At TLC Direct, we recognise that our customers are concerned about the manner in which information is collected and stored on the internet. We are committed to ensuring that your privacy is protected.
This policy, together with our Terms and Conditions and Cookies Policy explains what we do with your information, where and how we collect your personal information, how long we retain it for, your rights regarding personal information, as well as what we do to keep it secure.
We adhere to requirements of the General Data Protection Regulation (GDPR), Data Protection Act 1998 and the Privacy and Electronic Communications Regulations (PECR).
Who are we?
When we say ‘we’, ‘us’, ‘our’ or ‘TLC’ in this policy, we’re generally referring to TLC Southern Ltd. TLC Southern Limited is a company registered in England under company number 2480571. Our registered office is The TLC Building, Newton Road, Crawley, West Sussex, RH10 9TS.
We shall be the data controller for your personal data, and we are registered on the public register of data controllers which is looked after by the Information Commissioner’s Office (ICO). Our registration number is ZA347188.
When do we collect your personal data?
Here’s when we will collect your personal data for our legitimate interests:
When you create an account with us online or in a TLC branch.
When you place an order with us online, in a TLC branch, or on the phone.
When you contact us by email, phone post or any other means.
When you use our car parks and branches which usually have CCTV systems operated for the security of both TLC and customers. These systems may record your image during your visit.
What information do we collect about you?
We will process the following personal information for our legitimate interests. This information is used by us to provide you with the service you have requested and to communicate with you on any matter relating to the provision of the service.
When you register an account or place an order, we will require your first and last name so that you can be identified. We gather this information to allow us to process your order.
We store an email address against all orders placed online. This will be used for transactional and confirmation emails that relate to your order or account.
Your order history
We will keep a record of your historic placed orders with invoice receipts which you can access under My Account › My Orders.
If you provide us with your mobile number, we may text you to advise you that your item is ready for collection in store, or to update you on the progress of your delivery.
When providing your mobile number, you agree that we can provide delivery carriers with your number solely for the purpose of these updates. We will not charge you for these texts, although your network may charge you to receive these texts.
Company name, invoice & postal addresses
This information is used to ensure goods and services are delivered to the address specified and is necessary to provide our service to you.
Communication with Customer Services
Details of your interactions with us through Customer Services, in branch or online. For example, we may collect notes from our conversations with you, details of any feedback you give and details of purchases you made.
Payment card information
If you place an order, we will require your payment card details e.g. credit/debit card number and expiry date.
Other data provided by you and stored in your account
When you use our website you might enter personal information relating to your account. You will remain the data controller for all such data that is stored within our systems.
To deliver the best possible web experience, we use Google Analytics to collect technical information about your internet connection, browser as well as the country and telephone code where your computer is located, the web pages viewed during your visit, and any search terms you entered. Including details of your visits to our website, and which site you came from to ours.
How do we process your data?
Here’s how we’ll use your personal data and why:
To process any orders that you make in a TLC branch, by phone or using our website. If we don’t collect your personal data during checkout, we won’t be able to process your order and comply with our legal obligations.
To respond to your queries, refund requests and complaints. Handling the information you send enables us to respond. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.
To protect our business and your account from fraud and other illegal activities. This includes using your personal data to maintain, update and safeguard your account. We’ll also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our websites. We’ll do all of this as part of our legitimate interest.
To protect our customers, premises, assets from crime, we operate CCTV systems in our stores and car parks which record images for security. We do this on the basis of our legitimate business interests.
To process payments and to prevent fraudulent transactions. We do this on the basis of our legitimate business interests. This also helps to protect our customers from fraud.
If we discover any criminal activity through our fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing unlawful acts.
To send you relevant, personalised communications by email in relation to updates, offers, services and products. We’ll do this on the basis of our legitimate business interest.
To develop, test and improve the systems, services and products we provide to you. We’ll do this on the basis of our legitimate business interests.
How will we protect your information?
We’re committed to maintaining the necessary technical and organisational security measures to safeguard your personal data to the highest standard.
All data is encrypted when transmitted from our secure servers to your browser using secure and modern forms of encryption.
All credit card transactions are processed using secure encryption. Card information is transmitted, stored, and processed securely on a PCI-compliant network. This protects your data while being sent over the internet from being intercepted and misused by third parties.
