See also: Terms & Conditions
Kings DIY is an independent retail store and is committed to protecting the data it collects, using it fairly to contact existing and potential customers with relevant information, and complying with the current law, which is known as the General Data Protection Regulation (GDPR) and is overseen by the Information Commissioner's Office (ICO) which is the regulator for data protection.
For GDPR purposes, Kings DIY (registered address 2A Zodiac House, Calleva Park, Aldermaston, Berkshire RG7 8HN) will be the 'data controller' for any personal data you provide to us, and our 'data compliance officer' is Phil Ayre, who can be contacted via email at firstname.lastname@example.org.
Your privacy is protected by law. Data protection law says that we are permitted to use personal data only if we have a proper reason to do so.
The law says we must have one or more of the following reasons:
Our legal duty is when we are obliged to hold your data for tax purposes, although even then it must not unfairly go against what is right and best for you.
We may collect personal data about you, including for example your name, address, telephone/mobile number(s) and email address(es).
Examples of the sources of data we collect about you are:
The GDPR says that we can only use your personal data if we have a proper reason to do so. We do not share any data with a third party for marketing or any other purpose.
We may process your personal data for the following purposes if relevant:
We process this data on the basis of our legitimate interest to run the business in an efficient and proper way for the benefit of our customers. We also process your personal data where required to comply with laws and regulations that apply to us.
Data is stored on password protected computers and is backed up by a secure backup which is held in a locked facility overnight. No details held by us are passed on to any third parties except for the purposes of providing you with the services we offer.
We may need to disclose your data to government bodies to comply with laws relating to the international fight against terrorism and other criminal activities.
Staff are regularly trained and updated to ensure they are treating your data within the guidelines of the regulations.
There are various lengths of time that data is kept for depending on need and other laws that we must adhere to.
You have the right to be forgotten within our database provided there is no overriding legitimate business need.
The retention period for financial records by law is 7 years.
We will treat your personal data as private and confidential, but may share it with other parties if:
You have the right to ask us to provide you with access to, and an option to remove, your personal data.
You have the right to object to your personal data being used for certain purposes, in particular direct marketing.
If you wish to raise a complaint regarding our processing of your personal data, you can contact our data compliance officer who will investigate the matter further.
Should you be unhappy with our processing of your personal data, you have the right to complain to the ICO.
In the event we believe there is a serious breach to our systems or data, we will inform the ICO within 72 hours.
This policy was last updated in May 2018. Any changes will be published on this page, and will be available on request by contacting our data compliance officer.