6 months (or 12 months if you have applied online) after the end of the relevant recruitment process for consideration for future employment opportunities. At the end of that period, or once you withdraw your consent, your data is deleted or destroyed. If you have applied online you will be asked on an annual basis if you would like us to hold your data online for a further 12 month period.

            Regarding any other personal data that we process, we will keep that personal data for as long as we need it for the purposes described in this Privacy Notice (and in compliance with our data protection obligations). For example, any personal data collected as part of the “Register Your Appliance” process on the Site will be retained indefinitely for the purposes of product safety and product recall.

            If any personal data is only useful for a short period (e.g. for a specific activity, promotion or marketing campaign), we will not retain it for longer than the period for which it is used by us for the relevant activity.

            If you have opted out of receiving marketing communications from us, we will need to retain certain personal data on a suppression list indefinitely so that we know not to send you further marketing communications in the future. We will not use this personal data to send you further marketing unless you subsequently opt back in to receive such marketing.

             

            17. Confidentiality and security of your personal data

            We are committed to keeping the personal data you provide to us secure and we have implemented information security policies, rules and technical measures to protect the personal data under our control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. In addition, all our employees and data processors (i.e. those who process your personal data on our behalf) are obliged to respect the confidentiality of the personal data of all users of our Site, our App and those who purchase our Products and Services.

             

            18. Personal data of minors

            Our Site and our App are not intended for use by, or targeted at, minors and we collect and process personal data of minors only in certain limited circumstances. This may happen, for example, in connection with our corporate sponsorship and charity-related activities or where we run a prize promotion that is open to those under 18. Whilst our Site and our App are not of general interest to minors, this does not prevent minors from providing personal data to us. If we do collect and process personal data of minors, we will comply with all applicable laws and regulations relating to the processing of personal data of minors.

             

            19. Your rights as a data subject

            You have certain rights in relation to the personal data we hold about you. Please note that many data subject rights are not absolute and the extent to which they apply may vary depending on the circumstances and any exemptions that may apply. If you would like to exercise any of these rights, or wish to obtain further information on your rights, please contact us using the details set out in the "How to Contact Us" section above. 

            Your right of access

            If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may charge a reasonable fee for producing those additional copies.

            Your right to rectification

            If the personal data we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have shared your personal data with others, we’ll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you who we’ve shared your personal data with so that you can contact them.

            Your right to erasure

            You can ask us to delete or remove your personal data in some circumstances, such as where we no longer need it or where you withdraw your consent (where applicable). If we have shared your personal data with others, we will let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal data with so that you can contact them directly.

            Your right to restrict processing

            You can ask us to “block” or suppress the processing of your personal data in certain circumstances such as where you contest the accuracy of that personal data or you object to us processing it for a particular purpose. This may not mean that we will stop storing your personal data but, where we do keep it, we will tell you if we remove any restriction that we have placed on your personal data to stop us processing it further. If we’ve shared your personal data with others, we’ll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal data with so that you can contact them directly.

            Your right to data portability

            You have the right, in certain circumstances, to obtain personal data you have provided to us (in a structured, commonly used and machine-readable format) and to reuse it elsewhere or to ask us to transfer it to your chosen third party.

            Your right to object

            You can ask us to stop processing your personal data, and we will do so, if we are: (i) relying on our own or someone else’s legitimate interest to process your personal data, except if we can demonstrate compelling legal grounds for the processing; or (ii) processing your personal data for direct marketing purposes.

            Your rights in relation to automated decision-making and profiling

            You have the right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for the entering into, or the performance of, a contract between you and us.

            Your right to withdraw consent

            If we rely on your consent (or explicit consent) as our legal basis for processing your personal data, you have the right to withdraw that consent at any time. You can exercise your right of withdrawal by contacting us using our contact details in the "How to Contact Us" section above. If you wish to opt out of marketing, you can do so simply by emailing us at optout@howdens.com or by using any other opt-out mechanism we may provide, such as an unsubscribe link in an email.

            Your right to lodge a complaint with the supervisory authority

            If you have a concern about any aspect of our privacy practices, including the way we have handled your personal data, please contact us using the contact details provided in the "How to Contact Us" section above. You can also report any issues or concerns to a national supervisory authority in the Member State of your residence or the place of the alleged infringement.

            You can find a list of contact details for all EU supervisory authorities at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

            As we are incorporated in the UK, our regulatory authority is the Information Commissioner’s Office. Contact details can be found on its website at https://ico.org.uk. If you are based in the Isle of Man, you may also lodge a complaint with the Isle of Man Information Commissioner’s Office. Contact details can be found on its website at https://www.inforights.im.