PRIVACY & COOKIES POLICY
1.2 Our details are as follows:
Data controller: Listers (UK) Limited of
ICO registration number:ZA192209
1.3 This Policy may change from time to time and, if it does, the up-to-date version will always be available on our website and becomes effective immediately.
1.4 Please take the time to read this Policy, which contains important information about the way in which we process personal data.
1.5 For the purposes of this Policy, European Data Protection Legislation is defined as, for the periods in which they are in force, the European Data Protection Directive 95/46/EC, all laws giving effect or purporting to give effect to the European Data Protection Directive 95/46/EC (such as the Data Protection Act 1998) or otherwise relating to data protection (to the extent the same apply) and, from 25 May 2018, the General Data Protection Regulation (Regulation (EU) 2016/670) (GDPR) or any equivalent legislation amending, supplementing or replacing the GDPR.
2 Information we may collect about you
2.1 We may collect and process information about you through various means, including:
When you visit any of our websites, and use your account to buy products and services, or redeem vouchers on the phone, in a shop or online.
When you make an online purchase and check out as a guest (in which case we just collect transaction-based data).
When you create an account with us.
When you purchase a product or service in store or by phone but donât have (or donât use) an account.
When you engage with us on social media.
When you communicate with us by email or other electronic correspondence or by telephone
By us operating security policies and procedures in our premises (e.g. by virtue of our access to CCTV footage recorded by our buildingsâ landlord and other CCTV footage we collect in our premises)
When you contact us by any means with queries, complaints etc.
When you ask one of us to email you information about a product or service.
When you enter prize draws or competitions.
When you choose to complete any surveys we send you.
When you comment on or review our products and services.
Any individual may access personal data related to them, including opinions. So if your comment or review includes information about a staff member who provided that service, it may be passed on to them if requested.
When you fill in any forms. For example, if an accident happens in store, a member of staff may collect your personal data.
When youâve given a third party permission to share with us the information they hold about you.
When our Listers (UK) Limited suppliers and partners share information with us about the product you have purchased.
We collect data from publicly-available sources when you have given your consent to share information or where the information is made public as a matter of law.
2.2 The personal data you give to us may include:
your name and title
contact information, including telephone number, postal address and email address
information relating to your location, preferences and / or interests
employment and job application details, e.g. date of birth, employment history, qualifications, equality monitoring information
in certain circumstances, your and othersâ signature(s), National Insurance number(s), financial details such as bank account details and details of any relevant sanctions or similar restrictions
in certain circumstances, data relating to health (including disabilities), ethnicity, race, religious beliefs, trade union membership and other âspecial category personal dataâ
any other personal data we collect (such as the customer reference number which may be assigned to you) in the context of our work for our customers or in the course of operating our business.
Details of your shopping preferences
Personal details which help us to recommend items of interest
2.3 Each time you visit our website, we may automatically collect the following information:
Web usage information (e.g. IP address), your login information, browser type and version, time zone setting, operating system and platform.
Information about your visit, including the full Uniform Resource Locators (URLs) clickstream to, through and from our website (including date and time); time on page, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs).
2.4 We may ask you for information when you report a problem with our website.
2.5 If you contact us, we may keep a record of that correspondence.
2.6 The personal data described above may relate to any of the following categories of person:
our prospective employees, work experience students or other job applicants;
those emergency contacts whose details have been provided to us by our people;
our contractors and suppliers;
any other visitor to our premises.
Cookies are small text files that the website sends to your computer or mobile device. There are two types of cookie: session cookies are only used during your visit to the site, and are deleted when you close your browser. Persistent cookies are temporarily stored on your computer for a set length of time and can be re-used when you return to the site.
The information contained in cookies allow the website to function in a better way, for instance allowing us to recognise your choice of language, so that you donât need to re-enter this information as you visit different pages within the site.
Data will not be used to identify any user personally.
It is possible to refuse to receive cookies or delete them using your browserâs settings. If you choose to refuse to accept cookies some aspects of the website wonât function as well. To learn more about cookies, and how to control them, visit www.allaboutcookies.org.
