Privacy Policy

Highway Garden & Leisure is a trading name of Roys (Wroxham) LTD, a company registered in England and Wales (collectively referred to as “Roys”, “we” or “us” in this policy).

Overview

We understand that your privacy is important and we will treat any personal information you provide us as confidential and this will only be used in accordance with the General Data Protection Regulation (GDPR). We promise to look after your personal information and we will not sell any information about you to any other party. Roys is also dedicated to being transparent about what data we collect about you and how we use it.

This policy, which applies whether you visit our stores, use your mobile device or go on line, provides you with information about:

  • how we use your data;
  • what personal data we collect;
  • how we ensure your privacy is maintained;
  • your legal rights relating to your personal data.

How we use your data

General

Roys uses your personal data:

  • to provide goods and services to you;
  • to make a tailored website available to you;
  • to manage any registered accounts that you hold with us;
  • to verify your identity;
  • for crime and fraud prevention, detection and related purposes;
  • with your agreement, to contact you electronically about promotional offers and products and services which we may think interest you;
  • for market research purposes – to better understand your needs;
  • to manage customer service interactions; and
  • where we have a legal right or duty to disclose your information.

We will only collect information about you if you willingly provide it. In order to do any of the following, you will need to provide us with certain details:

  • place an order;
  • sign up for emails;
  • enter prize draws or competitions;
  • take part in a survey (in this instance your details will be passed to a third party for research purposes); or
  • give us feedback.

Marketing

Roys uses your personal data for electronic marketing purposes (with your consent) to update you on the latest promotional offers.

Roys aims to update you about products and services which are of interest and relevance to you as an individual.

You have the right to opt out of receiving promotional communications at any time, by:

  • changing marketing preferences via your Roys on-line account;
  • making use of the “unsubscribe” link via your Roys on-line account or on the link in emails; and / or
  • contacting Roys via the contact channels set out in this Policy.

We may analyse your browsing and purchasing activity, both on-line and in store, and your responses to marketing communications. The results of this analysis, together with other demographic data, allows us to ensure that we contact you with information on products and offers that are relevant to you. It also helps us improve your browsing experience by developing and improving the design and layout of the website, through monitoring your usage.

Sharing data with third parties

Our service providers and suppliers

In order to make certain services available to you, we may need to share your personal data with some of our service partners. These include IT, delivery, marketing service providers and product manufacturers where a manufacturing warranty has to be enabled.

Roys only allows its service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls.

Roys uses Mailchimp, an email service provider to inform the customer of any news or offers. Mailchimp have updated their Data Processing Agreement and their third-party vendor contracts to meet the GDPR requirements. For more information please view their privacy policy.

Other third parties

Aside from our service providers, Roys will not disclose your personal data to any third party, except as set out below. We will never sell or rent our customer data to other organisations for marketing purposes.

We may share your data with:

  • credit reference agencies where necessary for card payments;
  • governmental bodies, regulators, law enforcement agencies, courts / tribunals and insurers where we are required to do so:
    • to comply with our legal obligations;
    • to exercise our legal rights (for example in court cases);
    • for the prevention, detection, investigation of crime or prosecution of offenders; and
    • for the protection of our employees and customers.

How long do we keep your data?

We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 10 years.


What personal data do we collect?

Roys may collect the following information about you:

  • your name;
  • your contact details: postal address including billing and delivery addresses, telephone numbers (including mobile numbers) and e-mail addresses;
  • purchases and orders made by you;
  • your on-line browsing activities to this website such as your IP address, geographical location, browser type, referral source, length of visit and number of pages viewed;
  • your password(s);
  • when you make a purchase or place an order with us, your payment card details;
  • your communication and marketing preferences;
  • your interests, preferences, feedback and survey responses; and
  • your correspondence and communications with Roys.

How we protect your data

Our controls

Roys is committed to keeping your personal data safe and secure. Our security measures include:

  • encryption of data;
  • regular cyber security assessments of all service providers who may handle your personal data;
  • security controls which protect the entire Roys IT infrastructure from external attack and unauthorised access; and
  • internal policies setting out our data security approach and training for employees.

Roys is registered with the Information Commissioners Office as a Data Controller.


What you can do to help protect your data

Roys will never ask you to confirm any bank account or credit card details via email. If you receive an email claiming to be from Roys asking you to do so, please ignore it and do not respond.

If you are using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an on-line session.

In addition, we recommend that you take the following security measures to enhance your online safety both in relation to Roys and more generally:

  • keep your account passwords private. Remember, anybody who knows your password may access your account;
  • when creating a password, use at least 8 characters. A combination of letters and numbers is best. Do not use dictionary words, your name, email address or other personal data that can be easily obtained. We also recommend that you frequently change your password.
  • avoid using the same password for multiple on-line accounts.

Your Rights

You have the following rights:

  • the right to ask what personal data that we hold about you at any time;
  • the right to ask us to update and correct out-of-date or incorrect personal data that we hold about you free of charge; and
  • the right to opt out of any marketing communications that we may send you. If you wish to exercise any of the above rights, please contact us using the contact details set out below.

Legal basis for Roys processing customer personal data

Roys collects and uses customers’ personal data because it is necessary for:

  • the pursuit of our legitimate interests (as set out below);
  • the purposes of complying with our duties and exercising our rights under a contract for the sales of goods to a customer; or
  • complying with our legal obligations.

In general, we only rely on consent as a legal basis for processing in relation to sending direct market communications to customers via email.

Customers have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.

Our legitimate interests

The normal legal basis for processing customer data, is that is necessary for the legitimate interests of Roys, including:

  • selling and supplying goods and services to our customers;
  • protecting customers, employees and other individuals and maintaining their safety, health and welfare;
  • promoting, marketing and advertising our products and services;
  • sending promotional communications which are relevant and tailored to individual customers;
  • understanding our customers’ behaviour, activities, preferences and needs;
  • improving existing products and services and developing new products and services;
  • complying with our legal and regulatory obligations;
  • preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;
  • handling customer contacts, queries, complaints or disputes;
  • managing insurance claims by customers;
  • protecting Roys, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or in breach of legal obligations to Roys;
  • effectively handling any legal claims or regulatory enforcement actions taken against Roys; and
  • fulfilling our duties to our customers, colleagues and other stakeholders.

Cookies Policy

What are cookies?

Like most websites, Roys use cookies to collect information. Cookies are tiny text files that identify your computer or other devices (such as smart phones or tablets) to our server as you browse. They are used to record the areas of the websites that you have visited and for how long and are essential for the effective operation of our websites and help you shop with us on-line.

Information collected

Cookies collect information about browsing and purchasing behaviour when you access this website via the same computer or device. This includes information about pages viewed, products purchased and your journey around a website. Cookies do not allow us access to your computer or device and do not store any personal information.

For more information please see our Cookies Policy.


Contact Information

If you have any questions how Roys uses your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please email us at dpo@roys.co.uk .

You have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at ico.org.uk .


Updates

This policy was last updated in May 2018.

We may update our policies from time to time by posting a new version on our website, please check regularly to be aware of any updates.