We continually test and update our infrastructure to identify and patch security vulnerabilities, and we carry out penetration testing to identify ways to further strengthen security. We know how much data security matters to all of our customers. With this in mind, we will take all appropriate steps to to keep up with the state-of-the-art in web security and protect your data.
Payment card protection
We tokenize your card details at the earliest opportunity so we do not have to store your full payment card details on our own servers. We work with an external PCI-compliant payment processor (Verifone) who stores these details. We do store the last 4 digits of your card and the card type on our systems so that you can identify which card will be used for future payments. Point to Point Encryption protects our customers’ payment data at the point of interaction all the way through to settlement in order to protect it from fraud.
Where you have chosen (or where we have provided) a password that enables you to access secure areas of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone for any reason. We recommend that you change your password periodically and avoid re-using the same password for multiple online accounts.
How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
Who do we share your personal data with?
We sometimes share your data with trusted third parties. Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
- We only provide the information required to perform their specific services.
- They may only use your data for the purpose we specify in our contract with them.
- We work closely with them to ensure that your privacy is protected at all times.
- If we stop using their services, your personal data held by them will be deleted or rendered anonymous.
Examples of the kind of third parties we may work with are:
|Operational services||To facilitate delivery of your order, we may share your details with operational companies such as delivery couriers or suppliers.|
|Professional services||We may share your details with professional service companies such as accountants.|
|Payment service providers||We may share your details with companies who provide us with payment services for taking payments from credit/debit cards.|
|Technical service providers||We may share your details with providers we use who support our website and other business systems.|
|Fraud management||Under special circumstances, we may share information about fraudulent activity in our systems. This may include sharing data about individuals with law enforcement bodies.|
|Disclosures required by law||Under special circumstances, we may be required to disclose your personal data to the police or other enforcement, regulatory or government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and we take the privacy of our customers into consideration.|
Newsletter mailing list
If you’ve given permission, we may contact you to provide you with information about our services or products which we think may be of interest to you. As a registered customer, you could benefit from special prices, regular updates, and selected promotions.
If you have consented to receive marketing emails, you may opt out at a later date. There are several ways you can stop email marketing communications from us:
You can unsubscribe by clicking the “unsubscribe from this list” hyperlink at the end of all TLC Direct email messages.
You can use this unsubscribe form.
Registered customers are able to change their newsletter preference on the Personal Details settings page (My Account › Personal Details). Check or uncheck the checkbox labelled “Send me regular special offers by email” and press “Save Changes”.
‘Tell a Friend’
We may from time to time operate a ‘Tell a Friend’ service. This is a referral service, designed to make it easy for customers to recommend our website to a friend. When we contact your friend, we always advise them of the name and email address of the friend who made the original referral. We will not use your friend’s details for any other purpose.
Links from this site to other sites
Our site may contain links to websites of manufacturers, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Updating your details
As a regstered customer, you can view and edit your personal data. If any of the information that you have provided to us changes, (e.g. your email address, home address, name, contact number or payment details) please update your account details under My Account.
Alternatively, send us an email entitled “CHANGE OF DETAILS” to firstname.lastname@example.org, send a letter to Data Protection Officer, TLC Direct, The TLC Building, Newton Road, Crawley, West Sussex, RH10 9TS or you can telephone us on 01293 565 630.
Accessing your information
You have the right to request a copy of the personal information that we hold about you
Should you wish to, please contact Customer Services using the contact details provided below. You will need to include a brief description about the information you require and proof of identification. We will then respond to you within one month of receipt of the request.
If, at any time, you wish to have your information removed from our databases, please send an email entitled “REMOVE FROM DATABASE” to email@example.com. If you do any of these actions, we will take steps to ensure that your preferences are updated or the information is deleted as soon as reasonably practicable.
How to contact TLC Direct
If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this policy or the way your personal information is processed, please contact us by one of the following means:
By email: firstname.lastname@example.org
By fax: 01293 413649
The TLC Building
If you wish to make a complaint about the way that we handle your personal data, you have the right to lodge a complaint with the UK regulator, the Information Commissioner’s Office. Please go to www.ico.org.uk/concerns to find out more.
This page was last updated on 4/5/2018.