At TLC Direct, we recognise that our customers are concerned about the manner in which information is collected and stored on the internet. We are committed to ensuring that your privacy is protected.
This policy, together with our Terms and Conditions and Cookies Policy explains what we do with your information, where and how we collect your personal information, how long we retain it for, your rights regarding personal information, as well as what we do to keep it secure.
We adhere to requirements of the General Data Protection Regulation (GDPR), Data Protection Act 1998 and the Privacy and Electronic Communications Regulations (PECR).
When we say ‘we’, ‘us’, ‘our’ or ‘TLC’ in this policy, we’re generally referring to TLC Southern Ltd. TLC Southern Limited is a company registered in England under company number 2480571. Our registered office is The TLC Building, Newton Road, Crawley, West Sussex, RH10 9TS.
We shall be the data controller for your personal data, and we are registered on the public register of data controllers which is looked after by the Information Commissioner’s Office (ICO). Our registration number is ZA347188.
Here’s when we will collect your personal data for our legitimate interests:
When you create an account with us online or in a TLC branch.
When you place an order with us online, in a TLC branch, or on the phone.
When you contact us by email, phone post or any other means.
When you use our car parks and branches which usually have CCTV systems operated for the security of both TLC and customers. These systems may record your image during your visit.
We will process the following personal information for our legitimate interests. This information is used by us to provide you with the service you have requested and to communicate with you on any matter relating to the provision of the service.
When you register an account or place an order, we will require your first and last name so that you can be identified. We gather this information to allow us to process your order.
We store an email address against all orders placed online. This will be used for transactional and confirmation emails that relate to your order or account.
If you provide us with your mobile number, we may text you to advise you that your item is ready for collection in store, or to update you on the progress of your delivery.
When providing your mobile number, you agree that we can provide delivery carriers with your number solely for the purpose of these updates. We will not charge you for these texts, although your network may charge you to receive these texts.
This information is used to ensure goods and services are delivered to the address specified and is necessary to provide our service to you.
Details of your interactions with us through Customer Services, in branch or online. For example, we may collect notes from our conversations with you, details of any feedback you give and details of purchases you made.
If you place an order, we will require your payment card details e.g. credit/debit card number and expiry date.
When you use our website you might enter personal information relating to your account. You will remain the data controller for all such data that is stored within our systems.
To deliver the best possible web experience, we use Google Analytics to collect technical information about your internet connection, browser as well as the country and telephone code where your computer is located, the web pages viewed during your visit, and any search terms you entered. Including details of your visits to our website, and which site you came from to ours.
Here’s how we’ll use your personal data and why:
To process any orders that you make in a TLC branch, by phone or using our website. If we don’t collect your personal data during checkout, we won’t be able to process your order and comply with our legal obligations.
To respond to your queries, refund requests and complaints. Handling the information you send enables us to respond. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.
To protect our business and your account from fraud and other illegal activities. This includes using your personal data to maintain, update and safeguard your account. We’ll also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our websites. We’ll do all of this as part of our legitimate interest.
To protect our customers, premises, assets from crime, we operate CCTV systems in our stores and car parks which record images for security. We do this on the basis of our legitimate business interests.
To process payments and to prevent fraudulent transactions. We do this on the basis of our legitimate business interests. This also helps to protect our customers from fraud.
If we discover any criminal activity through our fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing unlawful acts.
To send you relevant, personalised communications by email in relation to updates, offers, services and products. We’ll do this on the basis of our legitimate business interest.
To develop, test and improve the systems, services and products we provide to you. We’ll do this on the basis of our legitimate business interests.
We’re committed to maintaining the necessary technical and organisational security measures to safeguard your personal data to the highest standard.
All data is encrypted when transmitted from our secure servers to your browser using secure and modern forms of encryption.
All credit card transactions are processed using secure encryption. Card information is transmitted, stored, and processed securely on a PCI-compliant network. This protects your data while being sent over the internet from being intercepted and misused by third parties.
We continually test and update our infrastructure to identify and patch security vulnerabilities, and we carry out penetration testing to identify ways to further strengthen security. We know how much data security matters to all of our customers. With this in mind, we will take all appropriate steps to to keep up with the state-of-the-art in web security and protect your data.
We tokenize your card details at the earliest opportunity so we do not have to store your full payment card details on our own servers. We work with an external PCI-compliant payment processor (Verifone) who stores these details. We do store the last 4 digits of your card and the card type on our systems so that you can identify which card will be used for future payments. Point to Point Encryption protects our customers’ payment data at the point of interaction all the way through to settlement in order to protect it from fraud.
Where you have chosen (or where we have provided) a password that enables you to access secure areas of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone for any reason. We recommend that you change your password periodically and avoid re-using the same password for multiple online accounts.
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
We may from time to time operate a ‘Tell a Friend’ service. This is a referral service, designed to make it easy for customers to recommend our website to a friend. When we contact your friend, we always advise them of the name and email address of the friend who made the original referral. We will not use your friend’s details for any other purpose.
As a regstered customer, you can view and edit your personal data. If any of the information that you have provided to us changes, (e.g. your email address, home address, name, contact number or payment details) please update your account details under My Account.
Alternatively, send us an email entitled “CHANGE OF DETAILS” to firstname.lastname@example.org, send a letter to Data Protection Officer, TLC Direct, The TLC Building, Newton Road, Crawley, West Sussex, RH10 9TS or you can telephone us on 01293 565 630.
You have the right to request a copy of the personal information that we hold about you
Should you wish to, please contact Customer Services using the contact details provided below. You will need to include a brief description about the information you require and proof of identification. We will then respond to you within one month of receipt of the request.
If, at any time, you wish to have your information removed from our databases, please send an email entitled “REMOVE FROM DATABASE” to email@example.com. If you do any of these actions, we will take steps to ensure that your preferences are updated or the information is deleted as soon as reasonably practicable.
If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this policy or the way your personal information is processed, please contact us by one of the following means:
By email: firstname.lastname@example.org
By fax: 01293 413649
The TLC Building
If you wish to make a complaint about the way that we handle your personal data, you have the right to lodge a complaint with the UK regulator, the Information Commissioner’s Office. Please go to www.ico.org.uk/concerns to find out more.
This page was last updated on 11/10/2018.