This is a list of the cookies that this website uses:
4 How we will use your information
We may use your information for the following purposes:
to respond to any query that you may submit to us;
to manage our relationship with you including by maintaining our database of customers and other third parties for administration, and accounting and relationship management purposes;
To process any orders that you make by using our websites, apps or in store. If we donât collect your personal data during checkout, we wonât be able to process your order and comply with our legal obligations.
to complete our contractual obligations to you, or otherwise taking steps as described in our Terms of Business (including any associated administration);
to carry out any relevant customer checks, anti-money laundering and sanctions checks and fulfilling our obligations under any relevant anti-money laundering law or regulation (including under The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017);
to send you any relevant information on our services and events that may be of interest to you using the email and/or postal address which you have provided, but only if you have given us your consent to do so or we are otherwise able to do so in accordance with applicable European Data Protection Legislation;
to process any job application you (or your representative) has submitted;
to ensure that our websiteâs content is presented in the most effective manner for you and your device;
to customise our website according to your interests;
to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey responses;
as part of our efforts to keep our website safe and secure;
to measure or understand the effectiveness of advertising we send to you and others, and to deliver relevant advertising to you;
to ensure we appropriately administer any visits to our premises;
to comply with any other professional, legal and regulatory obligations which apply to us or policies that we have in place;
as we feel is necessary to prevent illegal activity or to protect our interests.
to protect our business and your account from fraud and other illegal activities. This includes using your personal data to maintain, update and safeguard your account. Weâll also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our websites. Weâll do all of this as part of our legitimate interest.
to protect our customers, premises, assets and staff from crime, we operate CCTV systems in our stores and car parks which record images for security. We do this on the basis of our legitimate business interests.
If we discover any criminal activity or alleged criminal activity through our use of CCTV, fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing or detecting unlawful acts. We aim is to protect the individuals we interact with from criminal activities.
With your consent, we will use your personal data, preferences and details of your transactions to keep you informed by email, web, text, telephone and through our contact centres about relevant products and services including tailored special offers, discounts, promotions, events, competitions and so on. This is only applicable in the UK.
You are free to opt out of hearing from us by any of these channels at any time
To send you relevant, personalised communications by post in relation to updates, offers, services and products. Weâll do this on the basis of our legitimate business interest.
You are free to opt out of hearing from us by post at any time.
To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Notice, product recall notices, and legally required information relating to your orders. These service messages will not include any promotional content and do not require prior consent when sent by email or text message. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.
To display the most interesting content to you on our websites or apps, weâll use data we hold about your favourite brands or products and so on. We do so on the basis of your consent to receive app notifications and/or for our website to place cookies or similar technology on your device.
To administer any of our prize draws or competitions which you enter, based on your consent given at the time of entering.
To develop, test and improve the systems, services and products we provide to you. Weâll do this on the basis of our legitimate business interests.
To comply with our contractual or legal obligations to share data with law enforcement.
To send you survey and feedback requests to help improve our services. These messages will not include any promotional content and do not require prior consent when sent by email or text message. We have a legitimate interest to do so as this helps make our products or services more relevant to you.
To build a rich picture of who you are and what you like, and to inform our business decisions, weâll combine data captured from across our stores, third parties and data from publicly-available lists as we have described in the section 'What Sort of Personal Data do we collect?' Weâll do this on the basis of our legitimate business interest.
5 Legal grounds for processing your information
We will rely on the following legal bases under European Data Protection Legislation for processing your personal data:
a) Performance of, or entry into, a contract. The personal data that we are required to collect in order to comply with any other professional, legal and regulatory obligations which apply to us must be provided to us in order for us to perform this contract â we would not be able to act for you without this personal data.
b) Compliance with a legal obligation to which we are subject.
c) We have a legitimate interest in doing so as a supplier of goods (and where our legitimate interests are not overridden by your (or the relevant individualâs) own interests or fundamental rights or freedoms). These legitimate interests will include our interests in managing our relationship with our customers, administering visits to our premises and ascertaining achievement of proper standards/ compliance with policies, practices or procedures.
d) Where processing of âspecial category dataâ is necessary in the context of the establishment, exercise or defence of legal claims.
e) In certain circumstances, where we have obtained your express consent to do so,
6 Sharing your information
6.1 We may share your details with carefully selected third parties. These may include suppliers, support services and organisations that help us to market our services and third parties instructed to enable us to fulfil our contractual obligations to you and/or our customers in the course of business.
6.2 If we share your information with third parties they will process your information as either a data controller or as our data processor and this will depend on the purposes of our sharing your personal data. We will only share your personal data in compliance with the European Data Protection Legislation.
