Welcome to the Topps Tiles privacy notice.
Topps Tiles Plc respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you visit our Site and your rights in relation to that personal information.
This privacy notice is provided in a layered format so you can click through to the specific areas set out below.
Topps Tiles (we, our or us) are committed to protecting and respecting your privacy.
This policy describes the way we handle and use the personal information that we obtain from all the different interactions you may have with us as a business, including when you visit our stores, social media pages or website currently located at www.toppstiles.co.uk (Site) or when you contact us or take part in any of our competitions or promotions.
Topps Tiles as an organisation is the controller in relation to the processing activities described below. This policy describes why and how your personal information is processed.
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your data subject rights, further explained below in section 9 to this policy 'Your Legal Rights', please contact the DPO using the details set out below.
Full name of organisation : Topps Tiles Plc and group companies
Name or title of: The Data Protection Officer
Email address: gdpr@ToppsTiles.co.uk
Postal address: Topps Tiles, Grove Park, Thorpe Way, Enderby, Leicester, LE19 1SU
Telephone number: 0116 2828000
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We do encourage you to first raise any concerns with our data protection officer that you may have so we can seek to resolve these with you direct.
This version is effective from 25 May 2018.
We may review this policy from time to time and any changes will be notified to you by posting an updated version on our Site and/or by contacting you by email. Any changes will take effect 7 days after we post the modified terms on our Site or after the date we notify you by email. We recommend you regularly check this page for changes and review this policy each time you visit our Site.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
How we collect it from you
You may give us identity, contact, transaction, profile, usage, business, financial, marketing and communications data by filling in forms on our Site, purchasing a product from us online or in store, by corresponding with us by post, phone, email, SMS or by the filling in of data capture forms in store or by a member of our staff on your instruction. This includes personal data you provide when you:
For trade customers and trade/ business users only, we will also collect your data in the following ways when you:
Personal information that you give to us
We collect the following information if you choose to give it to us:
If you do not provide this information to us we may not be able to contact you and/or resolve your queries effectively.
Personal information that we collect about you
When you visit our Site we automatically collect:
If you do not provide this information, you may be unable to access some or all of the Site or its features.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature.
We use your personal information for a variety of reasons. We rely on different legal grounds to process your personal information, depending on the purposes of our use and the risks to your privacy.
3.1. PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please Contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Summary of use
Where you have provided CONSENT
We may use and process your personal information for the following purposes where you have consented for us to do so
You may withdraw your consent for us to use your information in any of these ways at any time. Please see Your rights in relation to your personal information for further details.
Where it is necessary for us to pursue a LEGITIMATE INTEREST
We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes:
Processing necessary for us to promote our business and products and services and measure the reach and effectiveness of our campaigns
Processing necessary for us to support our users with any enquiries
Processing necessary for us to respond to changing market conditions and the needs of our customers and users
Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively
Where necessary for us to carry out PRE-CONTRACTUAL STEPS you have requested or for the performance of our CONTRACT
We will use your personal information where this is necessary for us to perform our contract with you or to carry out any pre-contract steps you've asked us to so that you can enter into that contract, for the following purposes:
Where processing is in your VITAL INTERESTS
We use your personal information where this is in your vital interest for the following purposes:
Where necessary to comply with our LEGAL OBLIGATIONS
We will use your personal information to comply with our legal obligations:
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established a preference portal where you can set your Marketing permissions. If you have a trade account you can access this on the My Account page after logging in here. For all other customers it is located here https://www.toppstiles.co.uk/preferencesportal.
As described above, as from the 25th May 2018, if we specifically request your permission to send (or you specifically ask us to send) you newsletters, marketing material or to notify you of special events, offers, promotions, competitions or new products and services by email, SMS, post or phone (as you indicate), we rely on your consent to do so. If you do not wish to receive communications from us, please inform us by using the unsubscribe link at the foot of the email by using the STOP code within the SMS, by using our preference portal https://www.toppstiles.co.uk/preferencesportal or by contacting us in store.
Otherwise we process your personal information for direct marketing purposes on the basis that it is necessary for us to pursue our legitimate interests as a business (see above in this section for further details). We try to tailor and personalise any marketing communications that we send to you, for example, by notifying you of products, services, offers or promotions that apply to your interests, purchases, location and previous engagement with us. If you do not wish to receive marketing communications from us, you can opt-out at any time by using the unsubscribe link at the foot of the email by using the STOP code within the SMS (to unsubscribe from marketing emails post or SMS messages) by using our preference portal or by contacting us in store.
Existing or prospective customers may receive marketing via phone call. Customers' phone numbers will be screened against the telephone preference service and any phone numbers which match our customers suppressed from our marketing lists; in this case the processing is on the basis of our legitimate interests. Customers may however, update their phone marketing preference in store or using our online preference portal if they wish for this to be different to the telephone preference service; in this case the processing is on the basis of consent.
If you opt-out of receiving marketing communications from us, we keep your contact details on our suppression list for a defined period to ensure that we comply with your wishes.
