This Privacy Policy helps you understand what Personal data we collect, why we collect it, what we do with it and the choices you have, including how to access and update information.
Our policy applies to you if you use our products or services in store, over the phone, online, through our mobile applications or if you use any of our websites or interact with us on social media (our “Services”).
Currys is a trading name of Currys Group Limited (referred to using “We”, “Us”, “Our” or the “Company”) is a company registered in England and Wales (Company registration number: 504877) Currys is Europe's leading specialist electrical and telecommunications retailer and services company, employing over 42,000 people in eight countries. We pride ourselves on giving our customers simple and independent advice on which electronic and technology products are right for them.
When you shop with us or use our services, you trust us with your data. We’re a company that puts you, our customer, first, respecting you as an individual but also as a member of our community. We listen to our customers to understand your expectations and make sure these are reflected in our business decisions. We’re committed to maintaining your trust and confidence. In this Privacy Policy, we’ve provided details on when and why we collect your personal information, how we use it, the very limited conditions under which we may disclose it to others (where direct marketing is concerned only with your explicit permission) and how we keep it secure.
We collect personal information about you when you visit one of our stores, use our Websites (“Websites”), or use our web or mobile device applications (“Mobile Apps”) or if you communicate with us by phone, e-mail and social media. We refer to our Websites and Apps collectively as “Online Services”.
The types of personal information we collect includes:
When you’re online the information we collect includes:
The situations when you provide personal information could include when you:
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data. These are set out below.
When we’re required to enter into a contract with you
Where you have provided consent
We use email and text messages to communicate with you about our products and services, competitions, offers, promotions or special events where you tick a box.
For example
Where there is a Legitimate Interest
As a Company we are often required to process your personal data in order to carry out certain tasks relating to our business activities. In such cases, processing of personal data can be justified on grounds of legitimate interest.
Communications
Personalise & Improve our Service
Company Interest
When we’re required to comply with our Legal Obligation
We’ll use your personal information to comply with our legal obligations including:
Where it is in your Vital Interest
In certain circumstances it is in your vital interests for us to process your personal information. We may need to contact you if there are any urgent safety or product recall notices or where we otherwise reasonably believe that the processing of your personal information will prevent or reduce any potential harm to you.
We share personal information within the Currys PLC Group. Members of the Currys Group that receive this information are not authorised to use or disclose the information except as provided in this privacy policy.
Our service providers
We work with partners, suppliers, insurers and agencies so they can process your personal information on our behalf and only where they meet our standards on the processing of data and security. We only share information that helps them provide their services to us or to help them provide their services to you. For example, some of our service providers place advertising for us online, about our products and services and those of our retail partners, suppliers and third parties. As a result, where you have indicated you are happy to receive marketing from us, you might see online advertising that we have placed on the web sites you visit, or the interactive services you use.
Other organisations and individuals
We may transfer your personal information to other organisations in certain scenarios. For example:
Credit Reference Agencies
In order to process your application we’ll supply your personal information to credit reference agencies (CRAs) and they will give us information about you.
This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information. We will use this information to:
We’ll also continue to exchange information about you with CRAs on an on-going basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates.
The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at www.equifax.co.uk/crain
From time to time we may transfer your personal information to our suppliers, service providers and other company offices based outside of the European Economic Area (EEA) for the purposes described in this privacy policy. If we do this your personal information will continue to be subject to one or more appropriate safeguards set out in the law.
If we do transfer information to our agents or advisers outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We’ll use one of these safeguards:
We sometimes use systems to make automated decisions based on your personal information or the information we are allowed to collect from others about you or your business (for example where we perform credit checks). This helps us to make sure our decisions are quick, fair, efficient and correct, based on what we know. These automated decisions can affect the products, services or features we may offer you now or in the future, or the price that we charge you for them.
Your rights
You have rights over automated decisions.
If you want to know more about these rights, please contact us.
We will keep your personal information for as long as you’re a customer. If you haven’t made a purchase or engaged with us for 3 years or more, then we’ll remove you from our marketing mailing lists. After you stop being a customer, we may keep your data for up to 7 years after the last time you interacted with us. This could include one of the ways specified in ‘How we use your personal information’ and for one of these reasons:
We may keep your data for longer than 7 years if we cannot delete it for legal, regulatory or technical reasons. We may also keep it in order to help support product recalls or safety notices. If we do, we will make sure that your privacy is protected and only use it for those purposes.
We do not retain personal information in an identifiable format for longer than is necessary.
You have the right to request what personal information we hold about you. This is sometimes called a 'Data Subject Access Request'. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we’ll provide it to you free of charge. Before providing personal information to you or another person on your behalf, we may ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information. Except in rare cases, we’ll respond to you within 30 days after we’ve received this information or, where no such information is required, after we’ve received your request.
If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it.
In certain circumstances you have the right to request a copy of your personal information from us or to have that information passed to an organisation of your choice in a format that can be easily re-used.
Right to stop or limit our processing of your data
You have the right to object to us processing your personal information if we’re not entitled to use it any more, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances.
Where we rely on our legitimate interests, as set out under ‘How we use your personal information’, you may object to us using it for these purposes. If we agree that your objection is justified in accordance with your rights under data protection laws, we’ll permanently stop using your data for those purposes. Otherwise we’ll provide you with our justification as to why we need to continue using your data.
You can ask us to restrict the use of your personal information if:
Please note that we may be required by law to retain certain information. Before we are able to provide you with any information or correct any inaccuracies, we may ask you provide other details to help us respond to your request.
If you would like to exercise these rights, please contact us
Please make sure you provide one proof of identity (we suggest either a utility bill in your name or your driver's licence, but other similar formal documents may be accepted, please note the documents cannot be older than 6 months) as part of your request.
We won't send you marketing messages if you tell us not to.
Please note that it may take up to 28 days to process your request.
You can also find further information within our Direct Marketing Charter.
The purpose of our Cookies Policy is to help explain what they are, why you are collecting them, and what information cookies store.
Please refer to our Cookies Policy
All companies within the Currys Group use technical and organisational security measures to protect the personal information supplied by you against loss, destruction, and any unauthorised access by third parties.
Our websites (which includes this Privacy Policy) contain links to other websites run by other organisations which we do not control. This policy does not apply to those other websites and Apps‚ so we encourage you to read their privacy statements.
We use so-called social plugins (buttons) of social networks such as Facebook, Google+, You Tube, Instragram and Twitter.
After activation of a button, the social network can retrieve data, independently of whether you interact with the button or not. If you are logged on to a social network, the network can assign your visit to the website to your user account. A social network cannot assign a visit to websites operated by our other group companies unless you activate the respective button there as well.
If you’re a member of a social network and don’t want that network to combine data retrieved from your visit to our websites with data they hold on you, you must log out from the social network concerned before activating the buttons.
If you have a question or a complaint about this policy, the way your personal information is handled, please contact us by one of the following means:
You have the right to complain to the Information Commissioners Office (ICO) if you are concerned about the way we have processed your personal information. Please visit the ICO’s website for further details at: https://ico.org.uk/. Alternatively our Data Protection Officer can be contacted via dpo@currys.com.
We may review this policy from time to time and any changes will be notified to you by posting an updated version on our website and/or by contacting you by email.