6.3 We may disclose your information to third parties when:
you specifically request this or it is necessary to provide our services
if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to protect the rights, property or safety of our website, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
6.4 The third parties include:
our bank (including as permitted by The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 which, for the purposes of preventing money laundering or terrorist financing, may require us to disclose your personal data on request to our bank from time to time where we hold monies on your behalf);
other professional advisors or third parties with whom we engage as part of our work for our customers or with whom our customers separately engage in the same context;
our data processors providing catering, security, email security, data governance, archiving and other IT and business support services;
selected partner digital agencies and online job application provider;
any third party you ask us to share your data with.
6.5 We will not rent or sell our usersâ or other contactsâ details to any other organisation or individual.
7 Storage and retention of your personal data
7.1 We follow strict security procedures as to how your personal information is stored and used, and who sees it, to help stop any unauthorised person getting hold of it. All personal information you register on our website will be located behind a firewall. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. Unfortunately, the transmission of information via the internet is not completely secure and although we do our best to protect your personal data, we cannot absolutely guarantee the security of your data.
7.2 We will keep your information stored on our systems for as long as it takes to provide the services to you and in accordance with our Terms of Business. We may keep your data for longer than our stated retention period if we cannot delete it for legal, regulatory or technical reasons. We may also keep it for research or statistical purposes. If we do, we will ensure that appropriate safeguards are in place to protect your privacy and only used for those purposes.
7.3 The third parties we engage to provide services on our behalf will keep your data stored on their systems for as long as is necessary to provide the services to you.
7.4 We will, subject to paragraph 7.2, not store your information for longer than is reasonably necessary or required by law.
8 Sending your information outside of the EEA
8.1 If we need to share your personal data with a recipient outside the European Economic Area (âEEAâ) we will ensure we do so in compliance with European Data Protection Legislation, including where applicable by ensuring that the transfer is necessary to perform a contract in place with you or a contract entered into in your interests. As part of this, we will ensure we have a set of EU-approved Model Clauses (or other approved protection mechanism) in place with our practice management system provider located in the US (and to the extent New Zealand no longer benefits from an EU âadequacy findingâ, in New Zealand) and with our recruitment portal provider in Australia. If these transfers affect you, you may contact us to obtain more precise information and a copy of relevant documentation.
8.2 Our people may access our systems remotely when working abroad (including from jurisdictions outside the European Economic Area). Where they do so, they are required to use our systems and access any personal data in accordance with all the usual policies and procedures.
9 Withdrawal of consent
9.1 Where we process your personal data we do so on the basis that you have provided your consent for us to do so for the purposes set out in this Policy when you submitted your personal data to us. You may withdraw your consent to this processing at any time by contacting us at:
by telephone or
by email to
9.2 If you do withdraw your consent, we may still be able to process some of the data that you have provided to us on other grounds and will notify you of these at such time.
10 Your information rights
10.1 European Data Protection Legislation gives you the right to access information held about you. You are entitled to be told by us whether we or someone else on our behalf is processing your personal information; what personal information we hold; details of the purposes for the processing of your personal information; and details of any third party with whom your personal information has been shared.
10.2 You can access the personal information we hold on you by contacting us by post, telephone or email (see 9.1 above).
10.3 We will ask you to provide proof of identity before we show you your personal information â this is so we can prevent unauthorised access.
10.4 Please note: we will not usually charge a fee for responding to data subject access request; but in the event that an access request is unfounded, excessive or especially repetitive, we may charge a âreasonable feeâ for meeting that request. Similarly, we may charge a reasonable fee to comply with requests for further copies of the same information. (That fee will be based upon the administrative costs of providing the information).
10.5 You have the additional rights to request rectification and erasure of your personal data and to request restriction of, and to otherwise object to, our processing of your personal data and you can exercise these rights at any time by contacting us.
10.6 From 25 May 2018, you will also be entitled to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format, and to transmit that data to another data controller.
11.1 If you consent to us contacting you, we will always aim to be respectful, relevant and appropriate. If at any time you do not think that we have complied with this, please contact us straight away to let us know.
11.2 You also have the right to make a complaint to the Information Commissionerâs Office. For more details please visit the ICO website.
Questions, comments and requests regarding this Policy should be addressed to our Data Protection Officer:
We're giving you this information as part of our initiative to comply with recent legislation, and to make sure we're honest and clear about your privacy when using our website.
We do have relationships with carefully-selected suppliers who may also set cookies during your visit.
- Google Maps. [Cookie name: NNID PREF]
You can manage these small files and learn more about them from the article, Internet Browser cookies- what they are and how to manage them.
We're giving you this information as part of our initiative to comply with recent legislation, and to make sure we're honest and clear about your privacy when using our website.