After opting out of marketing communications, please note that you may still receive communications for up to 28 days due to marketing campaigns which are already in progress (e.g. being printed).
Where you opt out of receiving these marketing messages, this will not apply to email receipts or account communications (such as important information about your trade account or loyalty scheme account including points statements and updates to terms and conditions).
We only disclose your personal information outside our business in limited circumstances. If we do, we will put in place a contract that requires recipients to protect your personal information, unless we are legally required to share that information. Any contractors or recipients that work for us will be obliged to follow our instructions. We do not sell your personal information to third parties.
We may disclose your information to our trusted third party service providers, agents and subcontractors (Suppliers) for the purposes of providing services to us or directly to you on our behalf, including the operation and maintenance of our Site, and social media pages. All Suppliers are subject to thorough security checks, and will only hold the minimum amount of personal information needed in order to fulfil the orders you place or provide a service on our behalf.
Our Suppliers can be categorised as follows:
|Recipient / relationship to us||Industry sector (& sub-sector)||Location|
|Advertising, PR, digital and creative agencies||Media (Advertising & PR)||EEA|
|Banks, payment processors and financial services providers||Finance (Banking & Payment Processing)||EEA|
|CCTV administration and monitoring service providers||Surveillance (CCTV)||EEA|
|Cloud software system providers, including database, email and document management providers||IT (Cloud Services)||EEA & USA|
|Customer care/services providers||Customer Services (Support)||EEA|
|Delivery and mailing services providers||Logistics (Delivery Service)||EEA|
|Facilities and technology service providers including scanning and data destruction providers||IT (Data Management)||EEA|
|Gift card service providers||Customer Services (Support)||EEA|
|Health and safety claims administrators and consultants||Health & Safety (Claims)||EEA|
|Insurers and insurance brokers||Insurance (Underwriting & Broking)||EEA|
|Legal, security and other professional advisers and consultants||Professional Services (Legal & Accounting)||EEA|
|Market and customer research providers||Media (Market Research)||EEA|
|Social media platforms||Media (Social Media)||EEA & USA|
|Website and data analytics platform providers||IT (Data Analytics)||EEA & USA|
|Website and App developers||IT (Software Development)||EEA|
|Website hosting services providers Website hosting services providers||IT (Hosting)||EEA|
|Wifi and other communication service providers||IT (Telecommunications)||EEA|
We may disclose the personal information to other third parties as follows:
Except in a limited number of cases, we do not transfer your personal information outside of Europe. Where we do, we take measures to protect your personal information.
Some of the information you provide to us may be transferred to countries outside the European Economic Area (EEA), usually because some of our Suppliers are based outside of the EEA. These countries may not have similar data protection laws to the UK. The non-EEA countries to which we transfer your personal data are listed in the table under Disclosure of your personal information by us. For example, we transfer your personal information to the USA when using our email marketing services provider, certain data analytics providers and most social media platforms.
Where we transfer your information outside of the EEA in this way, we take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected in the ways required by data protection law as outlined in this policy. These steps include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to 'international frameworks' that aim to ensure adequate protection. Please contact us using the details at the end of this policy for more information about the protections that we put in place and to obtain a copy or access to the relevant documents.
We take the security of your personal information seriously and use a variety of measures based on good industry practice to keep it secure. Nonetheless, transmissions over the internet and to our Site may not be completely secure, so please exercise caution. When accessing links to other websites, their privacy policies, not ours, will apply to your personal information.
We employ security measures to protect the personal information you provide to us, to prevent access by unauthorised persons and unlawful processing, accidental loss, destruction and damage. When we have provided (or you have chosen) a password or pin allowing you access to certain parts of the Site, you are responsible for safeguarding it and keeping it confidential and you promise not to allow it to be used by third parties. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do everything possible to protect your personal information, we cannot guarantee the security of any personal information during its transmission to us online. You accept the inherent security implications of using the internet and will not hold us responsible for any breach of security unless we are at fault.
In addition, if you linked to our Site from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.
We will not hold your personal information in an identifiable format for any longer than is necessary for the purposes for which we collected it. Different retentions periods apply for different type of personal information further details on this are available in our Data Retention Policy which you can request via contact us.
You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to verify your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received this information or, where no such information is required, after we have received full details of your request. Please see the sections below to find out more about these rights:
The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us in any of the details described at the beginning of this policy.
Where we rely on our legitimate interests as the legal basis for processing your personal information for particular purposes, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.
You may object to us using your personal information for direct marketing purposes and we will automatically comply with your request. If you would like to do so, please use our unsubscribe tool.
Where we rely on your consent as the legal basis for processing your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this policy. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can also do so using our preference portal or by contacting us in store or via contact us. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
You may ask us to restrict the processing of your personal information in the following situations:
In these situations, we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.
You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this policy. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with a contract in place directly with you, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file.
You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
You may also contest a decision made about you based purely on automated processing by clicking on the link below.
If you wish to exercise any of the rights set out above, please use the following link https://www.toppstiles.co.uk/contact_us.