You are using an outdated browser. Please upgrade your browser to improve your experience
This Privacy Policy sets out how we, Frasers Retail Ltd, collect and process your personal data through your use of this website, https://www.frasersretail.co.uk (our website), or where we otherwise obtain or collect your personal information. This Privacy Policy is effective from 25/05/2018.Please read this Privacy Policy carefully. We recommend that you print off a copy of this Privacy Policy and any future versions in force from time to time for your records.
This summary provides an overview of how we obtain, store and use your personal information. It is intended to provide a very general overview only. It is not complete and must be read in conjunction with the corresponding full sections of this Privacy Policy.
The Data Controller in respect of our website is Frasers Retail Ltd (07633919) of Georgetown House, Foxhall Road, Didcot, OX11 7AA. You can contact the Data Controller by writing to Georgetown House, Foxhall Road, Didcot, OX117AA or sending an email to admin@frasergroup.co.uk.
If you have any questions about this Privacy Policy, please contact the Data Controller.
We collect personal data about you. This means any information about an individual from which that person can be identified. This data is only collected from you when you provide it to us, such as through your use of our website and its features, when you contact us directly by email, phone, in writing, or via social media, when you order goods and services, when you use any of our other websites or applications or any other means by which you provide personal information to us.
We may receive information about you from third parties such as our affiliates, business partners, (where authorised or permitted by law) credit and fraud checking agencies, as well as third parties with whom we have had no prior contact.
We also collect information about your use of our website through cookies and similar technologies. Our cookies policy sets out more of the information on how we use cookies and similar technologies to collect information about you. You can access our cookies policy via this link: https://www.frasersretail.co.uk/legal/cookie-policy/
The type of information we collect about you includes information such as:
When you contact us by email, the information we collect about you will be your name and email address and any other information you provide to us.
When you contact us using the contact form on our website, we will collect:
We also collect any other information you provide to us, including any optional information.
Such as:
Information we obtain from third parties will generally be your name and contact details, but also any additional information they provide to us.
We may also obtain personal information about you from certain publicly accessible sources, such as the electoral register, online customer databases, business directories, media publications, social media, websites, and other publicly accessible sources.
Please note that there are circumstances in which we may not be required to provide you with the information contained in this Privacy Policy (if you already have the information, for example).
Where we obtain personal information about you from a source other than yourself, we will provide you with the information in this Privacy Policy unless:
Where we obtain personal information about you from a source other than yourself, and we are required to provide you with the information in this Privacy Policy, we will provide it to you at the following points in time:
We will only use your personal information when the law allows us. Most commonly, we will use your personal data in the following circumstances:
The processing of your personal information to comply with legal obligations to which we are subject applies to legal obligations of other countries where they have been integrated into the legal framework of the United Kingdom, for example in the form of an international agreement which the United Kingdom has signed. Where the legal obligations of another country have not been so integrated, we will process your information to comply with such obligations where it is in our legitimate interest to do so.
We will process your personal information for one or more of the following purpose(s) only where we have obtained your consent to do so:
Opting Out
Where we process your personal information on the basis of your consent, you can withdraw your consent to such processing at any time by emailing us at admin@frasergroup.co.uk or writing to us at Georgetown House, Foxhall Road, Didcot, OX117AA.
In general, we will retain your information for no longer than necessary, taking into account the following:
Where you contact us with an enquiry, we will retain your informationhtt for as long as it takes to respond to and resolve your enquiry, and for a reasonable further period, after which point we will delete your information.
We take appropriate technical and organisational measures to secure your personal information and to protect it against unauthorised or unlawful use or processing as well as against the accidental loss or destruction of, or damage to, your personal information, including:
Transmission of information (including personal information) over the internet is not entirely secure, and if you submit any information to us over the internet (whether by email, via our website or any other means), you do so entirely at your own risk. We cannot be responsible for any costs, expenses, loss of profits, harm to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to transmit information to us by such means.
Cookies are data files which are sent from a website to a browser to record information about users of a website.
We use cookies and similar technologies on or via our website. For further information on how we use cookies and similar technologies, including the information we collect through our use of cookies and similar technologies, please see our cookies policy, which is available via the following link: https://www.frasersretail.co.uk/legal/cookie-policy/
You can reject some or all of the cookies we use on or via our website by changing your browser settings, but doing so may impair your ability to use our website or some or all of its features. For further information about cookies, including how to change your browser settings, please visit www.allaboutcookies.org
We use Google Analytics on our website to understand how you engage and interact with it. For information on how Google Analytics collects and processes data using cookies, please visit www.google.com/policies/privacy/partners/. You can opt out of Google Analytics tracking by visiting: https://tools.google.com/dlpage/gaoptout
We use web beacons in our marketing emails and on our website. For information on how third parties use information gathered from our use of web beacons, please visit https://www.campaignmonitor.com. Some (but not all) browsers enable you to restrict the use of web beacons by either preventing them from sending information back to their source (e.g. when you choose browser settings which block cookies and trackers) or by not accessing the images containing them (e.g. if you select a “do not display images (in emails)” setting in your email server).
