Introduction
This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with
us. It also explains how we’ll store, handle that data and keep it safe.
We know that there’s a lot of information here, but we want you to be fully informed about your rights under the
2018 General Data Protection Regulations, and how SHUCLUB LIMITED uses your data; for example, we will
explain things such as our identity checking procedure and how we use data to build a picture of you. We hope the
following sections will answer any questions you have but if not, please do get in touch with us.
Who we are?
In this Privacy Policy, references to “we” or “us” are to SHUCLUB Limited, a company incorporated in England
and Wales (Company Registration No: 08484075) whose registered office is at Boundary House, Cricket Field
Road Uxbridge, England UB8 1QG..
Explaining the legal basis, we rely on
The General Data Protection Regulations sets out several different reasons for which a company may collect and
process your personal data, including:
Consent
In specific situations, we can collect and process your data with your consent.
For example, when you tick a box to receive email newsletters.
When collecting your personal data, we’ll always make clear to you, which data is necessary in connection with a
particular service.
Contractual obligations
In certain circumstances, we need your personal data to comply with our contractual obligations.
For example, if you order an item from us for home delivery, we’ll collect your address details to deliver your
purchase, and pass them to our courier.
Legal compliance
If the law requires us to, we may need to collect and process your data.
For example, we can pass on details of people involved in fraud or other criminal activity affecting SHUCLUB
LIMITED to law enforcement.
Legitimate interest
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be
expected as part of running our business, and which does not materially impact your rights, freedom or interests.
For example, we will use your purchase history to send you or make available personalised offers.
We also combine the shopping history of many customers to identify trends and ensure we can keep up with
demand or develop new products/services.
When do we collect your personal data?
- When you visit our website and use your account to buy products and services.
- When you create an account with us.
- When you purchase a product or service in store or by phone but don’t have (or don’t use) an account.
- When you engage with us on social media.
- When you join our loyalty scheme.
- When you contact us by any means with queries, complaints etc.
- When you ask one of employees to email you information about a product or service.
- When you enter prize draws or competitions.
- When you fill in any forms.
- When you receive an e-receipt.
For example, if an accident happens in store, an employee may collect your personal data.
- When you’ve given a third-party permission to share with us the information they hold about you.
- We collect data from publicly available sources (such as Land Registry) when you have given them your
consent to share information or where the information is made public as a matter of law.
What sort of personal data do we collect?
- If you have a web account with us: your name, gender, date of birth, billing/delivery address, orders and
receipts, email and telephone number. For your security, we’ll also keep an encrypted record of your login
password. - Details of your interactions with us through contact centres, in store or online.
For example, we collect notes from our conversations with you, details of any complaints or comments you make,
details of purchases you made, items viewed or added to your basket, wish list
How and why do we use your personal data?
We want to give you the best possible customer experience. One way to achieve that is to get the richest picture we
can of who you are by combining the data we have about you.
The data privacy law allows this as part of our legitimate interest in understanding our customers and providing the
highest levels of service.
Of course, if you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section
below.
Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might
not be able to provide some services you’ve asked for.
For example, if you’ve asked us to let you know when an item comes back into stock, we can’t do that if you’ve
withdrawn your general consent to hear from us.
For example, if you’ve asked us to let you know when an item comes back into stock, we can’t do that if you’ve
withdrawn your general consent to hear from us.
Here’s how we’ll use your personal data and why:
- To process any orders that you make by using our websites or in store. If we don’t collect your personal
data during checkout, we won’t be able to process your order and comply with our legal obligations.
For example, your details may need to be passed to a third party to supply or deliver the product or service that you
ordered, and we may keep your details for a reasonable period afterwards, to fulfil any contractual obligations such
as refunds, guarantees and so on.
- To respond to your queries, refund requests and complaints. Handling the information you send enables us
to respond. We may also keep a record of these to inform any future communication with us and to
demonstrate how we communicated with you throughout. - To protect our business and your account from fraud and other illegal activities. This includes using your
personal data to maintain, update and safeguard your account. We’ll also monitor your browsing activity
with us to quickly identify and resolve any problems and protect the integrity of our websites. We’ll do all
of this as part of our legitimate interest.
For example, by checking your password when you sign in and using automated monitoring of IP addresses to
identify possible fraudulent sign ins from unexpected locations.