You have the following rights in relation to your personal information, which you can exercise by writing to the following address: Georgetown House, Foxhall Road, Didcot, OX117AA or sending an email to admin@frasergroup.co.uk:
You also have the right to lodge a complaint with a supervisory authority, which, for the purposes of the UK, is the Information Commissioner’s Office (ICO), the contact details of which are available here: https://ico.org.uk/global/contact-us/
For further information about your rights in relation to your personal information, including certain limitations which apply to some of those rights, please visit the following pages on the ICO’s website:
You can also find out further information about your rights, as well as information on any limitations which apply to those rights, by reading the underlying legislation contained in Articles 12 to 22 and 34 of the General Data Protection Regulation (GDPR), which is available here: http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf
Where you request access to personal information, we are required by law to use all reasonable measures to verify your identity before doing so. Where we possess appropriate information about you on file, we will attempt to verify your identity using that information. If it is not possible to identity you from such information, or if we have insufficient information about you, we may require original or certified copies of certain documentation in order to be able to verify your identity before we are able to provide you with access to your personal information.
These steps are necessary to verify your identity in order to reduce the risk of identity fraud or identity theft by persons other than yourself asking for access to your personal information.
You have the following rights in relation to your personal information, which you may exercise in the same way as you may exercise the rights in the preceding section (Your rights in relation to your personal information):
You may also exercise your right to object to us using or processing your personal information for direct marketing purposes by:
Whenever you object to direct marketing from us by a different communication method to that of the marketing communications you have received from us, you must provide us with your name and sufficient information to enable us to identify you in relation to the communications you have received (for example, if you have received text messages from us and you wish to unsubscribe by email, we may need you to provide us with your phone number in that email).
Where you wish to purchase products or services from us, we require your personal information in order to enter into a contract with you. We may also require your personal information pursuant to a statutory obligation (in order to be able to send you an invoice for products and services you wish to order from us, for example).
If you do not provide your personal information, we will not be able to enter into a contract with you or to provide you with those products or services.
We may change our Privacy Policy from time to time without providing prior notice to you. If required by law, we will make such changes to our Privacy Policy known to you by posting a notice on the website and/or by us posting an updated version of our Privacy Policy on our website with a new effective date stated at the beginning of it. Our processing of your personal information will be governed by the practices set out in that new version of the Privacy Policy from its effective date onwards.
Where we intend to use your personal information for a new purpose other than the purpose(s) for which we originally collected it, we will provide you with information about that purpose and any other relevant information before we use your personal information for that new purpose and obtain your consent if required.
Please inform us of any changes to any information (including personal information) which we hold about you so we can keep the information we hold about you accurate and up-to-date.
Because we care about the safety and privacy of children online, we comply with the Children’s Online Privacy Protection Act of 1998 (COPPA). COPPA and its accompanying regulations protect the privacy of children using the internet. We do not knowingly contact or collect personal information from children under the age of 13. The website is not intended to solicit information of any kind from children under the age of 13.
It is possible that we may receive information pertaining to children under the age of 13 by fraud or deception. If we are notified of this, as soon as we verify the information, we will immediately obtain the appropriate parental consent to use that information or, if we are unable to obtain such parental consent, we will delete the information from our servers. If you would like to notify us of our receipt of information about children under the age of 13, please do so by sending an email to admin@frasergroup.co.uk.
“Do Not Track” is a privacy preference that users can set in their web browsers. When a user turns on a Do Not Track signal in their browser, the browser sends a message to websites requesting that they do not track the user. For information about Do Not Track, please visit www.allaboutdnt.org
At this time, we do not respond to Do Not Track browser settings or signals. In addition, we may use other technology that is standard to the internet, such as pixel tags, web beacons, and other similar technologies, to track visitors to the website, or one of the affiliated pages. Those tools may be used by us and by third parties to collect information about you and your internet activity, even if you have turned on the Do Not Track signal.
This Privacy Policy is based on a General Data Protection Regulation (Regulation (EU) 2016/769) (GDPR) compliant template provided by GDPR Privacy Policy. For further information, please visit https://gdprprivacypolicy.org
The copyright in this Privacy Policy is either owned by, or licensed to, us and is protected by copyright laws around the world and copyright protection software. All intellectual property rights in this document are reserved.
Where we display the GDPR Privacy Policy logo on our website, this is used to indicate that we have adopted a privacy policy template provided by GDPR Privacy Policy as the basis for this Privacy Policy.
Data controller: Frasers Retail Limited, Georgetown House, Foxhall Road, Didcot, OX11 7AA
To ensure that you’re confident that we’re using CCTV and other similar devices responsibly we’ve noted our obligations below. In this policy “CCTV” relates to Closed Circuit Television, and other surveillance systems that capture personal data including body cameras, ANPR equipment, automated recognition technologies including facial images, vehicle trackers and dash-cams.
References to we, our, or us in this policy are to Frasers Retail Ltd
Our Data Protection Officer (DPO) has overall responsibility for data protection compliance in our firm. Nick Fraser, nick.fraser@frasergroup.co.uk
If you have any questions about this policy or how we handle your personal information please contact the DPO.