For example, we’ll record your browser’s Session ID to help us understand more when you leave us online
feedback about any problems you’re having.
- To comply with our contractual or legal obligations to share data with law enforcement.
For example, when a court order is submitted to share data with law enforcement agencies or a court of law. - To build a rich picture of who you are and what you like, and to inform our business decisions, we’ll
combine data captured from across our business, third parties and data from publicly available lists as we
have described in the section ‘What Sort of Personal Data do we collect?’ We’ll do this based on our
legitimate business interest.
For example, by combining this data, this will help us personalise your experience and decide what content to share
with you.
Combining your data for personalised direct marketing
We want to bring you offers and promotions that are most relevant to your interests at times. To help us form a
better, overall understanding of you as a customer, we combine your personal data gathered across our business as
described above. For this purpose, we also combine the data that we collect directly from you with data that we
obtain from third parties to whom you have given your consent to pass that data onto us – such as the Land Registry
mentioned above.
How we protect your personal data
- We know how much data security matters to all our customers. We will treat your data with the utmost care and take
all appropriate steps to protect it. - We have appropriate security measures in place to prevent personal information from being accidentally lost or usedor accessed in an unauthorised way. We limit access to your personal information to those who have a genuinebusiness need to know it. Those processing your information will do so only in an authorised manner and aresubject to a duty of confidentiality.
- We also have procedures in place to deal with any suspected data security breach. We will notify you and anyapplicable regulator of a suspected data security breach where we are legally required to do so.
- We secure access to all transactional areas of our website using ‘https’ technology.
- Access to your personal data is password-protected, and sensitive data (such as payment card information) is secured by SSL encryption.
- We regularly monitor our system for possible vulnerabilities and attacks.
How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for
which it was collected.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by
aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business
planning.
Who do we share your personal data with?
- We sometimes share your personal data with trusted third parties. They provide an integral part of the service we
provide to you and support our business operations. Examples of the kind of third parties we work with are: - We take all reasonable steps to ensure the third parties use any personal data in strict accordance with the 2018
General Data Protection Regulations. - For further information please contact our Data Protection Officer.
Where your personal data may be processed
Where your personal data is transferred outside the EU, we take all reasonable steps to ensure that the protection
offered by the GDPR travels with the data.
What are your rights over your personal data?
An overview of your different rights
Under the General Data Protection Regulations, you have the right to request:
- Access to the personal data we hold about you, free of charge in most cases.
- The correction of your personal data when incorrect, out of date or incomplete.
- For example, when you withdraw consent, or object and we have no legitimate overriding interest, or once
the purpose for which we hold the data has come to an end. - That we stop using your personal data for direct marketing (either through specific channels, or all
channels). - That we stop any consent-based processing of your personal data after you withdraw that consent.
- Review by an employee of any decision made based solely on automatic processing of your data (i.e. where
no human has yet reviewed the outcome and criteria for the decision). You have the right to request a copy
of any information about you that the SHUCLUB LIMITED holds at any time, and to have that information
corrected if it is inaccurate. To ask for your information, please contact Data Protection Officer, SHUCLUB
LIMITED, Boundary House, Cricket Field Road Uxbridge, England UB8 1QG or email
info@shuclub.co.uk.
If we choose not to action your request, we will explain to you the reasons for our refusal.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any
time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data based on our legitimate interest, you can ask us to stop for
reasons connected to your individual situation. We must then do so unless we believe we have a legitimate
overriding reason to continue processing your personal data.
Direct marketing
You have the right to stop the use of your personal data for direct marketing activity through all channels, or
selected channels. We must always comply with your request.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with
any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your
behalf, we will ask them to prove they have your permission to act.
How can you stop the use of your personal data for direct marketing?
There are several ways you can stop direct marketing communications from us:
- Click the ‘unsubscribe’ link in any direct marketing email communication that we send you. We will then
stop any further direct marketing emails. - If you have registered online, sign in to your account, visit the ‘My Account’ area and update your
communications options. - Write to the Data Protection Officer, SHUCLUB LIMITED, Boundary House, Cricket Field Road
Uxbridge, England UB8 1QG or email info@shuclub.co.uk.
control it.
- Write to us at Data Protection Officer, SHUCLUB LIMITED Boundary House, Cricket Field Road
Uxbridge, England UB8 1QG or email info@shuclub.co.uk.
This Privacy Notice was last updated in December 2023 @copyright