1.1 Before installing the CCTV we carried out a privacy impact assessment to ensure we were balancing our need for CCTV with the impact on your privacy.
1.2 We have installed CCTV to:
(a) prevent and detect crimes;
(b) identify, apprehend and prosecute offenders;
(c) dealing with any queries, complaints or enquiries;
(d) ensure the security of our and your property and that of our clients and contractors;
(e) ensure that our policies and procedures are being adhered to;
(f) to assist in any investigations or any disciplinary or grievance issue;
(g) monitor the security of our premises;
(h) monitor adherence to health and safety provisions and policies.
As well as being the purposes for which we use your personal information, all of the above are also legitimate reasons for us to use and store personal data
Images captured by CCTV may be monitored and recorded and kept for up to thirty days after the recording was made. After this time to recording stored on the hard drive of our CCTV system will usually be overwritten. This will be extended to two years for images involved in prevention and detection of crimes.
1.3 Any information captured by CCTV will be viewed in a restricted area and only by the DPO and any authorised people.
1.4 All CCTV is maintained and overseen by our DPO. They are responsible for carrying out compliance audits and reviewing the need for CCTV.
1.5 Where we capture your personal data using CCTV we will let you know by using signage explaining who to contact about the CCTV and where to find the relevant privacy notice.
1.6 You have the right to view any personal data recorded by our CCTV. We may take time though to redact the personal data of anyone else on the recordings. We will first give you the opportunity to view the recordings that have been identified. We may be able to supply you with a copy of the recording unless that isn’t technically possible or to do so puts us to disproportionate effort.
1.7 It is a criminal offence to misuse CCTV.
YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION
You have the following rights in relation to your personal information:
Please note that some of these rights to object may not always apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored in our CCTV system.
More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public.
To exercise any of the above rights, or if you have any questions relating to your rights, please contact us by emailing the DPO Nick Fraser, nick.fraser@frasergroup.co.uk
If you are unhappy with the way we are using your personal information you can also complain to the ICO. However, we would encourage you to contact us first to see if we can resolve your complaint.
Frasers Retail Limited Georgetown House Foxhall Road Didcot OX11 7AA
Contact details for Data Protection enquiries. Nick Fraser nick.fraser@frasergroup.co.uk
Addendum related to Facial Recognition
We supply facial images, descriptions, personal details and incidents details to VARS technology (VARS) of individuals reasonably suspected of having committed unlawful acts (Subjects of Interest). We also supply CCTV images to VARS who, in real time, compare the faces of people in those images to their watch list of Subjects of Interest and alert us if there are matches. Faces not matched to a watch list are deleted by VARS immediately to protect individual privacy.
We receive Facial Recognition Alerts instantly when a Subject of Interest enters our properties which are always checked for accuracy by a human before acted upon.
The recipients or categories of recipients of the personal data include our staff and may include third parties who assist us with the prevention and detection of unlawful acts, including VARS and police.
The legitimate interests for the processing are – There is a compelling justification for us to protect our customers, staff and business assets from unlawful acts. Our Legitimate Interest Assessment is as follows:
It is our legitimate interest to be able to minimise the impact of unlawful acts by processing personal data to identify persons in our business properties who are reasonably suspected of having committed crime and taking reasonable and proportionate action. It is our legitimate interest to prevent crimes against us rather than just capture on CCTV crime that has taken place and report to police.
The processing of personal data, special category data and criminal offence data is necessary to achieve our legitimate purpose as it allows us to quickly and accurately identify individuals who are reasonably suspected of having committed crime, and to take reasonable and proportionate action in the circumstances. Without processing information in this way, we would be unlikely to effectively identify such persons as they enter our properties, be less likely to prevent unlawful acts, and therefore more likely to experience crime, even with existing tactics including security staff and/or CCTV monitoring. Reporting crime to police is similarly less effective than the use of VARS as this is post event rather than preventative.
We balance our legitimate interest against the individual’s interests, rights and freedoms. We distinguish those individuals reasonably suspected of having committed unlawful acts from all other persons entering our properties by the use of Watchlists and Facial Recognition Alerts. There is always human involved to verify any possible match between an individual entering our properties and an image on a Watchlist or Facial Recognition Alert. In the event of a confirmed match, we may take reasonable and proportionate action in the circumstances.
Facial recognition algorithms are defined as Special Category data. Any such processing is conducted by VARS as data controller who are able to comply with the additional legal requirements for this processing as explained on their website www.varstechnology.co.uk.
Retention Period
We retain facial images, descriptions, personal details and incidents details including CCTV footage of individuals reasonably suspected of having committed unlawful acts (Subjects of Interest) for a period of 7 days from date of incident, after which point it is securely and irrevocably deleted
Your rights as a data subject
For a fuller explanation of these rights please see the website of the Information Commissioner’s Office www.ico.org.uk
| Cookie | Duration | Description |
|---|---|---|
| cookielawinfo-checbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
| cookielawinfo-checbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
| cookielawinfo-checbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
| cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
| cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
| viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |